On 20/04/22 05:04, Nishanth Menon wrote: > On 21:17-20220419, Devarsh Thakkar wrote: >> Due to recent security update in git, we are >> not able to fetch revision currently using existing method: >> https://github.blog/2022-04-12-git-security-vulnerability-announced/ >> >> So instead, use the SRCREV to parse the short commit ID >> and set the UBOOT_LOCALVERSION variable. >> >> Signed-off-by: Devarsh Thakkar <devar...@ti.com> >> --- >> recipes-bsp/u-boot/u-boot-ti.inc | 10 +--------- >> 1 file changed, 1 insertion(+), 9 deletions(-) >> >> diff --git a/recipes-bsp/u-boot/u-boot-ti.inc >> b/recipes-bsp/u-boot/u-boot-ti.inc >> index 231b7647..cc775e2e 100644 >> --- a/recipes-bsp/u-boot/u-boot-ti.inc >> +++ b/recipes-bsp/u-boot/u-boot-ti.inc >> @@ -1,14 +1,6 @@ >> # UBOOT_LOCALVERSION can be set to add a tag to the end of the >> # U-boot version string. such as the commit id >> -def get_git_revision(p): >> - import subprocess >> - >> - try: >> - return subprocess.Popen("git rev-parse HEAD 2>/dev/null ", cwd=p, >> shell=True, stdout=subprocess.PIPE, >> universal_newlines=True).communicate()[0].rstrip() > > I see a similar logic in > recipes-kernel/linux/setup-defconfig.inc as well. > > Considering similar problem > > https://lore.kernel.org/all/20220413155249.3458236-2-raj.k...@gmail.com/ > > was wondering as to what might be a better way to solve this? > > There is also git rev-parse HEAD instances in oe-core as well and > bitbake(lib/layerindexlib/cooker.py) as well. > > I wonder since we know cwd=p, could we use that to set > https://git-scm.com/docs/git/2.35.2#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode > (which if my understanding is right, came in around > v1.5.5.1-319-g0454dd93bfb2) > > OR maybe just set it to the base conf similar to what was done on > master oe-core/meta/conf/bitbake.conf (commit > 02ecf3e2a98a614805f6f2574c2bf14162192d01 "bitbake.conf: Prevent git from > detecting parent repo in recipe")? > > I am not sure if we should considering just side stepping this issue via > just not using the git to get the version string.. just my 2 cents.
My top level understanding was the security update was suggesting to avoid doing what we were doing already i.e. calling git from a sub-process through a recipe due to security concerns and so avoided using git and also I think below change also achieves same what was achieved before with SRCREV, I have similar fix on the kernel bb too which was failing with same error. >> - except OSError: >> - return None >> - >> -UBOOT_LOCALVERSION = "-g${@get_git_revision('${S}').__str__()[:10]}" >> +UBOOT_LOCALVERSION = "-g${@d.getVar("SRCREV", False).__str__()[:10]}" >> >> UBOOT_SUFFIX ?= "img" >> SPL_BINARY ?= "MLO" >> -- >> 2.17.1 >>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14620): https://lists.yoctoproject.org/g/meta-ti/message/14620 Mute This Topic: https://lists.yoctoproject.org/mt/90564438/21656 Group Owner: meta-ti+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-