From patchwork Tue Jul 19 20:13:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10388 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E583CCA482 for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.45579.1658261637095596287 for ; Tue, 19 Jul 2022 13:13:57 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 00FD21576; Tue, 19 Jul 2022 13:13:57 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 078753F766; Tue, 19 Jul 2022 13:13:55 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 1/9] CI: use apt-get instead of apt wrapper Date: Tue, 19 Jul 2022 21:13:45 +0100 Message-Id: <20220719201353.1467716-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3574 When used in a non-interactive context, apt prints a warning: WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Use apt-get directly to avoid putting warnings in the logs. Signed-off-by: Ross Burton --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f91d678a..f3ca24d3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,7 +25,7 @@ stages: - mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR # Must do this here, as it's the only way to make sure the toolchain is installed on the same builder - ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR - - sudo apt update && sudo apt install --yes telnet python3-subunit + - sudo apt-get update && sudo apt-get install --yes telnet python3-subunit # Generalised fragment to do a Kas build .build: From patchwork Tue Jul 19 20:13:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10387 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58496CCA483 for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web09.45396.1658261637597654838 for ; Tue, 19 Jul 2022 13:13:57 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A260115A1; Tue, 19 Jul 2022 13:13:57 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id ACE8D3F766; Tue, 19 Jul 2022 13:13:56 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 2/9] CI: ignore buildpaths QA check in clang builds Date: Tue, 19 Jul 2022 21:13:46 +0100 Message-Id: <20220719201353.1467716-2-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3575 If clang builds assembler code the debug symbols contain unmapped build paths which trigger the buildpaths QA check. This bug has been filed with upstream: https://github.com/llvm/llvm-project/issues/56609 Until it is fixed, exclude buildpaths from clang builds so that CI can pass. Signed-off-by: Ross Burton --- ci/clang.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/clang.yml b/ci/clang.yml index a2063f19..99ca8d43 100644 --- a/ci/clang.yml +++ b/ci/clang.yml @@ -8,3 +8,6 @@ repos: local_conf_header: clang: | TOOLCHAIN = "clang" + # Clang causes more binaries to have buildpaths in the debug symbols + # https://github.com/llvm/llvm-project/issues/56609 + WARN_QA:remove = "buildpaths" From patchwork Tue Jul 19 20:13:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59377C3F2D4 for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.45532.1658261638420344606 for ; Tue, 19 Jul 2022 13:13:58 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5049B1576; Tue, 19 Jul 2022 13:13:58 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5AE313F766; Tue, 19 Jul 2022 13:13:57 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 3/9] arm/edk2-firmware: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:47 +0100 Message-Id: <20220719201353.1467716-3-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3576 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed in edk2-firmware, skip this check. Signed-off-by: Ross Burton --- meta-arm/recipes-bsp/uefi/edk2-firmware.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/recipes-bsp/uefi/edk2-firmware.inc index 76f9d62c..e0dfa28b 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware.inc +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware.inc @@ -114,7 +114,9 @@ do_install() { FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP:${PN} = "textrel" +INSANE_SKIP:${PN} += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" do_deploy() { # Copy the images to deploy directory From patchwork Tue Jul 19 20:13:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10386 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58ECFCCA486 for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.45533.1658261638866557614 for ; Tue, 19 Jul 2022 13:13:59 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0A40115BF; Tue, 19 Jul 2022 13:13:59 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 14B353F766; Tue, 19 Jul 2022 13:13:57 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 4/9] arm/hafnium: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:48 +0100 Message-Id: <20220719201353.1467716-4-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3577 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed, skip this check. Signed-off-by: Ross Burton --- meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb b/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb index a9f41b90..ae89e8d9 100644 --- a/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb +++ b/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb @@ -59,6 +59,8 @@ FILES:${PN}-dbg = "/firmware/*.elf" SYSROOT_DIRS += "/firmware" INSANE_SKIP:${PN} = "ldflags" INSANE_SKIP:${PN}-dbg = "ldflags" +# Build paths are currently embedded +INSANE_SKIP:${PN}-dbg += "buildpaths" do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ From patchwork Tue Jul 19 20:13:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10385 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C0C0C433EF for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.45581.1658261639722534822 for ; Tue, 19 Jul 2022 13:13:59 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C7C471576; Tue, 19 Jul 2022 13:13:59 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C8A1E3F766; Tue, 19 Jul 2022 13:13:58 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 5/9] arm/linux-arm64-ack: fix buildpaths in the OID registry Date: Tue, 19 Jul 2022 21:13:49 +0100 Message-Id: <20220719201353.1467716-5-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3578 Backport two patches from upstream to ensure the build doesn't contain build paths. Signed-off-by: Ross Burton --- ..._registry-fix-reproducibility-issues.patch | 46 +++++++++++++++ ...