Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On 24/08/15 23:19, Christopher Larson wrote:
From: Christopher Larson chris_lar...@mentor.com
- Add a test which checks for any paths outside of /home which are owned by
the user running bitbake.
- Add the test to WARN_QA by default.
I do all of my builds on a separate partition in a directory hierarchy
which is owned by my user - if I'm understanding this correctly I'll get
QA WARNINGS for all of my builds with this change?
It would be nice to be able to bless my build directory and still
benefit from this check.
Regards,
Joshua
This test has been in meta-mentor for some time, and in our ERROR_QA for our
builds, and has caught a number of issues for us.
Signed-off-by: Christopher Larson chris_lar...@mentor.com
---
meta/classes/insane.bbclass | 32 ++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index cd773b7..aec9800 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -31,14 +31,14 @@ WARN_QA ?= ldflags useless-rpaths rpaths staticdev libdir
xorg-driver-abi \
installed-vs-shipped compile-host-path install-host-path \
pn-overrides infodir build-deps file-rdeps \
unknown-configure-option symlink-to-sysroot multilib \
-invalid-pkgconfig \
+invalid-pkgconfig host-user-contaminated \
ERROR_QA ?= dev-so debug-deps dev-deps debug-files arch pkgconfig la \
perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
split-strip packages-list pkgv-undefined var-undefined \
version-going-backwards expanded-d \
-FAKEROOT_QA =
+FAKEROOT_QA = host-user-contaminated
FAKEROOT_QA[doc] = QA tests which need to run under fakeroot. If any \
enabled tests are listed here, the do_package_qa task will run under
fakeroot.
@@ -950,6 +950,34 @@ def package_qa_check_expanded_d(path,name,d,elf,messages):
sane = False
return sane
+HOST_USER_UID := ${@os.getuid()}
+HOST_USER_GID := ${@os.getgid()}
+
+QAPATHTEST[host-user-contaminated] = package_qa_check_host_user
+def package_qa_check_host_user(path, name, d, elf, messages):
+Check for paths outside of /home which are owned by the user running
bitbake.
+
+if not os.path.lexists(path):
+return
+
+check_uid = int(d.getVar('HOST_USER_UID', True))
+check_gid = int(d.getVar('HOST_USER_GID', True))
+
+dest = d.getVar('PKGDEST', True)
+home = os.path.join(dest, 'home')
+if path == home or path.startswith(home + os.sep):
+return
+
+stat = os.lstat(path)
+if stat.st_uid == check_uid:
+messages[host-user-contaminated] = %s is owned by uid %d, which is the
same as the user running bitbake. This may be due to host contamination % (path, check_uid)
+return False
+
+if stat.st_gid == check_gid:
+messages[host-user-contaminated] = %s is owned by gid %d, which is the
same as the user running bitbake. This may be due to host contamination % (path, check_gid)
+return False
+return True
+
# The PACKAGE FUNC to scan each package
python do_package_qa () {
import subprocess
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk wrote:
I do all of my builds on a separate partition in a directory hierarchy
which is owned by my user - if I'm understanding this correctly I'll get QA
WARNINGS for all of my builds with this change?
The paths are prefixed with ${D} so pretend the commit log says in
packages.
Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On Wed, Aug 26, 2015 at 7:19 AM, Christopher Larson clar...@kergoth.com
wrote:
On Wed, Aug 26, 2015 at 4:01 AM, Burton, Ross ross.bur...@intel.com
wrote:
On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk
wrote:
I do all of my builds on a separate partition in a directory hierarchy
which is owned by my user - if I'm understanding this correctly I'll get QA
WARNINGS for all of my builds with this change?
The paths are prefixed with ${D} so pretend the commit log says in
packages.
Heh, indeed, it's a package QA test. do_install runs under pseudo, so any
newly created files there, or files chown'd to root, will be fine. If,
however, a recipe does a cp -a or so to install without doing a chown,
you'll end up with files in your rootfs owned by the user that did the
build -- not good.
I can re-submit with that commit message clarification, if needed? I rather
thought the fact that it was in insane.bbclass, not sanity.bbclass, carried
the necessary implication.
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On Wed, Aug 26, 2015 at 4:01 AM, Burton, Ross ross.bur...@intel.com wrote:
On 26 August 2015 at 09:44, Joshua Lock joshua.l...@collabora.co.uk
wrote:
I do all of my builds on a separate partition in a directory hierarchy
which is owned by my user - if I'm understanding this correctly I'll get QA
WARNINGS for all of my builds with this change?
