All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] dtc: update to 1.6.0
@ 2020-05-05 11:55 Richard Leitner
  2020-05-06  7:10 ` [OE-core] " Adrian Bunk
  0 siblings, 1 reply; 5+ messages in thread
From: Richard Leitner @ 2020-05-05 11:55 UTC (permalink / raw)
  To: openembedded-core; +Cc: Richard Leitner

This also fixes issues with gcc 10's default change to "-fno-common".

Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
---
 meta/recipes-kernel/dtc/{dtc_1.5.1.bb => dtc_1.6.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/dtc/{dtc_1.5.1.bb => dtc_1.6.0.bb} (81%)

diff --git a/meta/recipes-kernel/dtc/dtc_1.5.1.bb b/meta/recipes-kernel/dtc/dtc_1.6.0.bb
similarity index 81%
rename from meta/recipes-kernel/dtc/dtc_1.5.1.bb
rename to meta/recipes-kernel/dtc/dtc_1.6.0.bb
index 9df8a06d47..2dbda4fb0d 100644
--- a/meta/recipes-kernel/dtc/dtc_1.5.1.bb
+++ b/meta/recipes-kernel/dtc/dtc_1.6.0.bb
@@ -3,7 +3,7 @@ require dtc.inc
 LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 		    file://libfdt/libfdt.h;beginline=4;endline=7;md5=05bb357cfb75cae7d2b01d2ee8d76407"
 
-SRCREV = "60e0db3d65a1218b0d5a29474e769f28a18e3ca6"
+SRCREV = "v${PV}"
 
 S = "${WORKDIR}/git"
 
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH] dtc: update to 1.6.0
  2020-05-05 11:55 [PATCH] dtc: update to 1.6.0 Richard Leitner
@ 2020-05-06  7:10 ` Adrian Bunk
  2020-05-06  7:19   ` Richard Leitner
  2020-05-07 20:02   ` Khem Raj
  0 siblings, 2 replies; 5+ messages in thread
From: Adrian Bunk @ 2020-05-06  7:10 UTC (permalink / raw)
  To: Richard Leitner; +Cc: openembedded-core

On Tue, May 05, 2020 at 01:55:35PM +0200, Richard Leitner wrote:
>...
> --- a/meta/recipes-kernel/dtc/dtc_1.5.1.bb
> +++ b/meta/recipes-kernel/dtc/dtc_1.6.0.bb
> @@ -3,7 +3,7 @@ require dtc.inc
>  LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>  		    file://libfdt/libfdt.h;beginline=4;endline=7;md5=05bb357cfb75cae7d2b01d2ee8d76407"
>  
> -SRCREV = "60e0db3d65a1218b0d5a29474e769f28a18e3ca6"
> +SRCREV = "v${PV}"
>...

It is tempting to use tags, but it is a bad idea.
Upstream might move a tag to a different commit.
Someone might do a man-in-the-middle attack on a specific user,
and there is no other verification of the sources apart from
the commit hash.

cu
Adrian

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH] dtc: update to 1.6.0
  2020-05-06  7:10 ` [OE-core] " Adrian Bunk
@ 2020-05-06  7:19   ` Richard Leitner
  2020-05-06 10:18     ` Adrian Bunk
  2020-05-07 20:02   ` Khem Raj
  1 sibling, 1 reply; 5+ messages in thread
From: Richard Leitner @ 2020-05-06  7:19 UTC (permalink / raw)
  To: Adrian Bunk; +Cc: openembedded-core

On Wed, May 06, 2020 at 10:10:16AM +0300, Adrian Bunk wrote:
> On Tue, May 05, 2020 at 01:55:35PM +0200, Richard Leitner wrote:
> >...
> > --- a/meta/recipes-kernel/dtc/dtc_1.5.1.bb
> > +++ b/meta/recipes-kernel/dtc/dtc_1.6.0.bb
> > @@ -3,7 +3,7 @@ require dtc.inc
> >  LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> >  		    file://libfdt/libfdt.h;beginline=4;endline=7;md5=05bb357cfb75cae7d2b01d2ee8d76407"
> >  
> > -SRCREV = "60e0db3d65a1218b0d5a29474e769f28a18e3ca6"
> > +SRCREV = "v${PV}"
> >...
> 
> It is tempting to use tags, but it is a bad idea.
> Upstream might move a tag to a different commit.
> Someone might do a man-in-the-middle attack on a specific user,
> and there is no other verification of the sources apart from
> the commit hash.

