Sometimes we wish to ensure that files or directories are not installed somewhere that may prove detrimental to the operation of the system. For example, this may be the case if files are placed in a directory that is utilised as a mount point at run time, thus making them inaccessible once when the mount point is being utilised.
Implement the prohibited paths QA test, which enables such locations to be specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation allows for a colon separated list of paths to be provided. Shell style wildcards can be used. Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> Signed-off-by: Martyn Welch <martyn.we...@collabora.com> --- This patch series was submitted many years ago (2017!!!), but did not at the time get applied. Finally submitting again. Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. Changes since v3: - Rename variable to IMAGE_QA_PROHIBITED_PATHS. - Use str.startswith(). - Simplify if statement. Changes since v4: - Move QA test to new class "image-insane.bbclass". Changes since v5: - Port to latest version meta/classes/image-insane.bbclass | 20 ++++++++++++++++++++ meta/classes/image.bbclass | 1 + 2 files changed, 21 insertions(+) create mode 100644 meta/classes/image-insane.bbclass diff --git a/meta/classes/image-insane.bbclass b/meta/classes/image-insane.bbclass new file mode 100644 index 0000000000..29935cf24c --- /dev/null +++ b/meta/classes/image-insane.bbclass @@ -0,0 +1,20 @@ +python image_check_prohibited_paths () { + import glob + from oe.utils import ImageQAFailed + + rootfs = d.getVar('IMAGE_ROOTFS') + + path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") + if path != "": + for p in path.split(':'): + if not p.startswith('/'): + raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must be an absolute path" % p, image_check_prohibited_paths) + + match = glob.glob("%s%s" % (rootfs, p)) + if match: + loc = ", ".join(item.replace(rootfs, '') for item in match) + raise ImageQAFailed("Match(es) for IMAGE_QA_PROHIBITED_PATHS \"%s\": %s" % (p, loc), image_check_prohibited_paths) +} + +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" + diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 2fa69a40d1..4cb4360f98 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -15,6 +15,7 @@ IMGCLASSES += "${@bb.utils.contains('IMAGE_FSTYPES', 'container', 'image-contain IMGCLASSES += "image_types_wic" IMGCLASSES += "rootfs-postcommands" IMGCLASSES += "image-postinst-intercepts" +IMGCLASSES += "image-insane" inherit ${IMGCLASSES} TOOLCHAIN_TARGET_TASK += "${PACKAGE_INSTALL}" -- 2.33.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157379): https://lists.openembedded.org/g/openembedded-core/message/157379 Mute This Topic: https://lists.openembedded.org/mt/86599461/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-