The paths are prefixed with ${D} so pretend the commit log says in
packages.
Heh, indeed, it's a package QA test. do_install runs under pseudo, so any
newly created files there, or files chown'd to root, will be fine. If,
however, a recipe does a cp -a or so to install without doing a chown,
you'll end up with files in your rootfs owned by the user that did the
build -- not good.
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
On 26/08/15 15:20, Christopher Larson wrote:
On Wed, Aug 26, 2015 at 7:19 AM, Christopher Larson clar...@kergoth.com
mailto:clar...@kergoth.com wrote:
On Wed, Aug 26, 2015 at 4:01 AM, Burton, Ross ross.bur...@intel.com
mailto:ross.bur...@intel.com wrote:
On 26 August 2015 at 09:44, Joshua Lock
joshua.l...@collabora.co.uk
mailto:joshua.l...@collabora.co.uk wrote:
I do all of my builds on a separate partition in a directory
hierarchy which is owned by my user - if I'm understanding
this correctly I'll get QA WARNINGS for all of my builds
with this change?
The paths are prefixed with ${D} so pretend the commit log says
in packages.
Heh, indeed, it's a package QA test. do_install runs under pseudo,
so any newly created files there, or files chown'd to root, will be
fine. If, however, a recipe does a cp -a or so to install without
doing a chown, you'll end up with files in your rootfs owned by the
user that did the build -- not good.
Indeed. Thanks for taking the time to clarify.
I can re-submit with that commit message clarification, if needed? I
rather thought the fact that it was in insane.bbclass, not
sanity.bbclass, carried the necessary implication.
Personally I don't feel that's necessary - I should review with more
care (and coffee).
Thanks for the offer though.
Regards,
Joshua
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/3] insane.bbclass: add host-user-contaminated test
From: Christopher Larson chris_lar...@mentor.com
- Add a test which checks for any paths outside of /home which are owned by
the user running bitbake.
- Add the test to WARN_QA by default.
This test has been in meta-mentor for some time, and in our ERROR_QA for our
builds, and has caught a number of issues for us.
Signed-off-by: Christopher Larson chris_lar...@mentor.com
---
meta/classes/insane.bbclass | 32 ++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index cd773b7..aec9800 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -31,14 +31,14 @@ WARN_QA ?= ldflags useless-rpaths rpaths staticdev libdir
xorg-driver-abi \
installed-vs-shipped compile-host-path install-host-path \
pn-overrides infodir build-deps file-rdeps \
unknown-configure-option symlink-to-sysroot multilib \
-invalid-pkgconfig \
+invalid-pkgconfig host-user-contaminated \
ERROR_QA ?= dev-so debug-deps dev-deps debug-files arch pkgconfig la \
perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
split-strip packages-list pkgv-undefined var-undefined \
version-going-backwards expanded-d \
-FAKEROOT_QA =
+FAKEROOT_QA = host-user-contaminated
FAKEROOT_QA[doc] = QA tests which need to run under fakeroot. If any \
enabled tests are listed here, the do_package_qa task will run under fakeroot.
@@ -950,6 +950,34 @@ def package_qa_check_expanded_d(path,name,d,elf,messages):
sane = False
return sane
+HOST_USER_UID := ${@os.getuid()}
+HOST_USER_GID := ${@os.getgid()}
+
+QAPATHTEST[host-user-contaminated] = package_qa_check_host_user
+def package_qa_check_host_user(path, name, d, elf, messages):
+Check for paths outside of /home which are owned by the user running
bitbake.
+
+if not os.path.lexists(path):
+return
+
+check_uid = int(d.getVar('HOST_USER_UID', True))
+check_gid = int(d.getVar('HOST_USER_GID', True))
+
+dest = d.getVar('PKGDEST', True)
+home = os.path.join(dest, 'home')
+if path == home or path.startswith(home + os.sep):
+return
+
+stat = os.lstat(path)
+if stat.st_uid == check_uid:
+messages[host-user-contaminated] = %s is owned by uid %d, which is
the same as the user running bitbake. This may be due to host contamination %
(path, check_uid)
+return False
+
+if stat.st_gid == check_gid:
+messages[host-user-contaminated] = %s is owned by gid %d, which is
the same as the user running bitbake. This may be due to host contamination %
(path, check_gid)
+return False
+return True
+
# The PACKAGE FUNC to scan each package
python do_package_qa () {
import subprocess
--
2.2.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
