[OE-core] [PATCH 1/1] bbclass/sstate: only allowed sstate-cache objects are allowed in a build (read-only sstate-cache)
Hongxu Jia
hongxu.jia at windriver.com
Thu Aug 21 02:36:54 UTC 2014
The requirement is the developer who demand only the "new" software
they write is allowed to be compiled from source, they only want to
reuse binaries from an existed sstate-cache, if the developer makes
a change that triggers a rebuild, it should be an instant error.
The purpose of this is for the sstate-cache to check if the item
exists or not. If it doesn't the item needs to be in a whitelist
or we need to fail.
In the sstate-cache code, add a checking in the return path of
sstate_checkhashes. If read-only sstate-cache enable, and the
recipe's ${PN} not in the ${SSTATECACHE_WHITELIST}, it trigered
an instant error.
...
$ bitbake db
ERROR: Read-only sstate-cache is enabled, the build of
"db rpm-native gcc-runtime eglibc linux-libc-headers libgcc"
did not come from sstate-cache. Only the recipe listed in
SSTATECACHE_WHITELIST is allowed to build from source
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
...
[YOCTO #6639]
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
meta/classes/sstate.bbclass | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 4eec6bd..4a04efb 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -41,6 +41,14 @@ EXTRA_STAGING_FIXMES ?= ""
sstate_create_package[dirs] = "${SSTATE_BUILDDIR}"
sstate_unpack_package[dirs] = "${SSTATE_INSTDIR}"
+# 1) If ${SSTATECACHE_WHITELIST} is "", it means read-only sstate-cache
+# disabled;
+#
+# 2) If read-only sstate-cache enabled and the recipe's ${PN} not listed
+# in ${SSTATECACHE_WHITELIST}, the build from source will triger an
+# instant error;
+SSTATECACHE_WHITELIST ?= ""
+
python () {
if bb.data.inherits_class('native', d):
d.setVar('SSTATE_PKGARCH', d.getVar('BUILD_ARCH'))
@@ -382,6 +390,15 @@ sstate_clean[vardepsexclude] = "SSTATE_MANFILEPREFIX"
CLEANFUNCS += "sstate_cleanall"
python sstate_cleanall() {
+ whitelist = d.getVar('SSTATECACHE_WHITELIST', True)
+ if whitelist:
+ pn = d.getVar('PN', True)
+ if pn not in whitelist.split():
+ msg = 'Read-only sstate-cache is enabled, the clean of \n'
+ msg += '%s is not allowed. Only the recipe listed in\n' % pn
+ msg += 'SSTATECACHE_WHITELIST is allowed to clean sstate-cache'
+ bb.fatal(msg)
+
bb.note("Removing shared state for package %s" % d.getVar('PN', True))
manifest_dir = d.getVar('SSTATE_MANIFESTS', True)
@@ -704,6 +721,29 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, d):
evdata['found'].append( (sq_fn[task], sq_task[task], sq_hash[task], sstatefile ) )
bb.event.fire(bb.event.MetadataEvent("MissedSstate", evdata), d)
+ whitelist = d.getVar('SSTATECACHE_WHITELIST', True)
+ if whitelist:
+ missed_pn = []
+ for task in missed:
+ fn = sq_fn[task]
+ data = bb.cache.Cache.loadDataFull(fn, '', d)
+ pn = data.getVar('PN', True) or ""
+ if pn and pn not in missed_pn:
+ missed_pn.append(pn)
+
+ if missed_pn:
+ blacklist = [pn for pn in missed_pn if pn not in whitelist.split()]
+ if blacklist:
+ # We should manually unlock the bitbake lock, because the fatal
+ # msg will exit the build immediately.
+ lockfile = d.expand("${TOPDIR}/bitbake.lock")
+ os.unlink(lockfile)
+ msg = 'Read-only sstate-cache is enabled, the build of \n'
+ msg += '"' + ' '.join(blacklist) + '"\n'
+ msg += 'did not come from sstate-cache. Only the recipe listed in\n'
+ msg += 'SSTATECACHE_WHITELIST is allowed to build from source'
+ bb.msg.fatal('sstate', msg)
+
return ret
BB_SETSCENE_DEPVALID = "setscene_depvalid"
--
1.9.1
More information about the Openembedded-core
mailing list