Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On 24/08/15 23:19, Christopher Larson wrote: From: Christopher Larson chris_lar...@mentor.com - Add a test which checks for any paths outside of /home which are owned by the user running bitbake. - Add the test to WARN_QA by default. I do all of my builds on a separate partition in a directory hierarchy which is owned by my user - if I'm understanding this correctly I'll get QA WARNINGS for all of my builds with this change? It would be nice to be able to bless my build directory and still benefit from this check. Regards, Joshua This test has been in meta-mentor for some time, and in our ERROR_QA for our builds, and has caught a number of issues for us. Signed-off-by: Christopher Larson chris_lar...@mentor.com --- meta/classes/insane.bbclass | 32 ++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index cd773b7..aec9800 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass @@ -31,14 +31,14 @@ WARN_QA ?= ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \ installed-vs-shipped compile-host-path install-host-path \ pn-overrides infodir build-deps file-rdeps \ unknown-configure-option symlink-to-sysroot multilib \ -invalid-pkgconfig \ +invalid-pkgconfig host-user-contaminated \ ERROR_QA ?= dev-so debug-deps dev-deps debug-files arch pkgconfig la \ perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ split-strip packages-list pkgv-undefined var-undefined \ version-going-backwards expanded-d \ -FAKEROOT_QA = +FAKEROOT_QA = host-user-contaminated FAKEROOT_QA[doc] = QA tests which need to run under fakeroot. If any \ enabled tests are listed here, the do_package_qa task will run under fakeroot. @@ -950,6 +950,34 @@ def package_qa_check_expanded_d(path,name,d,elf,messages): sane = False return sane +HOST_USER_UID := ${@os.getuid()} +HOST_USER_GID := ${@os.getgid()} + +QAPATHTEST[host-user-contaminated] = package_qa_check_host_user +def package_qa_check_host_user(path, name, d, elf, messages): +Check for paths outside of /home which are owned by the user running bitbake. + +if not os.path.lexists(path): +return + +check_uid = int(d.getVar('HOST_USER_UID', True)) +check_gid = int(d.getVar('HOST_USER_GID', True)) + +dest = d.getVar('PKGDEST', True) +home = os.path.join(dest, 'home') +if path == home or path.startswith(home + os.sep): +return + +stat = os.lstat(path) +if stat.st_uid == check_uid: +messages[host-user-contaminated] = %s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination % (path, check_uid) +return False + +if stat.st_gid == check_gid: +messages[host-user-contaminated] = %s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination % (path, check_gid) +return False +return True + # The PACKAGE FUNC to scan each package python do_package_qa () { import subprocess -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk wrote: I do all of my builds on a separate partition in a directory hierarchy which is owned by my user - if I'm understanding this correctly I'll get QA WARNINGS for all of my builds with this change? The paths are prefixed with ${D} so pretend the commit log says in packages. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On Wed, Aug 26, 2015 at 7:19 AM, Christopher Larson clar...@kergoth.com wrote: On Wed, Aug 26, 2015 at 4:01 AM, Burton, Ross ross.bur...@intel.com wrote: On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk wrote: I do all of my builds on a separate partition in a directory hierarchy which is owned by my user - if I'm understanding this correctly I'll get QA WARNINGS for all of my builds with this change? The paths are prefixed with ${D} so pretend the commit log says in packages. Heh, indeed, it's a package QA test. do_install runs under pseudo, so any newly created files there, or files chown'd to root, will be fine. If, however, a recipe does a cp -a or so to install without doing a chown, you'll end up with files in your rootfs owned by the user that did the build -- not good. I can re-submit with that commit message clarification, if needed? I rather thought the fact that it was in insane.bbclass, not sanity.bbclass, carried the necessary implication. -- Christopher Larson clarson at kergoth dot com Founder - BitBake, OpenEmbedded, OpenZaurus Maintainer - Tslib Senior Software Engineer, Mentor Graphics -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On Wed, Aug 26, 2015 at 4:01 AM, Burton, Ross ross.bur...