[OE-core] [yocto] [PATCH 1/2] package.bbclass: add prohibited-path qa test
Christopher Larson
kergoth at gmail.com
Tue Nov 14 02:10:39 UTC 2017
On Mon, Nov 13, 2017 at 11:17 AM, Martyn Welch <martyn at welchs.me.uk> wrote:
> From: Fabien Lahoudere <fabien.lahoudere at collabora.co.uk>
>
> Sometimes we wish to ensure that packages don't install files or
> directories somewhere that may prove detrimental to the operation of the
> system. For example, this may be the case if files are placed in a
> directory that is utilised as a mount point at run time, thus making them
> inaccessible once when the mount point is being utilised.
>
> Implement the prohibited-path QA test, which enables such locations to be
> specified in a "PROHIBITED_PATH" variable. This implementation allows for
> exact matches and simple wildcards (paths ending with an asterisk. An
> error will be raised should a match be found, or in the case of a
> wildcard, for any files added below the specificed location(s).
>
> Signed-off-by: Fabien Lahoudere <fabien.lahoudere at collabora.co.uk>
> Signed-off-by: Martyn Welch <martyn at welchs.me.uk>
> ---
> meta/classes/insane.bbclass | 2 +-
> meta/classes/package.bbclass | 11 +++++++++++
> 2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
> index def9c70..fb10681 100644
> --- a/meta/classes/insane.bbclass
> +++ b/meta/classes/insane.bbclass
> @@ -33,7 +33,7 @@ ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch
> pkgconfig la \
> perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
> split-strip packages-list pkgv-undefined var-undefined \
> version-going-backwards expanded-d invalid-chars \
> - license-checksum dev-elf file-rdeps \
> + license-checksum dev-elf file-rdeps prohibited-path \
> "
> # Add usrmerge QA check based on distro feature
> ERROR_QA_append = "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '
> usrmerge', '', d)}"
> diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
> index 2053d46..721ca1e 100644
> --- a/meta/classes/package.bbclass
> +++ b/meta/classes/package.bbclass
> @@ -1162,6 +1162,17 @@ python populate_packages () {
> continue
> seen.append(file)
>
> + prohibited_path = d.getVar('PROHIBITED_PATH')
> + if prohibited_path is not None:
> + for p in prohibited_path.split():
> + exactmatch = True
> + if p.endswith("*"):
> + p = p[:len(p)-1]
> + exactmatch = False
> + if file[1:].startswith(p) and ((file[1:] != p) or
> exactmatch) :
> + msg = "%s is in a prohibited path.\n" % file[1:]
> + package_qa_handle_error("prohibited-path", msg,
> d)
>
Unless I’m missing something, you aren’t checking for startswith(p +
os.sep), so a file in libexec would match a prohibited path of lib, as it’d
still start with that, no?
--
Christopher Larson
kergoth at gmail dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Senior Software Engineer, Mentor Graphics
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20171113/eb41d154/attachment-0002.html>
More information about the Openembedded-core
mailing list