On 2/28/26 18:50, Richard Purdie wrote:
**
*CAUTION: This email comes from a non Wind River email account!*
Do not click links or open attachments unless you recognize the sender
and know the content is safe.
On Sat, 2026-02-28 at 11:27 +0800, hongxu via lists.openembedded.org
<https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!dv8OxyPCat01rw2zoB7PGs6RXntA8xaWqSRCY2_LQQIUia0jkGnmYKY3FxwT17lz3ILBlzW_b3fF2-zvT4HgUW0LVF-LshmGK-lhyg$>
wrote:
On 2/27/26 17:39, Jose Quaresma wrote:
hongxu via lists.openembedded.org
<https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!aBhDhydW4sVwHmPku-G3KfAkizU2zIqypxgoEenL-xjXJs5eoMzW0QXn8MVS7w9-QZvBeU26B0ju3x5wCHfoAWuj9pQ$>
<[email protected]> escreveu (sexta,
27/02/2026 à(s) 07:21):
+# Format: "BPN1:task1 BPN2:task2", separate by space
+# build-appliance-image uses pip at image time
+SKIP_CHECK_NETWORK_FLAG = "build-appliance-image:do_image"
+
# Check that no tasks (with rare exceptions) between do_fetch and
do_build
# use the network.
def check_network_flag(d):
# BPN:task names that are allowed to reach the network, using
fnmatch to compare.
allowed = []
- # build-appliance-image uses pip at image time
- allowed += ["build-appliance-image:do_image"]
+ allowed += (d.getVar('SKIP_CHECK_NETWORK_FLAG') or '').split()
This could introduce severe reproducibility problems for someone who
claims to have a Yocto compatible layer.
The meta-tensorflow, who use bazel build system to build, it requires
network access at do_compile if download mirror is not available.
The bazel is similar bitbake, has fetch, configure, compile, but it
combined as one command and invoked at bitbake's do_compile
In order to support offline build, I've apply a local patch to bazel
to save download tarball as download mirror [1]
[1]https://git.yoctoproject.org/meta-tensorflow/commit/?id=88ca1af3768e5a01e6ba8b2f09d6cf2a0bfb621e
If dowload mirror is available, the build will reuse it and network
is not required, the reproducibility problems should be detected by
binary comparison from two builds, we have oe-selftest case in
oe-core by the way
If the fetching happens outside of do_fetch, it means meta-tensorflow
cannot be marked as Yocto Project Compatible.
The point of the standard and this test is to move people towards
reproducbile builds with full manifests of the contents. If you bypass
the fetcher, we don't have any of these guarantees.
Our plan was to work out a way to remove the fetching from
build-appliance too but we didn't want to hold off the implementation
of that on the rest of the standard. The fact we've not done that yet
is frustrating to me but it doesn't change what the intent of this
plan is. We don't want to add a way to bypass it unless there is
really good reason. Good reasons might be 'publishing tasks' where
we're writing data out to a remote, or we're running tests. I'd likely
suggests these be in specific well defined tasks similar to fetch with
known properties though.
Copy, understood
//Hongxu
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232159):
https://lists.openembedded.org/g/openembedded-core/message/232159
Mute This Topic: https://lists.openembedded.org/mt/118026872/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
