Re: [OE-core] [PATCHv2 2/2] insane.bbclass: Add a check for directories that are expected to be empty
On Thu, 2021-10-28 at 09:22 +0100, Martyn Welch wrote: > On Wed, 2021-10-27 at 20:05 +0200, Peter Kjellerstedt wrote: > > The empty-dirs QA check verifies that all directories specified in > > QA_EMPTY_DIRS are empty. It is possible to specify why a directory is > > expected to be empty by defining QA_EMPTY_DIRS_RECOMMENDATION:, > > which will then be included in the error message if the directory is > > not empty. If it is not specified for a directory, then "but it is > > expected to be empty" will be used. > > > > Signed-off-by: Peter Kjellerstedt > > --- > > > > PATCHv2: No changes. > > > > meta/classes/insane.bbclass | 33 - > > meta/conf/documentation.conf | 2 ++ > > 2 files changed, 34 insertions(+), 1 deletion(-) > > > > diff --git a/meta/classes/insane.bbclass > > b/meta/classes/insane.bbclass > > index 1e2f1b768a..1675adf6ac 100644 > > --- a/meta/classes/insane.bbclass > > +++ b/meta/classes/insane.bbclass > > @@ -37,7 +37,7 @@ ERROR_QA ?= "dev-so debug-deps dev-deps debug-files > > arch pkgconfig la \ > > configure-gettext perllocalpod shebang-size \ > > already-stripped installed-vs-shipped ldflags compile- > > host-path \ > > install-host-path pn-overrides unknown-configure-option > > \ > > - useless-rpaths rpaths staticdev \ > > + useless-rpaths rpaths staticdev empty-dirs \ > > " > > # Add usrmerge QA check based on distro feature > > ERROR_QA:append = "${@bb.utils.contains('DISTRO_FEATURES', > > 'usrmerge', ' usrmerge', '', d)}" > > @@ -50,6 +50,21 @@ ALL_QA = "${WARN_QA} ${ERROR_QA}" > > > > UNKNOWN_CONFIGURE_WHITELIST ?= "--enable-nls --disable-nls -- > > disable-silent-rules --disable-dependency-tracking --with-libtool- > > sysroot --disable-static" > > > > +# This is a list of directories that are expected to be empty. > > +QA_EMPTY_DIRS ?= " \ > > + /dev/pts \ > > + /media \ > > + /proc \ > > + /run \ > > + /tmp \ > > + ${localstatedir}/run \ > > + ${localstatedir}/volatile \ > > +" > > +# It is possible to specify why a directory is expected to be empty > > by defining > > +# QA_EMPTY_DIRS_RECOMMENDATION:, which will then be included > > in the error > > +# message if the directory is not empty. If it is not specified for > > a directory, > > +# then "but it is expected to be empty" will be used. > > + > > One thing I've just noticed is that this is more strictly limited to > ensuring certain directories are empty, rather than ensuring certain > paths (which may include the existance of an empty directory or a > file). Could this be modified to allow wildcard entries, as with the > proposal I originally submitted? > Hmm, actually, this would probably really complicate the QA_EMPTY_DIRS_RECOMMENDATION functionality and it looks like we really only check for empty directories, so: Acked-by: Martyn Welch Tested-by: Martyn Welch > > def package_qa_clean_path(path, d, pkg=None): > > """ > > Remove redundant paths from the path for display. If pkg isn't > > set then > > @@ -885,6 +900,22 @@ def package_qa_check_unlisted_pkg_lics(package, > > d, messages): > > "listed in LICENSE" % (package, ' > > '.join(unlisted))) > > return False > > > > +QAPKGTEST[empty-dirs] = "package_qa_check_empty_dirs" > > +def package_qa_check_empty_dirs(pkg, d, messages): > > + """ > > + Check for the existence of files in directories that are > > expected to be > > + empty. > > + """ > > + > > + pkgd = oe.path.join(d.getVar('PKGDEST'), pkg) > > + for dir in (d.getVar('QA_EMPTY_DIRS') or "").split(): > > + empty_dir = oe.path.join(pkgd, dir) > > + if os.path.exists(empty_dir) and os.listdir(empty_dir): > > + recommendation = > > (d.getVar('QA_EMPTY_DIRS_RECOMMENDATION:' + dir) or > > + "but it is expected to be empty") > > + msg = "%s installs files in %s, %s" % (pkg, dir, > > recommendation) > > + oe.qa.add_message(messages, "empty-dirs", msg) > > + > > def package_qa_check_encoding(keys, encode, d): > > def check_encoding(key, enc): > >
Re: [OE-core] [PATCHv2 2/2] insane.bbclass: Add a check for directories that are expected to be empty
On Wed, 2021-10-27 at 20:05 +0200, Peter Kjellerstedt wrote: > The empty-dirs QA check verifies that all directories specified in > QA_EMPTY_DIRS are empty. It is possible to specify why a directory is > expected to be empty by defining QA_EMPTY_DIRS_RECOMMENDATION:, > which will then be included in the error message if the directory is > not empty. If it is not specified for a directory, then "but it is > expected to be empty" will be used. > > Signed-off-by: Peter Kjellerstedt > --- > > PATCHv2: No changes. > > meta/classes/insane.bbclass | 33 - > meta/conf/documentation.conf | 2 ++ > 2 files changed, 34 insertions(+), 1 deletion(-) > > diff --git a/meta/classes/insane.bbclass > b/meta/classes/insane.bbclass > index 1e2f1b768a..1675adf6ac 100644 > --- a/meta/classes/insane.bbclass > +++ b/meta/classes/insane.bbclass > @@ -37,7 +37,7 @@ ERROR_QA ?= "dev-so debug-deps dev-deps debug-files > arch pkgconfig la \ > configure-gettext perllocalpod shebang-size \ > already-stripped installed-vs-shipped ldflags compile- > host-path \ > install-host-path pn-overrides unknown-configure-option > \ > - useless-rpaths rpaths staticdev \ > + useless-rpaths rpaths staticdev empty-dirs \ > " > # Add usrmerge QA check based on distro feature > ERROR_QA:append = "${@bb.utils.contains('DISTRO_FEATURES', > 'usrmerge', ' usrmerge', '', d)}" > @@ -50,6 +50,21 @@ ALL_QA = "${WARN_QA} ${ERROR_QA}" > > UNKNOWN_CONFIGURE_WHITELIST ?= "--enable-nls --disable-nls -- > disable-silent-rules --disable-dependency-tracking --with-libtool- > sysroot --disable-static" > > +# This is a list of directories that are expected to be empty. > +QA_EMPTY_DIRS ?= " \ > + /dev/pts \ > + /media \ > + /proc \ > + /run \ > + /tmp \ > + ${localstatedir}/run \ > + ${localstatedir}/volatile \ > +" > +# It is possible to specify why a directory is expected to be empty > by defining > +# QA_EMPTY_DIRS_RECOMMENDATION:, which will then be included > in the error > +# message if the directory is not empty. If it is not specified for > a directory, > +# then "but it is expected to be empty" will be used. > + One thing I've just noticed is that this is more strictly limited to ensuring certain directories are empty, rather than ensuring certain paths (which may include the existance of an empty directory or a file). Could this be modified to allow wildcard entries, as with the proposal I originally submitted? > def package_qa_clean_path(path, d, pkg=None): > """ > Remove redundant paths from the path for display. If pkg isn't > set then > @@ -885,6 +900,22 @@ def package_qa_check_unlisted_pkg_lics(package, > d, messages): > "listed in LICENSE" % (package, ' > '.join(unlisted))) > return False > > +QAPKGTEST[empty-dirs] = "package_qa_check_empty_dirs" > +def package_qa_check_empty_dirs(pkg, d, messages): > + """ > + Check for the existence of files in directories that are > expected to be > + empty. > + """ > + > + pkgd = oe.path.join(d.getVar('PKGDEST'), pkg) > + for dir in (d.getVar('QA_EMPTY_DIRS') or "").split(): > + empty_dir = oe.path.join(pkgd, dir) > + if os.path.exists(empty_dir) and os.listdir(empty_dir): > + recommendation = > (d.getVar('QA_EMPTY_DIRS_RECOMMENDATION:' + dir) or > + "but it is expected to be empty") > + msg = "%s installs files in %s, %s" % (pkg, dir, > recommendation) > + oe.qa.add_message(messages, "empty-dirs", msg) > + > def package_qa_check_encoding(keys, encode, d): > def check_encoding(key, enc): > sane = True > diff --git a/meta/conf/documentation.conf > b/meta/conf/documentation.conf > index 80ad8e10d5..45cd01374a 100644 > --- a/meta/conf/documentation.conf > +++ b/meta/conf/documentation.conf > @@ -345,6 +345,8 @@ PYPI_SRC_URI[doc] = "The URI to use to fetch from > pypi, default uses pythonhoste > > #Q > > +QA_EMPTY_DIRS[doc] = "A list of directories that are expected to be > empty." > +QA_EMPTY_DIRS_RECOMMENDATION[doc] = "This specifies a recommendation > for a directory why it must be empty, which will be included in the > error message if the directory is not empty." > QMAKE_PROFILES[doc] = "Specifies your own subset of .pro files to be > built for use with qmake." > > #R > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157579): https://lists.openembedded.org/g/openembedded-core/message/157579 Mute This Topic: https://lists.openembedded.org/mt/86634477/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
