Unfortunately, some sites do not support the HTTP/1.1 range header and
just serve the whole file, which takes it's time and may result in a
timeout.
Fixes#2819
Issue #2778
The "create_grub2" script functionality is moved to the g2fg contrib sources
and also the GRUB2 head image (tool/grub2-head.img). The head image is now
partitioned as GPT and bootable in BIOS legacy mode.
The nic_bridge test is not suitable to be executed on hardware so it should,
in case, print an appropriate message and return without doing anything else.
Issue #2788
Our nightly did not detect the current stale hashes because only updated
(in the sense of a changed hash) ports are prepared. Others were left
untouched besides the check_port_source step. Now, check_hash also
checks for missing hash file updates.
SHA1 is susceptible to collision attacks and is generally deprecated.
Source code archives are particularly vulnerable because the hash digest
can be tweaked by hiding by arbitrary data in code comments and files
not processed during build.
With this in mind the 'prepare_port' tool now attempts to verify digests
as SHA256 with a fallback to SHA1. When CHECK_HASH=no is set the tool
will refuse to verify digests as SHA1. The use of SHA1 for creating
unique port versions is retained because the hashes are produced locally
from inputs stored in a git history.
Issue #2767
This driver component provides support for using consumer NVMe storage
devices, i.e. it omits name space managment and will always use the
first name space, on Genode. For now it defaults to a reasonable low
configuration:
- 1 I/O queue (completion/submission tuple)
- 128 entries in the I/O queue
- 4096 as the only I/O transaction memory page size
Fixes#2747.
Our static okl4 system-integration configuration specifies a fixed RAM
range from 32 to 800 MiB, which must be satisfied by Qemu or strange
errors happen due to accesses beyond RAM. (Fixes current issues with
nic_router.run.)
Switch port I/O based PCI config space access to memory-mapped IO. The
base address of the PCI configuration space is acquired by mapping the
ACPI ROM and reading the first <bdf> node. An exception is thrown if the
first <bdf> node is not for PCI domain zero or if multiple <bdf> nodes
exist. This is to reduce complexity and also because multiple PCI
domains are rare.
The PCI configuration space is accessed via I/O mem dataspace which is
created in the platform_drv root and then passed on to the PCI session,
device components and finally to the actual PCI config access instances.
The memory access code is implemented in a way to make it work with Muen
subject monitor (SM) device emulation and also general x86 targets. On
Muen, the simplified device emulation code (which works also for Linux)
always returns 0xffff in EAX to indicate a non-existing device.
Therefore, EAX is enforced in the assembly templates.
Fixes#2547
When a pkg is missing, the user should create <arch>/pkg instead
of only the missing pkg. This way, all depending binaries are created in
one step. Otherwise the missing binaries are detected at the next time
the run script is executed. This patch relieves the user from iterating
manually.
This commit changes the semantic of run_boot_dir to link a core
binary with debug symbols only when the designated library is in place.
Follow-up fix refering to issues #2339 and #2700
The install_pxe_bootloader_to_run_dir procedure is required by the tftp
as well as the ipxe load script. Move it to a separate file which is
include by both.
- Use latest Muen version
- Sync VirtualBox Muen subject state
- Drop unneccessary subject IP patch
- Adapt Muen RUN_OPTs
- Update documentation
Note: the GPL 2017 toolchain is now required and as the debug output
format has changed the mulog-subject.py script must be updated on
autopilot instances.
The timestamp-based rules of make do not work well for the publish tool
because depot archives are often re-created with the same content but a
different modification time, in particular when creating archives via
'FORCE'. This way, those archives are re-published every time, which
becomes a time-consuming operation since all archives must be signed.
This patch filters the targets based on the content that is already
present in the public/ location. All existing archives are skipped.
