Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NanoKVM support #44

Open
wants to merge 70 commits into
base: main
Choose a base branch
from
Open

Add NanoKVM support #44

wants to merge 70 commits into from

Conversation

scpcom
Copy link

@scpcom scpcom commented Sep 1, 2024

This will add the nanokvm app to the buildroot and some init script enhancements to build an image for NanoKVM.
The init scripts can be controlled by adding the files /boot.usb.hid and /boot/usb.disk0.
Currently I did not want to add an extra defconfig, I use this build script (not included in the pull request) to run the nanokvm build:
https://raw.githubusercontent.com/scpcom/LicheeRV-Nano-Build/develop/build-nanokvm.sh

scpcom and others added 21 commits September 4, 2024 02:28
…tition or file based usb disk"

This reverts commit 5d0d4d0.
Fixes the following CVEs:

CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm
CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping
CVE-2024-24784: net/mail: comments in display names are incorrectly handled

https://go.dev/doc/devel/release#go1.21.8

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to the latest 1.19.x version available.

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Add a third bootstrap stage with Go1.21.x necessary for go1.22 bootstrap.

go-bootstrap-stage1 is Go1.4.x, the final version to support bootstrap using a C
compiler (later versions require the Go compiler for bootstrapping).

See: https://go.dev/doc/install/source#bootstrapFromSource

go-bootstrap-stage2 is Go 1.19.13, the last version to support bootstrap using
the Go1.4.x compiler.

go-bootstrap-stage3 is Go 1.21.8, the last version to support bootstrap using
the Go1.19.13 compiler. Go 1.20 requires a minimum of go 1.17.13 to bootstrap.

See: https://go.dev/doc/go1.20#bootstrap

This patch is in preparation for bumping the host-go package to >go1.22.x, which
requires a minimum of Go1.20.x for bootstrap.

See: https://go.dev/doc/go1.22#bootstrap

Signed-off-by: Christian Stewart <christian@aperture.us>
[Arnout: add GOCACHE definition]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Upgrade Go to the latest v1.22.x point release, go1.22.1.

This requires go-bootstrap-stage3 at version go1.21.8:

See: https://go.dev/doc/go1.22#bootstrap

https://go.dev/doc/devel/release#go1.22.1

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
CVE-2023-45288: http2: close connections when receiving too many headers

https://go.dev/doc/devel/release#go1.22.2

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVEs:

CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin
CVE-2024-24788: net: malformed DNS message can cause infinite loop

https://go.dev/doc/devel/release#go1.22.3

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
…s invalid .git

Since go-bootstrap-stage3 package has been added to Buildroot [1], all
tests using go are failing only on Gitlab-ci jobs. The build succeed
if we use docker-run script.

Since the issue is only trigged by Gitlab-ci environment, the issue
is related to the ownership of the (buildroot) git tree, see [2].
go seems to ignore the .gitconfig set by before_script.

Anyway, go should not try to use git to retrieve some info since we
are not building it from the go repository.

go package was already patched for a similar issue when building
host-go within docker [3]. Apply the same patch to go-bootstrap-stage3
to disable VCS support.

See
http://lists.busybox.net/pipermail/buildroot/2024-May/691273.html

[1] f00eb37de9b4b0ddbdeb5c7ebae48c883c27e132
[2] a016b693f7830f3c8ae815851d3204b8b6e99821
[3] bc8e70a08ba083d978c828e31442a7645c9099d7

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6833307649 (tests.fs.test_oci.TestOci)
https://gitlab.com/buildroot.org/buildroot/-/jobs/6833307823 (tests.package.test_docker_compose.TestDockerCompose)
https://gitlab.com/buildroot.org/buildroot/-/jobs/6833308175 (tests.package.test_mender.TestMender)

Runtime tested:
https://gitlab.com/kubu93/buildroot/-/jobs/6860670292

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Christian Stewart <christian@aperture.us>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following CVEs:

CVE-2024-24789: archive/zip: mishandling of corrupt central directory record
CVE-2024-24790: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.4

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE:

CVE-2024-24791: net/http: denial of service due to improper 100-continue handling

https://go.dev/doc/devel/release#go1.22.5

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5d02277884e406625c0142e7c3e68dfe30bdf6c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
scpcom added 27 commits October 23, 2024 07:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants