[OE-core] [PATCH 3/3] bbclass/sstate approach 3: add checking in the return path of sstate_checkhashes
Hongxu Jia
hongxu.jia at windriver.com
Wed Aug 6 07:16:01 UTC 2014
In the sstate-cache code, add a checking in the return path of
sstate_checkhashes. If read-only sstate-cache enable, and the
recipe's ${PN} not in the ${SSTATECACHE_WHITELIST}, it trigered
an instant error.
Flaws:
1. We should manually unlock the bitbake lock which the instant error
msg will exit the build immediately.
...
$ bitbake db
ERROR: Read-only sstate-cache is enabled, the build of
"db rpm-native gcc-runtime eglibc linux-libc-headers libgcc"
did not come from sstate-cache. Only the recipe listed in
SSTATECACHE_WHITELIST is allowed to build from source
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
...
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
meta/classes/sstate.bbclass | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 0d3940e..17cd109 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -41,6 +41,14 @@ EXTRA_STAGING_FIXMES ?= ""
sstate_create_package[dirs] = "${SSTATE_BUILDDIR}"
sstate_unpack_package[dirs] = "${SSTATE_INSTDIR}"
+# 1) If ${SSTATECACHE_WHITELIST} is "", it means read-only sstate-cache
+# disabled;
+#
+# 2) If read-only sstate-cache enabled and the recipe's ${PN} not listed
+# in ${SSTATECACHE_WHITELIST}, the build from source will triger an
+# instant error;
+SSTATECACHE_WHITELIST ?= ""
+
python () {
if bb.data.inherits_class('native', d):
d.setVar('SSTATE_PKGARCH', d.getVar('BUILD_ARCH'))
@@ -382,6 +390,15 @@ sstate_clean[vardepsexclude] = "SSTATE_MANFILEPREFIX"
CLEANFUNCS += "sstate_cleanall"
python sstate_cleanall() {
+ whitelist = d.getVar('SSTATECACHE_WHITELIST', True) or ""
+ if whitelist:
+ pn = d.getVar('PN', True)
+ if pn not in whitelist.split():
+ msg = 'Read-only sstate-cache is enabled, the clean of \n'
+ msg += '%s is not allowed. Only the recipe listed in\n' % pn
+ msg += 'SSTATECACHE_WHITELIST is allowed to clean sstate-cache'
+ bb.fatal(msg)
+
bb.note("Removing shared state for package %s" % d.getVar('PN', True))
manifest_dir = d.getVar('SSTATE_MANIFESTS', True)
@@ -704,6 +721,29 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, d):
evdata['found'].append( (sq_fn[task], sq_task[task], sq_hash[task], sstatefile ) )
bb.event.fire(bb.event.MetadataEvent("MissedSstate", evdata), d)
+ whitelist = d.getVar('SSTATECACHE_WHITELIST', True) or ""
+ if whitelist:
+ missed_pn = []
+ for task in missed:
+ fn = sq_fn[task]
+ data = bb.cache.Cache.loadDataFull(fn, '', d)
+ pn = data.getVar('PN', True) or ""
+ if pn and pn not in missed_pn:
+ missed_pn.append(pn)
+
+ if missed_pn:
+ blacklist = [pn for pn in missed_pn if pn not in whitelist.split()]
+ if blacklist:
+ # We should manually unlock the bitbake lock, because the fatal
+ # msg will exit the build immediately.
+ lockfile = d.expand("${TOPDIR}/bitbake.lock")
+ os.unlink(lockfile)
+ msg = 'Read-only sstate-cache is enabled, the build of \n'
+ msg += '"' + ' '.join(blacklist) + '"\n'
+ msg += 'did not come from sstate-cache. Only the recipe listed in\n'
+ msg += 'SSTATECACHE_WHITELIST is allowed to build from source'
+ bb.msg.fatal('sstate', msg)
+
return ret
BB_SETSCENE_DEPVALID = "setscene_depvalid"
--
1.9.1
More information about the Openembedded-core
mailing list