@intel.com wrote: On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk wrote: I do all of my builds on a separate partition in a directory hierarchy which is owned by my user - if I'm understanding this correctly I'll get QA WARNINGS for all of my builds with this change? The paths are prefixed with ${D} so pretend the commit log says in packages. Heh, indeed, it's a package QA test. do_install runs under pseudo, so any newly created files there, or files chown'd to root, will be fine. If, however, a recipe does a cp -a or so to install without doing a chown, you'll end up with files in your rootfs owned by the user that did the build -- not good. -- Christopher Larson clarson at kergoth dot com Founder - BitBake, OpenEmbedded, OpenZaurus Maintainer - Tslib Senior Software Engineer, Mentor Graphics -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On 26/08/15 15:20, Christopher Larson wrote: On Wed, Aug 26, 2015 at 7:19 AM, Christopher Larson clar...@kergoth.com mailto:clar...@kergoth.com wrote: On Wed, Aug 26, 2015 at 4:01 AM, Burton, Ross ross.bur...@intel.com mailto:ross.bur...@intel.com wrote: On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk mailto:joshua.l...@collabora.co.uk wrote: I do all of my builds on a separate partition in a directory hierarchy which is owned by my user - if I'm understanding this correctly I'll get QA WARNINGS for all of my builds with this change? The paths are prefixed with ${D} so pretend the commit log says in packages. Heh, indeed, it's a package QA test. do_install runs under pseudo, so any newly created files there, or files chown'd to root, will be fine. If, however, a recipe does a cp -a or so to install without doing a chown, you'll end up with files in your rootfs owned by the user that did the build -- not good. Indeed. Thanks for taking the time to clarify. I can re-submit with that commit message clarification, if needed? I rather thought the fact that it was in insane.bbclass, not sanity.bbclass, carried the necessary implication. Personally I don't feel that's necessary - I should review with more care (and coffee). Thanks for the offer though. Regards, Joshua -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
From: Christopher Larson chris_lar...@mentor.com - Add a test which checks for any paths outside of /home which are owned by the user running bitbake. - Add the test to WARN_QA by default. This test has been in meta-mentor for some time, and in our ERROR_QA for our builds, and has caught a number of issues for us. Signed-off-by: Christopher Larson chris_lar...@mentor.com --- meta/classes/insane.bbclass | 32 ++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index cd773b7..aec9800 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass @@ -31,14 +31,14 @@ WARN_QA ?= ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \ installed-vs-shipped compile-host-path install-host-path \ pn-overrides infodir build-deps file-rdeps \ unknown-configure-option symlink-to-sysroot multilib \ -invalid-pkgconfig \ +invalid-pkgconfig host-user-contaminated \ ERROR_QA ?= dev-so debug-deps dev-deps debug-files arch pkgconfig la \ perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ split-strip packages-list pkgv-undefined var-undefined \ version-going-backwards expanded-d \ -FAKEROOT_QA = +FAKEROOT_QA = host-user-contaminated FAKEROOT_QA[doc] = QA tests which need to run under fakeroot. If any \ enabled tests are listed here, the do_package_qa task will run under fakeroot. @@ -950,6 +950,34 @@ def package_qa_check_expanded_d(path,name,d,elf,messages): sane = False return sane +HOST_USER_UID := ${@os.getuid()} +HOST_USER_GID := ${@os.getgid()} + +QAPATHTEST[host-user-contaminated] = package_qa_check_host_user +def package_qa_check_host_user(path, name, d, elf, messages): +Check for paths outside of /home which are owned by the user running bitbake. + +if not os.path.lexists(path): +return + +check_uid = int(d.getVar('HOST_USER_UID', True)) +check_gid = int(d.getVar('HOST_USER_GID', True)) + +dest = d.getVar('PKGDEST', True) +home = os.path.join(dest, 'home') +if path == home or path.startswith(home + os.sep): +return + +stat = os.lstat(path) +if stat.st_uid == check_uid: +messages[host-user-contaminated] = %s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination % (path, check_uid) +return False + +if stat.st_gid == check_gid: +messages[host-user-contaminated] = %s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination % (path, check_gid) +return False +return True + # The PACKAGE FUNC to scan each package python do_package_qa () { import subprocess -- 2.2.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core