Weekly Status
Yocto Project Weekly Status May 28th, 2024
Current Dev Position: YP 5.1 M1
Next Deadline: YP 5.1 M1 Build 20 May 2024
Next Team Meetings:
- Bug Triage meeting Thursday May 30th at 7:30 am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
- Weekly Engineering Sync Tuesday May 28th at 8 am PDT (https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)
- Twitch - See https://www.twitch.tv/theyoctojester
Key Status/Updates:
- YP 5.0.1 has been released.
- We have suspected a performance problem for a while, this has now been identified/confirmed as an issue with hash equivalence. The public server using websockets/SSL has significantly slowed down things, to the point a 2 hour world build is taking 18+ hours. In trying to improve this, we ended up destablising the autobuilders entirely, breaking many builds and halting the patch merging.
The problem is visible both at build initialization time and also at any point it rehashes due to new hash information from the server. We are still trying to work out ways to improve things but there appears to be multiple levels of different problems, including the hashserve client parallelism seeming to have bugs. The issue affects scarthgap as well as master.
- A new gcc 14 compatible version of uninative was released allowing fedora 40 testing. Unfortunately there are issues with build failures on that host that are as yet uninvestigated.
- The WORKDIR to UNPACKDIR transition has merged and other layers are now working on the updates needed. There appear to be some challenges around go modules in particular which are needing more investigation and development time.
- We aim to build YP 5.1 M1 after the performance issue is addressed and we have stable builds.
- We were able to merge a chunk of pending patches but things are still processing slowly unfortunately.
- There are some CVE related announcements which are helpful to us:
- There was a CVE 5.1 Record format announcement with changes that encourage more useful data from our perspective
- CISA announced on linkedin the creation of https://github.com/cisagov/vulnrichment
- Unfortunately there are reports that the backlog of CVEs without version constraints is growing rapidly
- There is an open letter the project has created related to the CVE/NVD situation, more information is available here: https://lists.openembedded.org/g/openembedded-architecture/message/1990
- Please consider signing this to show support for those changes.
- Signatures from small businesses/consultancies are as welcome as those from larger organizations as we want to demonstrate the breadth of the need for these changes.
- The project is sponsoring Syslinbit to separate out our CVE tooling from the build system into a standalone tool so that it can be used on software manifests of output at a later date.
T*he project is in the process of testing a new way of hosting our autobuilder with plans to switch soon if successful. Our existing hardware is past end of life and showing increased hardware failures so is currently down on capacity meaning builds are taking longer than normal, also not helped with the performance issue identfiied above.
- Further performance graph improvements have merged and the graphs now have links to specific revisions allowing regressions to be much more easily tracked down.
Ways to contribute:
- As people are likely aware, the project has a number of components which are either unmaintained, or have people with little to no time trying to keep them alive. These components include: devtool, toaster, wic, oeqa, autobuilder, CROPs containers, pseudo and more. Many have open bugs. Help is welcome in trying to better look after these components!
- There are bugs identified as possible for newcomers to the project: https://wiki.yoctoproject.org/wiki/Newcomers
- There are bugs that are currently unassigned for YP 5.1. See: https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.1_Unassigned_Enhancements/Bugs
- We’d welcome new maintainers for recipes in OE-Core. Please see the list at: http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/maintainers.inc and discuss with the existing maintainer, or ask on the OE-Core mailing list. We will likely move a chunk of these to “Unassigned” soon to help facilitate this.
- Help is very much welcome in trying to resolve our autobuilder intermittent issues. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT.
- Help us resolve CVE issues: CVE metrics
- We have a growing number of bugs in bugzilla, any help with them is appreciated.
Tracking Metrics:
- WDD 2772 (last week 2752) (https://wiki.yoctoproject.org/charts/combo.html)
- OE-Core/Poky Patch Metrics
- Total patches found: 1121 (last week 1127)
- Patches in the Pending State: 221 (20%) [last week 221 (20%)]
- https://autobuilder.yocto.io/pub/non-release/patchmetrics/
YP 5.1 Milestone Dates:
- YP 5.1 M1 Build date 2024-05-20
- YP 5.1 M1 Release date 2024-05-31
- YP 5.1 M2 Build date 2024-07-08
- YP 5.1 M2 Release date 2024-07-19
- YP 5.1 M3 Build date 2024-08-26
- YP 5.1 M3 Release date 2024-09-06
- YP 5.1 M4 Build date 2024-09-30
- YP 5.1 M4 Release date 2024-10-25
Upcoming dot releases:
- YP 5.0.1 is released.
- YP 4.0.19 build date 2024-06-03
- YP 4.0.19 Release date 2024-06-14
- YP 5.0.2 Build Date 2024-06-24
- YP 5.0.2 Release Date 2024-07-05
- YP 4.0.20 Build Date 2024-07-15
- YP 4.0.20 Release Date 2024-07-26
- YP 5.0.3 Build Date 2024-08-12
- YP 5.0.3 Release Date 2024-08-23
- YP 4.0.21 Build Date 2024-09-09
- YP 4.0.21 Release Date 2024-09-20
- YP 5.0.4 Build Date 2024-09-23
- YP 5.0.4 Release Date 2024-10-04
- YP 4.0.22 Build Date 2024-10-14
- YP 4.0.22 Release Date 2024-10-25
- YP 5.0.5 Build Date 2024-11-11
- YP 5.0.5 Release Date 2024-11-22
- YP 4.0.23 Build Date 2024-11-18
- YP 4.0.23 Release Date 2024-11-29
The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:
https://wiki.yoctoproject.org/wiki/TSC