Bump buildroot to 2020.11-rc1 (#985)

* Update buildroot-patches for 2020.11-rc1 buildroot * Update buildroot to 2020.11-rc1 Signed-off-by: Stefan Agner <stefan@agner.ch> * Don't rely on sfdisk --list-free output The --list-free (-F) argument does not allow machine readable mode. And it seems that the output format changes over time (different spacing, using size postfixes instead of raw blocks). Use sfdisk json output and calculate free partition space ourselfs. This works for 2.35 and 2.36 and is more robust since we rely on output which is meant for scripts to parse. * Migrate defconfigs for Buildroot 2020.11-rc1 In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE). * Rebase/remove systemd patches for systemd 246 * Drop apparmor/libapparmor from buildroot-external * hassos-persists: use /run as directory for lockfiles The U-Boot tools use /var/lock by default which is not created any more by systemd by default (it is under tmpfiles legacy.conf, which we no longer install). * Disable systemd-update-done.service The service is not suited for pure read-only systems. In particular the service needs to be able to write a file in /etc and /var. Remove the service. Note: This is a static service and cannot be removed using systemd-preset. * Disable apparmor.service for now The service loads all default profiles. Some might actually cause problems. E.g. the profile for ping seems not to match our setup for /etc/resolv.conf: [85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00
parent 25a0dd3082
commit a0871be6c0
4024 changed files with 68095 additions and 47900 deletions
--- a/buildroot/package/libseccomp/0001-remove-static.patch
+++ b/buildroot/package/libseccomp/0001-remove-static.patch
@@ -1,40 +0,0 @@
-From 5d010fb06eae43b284e5ccc322f6de47eb42b751 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sat, 2 Jun 2018 13:45:22 +0200
-Subject: [PATCH] remove static
-
-Do not force static link of tools, it breaks build with:
-BR2_SHARED_LIBS=y
-
-Patch retrieved from
-https://git.buildroot.net/buildroot/tree/package/libseccomp/0001-remove-static.patch
-and slighly updated to work with 2.3.3
-
-[Upstream status: https://github.com/seccomp/libseccomp/pull/121]
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Peter: updated for v2.4.0 which adds scmp_api_level]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- tools/Makefile.am | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tools/Makefile.am b/tools/Makefile.am
-index f768365..5f9d571 100644
--- a/tools/Makefile.am
-+++ b/tools/Makefile.am
-@@ -37,10 +37,7 @@ scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
- scmp_api_level_SOURCES = scmp_api_level.c
- 
- scmp_sys_resolver_LDADD = ../src/libseccomp.la
-scmp_sys_resolver_LDFLAGS = -static
- scmp_arch_detect_LDADD = ../src/libseccomp.la
-scmp_arch_detect_LDFLAGS = -static
- scmp_bpf_disasm_LDADD = util.la
- scmp_bpf_sim_LDADD = util.la
- scmp_api_level_LDADD = ../src/libseccomp.la
-scmp_api_level_LDFLAGS = -static
-- 
-2.11.0
-
--- a/buildroot/package/libseccomp/0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch
+++ b/buildroot/package/libseccomp/0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch
@@ -1,80 +0,0 @@
-From 613e601bb4b50dc359b41f162a5b629449e4bbea Mon Sep 17 00:00:00 2001
-From: Carlos Santos <casantos@redhat.com>
-Date: Fri, 18 Oct 2019 22:02:49 -0300
-Subject: [PATCH] Circumvent bug in uClibc-ng syscall() on x86_64 systems
-
-On uClibc at least up to v1.0.32, syscall() for x86_64 is defined in
-libc/sysdeps/linux/x86_64/syscall.S as
-
-syscall:
-        movq %rdi, %rax         /* Syscall number -> rax.  */
