Per GitHub Dependabot:
- Use setuptools 65.5.1 to avoid some DoS issue
- Use requests 2.31.0 to avoid leaking some proxy information
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In order to better make use of pip caches, and also for better overall
consistency, we should use the same versions of packages in each of our
python requirements files. Update pytest to use the newer versions of
packages we use in sphinx builds.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This allows tests to run in parallel and speeds up some tests markedly,
particularly with binman. Add it to the requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
The version used on Ubuntu 2022.04 produces a number of warnings:
/usr/lib/python3/dist-packages/pkg_resources/__init__.py:116:
PkgResourcesDeprecationWarning: 1.16.0-unknown is an invalid version
and will not be supported in a future release
Same with: 0.1.43ubuntu1 11.4.1ubuntu1 2.22.1ubuntu1 1.1build1
According to [1] this is a bug in setuptools. Employ the workaround for
now.
[1] https://askubuntu.com/questions/1406952/what-is-the-meaning-of-this-
pkgresourcesdeprecationwarning-warning-from-pipenv
Signed-off-by: Simon Glass <sjg@chromium.org>
At present when -n is used, all workers try to build U-Boot at once.
Add a lock to ensure that only one of them builds, with the others using
the build that is produced.
The lock file is removed on startup.
Signed-off-by: Simon Glass <sjg@chromium.org>
- We now have a new enough sbsigntools in the distro, stop building.
- Use the 20220801 tag for Jammy.
- Move to pygit2 1.9.2 (current version) as the old one doesn't build on
"Jammy".
- Add the working directory to the list of safe directories for git.
- Move to pytest 6.2.5 to address other issues.
- This move exposed a number of minor issues in the existing scripts we
used within CI to perform the jobs themselves. The most notable changes
here involve using 'set +e / set -e' to enforce when we should or should
not make non-zero buildman status be a fatal error.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Bump our py version to 1.10.0 to address CVE-2020-29651.
Reported-by: GitHub dependabot
Reported-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
We wish to use pycryptodomex to verify code paths involving ECDSA
signatures. Add it to requirements.txt so that they get picked up
automatically .gitlab and .azure tasks
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The latest versions of pygit2 are not available in practically any
distribution at this time. Furthermore, we don't need the latest in
order to run all of our testsuites. Reduce this version requirement to
something older that meets our needs while still supporting running our
tests on older hosts (and so, test labs).
Reported-by: Tom Warren <twarren@nvidia.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Add pygit2 and pyelftools to the list of packages for virtualenv
needed to run all sets of pytests.This fixes warnings like:
binman.elf_test.TestElf.testDecodeElf (subunit.RemotedTestCase):
Python elftools not available
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
To be more closely aligned with Python community best practices, we need
to better document our usage of pip and make use of a requirements.txt
file that shows the versions of the tools that we are using. This will
aide in ensuring reproducibility of our tests as well.
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Simon Glass <sjg@chromium.org> [on sandbox]
Signed-off-by: Tom Rini <trini@konsulko.com>