[OE-core] [PATCH] package_ipk: Clean up Source entry in ipk packages

Alejandro del Castillo alejandro.delcastillo at ni.com
Fri Jun 16 18:43:15 UTC 2017 


On 06/16/2017 03:46 AM, Richard Purdie wrote:
> There is the potential for sensitive information to leak through the urls
> there and removing it brings this into the behavior of the other package
> backends since filtering it is likely error prone.
> 
> Since ipks don't appear to be generated at all if we don't set this, set
> the field to the recipe name used (basename only, no paths). This avoids
> information leaking. We may want to drop the field if opkg can allow that
> at a future point but the recipe name is a suitable identifier for now.

Looking at opkg-build, opkg requires:

	Package, Version, Architecture, Maintainer, Section, Priority, Source

while deb requires:

	Package, Version, Maintainer, Description

It does makes sense to require Architecture, but doesn't make sense to
me to make Section, Priority and Source mandatory. Opkg does process
packages that lack those fields.

This should be a trivial change to opkg-build, which I can submit into
opkg-utils. Including that patch in the opkg-utils recipe may simplify
things here.

> Reported-by: Andrej Valek <andrej.valek at siemens.com>
> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> ---
>  meta/classes/package_ipk.bbclass | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass
> index d2ce3b3..8e69b5d 100644
> --- a/meta/classes/package_ipk.bbclass
> +++ b/meta/classes/package_ipk.bbclass
> @@ -57,6 +57,7 @@ def ipk_write_pkg(pkg, d):
>  
>      outdir = d.getVar('PKGWRITEDIRIPK')
>      pkgdest = d.getVar('PKGDEST')
> +    recipesource = os.path.basename(d.getVar('FILE'))
>  
>      localdata = bb.data.createCopy(d)
>      root = "%s/%s" % (pkgdest, pkg)
> @@ -205,10 +206,7 @@ def ipk_write_pkg(pkg, d):
>              ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces))
>          if rconflicts:
>              ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts))
> -        src_uri = localdata.getVar("SRC_URI").strip() or "None"
> -        if src_uri:
> -            src_uri = re.sub("\s+", " ", src_uri)
> -            ctrlfile.write("Source: %s\n" % " ".join(src_uri.split()))
> +        ctrlfile.write("Source: %s\n" % recipesource)
>          ctrlfile.close()
>  
>          for script in ["preinst", "postinst", "prerm", "postrm"]:
> 

-- 
Cheers,

Alejandro

More information about the Openembedded-core mailing list