-        movq %rsi, %rdi         /* shift arg1 - arg5.  */
-        movq %rdx, %rsi
-        movq %rcx, %rdx
-        movq %r8, %r10
-        movq %r9, %r8
-        movq 8(%rsp),%r9        /* arg6 is on the stack.  */
-        syscall                 /* Do the system call.  */
-        cmpq $-4095, %rax       /* Check %rax for error.  */
-        jae __syscall_error     /* Branch forward if it failed.  */
-        ret                     /* Return to caller.  */
-
-And __syscall_error is defined in
-libc/sysdeps/linux/x86_64/__syscall_error.c as
-
-int __syscall_error(void) attribute_hidden;
-int __syscall_error(void)
-{
-	register int err_no __asm__ ("%rcx");
-	__asm__ ("mov %rax, %rcx\n\t"
-	         "neg %rcx");
-	__set_errno(err_no);
-	return -1;
-}
-
-Notice that __syscall_error returns -1 as a 32-bit int in %rax, a 64-bit
-register i.e. 0x00000000ffffffff (decimal 4294967295). When this value
-is compared to -1 in _sys_chk_seccomp_flag_kernel() the result is false,
-leading the function to always return 0.
-
-Prevent the error by coercing the return value of syscall() to int in a
-temporary variable before comparing it to -1. We could use just an (int)
-cast but the variable makes the code more readable and the machine code
-generated by the compiler is the same in both cases.
-
-All other syscall() invocations were inspected and they either already
-coerce the result to int or do not compare it to -1.
-
-The same problem probably occurs on other 64-bit systems but so far only
-x86_64 was tested.
-
-A bug report is being submitted to uClibc.
-
-Signed-off-by: Carlos Santos <casantos@redhat.com>
---
- src/system.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/system.c b/src/system.c
-index 8e5aafc..811b401 100644
--- a/src/system.c
-+++ b/src/system.c
-@@ -215,10 +215,12 @@ static int _sys_chk_seccomp_flag_kernel(int flag)
- 	/* this is an invalid seccomp(2) call because the last argument
- 	 * is NULL, but depending on the errno value of EFAULT we can
- 	 * guess if the filter flag is supported or not */
-	if (sys_chk_seccomp_syscall() == 1 &&
-	    syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flag, NULL) == -1 &&
-	    errno == EFAULT)
-+	int rc;
-+	if (sys_chk_seccomp_syscall() == 1) {
-+	    rc = syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flag, NULL);
-+	    if (rc == -1 && errno == EFAULT)
- 		return 1;
-+	}
- 
- 	return 0;
- }
-- 
-2.18.1
-
--- a/buildroot/package/libseccomp/libseccomp.hash
+++ b/buildroot/package/libseccomp/libseccomp.hash
@@ -1,3 +1,4 @@
+# From https://github.com/seccomp/libseccomp/releases/tag/v2.4.4
+sha256  4e79738d1ef3c9b7ca9769f1f8b8d84fc17143c2c1c432e53b9c64787e0ff3eb  libseccomp-2.4.4.tar.gz
 # Locally calculated
-sha256 36aa502c0461ae9efc6c93ec2430d6badd9bf91ecbe73806baf7b7c6f687ab4f libseccomp-2.4.1.tar.gz
-sha256 102900208eef27b766380135906d431dba87edaa7ec6aa72e6ebd3dd67f3a97b LICENSE
+sha256  102900208eef27b766380135906d431dba87edaa7ec6aa72e6ebd3dd67f3a97b  LICENSE
--- a/buildroot/package/libseccomp/libseccomp.mk
+++ b/buildroot/package/libseccomp/libseccomp.mk
@@ -4,11 +4,10 @@
 #
 ################################################################################

-LIBSECCOMP_VERSION = 2.4.1
-LIBSECCOMP_SITE = $(call github,seccomp,libseccomp,v$(LIBSECCOMP_VERSION))
+LIBSECCOMP_VERSION = 2.4.4
+LIBSECCOMP_SITE = https://github.com/seccomp/libseccomp/releases/download/v$(LIBSECCOMP_VERSION)
 LIBSECCOMP_LICENSE = LGPL-2.1
 LIBSECCOMP_LICENSE_FILES = LICENSE
 LIBSECCOMP_INSTALL_STAGING = YES
-LIBSECCOMP_AUTORECONF = YES

 $(eval $(autotools-package))