On Wed, 2021-10-27 at 16:43 +, Peter Kjellerstedt wrote: > > -Original Message- > > From: Martyn Welch > > Sent: den 26 oktober 2021 17:32 > > To: Peter Kjellerstedt ; Konrad > > Weihmann > > ; OE-core > c...@lists.openembedded.org> > > Subject: Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add > > default > > IMAGE_QA_PROHIBIT_PATHS variable > > > > On Tue, 2021-10-26 at 14:59 +, Peter Kjellerstedt wrote: > > > > -Original Message- > > > > From: openembedded-core@lists.openembedded.org > > > c...@lists.openembedded.org> On Behalf Of Konrad Weihmann > > > > Sent: den 26 oktober 2021 13:24 > > > > To: Martyn Welch ; OE-core > > > > > > > c...@lists.openembedded.org> > > > > Subject: Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add > > > > default > > > > IMAGE_QA_PROHIBIT_PATHS variable > > > > > > > > > > > > > > > > On 26.10.21 13:21, Martyn Welch wrote: > > > > > Note to self - remember to reply to list... > > > > > > > > > > Forwarded Message > > > > > From: Martyn Welch > > > > > To: Konrad Weihmann > > > > > Subject: Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add > > > > > default > > > > > IMAGE_QA_PROHIBIT_PATHS variable > > > > > Date: Tue, 26 Oct 2021 12:12:11 +0100 > > > > > > > > > > On Tue, 2021-10-26 at 12:56 +0200, Konrad Weihmann wrote: > > > > > > > > > > > > > > > > > > On 26.10.21 12:50, Martyn Welch wrote: > > > > > > > > > > > > > +# IMAGE_QA_PROHIBITED_PATHS > > > > > > > +# Ensure images aren't including files in places that > > > > > > > will > > > > > > > be used as mount points or that are > > > > > > > +# reserved for runtime data. > > > > > > > +IMAGE_QA_PROHIBITED_PATHS ?= > > > > > > > "/dev/pts/*:/media/*:/mnt/*:/proc/*:/run/*:/tmp/*:/var/ru > > > > > > > n/*: > > > > > > > /var/tmp/*:/var/volatile/*" > > > > > > > > > > > > I like the idea, but wouldn't make more sense to do that on > > > > > > a > > > > > > package > > > > > > level, as here the user is more or less left alone in > > > > > > guessing > > > > > > where > > > > > > the file actually does come from > > > > > > > > > > I like that idea, however it would make to assumption that > > > > > there > > > > > wasn't > > > > > any tweaks being made as part of image generation that would > > > > > end > > > > > up > > > > > violating this. A quick check suggests the "build-appliance- > > > > > image_15.0.0.bb" image does this kind of thing in the core > > > > > image > > > > > types. > > > > > > > > As Alex just wrote, I might be beneficial to do both > > > > > > > > > Martyn > > > > > > We have an alternative solution that hooks into the package QA. > > > It > > > focuses on directories that are supposed to be empty. In addition > > > to > > > failing the build if there are files in such a directory, it also > > > allows to specify for each directory why it should be empty. We > > > have > > > used this, e.g., to mark common directories that have been > > > renamed > > > to give an indication of where the files were supposed to have > > > been > > > installed. > > > > > > Do you want me to generalize this and send a patch for it? > > > > Hi Peter, > > > > It would be great if we could merge these approaches, i.e. have one > > way > > to specify directories that need to be empty and test both as part > > of > > package QA and also image QA. > > > > I was just working on adding some package QA support to what I've > > had, > > but can pause that. > > > > Would you be able to provide show how you'd propose managing the > > prohibited directories? I'll try and tweak the image QA stuff > > already > > posted to fit that. > > > > Martyn > > > > > //Peter > > I have sent two patches now. The first makes systemd not install > anything in /var/log, as it otherwise conflicts with the suggested > defaults. And then one patch that adds the package QA check for > empty directories. I used the same defaults as suggested in your > patch, except I removed /mnt since it is not obvious it should be > empty. At least we use subdirectories in /mnt for our mountpoints. > Thanks Peter, Looks good to me. I'll adapt the mine to be an image QA test that complements this. Martyn > //Peter > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157560): https://lists.openembedded.org/g/openembedded-core/message/157560 Mute This Topic: https://lists.openembedded.org/mt/86599458/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] systemd: Do not install anything in /var/log
On Wed, 2021-10-27 at 18:37 +0200, Peter Kjellerstedt wrote: > /var/log is typically a symbolic link to inside /var/volatile, which > is expected to be empty. > > Signed-off-by: Peter Kjellerstedt > --- > meta/recipes-core/systemd/systemd_249.5.bb | 11 --- > 1 file changed, 4 insertions(+), 7 deletions(-) > > diff --git a/meta/recipes-core/systemd/systemd_249.5.bb > b/meta/recipes-core/systemd/systemd_249.5.bb > index d87f54bf16..f2e6a79d6c 100644 > --- a/meta/recipes-core/systemd/systemd_249.5.bb > +++ b/meta/recipes-core/systemd/systemd_249.5.bb > @@ -270,13 +270,10 @@ do_install() { > install -Dm 0755 ${S}/src/systemctl/systemd-sysv- > install.SKELETON ${D}${systemd_system_unitdir}d-sysv-install > fi > > - chown root:systemd-journal ${D}/${localstatedir}/log/journal Having /var/log/journal exist (on systems that don't symbolically link /var/log inside /var/volatile) by default will cause systemd to persistently log data. I suspect removing this is going to negatively impact some users. > - > - # Delete journal README, as log can be symlinked inside > volatile. > - rm -f ${D}/${localstatedir}/log/README > - > - # journal-remote creates this at start > - rm -rf ${D}/${localstatedir}/log/journal/remote > + # /var/log is typically a symbolic link to inside > /var/volatile, which > + # is expected to be empty. This remove /var/log/README and > + # /var/log/journal/. > + rm -rf ${D}${localstatedir}/log > > install -d > ${D}${systemd_system_unitdir}/graphical.target.wants > install -d ${D}${systemd_system_unitdir}/multi- > user.target.wants > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157559): https://lists.openembedded.org/g/openembedded-core/message/157559 Mute This Topic: https://lists.openembedded.org/mt/86632211/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V2] archiver: Configurable tarball compression