-conmakehash-improve-reproducibility.patch | 56 +++++++++++++++++++ .../linux/linux-arm64-ack_5.10.bb | 2 + 3 files changed, 104 insertions(+) create mode 100644 meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-lib-build_OID_registry-fix-reproducibility-issues.patch create mode 100644 meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-vt-conmakehash-improve-reproducibility.patch diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-lib-build_OID_registry-fix-reproducibility-issues.patch b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-lib-build_OID_registry-fix-reproducibility-issues.patch new file mode 100644 index 00000000..d2a56a61 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-lib-build_OID_registry-fix-reproducibility-issues.patch @@ -0,0 +1,46 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From af8dffeef974b488fd0f12723080a72b1b5f5822 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield +Date: Sun, 10 Jul 2022 22:56:53 -0400 +Subject: [PATCH 1/2] lib/build_OID_registry: fix reproducibility issues + +The script build_OID_registry captures the full path of itself +in the generated data. This causes reproduciblity issues as the +path is captured and packaged. + +We use the basename of the script instead, and that allows us +to be reprodicible, with slightly less information captured in +the output data (but the generating script can still easily +be found). + +Signed-off-by: Bruce Ashfield +--- + lib/build_OID_registry | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/build_OID_registry b/lib/build_OID_registry +index d7fc32ea8ac2..f6de0a7f7457 100755 +--- a/lib/build_OID_registry ++++ b/lib/build_OID_registry +@@ -8,6 +8,7 @@ + # + + use strict; ++use File::Basename; + + my @names = (); + my @oids = (); +@@ -35,7 +36,7 @@ close IN_FILE || die; + # + open C_FILE, ">$ARGV[1]" or die; + print C_FILE "/*\n"; +-print C_FILE " * Automatically generated by ", $0, ". Do not edit\n"; ++print C_FILE " * Automatically generated by ", basename $0, ". Do not edit\n"; + print C_FILE " */\n"; + + # +-- +2.34.1 + diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-vt-conmakehash-improve-reproducibility.patch b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-vt-conmakehash-improve-reproducibility.patch new file mode 100644 index 00000000..5bb40ec1 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-vt-conmakehash-improve-reproducibility.patch @@ -0,0 +1,56 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 94b28f266f72c244051a2ec30ff4526a44b2ce85 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield +Date: Sun, 10 Jul 2022 21:37:07 -0400 +Subject: [PATCH 2/2] vt/conmakehash: improve reproducibility + +The file generated by conmakehash capture the application +path used to generate the file. While that can be informative, +it varies based on where the kernel was built, as the full +path is captured. + +We tweak the application to use a second input as the "capture +name", and then modify the Makefile to pass the basename of +the source, making it reproducible. + +This could be improved by using some sort of path mapping, +or the application manipualing argv[1] itself, but for now +this solves the reprodicibility issue. + +Signed-off-by: Bruce Ashfield +--- + drivers/tty/vt/Makefile | 2 +- + drivers/tty/vt/conmakehash.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/tty/vt/Makefile b/drivers/tty/vt/Makefile +index fe30ce512819..cb51c21b58f9 100644 +--- a/drivers/tty/vt/Makefile ++++ b/drivers/tty/vt/Makefile +@@ -15,7 +15,7 @@ clean-files := consolemap_deftbl.c defkeymap.c + hostprogs += conmakehash + + quiet_cmd_conmk = CONMK $@ +- cmd_conmk = $(obj)/conmakehash $< > $@ ++ cmd_conmk = $(obj)/conmakehash $< $(shell basename $<) > $@ + + $(obj)/consolemap_deftbl.c: $(src)/$(FONTMAPFILE) $(obj)/conmakehash + $(call cmd,conmk) +diff --git a/drivers/tty/vt/conmakehash.c b/drivers/tty/vt/conmakehash.c +index cddd789fe46e..d62510b280e9 100644 +--- a/drivers/tty/vt/conmakehash.c ++++ b/drivers/tty/vt/conmakehash.c +@@ -253,7 +253,7 @@ int main(int argc, char *argv[]) + #include \n\ + \n\ + u8 dfont_unicount[%d] = \n\ +-{\n\t", argv[1], fontlen); ++{\n\t", argv[2], fontlen); + + for ( i = 0 ; i < fontlen ; i++ ) + { +-- +2.34.1 + diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.10.bb b/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.10.bb index cf4951cd..7865b25a 100644 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.10.bb +++ b/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.10.bb @@ -6,6 +6,8 @@ require linux-arm64-ack.inc SRC_URI = " \ git://android.googlesource.com/kernel/common.git;protocol=https;branch=android12-5.10-lts \ + file://0001-lib-build_OID_registry-fix-reproducibility-issues.patch \ + file://0002-vt-conmakehash-improve-reproducibility.patch \ " # tag: ASB-2021-09-05_12-5.10 From patchwork Tue Jul 19 20:13:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D03CC43334 for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.45475.1658261640407845095 for ; Tue, 19 Jul 2022 13:14:00 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7623B15A1; Tue, 19 Jul 2022 13:14:00 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 80F993F766; Tue, 19 Jul 2022 13:13:59 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 