[OE-core] [PATCH v3 1/2] image.bbclass: add prohibited-paths QA test
Martyn Welch
martyn.welch at collabora.co.uk
Thu Nov 16 10:19:01 UTC 2017
On Wed, 2017-11-15 at 18:46 -0200, Otavio Salvador wrote:
> On Wed, Nov 15, 2017 at 1:10 PM, Martyn Welch
> <martyn.welch at collabora.co.uk> wrote:
> > Sometimes we wish to ensure that files or directories are not installed
> > somewhere that may prove detrimental to the operation of the system. For
> > example, this may be the case if files are placed in a directory that is
> > utilised as a mount point at run time, thus making them inaccessible once
> > when the mount point is being utilised.
> >
> > Implement the prohibited paths QA test, which enables such locations to be
> > specified in a "PROHIBITED_PATHS" variable. This implementation allows for
> > a colon separated list of paths to be provided. Shell style wildcards can
> > be used.
> >
> > Signed-off-by: Fabien Lahoudere <fabien.lahoudere at collabora.co.uk>
> > Signed-off-by: Martyn Welch <martyn.welch at collabora.co.uk>
> > ---
> > Changes since v1:
> > - Correcting author and SOB.
> >
> > Changes since v2:
> > - Reimplemented as image rather than package level QA test.
> > - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better
> > reflect its use.
> >
> > meta/classes/image.bbclass | 20 ++++++++++++++++++++
> > 1 file changed, 20 insertions(+)
> >
> > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> > index d93de02..bebb363 100644
> > --- a/meta/classes/image.bbclass
> > +++ b/meta/classes/image.bbclass
> > @@ -296,6 +296,26 @@ python do_image_complete_setscene () {
> > }
> > addtask do_image_complete_setscene
> >
> > +python image_check_prohibited_paths () {
> > + import glob
> > + from oe.utils import ImageQAFailed
> > +
> > + rootfs = d.getVar('IMAGE_ROOTFS')
> > +
> > + path = d.getVar('PROHIBITED_PATHS')
>
> path = (d.getVar('PROHIBITED_PATHS') or "")
>
> I'd use IMAGE_QA_PROHIBITED_PATHS as variable name. It makes easier to
> know what it relates to.
>
> > + if path != None and path != "":
>
> If can die.
>
OK, if is still needed, else the zero length path triggers the "not
p.startswith('/')" error condition.
> > + for p in path.split(':'):
> > + if p[0] != '/':
>
> if not p.startswith('/'):
>
> > + raise ImageQAFailed("PROHIBITED_PATHS \"%s\" must be an absolute path" % p, image_check_prohibited_paths)
> > +
> > + match = glob.glob("%s%s" % (rootfs, p))
> > + if match:
>
> I'd use:
>
> if glob.glob(...):
>
> It is a single use so not sure it is worth the extra variable.
>
> > + loc = ", ".join(item.replace(rootfs, '') for item in match)
> > + raise ImageQAFailed("Match(es) for PROHIBITED_PATHS \"%s\": %s" % (p, loc), image_check_prohibited_paths)
> > +}
>
More information about the Openembedded-core
mailing list