> > So, here the claim that zstd (with default options) is almost as good as > xz in compressed size is not confirmed. However, zstd is a clear winner > in terms of compression speed, and anyway better than gzip. This is > worth switching. > That claim doesn't seem to be confirmed with any of the (admittedly small) selection of archives I tried, with zstd compression being approx 21 to 69% less efficient in terms of storage space than xz compression, but still being the best in terms of compression and decompression speeds. However, I think neatly highlights why it may make sense to make this configurable, as which algorithm is "best" is going to depend on whether you're optimising for (de)compression speed or size. Testing results below, Martyn --- $ time gzip -k linux-5.14.tar real 0m26.807s user 0m26.392s sys 0m0.368s $ time xz -k linux-5.14.tar real 6m42.494s user 6m40.167s sys 0m1.757s $ time zstd -k linux-5.14.tar linux-5.14.tar : 16.28% (1126737920 => 183398470 bytes, linux-5.14.tar.zst) real 0m3.531s user 0m3.631s sys 0m0.509s $ ls -la * -rw-r--r-- 1 martyn martyn 1126737920 Oct 27 10:54 linux-5.14.tar -rw-r--r-- 1 martyn martyn 196107916 Oct 27 10:54 linux-5.14.tar.gz -rw-r--r-- 1 martyn martyn 124724612 Oct 27 10:54 linux-5.14.tar.xz -rw-r--r-- 1 martyn martyn 183398470 Oct 27 10:54 linux-5.14.tar.zst $ time gunzip linux-5.14.tar.gz real 0m5.141s user 0m4.462s sys 0m0.613s $ time xz -d linux-5.14.tar.xz real 0m8.571s user 0m7.739s sys 0m0.820s $ time zstd -d linux-5.14.tar.zst linux-5.14.tar.zst : 1126737920 bytes real 0m1.906s user 0m1.185s sys 0m0.710s $ time gzip -k coreutils-9.0.tar real 0m1.685s user 0m1.669s sys 0m0.016s $ time xz -k coreutils-9.0.tar real 0m14.891s user 0m14.795s sys 0m0.060s $ time zstd -k coreutils-9.0.tar coreutils-9.0.tar : 19.21% (54394880 => 10447053 bytes, coreutils-9.0.tar.zst) real 0m0.207s user 0m0.215s sys 0m0.029s $ ls -la coreutils-9.0.tar* -rw-r--r-- 1 martyn martyn 54394880 Oct 27 11:16 coreutils-9.0.tar -rw-r--r-- 1 martyn martyn 13595007 Oct 27 11:16 coreutils-9.0.tar.gz -rw-r--r-- 1 martyn martyn 6177372 Oct 27 11:16 coreutils-9.0.tar.xz -rw-r--r-- 1 martyn martyn 10447053 Oct 27 11:16 coreutils-9.0.tar.zst $ time gzip -d coreutils-9.0.tar.gz real 0m0.362s user 0m0.280s sys 0m0.048s $ time xz -d coreutils-9.0.tar.xz real 0m0.444s user 0m0.424s sys 0m0.020s $ time zstd -d coreutils-9.0.tar.zst coreutils-9.0.tar.zst: 54394880 bytes real 0m0.095s user 0m0.044s sys 0m0.052s $ time gzip -k tcp_wrappers_7.6.tar real 0m0.033s user 0m0.033s sys 0m0.000s $ time xz -k tcp_wrappers_7.6.tar real 0m0.116s user 0m0.104s sys 0m0.012s $ time zstd -k tcp_wrappers_7.6.tar tcp_wrappers_7.6.tar : 26.57% (360448 => 95772 bytes, tcp_wrappers_7.6.tar.zst) real 0m0.006s user 0m0.003s sys 0m0.003s $ ls -la tcp_wrappers_7.6.tar* -rw-r--r-- 1 martyn martyn 360448 Oct 27 11:15 tcp_wrappers_7.6.tar -rw-r--r-- 1 martyn martyn 99459 Oct 27 11:15 tcp_wrappers_7.6.tar.gz -rw-r--r-- 1 martyn martyn 79316 Oct 27 11:15 tcp_wrappers_7.6.tar.xz -rw-r--r-- 1 martyn martyn 95772 Oct 27 11:15 tcp_wrappers_7.6.tar.zst $ time gzip -d tcp_wrappers_7.6.tar.gz real 0m0.008s user 0m0.004s sys 0m0.004s $ time xz -d tcp_wrappers_7.6.tar.xz real 0m0.019s user 0m0.015s sys 0m0.004s $ time zstd -d tcp_wrappers_7.6.tar.zst tcp_wrappers_7.6.tar.zst: 360448 bytes real 0m0.005s user 0m0.000s sys 0m0.005s -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157511): https://lists.openembedded.org/g/openembedded-core/message/157511 Mute This Topic: https://lists.openembedded.org/mt/85760412/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
On Tue, 2021-10-26 at 14:59 +, Peter Kjellerstedt wrote: > > -Original Message- > > From: openembedded-core@lists.openembedded.org > c...@lists.openembedded.org> On Behalf Of Konrad Weihmann > > Sent: den 26 oktober 2021 13:24 > > To: Martyn Welch ; OE-core > > > c...@lists.openembedded.org> > > Subject: Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add > > default > > IMAGE_QA_PROHIBIT_PATHS variable > > > > > > > > On 26.10.21 13:21, Martyn Welch wrote: > > > Note to self - remember to reply to list... > > > > > > Forwarded Message > > > From: Martyn Welch > > > To: Konrad Weihmann > > > Subject: Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add > > > default > > > IMAGE_QA_PROHIBIT_PATHS variable > > > Date: Tue, 26 Oct 2021 12:12:11 +0100 > > > > > > On Tue, 2021-10-26 at 12:56 +0200, Konrad Weihmann wrote: > > > > > > > > > > > > On 26.10.21 12:50, Martyn Welch wrote: > > > > > +# IMAGE_QA_PROHIBITED_PATHS > > > > > +# Ensure images aren't including files in places that will > > > > > be used as mount points or that are > > > > > +# reserved for runtime data. > > > > > +IMAGE_QA_PROHIBITED_PATHS ?= > > > > > "/dev/pts/*:/media/*:/mnt/*:/proc/*:/run/*:/tmp/*:/var/run/*: > > > > > /var/tmp/*:/var/volatile/*" > > > > > > > > I like the idea, but wouldn't make more sense to do that on a > > > > package > > > > level, as here the user is more or less left alone in guessing > > > > where > > > > the file actually does come from > > > > > > I like that idea, however it would make to assumption that there > > > wasn't > > > any tweaks being made as part of image generation that would end > > > up > > > violating this. A quick check suggests the "build-appliance- > > > image_15.0.0.bb" image does this kind of thing in the core image > > > types. > > > > As Alex just wrote, I might be beneficial to do both > > > > > Martyn > > We have an alternative solution that hooks into the package QA. It > focuses on directories that are supposed to be empty. In addition to > failing the build if there are files in such a directory, it also > allows to specify for each directory why it should be empty. We have > used this, e.g., to mark common directories that have been renamed > to give an indication of where the files were supposed to have been > installed. > > Do you want me to generalize this and send a patch for it? > Hi Peter, It would be great if we could merge these approaches, i.e. have one way to specify directories that need to be empty and test both as part of package QA and also image QA. I was just working on adding some package QA support to what I've had, but can pause that. Would you be able to provide show how you'd propose managing the prohibited directories? I'll try and tweak the image QA stuff already posted to fit that. Martyn > //Peter > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157398): https://lists.openembedded.org/g/openembedded-core/message/157398 Mute This Topic: https://lists.openembedded.org/mt/86599458/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
On Tue, 2021-10-26 at 13:01 +0200, Alexander Kanavin wrote: > On Tue, 26 Oct 2021 at 12:56, Konrad Weihmann > wrote: > > > Suggested-by: Alexander Kanavin > > > > > > That can't be true - or the initial idea is very very old :-) pls > > use > > Alex's gmail instead > > I don't remember anything whatsoever about this, and a search in my > gmail for IMAGE_QA_PROHIBIT_PATHS yields nothing, so unless you can > point to where this was suggested, it's best to drop this :) I don't blame you - it has been sitting needing some attention long enough that it didn't surprise me the email address is now not valid... https://patchwork.openembedded.org/patch/146237/ > > Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157388): https://lists.openembedded.org/g/openembedded-core/message/157388 Mute This Topic: https://lists.openembedded.org/mt/86599458/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
