[bitbake-devel] [PATCH] fetch2: Add BB_TRUSTED_NETWORK support
Liam R. Howlett
Liam.Howlett at windriver.com
Thu Apr 16 14:16:44 UTC 2015
* Bernhard Reutner-Fischer <rep.dot.nop at gmail.com> [150415 15:43]:
> On April 15, 2015 9:37:38 PM GMT+02:00, Christopher Larson <clarson at kergoth.com> wrote:
> >On Tue, Mar 31, 2015 at 11:39 AM, Liam R. Howlett <
> >Liam.Howlett at windriver.com> wrote:
> >
> >> This patch adds support for a new local.conf variable called
> >> BB_TRUSTED_NETWORK. BB_TRUSTED_NETWORK holds a list of hostnames
> >that the
> >> user
> >> trusts as a source for downloading content. If network access is
> >enabled
> >> and
> >> the user has configured trusted hosts, then any hosts that are not in
> >the
> >> list
> >> will cause an error to occur at fetch. Any mirrors and pre-mirrors
> >that
> >> are
> >> not in the list will result in warnings that these locations will not
> >be
> >> used.
> >>
> >> The BB_NO_NETWORK variable still stops all network access.
> >>
> >> Please see the comments in the patch for more details and example
> >usage.
> >>
> >
> >Hmm, looks like this might be useful with an internal mirror coupled
> >with
> >PREMIRRORS, so fetches from the internal host are allowed, but anything
> >missing from there would be immediately caught?
>
Yes, limiting to a local mirror is the main driving force behind this
patch. It will also catch any packages getting pulled in from undesired
locations through dependencies, etc.
> That was my thought, too.
> I would find BB_ALLOWED_NETWORKS more intuitive though.
>
> Cheers,
>
>
I had BB_LIMITED_NETWORKS before, but I think BB_ALLOWED_NETWORKS is
better than both of my suggestions.
Please note that I did send v2 of this patch with minor cleanup & a fix
yesterday, 2015-04-15.
Thanks,
Liam
More information about the bitbake-devel
mailing list