[OE-core] [PATCH] package_ipk: Clean up Source entry in ipk packages
Richard Purdie
richard.purdie at linuxfoundation.org
Fri Jun 16 09:22:35 UTC 2017
On Fri, 2017-06-16 at 09:46 +0100, Richard Purdie wrote:
> There is the potential for sensitive information to leak through the
> urls
> there and removing it brings this into the behavior of the other
> package
> backends since filtering it is likely error prone.
>
> Since ipks don't appear to be generated at all if we don't set this,
> set
> the field to the recipe name used (basename only, no paths). This
> avoids
> information leaking. We may want to drop the field if opkg can allow
> that
> at a future point but the recipe name is a suitable identifier for
> now.
>
> Reported-by: Andrej Valek <andrej.valek at siemens.com>
> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> ---
> meta/classes/package_ipk.bbclass | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
Since this is rather important I have backported this to
pyro/morty/krogoth with the appropriate tweaks.
Cheers,
Richard
More information about the Openembedded-core
mailing list