Re: [zeus 00/29] Patch review

From: Schrempf Frieder <frieder.schrempf@kontron.de>
To: Armin Kuster <akuster808@gmail.com>,
	"openembedded-core@openembedded.org"
	<openembedded-core@openembedded.org>
Subject: Re: [zeus 00/29] Patch review
Date: Mon, 10 Feb 2020 08:07:25 +0000	[thread overview]
Message-ID: <e84c869d-1f1c-fdcf-4994-02277ab9d266@kontron.de> (raw)
In-Reply-To: <cover.1581264380.git.akuster808@gmail.com>

Hi Armin,

On 09.02.20 17:09, Armin Kuster wrote:
> These are the additional changes to help address reproducibility issues and additional fixes
> we would like to be included in 3.0.2
> 
> Please have comments back by Tuesday

I have two questions/comments:

1. When I look at the zeus-next branch, why do I see only patches 7 to 
29 from this series applied and what about patches 1 to 6? Am I missing 
something?

2. Patch 5 (devtool/standard.py: Allow recipe to disable menuconfig 
logic) goes hand in hand with a change to the u-boot recipe, that is 
also in master (c634b8db1a8b). This patch seems to be missing here.

Regards,
Frieder

> 
> The following changes since commit 9b1bf083129be2b849db52d4f0eda9eb6077c97e:
> 
>    python2: add ntpath (2020-02-02 18:19:50 -0800)
> 
> are available in the Git repository at:
> 
>    git://git.openembedded.org/openembedded-core-contrib stable/zeus-nut
>    http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-nut
> 
> Alejandro del Castillo (1):
>    opkg-utils: upgrade to version 0.4.2
> 
> Alexander Kanavin (1):
>    perl: do not install files that contain build host specific data
> 
> Anuj Mittal (3):
>    Revert "bzip2: Fix CVE-2019-12900"
>    curl: fix CVE-2019-15601
>    cpio: fix CVE-2019-14866
> 
> Joshua Watt (2):
>    classes/reproducible_build: Read SDE file later
>    mc: Fix build reproducibility
> 
> Lee Chee Yang (1):
>    rsync: whitelist CVE-2017-16548
> 
> Richard Purdie (17):
>    opkg-utils: Fix reproducibility issues in opkg-build
>    oeqa/reproducible: Improve test output and ensure deb+ipk compared
>    sudo: Set vardir deterministically
>    libxshmfence: Set shm directory deterministically
>    mc: Set zipinfo presence determinstically
>    mc: Fix manpage date indeterminism
>    tar: Fix build determinism, disable rsh
>    patch: Extend to native/nativesdk and depend upon
>    libidn2: Fix reproducibility issue
>    perl: Fix various reproducibile build issues
>    openssl: Fix reproducibility issue
>    iputils: Fix build determinism
>    libinput: Fix determinism issue
>    libgcrypt: Fix determinism issue
>    sysvinit: Fix Reproducibility issue
>    libevdev: Fix determinism issue
>    ncurses: Fix reproducibility issue
> 
> Ross Burton (2):
>    gtk+3: sort resources for reproducible binaries
>    sudo: specify where target tools are
> 
> Taras Kondratiuk via Openembedded-core (1):
>    gcc-9.2: fix bug #91102 'aarch64 ICE on Linux kernel with -Os'
> 
> Tom Hochstein (1):
>    devtool/standard.py: Allow recipe to disable menuconfig logic
> 
>   meta/classes/patch.bbclass                    |   7 +
>   meta/classes/reproducible_build.bbclass       |  40 ++-
>   meta/lib/oeqa/selftest/cases/reproducible.py  |   9 +-
>   .../openssl/openssl/reproducible.patch        |  32 ++
>   .../openssl/openssl_1.1.1d.bb                 |   1 +
>   meta/recipes-core/meta/buildtools-tarball.bb  |   1 +
>   meta/recipes-core/ncurses/ncurses.inc         |   1 +
>   .../recipes-core/sysvinit/sysvinit_2.88dsf.bb |   1 +
>   meta/recipes-devtools/gcc/gcc-9.2.inc         |   1 +
>   ...02-aarch64-ICE-on-Linux-kernel-with-.patch |  95 ++++++
>   ...Switch-all-scripts-to-use-Python-3.x.patch | 113 -------
>   ...ld-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch |  44 ---
>   .../opkg-utils/fix-reproducibility.patch      |  32 ++
>   .../opkg-utils/opkg-utils/pipefail.patch      |  31 --
>   ...pkg-utils_0.4.1.bb => opkg-utils_0.4.2.bb} |  13 +-
>   meta/recipes-devtools/patch/patch_2.7.6.bb    |   3 +
>   .../perl/files/determinism.patch              |  81 +++++
>   meta/recipes-devtools/perl/perl-ptest.inc     |   3 +
>   meta/recipes-devtools/perl/perl_5.30.0.bb     |   4 +
>   meta/recipes-devtools/rsync/rsync_3.1.3.bb    |   3 +
>   .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch    |  36 --
>   .../cpio/cpio-2.12/CVE-2019-14866.patch       | 316 ++++++++++++++++++
>   meta/recipes-extended/cpio/cpio_2.12.bb       |   1 +
>   .../iputils/iputils_s20190709.bb              |   3 +-
>   meta/recipes-extended/libidn/libidn2_2.2.0.bb |   3 +-
>   ...Add-option-to-control-configure-args.patch |  99 ++++++
>   .../recipes-extended/mc/files/nomandate.patch |  21 ++
>   meta/recipes-extended/mc/mc_4.8.23.bb         |   7 +-
>   meta/recipes-extended/sudo/sudo.inc           |   2 +-
>   meta/recipes-extended/sudo/sudo_1.8.27.bb     |  10 +-
>   meta/recipes-extended/tar/tar_1.32.bb         |   2 +
>   .../gtk+/gtk+3/sort-resources.patch           |  19 ++
>   meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb       |   1 +
>   .../wayland/libinput/determinism.patch        |  21 ++
>   .../wayland/libinput_1.14.1.bb                |   4 +-
>   .../xorg-lib/libxshmfence_1.3.bb              |   2 +
>   .../curl/curl/CVE-2019-15601.patch            |  46 +++
>   meta/recipes-support/curl/curl_7.66.0.bb      |   1 +
>   .../libevdev/libevdev/determinism.patch       |  34 ++
>   .../libevdev/libevdev_1.8.0.bb                |   3 +-
>   .../libgcrypt/files/determinism.patch         |  32 ++
>   .../libgcrypt/libgcrypt_1.8.4.bb              |   1 +
>   scripts/lib/devtool/standard.py               |   6 +-
>   43 files changed, 933 insertions(+), 252 deletions(-)
>   create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducible.patch
>   create mode 100644 meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch
>   delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch
>   delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch
>   create mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch
>   delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch
>   rename meta/recipes-devtools/opkg-utils/{opkg-utils_0.4.1.bb => opkg-utils_0.4.2.bb} (83%)
>   create mode 100644 meta/recipes-devtools/perl/files/determinism.patch
>   delete mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
>   create mode 100644 meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch
>   create mode 100644 meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
>   create mode 100644 meta/recipes-extended/mc/files/nomandate.patch
>   create mode 100644 meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch
>   create mode 100644 meta/recipes-graphics/wayland/libinput/determinism.patch
>   create mode 100644 meta/recipes-support/curl/curl/CVE-2019-15601.patch
>   create mode 100644 meta/recipes-support/libevdev/libevdev/determinism.patch
>   create mode 100644 meta/recipes-support/libgcrypt/files/determinism.patch
> 