6/9] arm/optee: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:50 +0100 Message-Id: <20220719201353.1467716-6-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3579 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed, skip this check. Signed-off-by: Ross Burton --- meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb | 3 +++ meta-arm/recipes-security/optee/optee-os.inc | 3 ++- meta-arm/recipes-security/optee/optee-spdevkit_git.bb | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb index 5d54d4ed..5ff373ad 100644 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb @@ -20,3 +20,6 @@ do_deploy() { } FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index eee715f5..8942facd 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -63,7 +63,8 @@ FILES:${PN} = "${nonarch_base_libdir}/firmware/" # note: "textrel" is not triggered on all archs INSANE_SKIP:${PN} = "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" INSANE_SKIP:${PN}-dev = "staticdev" - INHIBIT_PACKAGE_STRIP = "1" diff --git a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb index def2d8d9..7608cec0 100644 --- a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb +++ b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb @@ -301,3 +301,5 @@ COMPATIBLE_HOST = "aarch64.*-linux" # optee-spdevkit static library is part of optee-os image. No need to package this library in a staticdev package INSANE_SKIP:${PN}-dev = "staticdev" +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" From patchwork Tue Jul 19 20:13:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10391 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B57DC433EF for ; Tue, 19 Jul 2022 20:14:11 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web09.45397.1658261640891354111 for ; Tue, 19 Jul 2022 13:14:01 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2321D1576; Tue, 19 Jul 2022 13:14:01 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2EB293F766; Tue, 19 Jul 2022 13:14:00 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 7/9] arm/trusted-firmware-a: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:51 +0100 Message-Id: <20220719201353.1467716-7-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:11 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3580 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed, skip this check. Signed-off-by: Ross Burton --- .../recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc index dfb56753..c5b695e4 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -231,7 +231,10 @@ SYSROOT_DIRS += "/firmware" FILES:${PN}-dbg = "/firmware/*.elf" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP:${PN}-dbg = "textrel" +INSANE_SKIP:${PN}-dbg += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths" do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ From patchwork Tue Jul 19 20:13:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10390 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30DFCCCA47F for ; Tue, 19 Jul 2022 20:14:11 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.45583.1658261641703810962 for ; Tue, 19 Jul 2022 13:14:01 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C972F15A1; Tue, 19 Jul 2022 13:14:01 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D096B3F766; Tue, 19 Jul 2022 13:14:00 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 8/9] arm/trusted-firmware-m: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:52 +0100 Message-Id: <20220719201353.1467716-8-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:11 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3581 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed, skip this check. Signed-off-by: Ross Burton --- .../recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb index 45334e38..bda27713 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb @@ -137,3 +137,6 @@ addtask deploy after do_install do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ } + +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" From patchwork Tue Jul 19 20:13:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10392 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30DC7C43334 for ; Tue, 19 Jul 2022 20:14:11 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.45692.1658261642381415006 for ; Tue, 19 Jul 2022 13:14:02 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 809551576; Tue, 19 Jul 2022 13:14:02 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8640E3F766; Tue, 19 Jul 2022 13:14:01 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 9/9] arm/trusted-services: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:53 +0100 Message-Id: <20220719201353.1467716-9-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:11 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3582 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed, skip this check. Signed-off-by: Ross Burton --- .../recipes-security/trusted-services/ts-corstone1000.inc | 2 +- .../trusted-services/secure-partitions_git.bb | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index e14730e3..fe5de58a 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -121,6 +121,6 @@ do_install:append() { } FILES:${PN}-dev = "${includedir}/deployments/psa-api-test/" -INSANE_SKIP:${PN}-psa-api-tests += "rpaths dev-so" +INSANE_SKIP:${PN}-psa-api-tests += "rpaths dev-so buildpaths" PACKAGES += "${PN}-psa-api-tests" FILES:${PN}-psa-api-tests = "${libdir} ${bindir}" diff --git a/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb index cfbae78a..fca6d9d3 100644 --- a/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb +++ b/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb @@ -68,3 +68,7 @@ do_deploy() { addtask deploy after do_install FILES:${PN} = "/firmware/sp/opteesp*" + +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths"