From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7093844954876739584 X-Received: by 2002:a5d:4b0d:0:b0:20a:f3d9:336e with SMTP id v13-20020a5d4b0d000000b0020af3d9336emr16922649wrq.467.1651664506392; Wed, 04 May 2022 04:41:46 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:f950:0:b0:205:dbf5:72d8 with SMTP id q16-20020adff950000000b00205dbf572d8ls2706927wrr.0.gmail; Wed, 04 May 2022 04:41:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxbv235Eowb6N4YJRa0xAbn19+pQeaGCHuaSBcWBYwnOMv1EwcUd12rwulDJUh0syd+ZlHV X-Received: by 2002:adf:dc0e:0:b0:20c:8a3f:b523 with SMTP id t14-20020adfdc0e000000b0020c8a3fb523mr366083wri.201.1651664505438; Wed, 04 May 2022 04:41:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651664505; cv=none; d=google.com; s=arc-20160816; b=FwbputTfoXPAIQZW2Jsl/lJx7Ih8fQVXStZao/TncirbL64VYg5zPn2SJfoRZe7dsG m3HodXRQ0sxAMUUJQVy1TKn0lg9dBlJu/kpC2smEweQeZeond/L68Zz84WfYupm3CjI/ OZQpmqTSU5D/3jX3xK9kwBlz/qVhgQpnaFHw+RqT9UfvL6yWOqMCHcanCMWn4PYFyurD dOW24WUyWOUajAsHQdvSSiHv5atceyNAJLyu9DXe0FAOiikh0QiDTQrcsDxyKx6+fmjq nLnE8uAk2+mgVWYIrbbuF0v/zO+UaREdXo+tBCPKa0zyKm9TCTWlAeAylBiZrFdY8fUr i2OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=37OS8yf5qc2wG2+pep/kx+cFlQ7qPBtr/vdlfPrJUwM=; b=JV6FwD5Tfh+GHHSW3omnGICH6kbtlgyeULNCt4kH7DmaIJYw4llqx8FbWk0AxWznBe vGwLgy5CEIiA2b2HXlZ1KmAuATsrLx9nsmIKVL/xSOWD+rPsDzXroIbKYoebNl7/8x7Q L+pSTqCfqCQOtEJ4x5SC4KUewOl0ZlCwXXPLEOoKZEMcQIQuZCEqjNEstecZVfMyKNLB MMliNrZt/mEWGXeBAK6Lpk6mlKetDx/rX0aQOGtueejEkSjB9GgAHUo+IJefZlKLDcOw 4oPBv9S4ROuwe+k8xJBYA+78UK0YV7H6PKMaJT8Wi5Kn0Za0SThhCPTdt/nYNKwLIyRr DYDQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=F4FCcPQt; spf=pass (google.com: domain of fm-72506-202205041141448659ba9758e20db370-g_wou4@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-72506-202205041141448659ba9758e20db370-G_wOU4@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id o30-20020a05600c511e00b00394402a2f27si248919wms.2.2022.05.04.04.41.45 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 May 2022 04:41:45 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-72506-202205041141448659ba9758e20db370-g_wou4@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=F4FCcPQt; spf=pass (google.com: domain of fm-72506-202205041141448659ba9758e20db370-g_wou4@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-72506-202205041141448659ba9758e20db370-G_wOU4@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 202205041141448659ba9758e20db370 for ; Wed, 04 May 2022 13:41:45 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=felix.moessbauer@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=37OS8yf5qc2wG2+pep/kx+cFlQ7qPBtr/vdlfPrJUwM=; b=F4FCcPQtrU5S2ciOGaevklyfrP//6wc4tHik/C9T7gQLYsPl1ZNU5IomkGxDw9UlcmA1Br uNU1No0CT+am3VQfOrKgiMcuUBDpFniPDdjdqkPqWZvbuaQg7lhAfkO0ZwdUcXyUUdcY2VID D7bgmS9TTUeP9oGuNEarhHkdIFPyQ=; From: Felix Moessbauer To: isar-users@googlegroups.com Cc: adriaan.schmidt@siemens.com, Felix Moessbauer Subject: [PATCH 7/7] signatures: do not expand SRC_URI Date: Wed, 4 May 2022 13:41:09 +0200 Message-Id: <20220504114109.3411005-8-felix.moessbauer@siemens.com> In-Reply-To: <20220504114109.3411005-1-felix.moessbauer@siemens.com> References: <20220504114109.3411005-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-72506:519-21489:flowmailer X-TUID: 91DfkUtui6r2 This patch reworks modification to SRC_URI to avoid expanding the variables in the string. By that, both cachability issues, as well as information leaks (e.g. repo access tokens) are mitigated. Signed-off-by: Felix Moessbauer --- meta/classes/dpkg-base.bbclass | 2 +- meta/classes/dpkg-prebuilt.bbclass | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/dpkg-base.bbclass b/meta/classes/dpkg-base.bbclass index 86933c57..163d678b 100644 --- a/meta/classes/dpkg-base.bbclass +++ b/meta/classes/dpkg-base.bbclass @@ -81,7 +81,7 @@ SRC_APT ?= "" # filter out all "apt://" URIs out of SRC_URI and stick them into SRC_APT python() { - src_uri = (d.getVar('SRC_URI') or "").split() + src_uri = (d.getVar('SRC_URI', False) or "").split() prefix = "apt://" new_src_uri = [] diff --git a/meta/classes/dpkg-prebuilt.bbclass b/meta/classes/dpkg-prebuilt.bbclass index c32224bb..0a6daef7 100644 --- a/meta/classes/dpkg-prebuilt.bbclass +++ b/meta/classes/dpkg-prebuilt.bbclass @@ -7,7 +7,7 @@ inherit dpkg-base python do_unpack_prepend() { # enforce unpack=false - src_uri = (d.getVar('SRC_URI', True) or '').split() + src_uri = (d.getVar('SRC_URI', False) or '').split() if len(src_uri) == 0: return def ensure_unpack_false(uri): -- 2.30.2