Note to self - remember to reply to list... Forwarded Message From: Martyn Welch To: Konrad Weihmann Subject: Re: [OE-core] [PATCH v6 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable Date: Tue, 26 Oct 2021 12:12:11 +0100 On Tue, 2021-10-26 at 12:56 +0200, Konrad Weihmann wrote: > > > On 26.10.21 12:50, Martyn Welch wrote: > > From: Martyn Welch > > > > Add a default IMAGE_QA_PROHIBIT_PATHS variable containing paths > > known to > > be mounted in the default fstab, which are known mount points or > > directories which should be populated at runtime. > > > > Suggested-by: Alexander Kanavin > > That can't be true - or the initial idea is very very old :-) pls use > Alex's gmail instead It's a very old patch series, originally posted in 2017 (as mentioned in patch 1/2). Just noticed it never got applied... > > +# IMAGE_QA_PROHIBITED_PATHS > > +# Ensure images aren't including files in places that will be used > > as mount points or that are > > +# reserved for runtime data. > > +IMAGE_QA_PROHIBITED_PATHS ?= > > "/dev/pts/*:/media/*:/mnt/*:/proc/*:/run/*:/tmp/*:/var/run/*:/var/t > > mp/*:/var/volatile/*" > > I like the idea, but wouldn't make more sense to do that on a package > level, as here the user is more or less left alone in guessing where > the > file actually does come from I like that idea, however it would make to assumption that there wasn't any tweaks being made as part of image generation that would end up violating this. A quick check suggests the "build-appliance- image_15.0.0.bb" image does this kind of thing in the core image types. Martyn -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157387): https://lists.openembedded.org/g/openembedded-core/message/157387 Mute This Topic: https://lists.openembedded.org/mt/86599458/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v6 1/2] image.bbclass: add prohibited-paths QA test
Sometimes we wish to ensure that files or directories are not installed somewhere that may prove detrimental to the operation of the system. For example, this may be the case if files are placed in a directory that is utilised as a mount point at run time, thus making them inaccessible once when the mount point is being utilised. Implement the prohibited paths QA test, which enables such locations to be specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation allows for a colon separated list of paths to be provided. Shell style wildcards can be used. Signed-off-by: Fabien Lahoudere Signed-off-by: Martyn Welch --- This patch series was submitted many years ago (2017!!!), but did not at the time get applied. Finally submitting again. Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. Changes since v3: - Rename variable to IMAGE_QA_PROHIBITED_PATHS. - Use str.startswith(). - Simplify if statement. Changes since v4: - Move QA test to new class "image-insane.bbclass". Changes since v5: - Port to latest version meta/classes/image-insane.bbclass | 20 meta/classes/image.bbclass| 1 + 2 files changed, 21 insertions(+) create mode 100644 meta/classes/image-insane.bbclass diff --git a/meta/classes/image-insane.bbclass b/meta/classes/image-insane.bbclass new file mode 100644 index 00..29935cf24c --- /dev/null +++ b/meta/classes/image-insane.bbclass @@ -0,0 +1,20 @@ +python image_check_prohibited_paths () { +import glob +from oe.utils import ImageQAFailed + +rootfs = d.getVar('IMAGE_ROOTFS') + +path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") +if path != "": +for p in path.split(':'): +if not p.startswith('/'): +raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must be an absolute path" % p, image_check_prohibited_paths) + +match = glob.glob("%s%s" % (rootfs, p)) +if match: +loc = ", ".join(item.replace(rootfs, '') for item in match) +raise ImageQAFailed("Match(es) for IMAGE_QA_PROHIBITED_PATHS \"%s\": %s" % (p, loc), image_check_prohibited_paths) +} + +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" + diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 2fa69a40d1..4cb4360f98 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -15,6 +15,7 @@ IMGCLASSES += "${@bb.utils.contains('IMAGE_FSTYPES', 'container', 'image-contain IMGCLASSES += "image_types_wic" IMGCLASSES += "rootfs-postcommands" IMGCLASSES += "image-postinst-intercepts" +IMGCLASSES += "image-insane" inherit ${IMGCLASSES} TOOLCHAIN_TARGET_TASK += "${PACKAGE_INSTALL}" -- 2.33.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157379): https://lists.openembedded.org/g/openembedded-core/message/157379 Mute This Topic: https://lists.openembedded.org/mt/86599461/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v6 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
From: Martyn Welch Add a default IMAGE_QA_PROHIBIT_PATHS variable containing paths known to be mounted in the default fstab, which are known mount points or directories which should be populated at runtime. Suggested-by: Alexander Kanavin Signed-off-by: Martyn Welch --- Changes since v3: - This patch added. meta/classes/core-image.bbclass | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass index 84fd3eeb38..33ab1c85de 100644 --- a/meta/classes/core-image.bbclass +++ b/meta/classes/core-image.bbclass @@ -63,6 +63,11 @@ IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included +# IMAGE_QA_PROHIBITED_PATHS +# Ensure images aren't including files in places that will be used as mount points or that are +# reserved for runtime data. +IMAGE_QA_PROHIBITED_PATHS ?= "/dev/pts/*:/media/*:/mnt/*:/proc/*:/run/*:/tmp/*:/var/run/*:/var/tmp/*:/var/volatile/*" + MACHINE_HWCODECS ??= "" CORE_IMAGE_BASE_INSTALL = '\ -- 2.33.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157378): https://lists.openembedded.org/g/openembedded-core/message/157378 Mute This Topic: https://lists.openembedded.org/mt/86599458/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v5 1/2] image.bbclass: add prohibited-paths QA test
This doesn't seem to be applied yet. Is there something else that is needed? Martyn On Mon, 2017-11-27 at 19:28 +, Martyn Welch wrote: > Sometimes we wish to ensure that files or directories are not installed > somewhere that may prove detrimental to the operation of the system. For > example, this may be the case if files are placed in a directory that is > utilised as a mount point at run time, thus making them inaccessible once > when the mount point is being utilised. > > Implement the prohibited paths QA test, which enables such locations to be > specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation > allows for a colon separated list of paths to be provided. Shell style > wildcards can be used. > > Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> > Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> > --- > Changes since v1: > - Correcting author and SOB. > > Changes since v2: > - Reimplemented as image rather than package level QA test. > - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better >reflect its use. > > Changes since v3: > - Rename variable to IMAGE_QA_PROHIBITED_PATHS. > - Use str.startswith(). > - Simplify if statement. > > Changes since v4: > - Move QA test to new class "image-insane.bbclass". > > meta/classes/image-insane.bbclass | 20 > meta/classes/image.bbclass| 1 + > 2 files changed, 21 insertions(+) > create mode 100644 meta/classes/image-insane.bbclass > > diff --git a/meta/classes/image-insane.bbclass > b/meta/classes/image-insane.bbclass > new file mode 100644 > index 000..29935cf > --- /dev/null > +++ b/meta/classes/image-insane.bbclass > @@ -0,0 +1,20 @@ > +python image_check_prohibited_paths () { > +import glob > +from oe.utils import ImageQAFailed > + > +rootfs = d.getVar('IMAGE_ROOTFS') > + > +path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") > +if path != "": > +for p in path.split(':'): > +if not p.startswith('/'): > +raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must > be an absolute path" % p, image_check_prohibited_paths) > + > +match = glob.glob("%s%s" % (rootfs, p)) > +if match: > +loc = ", ".join(item.replace(rootfs, '') for item in match) > +raise ImageQAFailed("Match(es) for IMAGE_QA_PROHIBITED_PATHS > \"%s\": %s" % (p, loc), image_check_prohibited_paths) > +} > + > +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" > + > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > index d93de02..8b45abb 100644 > --- a/meta/classes/image.bbclass > +++ b/meta/classes/image.bbclass > @@ -1,4 +1,5 @@ > inherit rootfs_${IMAGE_PKGTYPE} > +inherit image-insane > > # Only Linux SDKs support populate_sdk_ext, fall back to populate_sdk_base > # in the non-Linux SDK_OS case, such as mingw32 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v5 1/2] image.bbclass: add prohibited-paths QA test