Thanks for the info. Is this documented somewhere?

How should I proceed on this patch as it was already applied to
master-next? Should I send a v2 or a "fix patch"?

Furthermore I'll send a v2 for my other series which is not applied yet
(https://patchwork.openembedded.org/patch/172341/).

regards;rl

> 
> cu
> Adrian

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH] dtc: update to 1.6.0
  2020-05-06  7:19   ` Richard Leitner
@ 2020-05-06 10:18     ` Adrian Bunk
  0 siblings, 0 replies; 5+ messages in thread
From: Adrian Bunk @ 2020-05-06 10:18 UTC (permalink / raw)
  To: Richard Leitner; +Cc: openembedded-core

On Wed, May 06, 2020 at 09:19:19AM +0200, Richard Leitner wrote:
> On Wed, May 06, 2020 at 10:10:16AM +0300, Adrian Bunk wrote:
> > On Tue, May 05, 2020 at 01:55:35PM +0200, Richard Leitner wrote:
> > >...
> > > --- a/meta/recipes-kernel/dtc/dtc_1.5.1.bb
> > > +++ b/meta/recipes-kernel/dtc/dtc_1.6.0.bb
> > > @@ -3,7 +3,7 @@ require dtc.inc
> > >  LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> > >  		    file://libfdt/libfdt.h;beginline=4;endline=7;md5=05bb357cfb75cae7d2b01d2ee8d76407"
> > >  
> > > -SRCREV = "60e0db3d65a1218b0d5a29474e769f28a18e3ca6"
> > > +SRCREV = "v${PV}"
> > >...
> > 
> > It is tempting to use tags, but it is a bad idea.
> > Upstream might move a tag to a different commit.
> > Someone might do a man-in-the-middle attack on a specific user,
> > and there is no other verification of the sources apart from
> > the commit hash.
> 
> Thanks for the info. Is this documented somewhere?

Good question.

> How should I proceed on this patch as it was already applied to
> master-next? Should I send a v2 or a "fix patch"?

v2

A -next branch does break git history, so patches can get removed.

>...
> regards;rl

cu
Adrian

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH] dtc: update to 1.6.0
  2020-05-06  7:10 ` [OE-core] " Adrian Bunk
  2020-05-06  7:19   ` Richard Leitner
@ 2020-05-07 20:02   ` Khem Raj
  1 sibling, 0 replies; 5+ messages in thread
From: Khem Raj @ 2020-05-07 20:02 UTC (permalink / raw)
  To: Adrian Bunk, Richard Leitner; +Cc: openembedded-core



On 5/6/20 12:10 AM, Adrian Bunk wrote:
> On Tue, May 05, 2020 at 01:55:35PM +0200, Richard Leitner wrote:
>> ...
>> --- a/meta/recipes-kernel/dtc/dtc_1.5.1.bb
>> +++ b/meta/recipes-kernel/dtc/dtc_1.6.0.bb
>> @@ -3,7 +3,7 @@ require dtc.inc
>>  LIC_FILES_CHKSUM = "file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>>  		    file://libfdt/libfdt.h;beginline=4;endline=7;md5=05bb357cfb75cae7d2b01d2ee8d76407"
>>  
>> -SRCREV = "60e0db3d65a1218b0d5a29474e769f28a18e3ca6"
>> +SRCREV = "v${PV}"
>> ...
> 
> It is tempting to use tags, but it is a bad idea.
> Upstream might move a tag to a different commit.
> Someone might do a man-in-the-middle attack on a specific user,
> and there is no other verification of the sources apart from
> the commit hash.
> 

moreover bitbake will still need to enquire the repository since tags
are floating revisions. and this might fail to work if network does not
allow access to internet etc. This is a good document describing the problem

https://pelux.io/software-factory/PELUX-3.0/swf-blueprint/docs/articles/baseplatform/reproducible-yocto-builds.html


> cu
> Adrian
> 
> 
> 
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-07 20:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-05 11:55 [PATCH] dtc: update to 1.6.0 Richard Leitner
2020-05-06  7:10 ` [OE-core] " Adrian Bunk
2020-05-06  7:19   ` Richard Leitner
2020-05-06 10:18     ` Adrian Bunk
2020-05-07 20:02   ` Khem Raj

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.