The requirement is the developer who demand only the "new" software they write is allowed to be compiled from source, they only want to reuse binaries from an existed sstate-cache, if the developer makes a change that triggers a rebuild, it should be an instant error.
The purpose of this is for the sstate-cache to check if the item exists or not. If it doesn't the item needs to be in a whitelist or we need to fail. In the sstate-cache code, add a checking in the return path of sstate_checkhashes. If read-only sstate-cache enable, and the recipe's ${PN} not in the ${SSTATECACHE_WHITELIST}, it trigered an instant error. ... $ bitbake db ERROR: Read-only sstate-cache is enabled, the build of "db rpm-native gcc-runtime eglibc linux-libc-headers libgcc" did not come from sstate-cache. Only the recipe listed in SSTATECACHE_WHITELIST is allowed to build from source Summary: There was 1 ERROR message shown, returning a non-zero exit code. ... [YOCTO #6639] Signed-off-by: Hongxu Jia <hongxu....@windriver.com> --- meta/classes/sstate.bbclass | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 4eec6bd..4a04efb 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -41,6 +41,14 @@ EXTRA_STAGING_FIXMES ?= "" sstate_create_package[dirs] = "${SSTATE_BUILDDIR}" sstate_unpack_package[dirs] = "${SSTATE_INSTDIR}" +# 1) If ${SSTATECACHE_WHITELIST} is "", it means read-only sstate-cache +# disabled; +# +# 2) If read-only sstate-cache enabled and the recipe's ${PN} not listed +# in ${SSTATECACHE_WHITELIST}, the build from source will triger an +# instant error; +SSTATECACHE_WHITELIST ?= "" + python () { if bb.data.inherits_class('native', d): d.setVar('SSTATE_PKGARCH', d.getVar('BUILD_ARCH')) @@ -382,6 +390,15 @@ sstate_clean[vardepsexclude] = "SSTATE_MANFILEPREFIX" CLEANFUNCS += "sstate_cleanall" python sstate_cleanall() { + whitelist = d.getVar('SSTATECACHE_WHITELIST', True) + if whitelist: + pn = d.getVar('PN', True) + if pn not in whitelist.split(): + msg = 'Read-only sstate-cache is enabled, the clean of \n' + msg += '%s is not allowed. Only the recipe listed in\n' % pn + msg += 'SSTATECACHE_WHITELIST is allowed to clean sstate-cache' + bb.fatal(msg) + bb.note("Removing shared state for package %s" % d.getVar('PN', True)) manifest_dir = d.getVar('SSTATE_MANIFESTS', True) @@ -704,6 +721,29 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, d): evdata['found'].append( (sq_fn[task], sq_task[task], sq_hash[task], sstatefile ) ) bb.event.fire(bb.event.MetadataEvent("MissedSstate", evdata), d) + whitelist = d.getVar('SSTATECACHE_WHITELIST', True) + if whitelist: + missed_pn = [] + for task in missed: + fn = sq_fn[task] + data = bb.cache.Cache.loadDataFull(fn, '', d) + pn = data.getVar('PN', True) or "" + if pn and pn not in missed_pn: + missed_pn.append(pn) + + if missed_pn: + blacklist = [pn for pn in missed_pn if pn not in whitelist.split()] + if blacklist: + # We should manually unlock the bitbake lock, because the fatal + # msg will exit the build immediately. + lockfile = d.expand("${TOPDIR}/bitbake.lock") + os.unlink(lockfile) + msg = 'Read-only sstate-cache is enabled, the build of \n' + msg += '"' + ' '.join(blacklist) + '"\n' + msg += 'did not come from sstate-cache. Only the recipe listed in\n' + msg += 'SSTATECACHE_WHITELIST is allowed to build from source' + bb.msg.fatal('sstate', msg) + return ret BB_SETSCENE_DEPVALID = "setscene_depvalid" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core