Sometimes we wish to ensure that files or directories are not installed somewhere that may prove detrimental to the operation of the system. For example, this may be the case if files are placed in a directory that is utilised as a mount point at run time, thus making them inaccessible once when the mount point is being utilised. Implement the prohibited paths QA test, which enables such locations to be specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation allows for a colon separated list of paths to be provided. Shell style wildcards can be used. Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. Changes since v3: - Rename variable to IMAGE_QA_PROHIBITED_PATHS. - Use str.startswith(). - Simplify if statement. Changes since v4: - Move QA test to new class "image-insane.bbclass". meta/classes/image-insane.bbclass | 20 meta/classes/image.bbclass| 1 + 2 files changed, 21 insertions(+) create mode 100644 meta/classes/image-insane.bbclass diff --git a/meta/classes/image-insane.bbclass b/meta/classes/image-insane.bbclass new file mode 100644 index 000..29935cf --- /dev/null +++ b/meta/classes/image-insane.bbclass @@ -0,0 +1,20 @@ +python image_check_prohibited_paths () { +import glob +from oe.utils import ImageQAFailed + +rootfs = d.getVar('IMAGE_ROOTFS') + +path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") +if path != "": +for p in path.split(':'): +if not p.startswith('/'): +raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must be an absolute path" % p, image_check_prohibited_paths) + +match = glob.glob("%s%s" % (rootfs, p)) +if match: +loc = ", ".join(item.replace(rootfs, '') for item in match) +raise ImageQAFailed("Match(es) for IMAGE_QA_PROHIBITED_PATHS \"%s\": %s" % (p, loc), image_check_prohibited_paths) +} + +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" + diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index d93de02..8b45abb 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -1,4 +1,5 @@ inherit rootfs_${IMAGE_PKGTYPE} +inherit image-insane # Only Linux SDKs support populate_sdk_ext, fall back to populate_sdk_base # in the non-Linux SDK_OS case, such as mingw32 -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v5 2/2] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
Add a default IMAGE_QA_PROHIBIT_PATHS variable containing paths known to be mounted in the default fstab, which are known mount points or directories which should be populated at runtime. Suggested-by: Alexander Kanavin <alexander.kana...@linux.intel.com> Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v3: - This patch added. meta/classes/core-image.bbclass | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass index a9a2cec..8d5fb97 100644 --- a/meta/classes/core-image.bbclass +++ b/meta/classes/core-image.bbclass @@ -56,6 +56,11 @@ IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included +# IMAGE_QA_PROHIBITED_PATHS +# Ensure images aren't including files in places that will be used as mount points or that are +# reserved for runtime data. +IMAGE_QA_PROHIBITED_PATHS ?= "/dev/pts/*:/media/*:/mnt/*:/proc/*:/run/*:/tmp/*:/var/run/*:/var/tmp/*:/var/volatile/*" + MACHINE_HWCODECS ??= "" CORE_IMAGE_BASE_INSTALL = '\ -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [yocto] [PATCH v4 1/3] image.bbclass: add prohibited-paths QA test
On Thu, 2017-11-16 at 17:21 -0600, Leonardo Sandoval wrote: > isn't it this class meta/classes/insane.bbclass for this type of checks? > I don't know. The logic for IMAGE_QA_COMMAND is in image.bbclass, as far as I can see the package QA tests are in package.bbclass, so image.bbclass seemed like a reasonable place to put the image QA test. If the consensus is that it should be in insane.bbclass, I'm more than happy to move it though. > > On Thu, 16 Nov 2017 15:05:56 +0000 > Martyn Welch <martyn.we...@collabora.co.uk> wrote: > > > Sometimes we wish to ensure that files or directories are not installed > > somewhere that may prove detrimental to the operation of the system. For > > example, this may be the case if files are placed in a directory that is > > utilised as a mount point at run time, thus making them inaccessible once > > when the mount point is being utilised. > > > > Implement the prohibited paths QA test, which enables such locations to be > > specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation > > allows for a colon separated list of paths to be provided. Shell style > > wildcards can be used. > > > > Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> > > Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> > > --- > > Changes since v1: > > - Correcting author and SOB. > > > > Changes since v2: > > - Reimplemented as image rather than package level QA test. > > - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better > >reflect its use. > > > > Changes since v3: > > - Rename variable to IMAGE_QA_PROHIBITED_PATHS. > > - Use str.startswith(). > > - Simplify if statement. > > > > meta/classes/image.bbclass | 20 > > 1 file changed, 20 insertions(+) > > > > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > > index d93de02..9053ce3 100644 > > --- a/meta/classes/image.bbclass > > +++ b/meta/classes/image.bbclass > > @@ -296,6 +296,26 @@ python do_image_complete_setscene () { > > } > > addtask do_image_complete_setscene > > > > +python image_check_prohibited_paths () { > > +import glob > > +from oe.utils import ImageQAFailed > > + > > +rootfs = d.getVar('IMAGE_ROOTFS') > > + > > +path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") > > +if path != "": > > +for p in path.split(':'): > > +if not p.startswith('/'): > > +raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must > > be an absolute path" % p, image_check_prohibited_paths) > > + > > +match = glob.glob("%s%s" % (rootfs, p)) > > +if match: > > +loc = ", ".join(item.replace(rootfs, '') for item in match) > > +raise ImageQAFailed("Match(es) for > > IMAGE_QA_PROHIBITED_PATHS \"%s\": %s" % (p, loc), > > image_check_prohibited_paths) > > +} > > + > > +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" > > + > > # Add image-level QA/sanity checks to IMAGE_QA_COMMANDS > > # > > # IMAGE_QA_COMMANDS += " \ > > -- > > 2.1.4 > > > > -- > > ___ > > yocto mailing list > > yo...@yoctoproject.org > > https://lists.yoctoproject.org/listinfo/yocto -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v4 1/3] image.bbclass: add prohibited-paths QA test
