[OE-core] [PATCH 10/27] bbclass/sstate_readonly: only allowed sstate-cache objects to be built (read-only sstate-cache)
Ross Burton
ross.burton at intel.com
Mon Sep 8 11:58:28 UTC 2014
From: Hongxu Jia <hongxu.jia at windriver.com>
The requirement is the developer who demand only the "new" software
they write is allowed to be compiled from source, they only want to
reuse binaries from an existed sstate-cache, if the developer makes
a change that triggers a rebuild, it should be an instant error.
When the readonly sstate-cache is enabled, an error will be generated
if a recipe is not available within the sstate-cache. Adding recipes
to the whitelist will allow only select recipes to be allowed to build
from source.
[YOCTO #6639]
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
meta/classes/sstate_readonly.bbclass | 53 ++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
create mode 100644 meta/classes/sstate_readonly.bbclass
diff --git a/meta/classes/sstate_readonly.bbclass b/meta/classes/sstate_readonly.bbclass
new file mode 100644
index 0000000..488353d
--- /dev/null
+++ b/meta/classes/sstate_readonly.bbclass
@@ -0,0 +1,53 @@
+SSTATE_CHECK_FUNCTIONS_append = " sstate_readonly_check"
+# 1) The read-only sstate-cache will always be enabled if this bbclass
+# inherited
+#
+# 2) If ${SSTATECACHE_WHITELIST} is "", it means always blacklist
+# everything
+#
+# 3) Adding recipes to ${SSTATECACHE_WHITELIST} will allow only select
+# recipes to be allowed to build
+#
+# 4) While recipes not in ${SSTATECACHE_WHITELIST}, an error will be
+# generated if a recipe is not available within sstate-cache.
+SSTATECACHE_WHITELIST ?= ""
+
+python sstate_readonly_check(){
+ whitelist = (d.getVar('SSTATECACHE_WHITELIST', True) or '').split()
+ sq_fn = d.getVar('sq_fn', True) or []
+ missed = d.getVar('missed', True) or []
+ missed_pn = []
+ for task in missed:
+ fn = sq_fn[task]
+ data = bb.cache.Cache.loadDataFull(fn, '', d)
+ pn = data.getVar('PN', True)
+ if pn and pn not in missed_pn:
+ missed_pn.append(pn)
+
+ if missed_pn:
+ blacklist = [pn for pn in missed_pn if pn not in whitelist]
+ if blacklist:
+ msg = 'Read-only sstate-cache is enabled, the build of \n'
+ msg += '"' + ' '.join(blacklist) + '"\n'
+ msg += 'did not come from sstate-cache. Only the recipe listed in\n'
+ msg += 'SSTATECACHE_WHITELIST is allowed to build from source'
+ bb.fatal(msg)
+}
+
+def _sstate_readonly_clean_check(d):
+ whitelist = (d.getVar('SSTATECACHE_WHITELIST', True) or '').split()
+ pn = d.getVar('PN', True)
+ if pn not in whitelist:
+ msg = 'Read-only sstate-cache is enabled, the clean of \n'
+ msg += '%s is not allowed. Only the recipe listed in\n' % pn
+ msg += 'SSTATECACHE_WHITELIST is allowed to clean sstate-cache'
+ bb.fatal(msg)
+
+python do_cleansstate_prepend() {
+ _sstate_readonly_clean_check(d)
+}
+
+python do_cleanall_prepend() {
+ _sstate_readonly_clean_check(d)
+}
+
--
1.7.10.4
More information about the Openembedded-core
mailing list