docker-ce: backport patch correcting panic on netlink #49
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
By default it will use sdimgage-sota.wks that is the correct to be used with rpi Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
We need ota-ext4 and wic for rpi Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
we have to make sure to set the u-boot-fio and use only it Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
meta-lmp is applying some patches for rpi Kernel v4.19 Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Setting uart enabled as default Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Changing torizonlogo to add the "Powered by Toradex", since the hardware is not by Toradex but the software is Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
This is mainly for debug purposes, we need to add support also to torizoncore-builder to add custom kernel args in production images. Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Ooops, some cherry pick mess up with ostree Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Using kirkstone Torizon 6.0.0 Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Signed-off-by: Matheus Castello <matheus.castello@toradex.com>
Commit c90cb38 dropped Pango as a dependency, which dropped the virtual/egl dependency which made the out-of-tree GPU stack for AM62 to never actually make into the final image. This was detected using bisect and discovered due to the missing firmware files in /usr/lib/firmware in the rootfs, more specifically the rgx* binary blobs that the kernel module loads into the PVR core, which is done at runtime when the kernel module gets exercised with the correct IOCTLs (done by the libdrm component of the mesa-pvr userspace stack, present in the Torizon OS reference containers). This commit re-introduce this dependency, much like b40b911. Closes commontorizon#49. Signed-off-by: Leonardo Held <leonardo.held@toradex.com>
This issue has been fixed by BSP (https://lore.kernel.org/all/20240403212426.582727-1-jm@ti.com/), and now we can re-enable this watchdog. closes #53 Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Enable the ostree commit signing and verification feature based on ed25519 keys; this is to be used for authenticating ostree deployments. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
When override "cfs-signed" is present (secure boot image): - Generate key pair for signing ostree commits. - Add composefs digest to ostree commit metadata. - Sign ostree commits with appropriate key. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
In the context of secure boot, when signing is enabled, generate (if needed) and deploy in the ramdisk the public key used for verifying the signature of the ostree commit associated with the "to be booted" ostree deployment; the metadata of the commit has the information used by ostree-prepare-root to determine the expected digest for the composefs image representing the deployment. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
- Add variables for configuring ostree/composefs signing. - Get rid of previous uses of override "torizon-signed" in favor of the new one named "cfs-signed". Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Enable fsverity on the deployed ostree repository in case rootfs signing is enabled (by means of override "cfs-signed"). This causes fsverity to be enabled upon new deployments (e.g. due to updates) performed on the device. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Add logic to the ramdisk in order to enable fsverity when required by the system configuration (i.e. when booting a secure boot image with rootfs signing enabled) and detected that fsverity is still not enabled. In practice this means the process would be done upon the first boot of a device after installing the OS with Toradex Easy Installer since the installer image is not capable of keeping fsverity information (as being a simple tarball of the sysroot). The approach being followed here has the advantage that it does not require the build machine, the installer and the installer image to have any knowledge of fsverity. The disadvantage is the extra boot time on the first boot after initial installation; on a verdin-imx8mm the extra time is around 2.5 minutes. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Disable signing (along with fsverity) until the required kernel patches are in place and tested. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
No longer redirect the console with plymouth during boot. With Torizon OS (whether building with secure-boot support or not), the kernel command line already has the "quiet" argument in it which prevents most messages from showing up so redirecting the console seems unnecessary and it prevents us from showing important information immediately in the console when needed. The reason for removing the redirection now is to allow us to provide feedback on the fsverity enabling process which is a one-time process that takes a few minutes during the first boot after installation with Toradex Easy Installer. The feedback part will be added in the following commit. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Implement a progress bar on the console showing the amount of work done on the fsverity enabling process; the bar also shows the current and total number of files being processed. Related-to: TOR-3379 Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Due to BSP changes, ALSA configuration files were reworked into a new recipe. Removing old config: https://git.toradex.com/cgit/meta-toradex-nxp.git/commit/?h=kirkstone-6.x.y&id=54721dc86ece6b41d88f5e9de4262b575efc5393 https://git.toradex.com/cgit/meta-toradex-ti.git/commit/?h=kirkstone-6.x.y&id=d5d48dc1cc1ab54b3a498a0d5ea19646cab381ee Adding new UCM config: https://git.toradex.com/cgit/meta-toradex-bsp-common.git/commit/?h=kirkstone-6.x.y&id=5183100ea2bb3fe29702f96657e05f4e905433b5 Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Lucas Pires Bernardes <lucas.bernardes@toradex.com>
Since NetworkManager can't play nice with uap interfaces, we're marking them as unmanaged, so this won't affect other connections. Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Leonardo Held <leonardo.held@toradex.com>
Closes #63 Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
Signed-off-by: Matheus Castello <matheus@castello.eng.br>
This reverts commit 0dc08df. So, we are being forced to follow the old branch naming scheme so we prevent to have issues not related to upstream. Signed-off-by: Matheus Castello <matheus@castello.eng.br>
Sometimes, especially on devices relying on modems, docker would fail to initialize and create 'docker0' interface. This is a known issue [1], that was solved upstream [2]. Since we're using an older version of docker, I've backported this fix to our layer. [1] moby/moby#43034 [2] vishvananda/netlink#665 Related-to: TOR-3551 Signed-off-by: Eduardo Ferreira <eduardo.barbosa@toradex.com>
microhobby
force-pushed
the
kirkstone
branch
from
cf49677
to
4facffb
Compare
|
Hey @EdTheBearded thanks for the contribution, with the rebase this was added automatically. |
microhobby
pushed a commit
that referenced
this pull request
Sep 19, 2024
Commit c90cb38 dropped Pango as a dependency, which dropped the virtual/egl dependency which made the out-of-tree GPU stack for AM62 to never actually make into the final image. This was detected using bisect and discovered due to the missing firmware files in /usr/lib/firmware in the rootfs, more specifically the rgx* binary blobs that the kernel module loads into the PVR core, which is done at runtime when the kernel module gets exercised with the correct IOCTLs (done by the libdrm component of the mesa-pvr userspace stack, present in the Torizon OS reference containers). This commit re-introduce this dependency, much like b40b911. Closes #49. Signed-off-by: Leonardo Held <leonardo.held@toradex.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sometimes, especially on devices relying on modems, docker would fail to initialize and create 'docker0' interface. This is a known issue [1], that was solved upstream [2].
Since we're using an older version of docker, I've backported this fix to our layer.
[1] moby/moby#43034
[2] vishvananda/netlink#665
Related-to: TOR-3551