On Thu, 2017-11-16 at 15:58 -0200, Otavio Salvador wrote: > On Thu, Nov 16, 2017 at 1:05 PM, Martyn Welch > <martyn.we...@collabora.co.uk> wrote: > > Sometimes we wish to ensure that files or directories are not installed > > somewhere that may prove detrimental to the operation of the system. For > > example, this may be the case if files are placed in a directory that is > > utilised as a mount point at run time, thus making them inaccessible once > > when the mount point is being utilised. > > > > Implement the prohibited paths QA test, which enables such locations to be > > specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation > > allows for a colon separated list of paths to be provided. Shell style > > wildcards can be used. > > > > Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> > > Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> > > --- > > Changes since v1: > > - Correcting author and SOB. > > > > Changes since v2: > > - Reimplemented as image rather than package level QA test. > > - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better > >reflect its use. > > > > Changes since v3: > > - Rename variable to IMAGE_QA_PROHIBITED_PATHS. > > - Use str.startswith(). > > - Simplify if statement. > > > > meta/classes/image.bbclass | 20 > > 1 file changed, 20 insertions(+) > > > > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > > index d93de02..9053ce3 100644 > > --- a/meta/classes/image.bbclass > > +++ b/meta/classes/image.bbclass > > @@ -296,6 +296,26 @@ python do_image_complete_setscene () { > > } > > addtask do_image_complete_setscene > > > > +python image_check_prohibited_paths () { > > +import glob > > +from oe.utils import ImageQAFailed > > + > > +rootfs = d.getVar('IMAGE_ROOTFS') > > + > > +path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") > > +if path != "": > > +for p in path.split(':'): > > +if not p.startswith('/'): > > +raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must > > be an absolute path" % p, image_check_prohibited_paths) > > + > > +match = glob.glob("%s%s" % (rootfs, p)) > > +if match: > > +loc = ", ".join(item.replace(rootfs, '') for item in match) > > +raise ImageQAFailed("Match(es) for > > IMAGE_QA_PROHIBITED_PATHS \"%s\": %s" % (p, loc), > > image_check_prohibited_paths) > > +} > > > for p in path.split(':'): > if not p.startswith('/'): > > so you can drop the if path != "". > > An empty list won't go inside the for. Each item needs to be tested. > That's what I initially thought... >>> path = "" >>> for p in path.split(':'): ... print "Hello" ... Hello >>> > > +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" > > + > > # Add image-level QA/sanity checks to IMAGE_QA_COMMANDS > > # > > # IMAGE_QA_COMMANDS += " \ > > -- > > 2.1.4 > > > > -- > > ___ > > Openembedded-core mailing list > > Openembedded-core@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v4 3/3] ref-manual: Add documentation for prohibited-path QA test
Add documentation for the IMAGE_QA_PROHIBITED_PATHS variable and associated prohibited-path QA test Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test, altering documentation to suit. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. Changes since v3: - Variable changed from PROHIBITED_PATHS to IMAGE_QA_PROHIBITED_PATHS. documentation/ref-manual/ref-variables.xml | 24 1 file changed, 24 insertions(+) diff --git a/documentation/ref-manual/ref-variables.xml b/documentation/ref-manual/ref-variables.xml index e31aa21..57f969f 100644 --- a/documentation/ref-manual/ref-variables.xml +++ b/documentation/ref-manual/ref-variables.xml @@ -6162,6 +6162,30 @@ +IMAGE_QA_PROHIBITED_PATHS + +IMAGE_QA_PROHIBITED_PATHS[doc] = "A colon separated list of paths in which recipes are prohibited from installing." + + + + +A colon separated list of paths in which recipes are +prohibited from installing. +Shell-style wildcards can be used in paths. All paths need +to be absolute paths. + + + +For example, the following +IMAGE_QA_PROHIBITED_PATHS ensures +nothing is installed under /mnt: + + IMAGE_QA_PROHIBITED_PATHS += "/mnt/*" + + + + + IMAGE_ROOTFS IMAGE_ROOTFS[doc] = "The location of the root filesystem while it is under construction (i.e. during do_rootfs)." -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v4 1/3] image.bbclass: add prohibited-paths QA test
Sometimes we wish to ensure that files or directories are not installed somewhere that may prove detrimental to the operation of the system. For example, this may be the case if files are placed in a directory that is utilised as a mount point at run time, thus making them inaccessible once when the mount point is being utilised. Implement the prohibited paths QA test, which enables such locations to be specified in a "IMAGE_QA_PROHIBITED_PATHS" variable. This implementation allows for a colon separated list of paths to be provided. Shell style wildcards can be used. Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. Changes since v3: - Rename variable to IMAGE_QA_PROHIBITED_PATHS. - Use str.startswith(). - Simplify if statement. meta/classes/image.bbclass | 20 1 file changed, 20 insertions(+) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index d93de02..9053ce3 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -296,6 +296,26 @@ python do_image_complete_setscene () { } addtask do_image_complete_setscene +python image_check_prohibited_paths () { +import glob +from oe.utils import ImageQAFailed + +rootfs = d.getVar('IMAGE_ROOTFS') + +path = (d.getVar('IMAGE_QA_PROHIBITED_PATHS') or "") +if path != "": +for p in path.split(':'): +if not p.startswith('/'): +raise ImageQAFailed("IMAGE_QA_PROHIBITED_PATHS \"%s\" must be an absolute path" % p, image_check_prohibited_paths) + +match = glob.glob("%s%s" % (rootfs, p)) +if match: +loc = ", ".join(item.replace(rootfs, '') for item in match) +raise ImageQAFailed("Match(es) for IMAGE_QA_PROHIBITED_PATHS \"%s\": %s" % (p, loc), image_check_prohibited_paths) +} + +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" + # Add image-level QA/sanity checks to IMAGE_QA_COMMANDS # # IMAGE_QA_COMMANDS += " \ -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v4 2/3] core-image.bbclass: add default IMAGE_QA_PROHIBIT_PATHS variable
Add a default IMAGE_QA_PROHIBIT_PATHS variable containing paths known to be mounted in the default fstab, which are known mount points or directories which should be populated at runtime. Suggested-by: Alexander Kanavin <alexander.kana...@linux.intel.com> Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v3: - This patch added. meta/classes/core-image.bbclass | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass index a9a2cec..8d5fb97 100644 --- a/meta/classes/core-image.bbclass +++ b/meta/classes/core-image.bbclass @@ -56,6 +56,11 @@ IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included +# IMAGE_QA_PROHIBITED_PATHS +# Ensure images aren't including files in places that will be used as mount points or that are +# reserved for runtime data. +IMAGE_QA_PROHIBITED_PATHS ?= "/dev/pts/*:/media/*:/mnt/*:/proc/*:/run/*:/tmp/*:/var/run/*:/var/tmp/*:/var/volatile/*" + MACHINE_HWCODECS ??= "" CORE_IMAGE_BASE_INSTALL = '\ -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v3 1/2] image.bbclass: add prohibited-paths QA test
On Wed, 2017-11-15 at 18:46 -0200, Otavio Salvador wrote: > On Wed, Nov 15, 2017 at 1:10 PM, Martyn Welch > <martyn.we...@collabora.co.uk> wrote: > > Sometimes we wish to ensure that files or directories are not installed > > somewhere that may prove detrimental to the operation of the system. For > > example, this may be the case if files are placed in a directory that is > > utilised as a mount point at run time, thus making them inaccessible once > > when the mount point is being utilised. > > > > Implement the prohibited paths QA test, which enables such locations to be > > specified in a "PROHIBITED_PATHS" variable. This implementation allows for > > a colon separated list of paths to be provided. Shell style wildcards can > > be used. > > > > Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> > > Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> > > --- > > Changes since v1: > > - Correcting author and SOB. > > > > Changes since v2: > > - Reimplemented as image rather than package level QA test. > > - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better > >reflect its use. > > > > meta/classes/image.bbclass | 20 > > 1 file changed, 20 insertions(+) > > > > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > > index d93de02..bebb363 100644 > > --- a/meta/classes/image.bbclass > > +++ b/meta/classes/image.bbclass > > @@ -296,6 +296,26 @@ python do_image_complete_setscene () { > > } > > addtask do_image_complete_setscene > > > > +python image_check_prohibited_paths () { > > +import glob > > +from oe.utils import ImageQAFailed > > + > > +rootfs = d.getVar('IMAGE_ROOTFS') > > + > > +path = d.getVar('PROHIBITED_PATHS') > > path = (d.getVar('PROHIBITED_PATHS') or "") > > I'd use IMAGE_QA_PROHIBITED_PATHS as variable name. It makes easier to > know what it relates to. > > > +if path != None and path != "": > > If can die. > OK, if is still needed, else the zero length path triggers the "not p.startswith('/')" error condition. > > +for p in path.split(':'): > > +if p[0] != '/': > > if not p.startswith('/'): > > > +raise ImageQAFailed("PROHIBITED_PATHS \"%s\" must be an > > absolute path" % p, image_check_prohibited_paths) > > + > > +match = glob.glob("%s%s" % (rootfs, p)) > > +if match: > > I'd use: > > if glob.glob(...): > > It is a single use so not sure it is worth the extra variable. > > > +loc = ", ".join(item.replace(rootfs, '') for item in match) > > +raise ImageQAFailed("Match(es) for PROHIBITED_PATHS > > \"%s\": %s" % (p, loc), image_check_prohibited_paths) > > +} > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v3 1/2] image.bbclass: add prohibited-paths QA test
On Wed, 2017-11-15 at 18:46 -0200, Otavio Salvador wrote: > On Wed, Nov 15, 2017 at 1:10 PM, Martyn Welch > <martyn.we...@collabora.co.uk> wrote: > > Sometimes we wish to ensure that files or directories are not installed > > somewhere that may prove detrimental to the operation of the system. For > > example, this may be the case if files are placed in a directory that is > > utilised as a mount point at run time, thus making them inaccessible once > > when the mount point is being utilised. > > > > Implement the prohibited paths QA test, which enables such locations to be > > specified in a "PROHIBITED_PATHS" variable. This implementation allows for > > a colon separated list of paths to be provided. Shell style wildcards can > > be used. > > > > Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> > > Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> > > --- > > Changes since v1: > > - Correcting author and SOB. > > > > Changes since v2: > > - Reimplemented as image rather than package level QA test. > > - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better > >reflect its use. > > > > meta/classes/image.bbclass | 20 > > 1 file changed, 20 insertions(+) > > > > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > > index d93de02..bebb363 100644 > > --- a/meta/classes/image.bbclass > > +++ b/meta/classes/image.bbclass > > @@ -296,6 +296,26 @@ python do_image_complete_setscene () { > > } > > addtask do_image_complete_setscene > > > > +python image_check_prohibited_paths () { > > +import glob > > +from oe.utils import ImageQAFailed > > + > > +rootfs = d.getVar('IMAGE_ROOTFS') > > + > > +path = d.getVar('PROHIBITED_PATHS') > > path = (d.getVar('PROHIBITED_PATHS') or "") > > I'd use IMAGE_QA_PROHIBITED_PATHS as variable name. It makes easier to > know what it relates to. > > > +if path != None and path != "": > > If can die. > > > +for p in path.split(':'): > > +if p[0] != '/': > > if not p.startswith('/'): > > > +raise ImageQAFailed("PROHIBITED_PATHS \"%s\" must be an > > absolute path" % p, image_check_prohibited_paths) > > + > > +match = glob.glob("%s%s" % (rootfs, p)) > > +if match: > > I'd use: > > if glob.glob(...): > > It is a single use so not sure it is worth the extra variable. > > > +loc = ", ".join(item.replace(rootfs, '') for item in match) match is used here. > > +raise ImageQAFailed("Match(es) for PROHIBITED_PATHS > > \"%s\": %s" % (p, loc), image_check_prohibited_paths) > > +} > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v3 2/2] ref-manual: Add documentation for prohibited-path QA test
Add documentation for the PROHIBITED_PATHS variable and associated prohibited-path QA test Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test, altering documentation to suit. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. documentation/ref-manual/ref-variables.xml | 24 1 file changed, 24 insertions(+) diff --git a/documentation/ref-manual/ref-variables.xml b/documentation/ref-manual/ref-variables.xml index e31aa21..1fb8a86 100644 --- a/documentation/ref-manual/ref-variables.xml +++ b/documentation/ref-manual/ref-variables.xml @@ -10820,6 +10820,30 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3" +PROHIBITED_PATHS + +PROHIBITED_PATHS[doc] = "A colon separated list of paths in which recipes are prohibited from installing." + + + + +A colon separated list of paths in which recipes are +prohibited from installing. +Shell-style wildcards can be used in paths. All paths need +to be absolute paths. + + + +For example, the following +PROHIBITED_PATHS ensures nothing is +installed under /mnt: + + PROHIBITED_PATHS += "/mnt/*" + + + + + PROVIDES PROVIDES[doc] = "A list of aliases that a recipe also provides. These aliases are useful for satisfying dependencies of other recipes during the build as specified by DEPENDS." -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v3 1/2] image.bbclass: add prohibited-paths QA test
Sometimes we wish to ensure that files or directories are not installed somewhere that may prove detrimental to the operation of the system. For example, this may be the case if files are placed in a directory that is utilised as a mount point at run time, thus making them inaccessible once when the mount point is being utilised. Implement the prohibited paths QA test, which enables such locations to be specified in a "PROHIBITED_PATHS" variable. This implementation allows for a colon separated list of paths to be provided. Shell style wildcards can be used. Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. Changes since v2: - Reimplemented as image rather than package level QA test. - Changed variable from PROHIBITED_PATH to PROHIBITED_PATHS to better reflect its use. meta/classes/image.bbclass | 20 1 file changed, 20 insertions(+) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index d93de02..bebb363 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -296,6 +296,26 @@ python do_image_complete_setscene () { } addtask do_image_complete_setscene +python image_check_prohibited_paths () { +import glob +from oe.utils import ImageQAFailed + +rootfs = d.getVar('IMAGE_ROOTFS') + +path = d.getVar('PROHIBITED_PATHS') +if path != None and path != "": +for p in path.split(':'): +if p[0] != '/': +raise ImageQAFailed("PROHIBITED_PATHS \"%s\" must be an absolute path" % p, image_check_prohibited_paths) + +match = glob.glob("%s%s" % (rootfs, p)) +if match: +loc = ", ".join(item.replace(rootfs, '') for item in match) +raise ImageQAFailed("Match(es) for PROHIBITED_PATHS \"%s\": %s" % (p, loc), image_check_prohibited_paths) +} + +IMAGE_QA_COMMANDS += "image_check_prohibited_paths" + # Add image-level QA/sanity checks to IMAGE_QA_COMMANDS # # IMAGE_QA_COMMANDS += " \ -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2 2/2] ref-manual: Add documentation for prohibited-path QA test
Add documentation for the prohibited-path QA test and associated PROHIBITED_PATH variable. Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. documentation/ref-manual/ref-classes.xml | 5 + documentation/ref-manual/ref-variables.xml | 25 + 2 files changed, 30 insertions(+) diff --git a/documentation/ref-manual/ref-classes.xml b/documentation/ref-manual/ref-classes.xml index 5961d3e..15f5586 100644 --- a/documentation/ref-manual/ref-classes.xml +++ b/documentation/ref-manual/ref-classes.xml @@ -1714,6 +1714,11 @@ FILES_${PN} = "xyz" effectively turn into FILES = "xyz". + prohibited-path: +Checks that a recipe does not package and files in locations +specified in +PROHIBITED_PATH. + rpaths: Checks for rpaths in the binaries that contain build system paths such as TMPDIR. diff --git a/documentation/ref-manual/ref-variables.xml b/documentation/ref-manual/ref-variables.xml index e31aa21..0bdbbba 100644 --- a/documentation/ref-manual/ref-variables.xml +++ b/documentation/ref-manual/ref-variables.xml @@ -10820,6 +10820,31 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3" +PROHIBITED_PATH + +PROHIBITED_PATH[doc] = "A list of paths in which recipes are prohibited from installing." + + + + +A list of paths in which recipes are prohibited from +installing. +Paths can be provided for specific locations or may include +a wildcard asterisk at the end to ensure nothing is +installed under the path provided. + + + +For example, the following +PROHIBITED_PATH ensures no packages +install anything under /mnt: + + PROHIBITED_PATH += "/mnt/*" + + + + + PROVIDES PROVIDES[doc] = "A list of aliases that a recipe also provides. These aliases are useful for satisfying dependencies of other recipes during the build as specified by DEPENDS." -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2 1/2] package.bbclass: add prohibited-path qa test
Sometimes we wish to ensure that packages don't install files or directories somewhere that may prove detrimental to the operation of the system. For example, this may be the case if files are placed in a directory that is utilised as a mount point at run time, thus making them inaccessible once when the mount point is being utilised. Implement the prohibited-path QA test, which enables such locations to be specified in a "PROHIBITED_PATH" variable. This implementation allows for exact matches and simple wildcards (paths ending with an asterisk. An error will be raised should a match be found, or in the case of a wildcard, for any files added below the specificed location(s). Signed-off-by: Fabien Lahoudere <fabien.lahoud...@collabora.co.uk> Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- Changes since v1: - Correcting author and SOB. meta/classes/insane.bbclass | 2 +- meta/classes/package.bbclass | 11 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index def9c70..fb10681 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass @@ -33,7 +33,7 @@ ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \ perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ split-strip packages-list pkgv-undefined var-undefined \ version-going-backwards expanded-d invalid-chars \ -license-checksum dev-elf file-rdeps \ +license-checksum dev-elf file-rdeps prohibited-path \ " # Add usrmerge QA check based on distro feature ERROR_QA_append = "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', ' usrmerge', '', d)}" diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass index 2053d46..721ca1e 100644 --- a/meta/classes/package.bbclass +++ b/meta/classes/package.bbclass @@ -1162,6 +1162,17 @@ python populate_packages () { continue seen.append(file) +prohibited_path = d.getVar('PROHIBITED_PATH') +if prohibited_path is not None: +for p in prohibited_path.split(): +exactmatch = True +if p.endswith("*"): +p = p[:len(p)-1] +exactmatch = False +if file[1:].startswith(p) and ((file[1:] != p) or exactmatch) : +msg = "%s is in a prohibited path.\n" % file[1:] +package_qa_handle_error("prohibited-path", msg, d) + def mkdir(src, dest, p): src = os.path.join(src, p) dest = os.path.join(dest, p) -- 2.1.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH][jethro] glew: Correct version in autotooling patches
The additional autotooling patched into glew claims the version is 1.9.0 whilst we are building 1.12.0. The version in the autotooling is used to set the version number in the pkgconfig file, this results in the configuration of packages which depend on glew > 1.9.0 failing. This patch updates the version number used in the patches to match that of the version being built. Signed-off-by: Martyn Welch <martyn.we...@collabora.co.uk> --- meta/recipes-graphics/glew/glew/autotools.patch | 4 ++-- meta/recipes-graphics/glew/glew/fix-glew.pc-install.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-graphics/glew/glew/autotools.patch b/meta/recipes-graphics/glew/glew/autotools.patch index 7dfe087..81a1343 100644 --- a/meta/recipes-graphics/glew/glew/autotools.patch +++ b/meta/recipes-graphics/glew/glew/autotools.patch @@ -20,7 +20,7 @@ Index: glew/configure.ac +# Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.62]) -+AC_INIT([glew], [1.9.0], [BUG-REPORT-ADDRESS]) ++AC_INIT([glew], [1.12.0], [BUG-REPORT-ADDRESS]) +AC_CONFIG_SRCDIR([src/glew.c]) +AC_CONFIG_HEADERS([config.h]) +AM_INIT_AUTOMAKE([-Wall -Werror foreign]) @@ -77,7 +77,7 @@ Index: glew/configure.ac +# for now we use the same version as the package, but that should be avoided +# in the future + -+AC_SUBST([LIBGLEW_SO_VERSION], [1:9:0]) ++AC_SUBST([LIBGLEW_SO_VERSION], [1:12:0]) + +AC_CONFIG_FILES([Makefile + include/Makefile diff --git a/meta/recipes-graphics/glew/glew/fix-glew.pc-install.patch b/meta/recipes-graphics/glew/glew/fix-glew.pc-install.patch index 70a99ae..baab9ff 100644 --- a/meta/recipes-graphics/glew/glew/fix-glew.pc-install.patch +++ b/meta/recipes-graphics/glew/glew/fix-glew.pc-install.patch @@ -20,7 +20,7 @@ Index: glew-1.11.0/configure.ac === --- glew-1.11.0.orig/configure.ac +++ glew-1.11.0/configure.ac -@@ -66,5 +66,6 @@ AC_SUBST([LIBGLEW_SO_VERSION], [1:9:0]) +@@ -66,5 +66,6 @@ AC_SUBST([LIBGLEW_SO_VERSION], [1:12:0]) AC_CONFIG_FILES([Makefile include/Makefile -- 1.8.3.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] Wiki seems dead. is openembedded wiki still active?
On 23/08/11 17:25, Paul Eggleton wrote: On Tuesday 23 August 2011 10:59:42 Klausfpga wrote: FYI OE is in the middle of a transition of sorts; we're moving to a more modular metadata structure based around a smaller common core (OE-Core). For more information please see this page: http://wiki.openembedded.org/index.php/OpenEmbedded-Core The link to the Layer Index is broken on that page. I'd correct it, but that page is locked down to be only editable by admin. -- Martyn Welch (Principal Software Engineer) | Registered in England and GE Intelligent Platforms | Wales (3828642) at 100 T +44(0)1327322748 | Barbirolli Square, Manchester, E martyn.we...@ge.com | M2 3AB VAT:GB 927559189 ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/7] shadow: add a -native recipe with customized utilities
On 01/06/11 10:47, Phil Blundell wrote: On Tue, 2011-05-31 at 12:53 -0700, Scott Garman wrote: This adds a -native recipe for the shadow utilities. The custom --root option allows the the following utilities to be run within a chroot when invoked under pseudo: Rather than patching the code for all these utilities, can't you just wrap them in a call to chroot(8)? That is, make useradd.bbclass do: eval $PSEUDO chroot ${STAGING_DIR_TARGET} useradd ... rather than the existing eval $PSEUDO useradd --root ${STAGING_DIR_TARGET} ... ? You'd need root privileges to use chroot wouldn't you? I'm assuming you wouldn't with the existing. Martyn -- Martyn Welch (Principal Software Engineer) | Registered in England and GE Intelligent Platforms | Wales (3828642) at 100 T +44(0)127322748 | Barbirolli Square, Manchester, E martyn.we...@ge.com | M2 3AB VAT:GB 927559189 ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core