From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7120476383164235776 X-Received: by 2002:a05:6638:1920:b0:341:4c2f:18a9 with SMTP id p32-20020a056638192000b003414c2f18a9mr745754jal.261.1657865113347; Thu, 14 Jul 2022 23:05:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6e02:c6b:b0:2da:f622:97b8 with SMTP id f11-20020a056e020c6b00b002daf62297b8ls133494ilj.5.-pod-prod-gmail; Thu, 14 Jul 2022 23:05:12 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uUn8j6dfdw3cUYi5Og3ut9C79FjLV+BtyVnfEAo9thurSiyyKiakl24YuxM+sY4idB00h2 X-Received: by 2002:a05:6e02:1aa5:b0:2dc:8302:5dc3 with SMTP id l5-20020a056e021aa500b002dc83025dc3mr6174232ilv.243.1657865112784; Thu, 14 Jul 2022 23:05:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657865112; cv=none; d=google.com; s=arc-20160816; b=zgxjaFNR16N8G6iL25J9Ot2NqogqM2gl6IzDKt/DINsba8VodUwquBzW7IwPQ7GH1V eY0cMy+JkxVP02TXwNX/Mxz/sVPFfrc6GrRlZzJGo2D/YcHs8vbGt2b6v+C/nO/9tiu2 wTTk9aV283fFHQRpNhr4Y6Evoxt90AH8przSBglwgtX94eVt2CSk+xdGcCCUAHpQ0sZ+ gUUrhOT5mNxdxhLKhZEDMnEC7od0zOpzT8lTeQO5Df8m6IOEDX5+GNGtgISsPaH3six8 jHK7fKXgAIwfJ2BVvdAPlSdZ7i4wiBtS99XaX3Ws0IW5aftpT/TfbuYiI8si4PDckse5 ywBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=1xECdap8+kATM0XwlNACzgBZZ1utd/yOYKWtjewnzpw=; b=NanS6Bqb6oIPGMzV//ILXXwTxrXbcEBHofyZ99hc8LP8/1/LYhR8bicP2Rjwsc2qqj jV7Qi+SGmq3kYE9r+yonJMWcoIAGMg3/KGofsSDnILsrWOW/9L748MlkhUNTxiY6dlbY ZhBZnKN8jkWnD4V6bN5dTwPhZwzKSSUVtlskkaQILyloA4jxEnBMG6CpsIhdwP5cQhzB +xWJc8j59yFGxTE/bGaqHyO0c3BkvjlhikAGKzMffmP2o43Oa+TQnCGXEVEWXpGEc2xa /pMsD0om+nSsqTeUELMlR9DpahM03+/IRgFCRsH5bRSnMXfTse+ca2Z+PP4fq6XUSNv6 GWCw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id f5-20020a056e020b4500b002da79182b3fsi126568ilu.2.2022.07.14.23.05.12 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 14 Jul 2022 23:05:12 -0700 (PDT) Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Received: from alena-nb.promwad.com (mm-137-75-214-37.mgts.dynamic.pppoe.byfly.by [37.214.75.137] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 26F64pLB026837 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 15 Jul 2022 08:05:10 +0200 From: Anton Mikanovich To: isar-users@googlegroups.com Cc: Anton Mikanovich Subject: [PATCH v2 10/18] meta: mark network and sudo tasks Date: Fri, 15 Jul 2022 09:04:34 +0300 Message-Id: <20220715060442.18063-11-amikan@ilbers.de> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220715060442.18063-1-amikan@ilbers.de> References: <20220715060442.18063-1-amikan@ilbers.de> X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 5jHzWG1oQpwv Network access from tasks is now disabled by default. This means that tasks accessing the network need to be marked as such with the network flag. The same marking is also required for the tasks used sudo. Signed-off-by: Anton Mikanovich --- meta/classes/base.bbclass | 1 + meta/classes/dpkg-base.bbclass | 5 +++++ meta/classes/image-locales-extension.bbclass | 2 ++ meta/classes/image-tools-extension.bbclass | 1 + meta/classes/image.bbclass | 4 ++++ meta/classes/imagetypes_wic.bbclass | 1 + meta/classes/rootfs.bbclass | 5 +++++ meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 ++ 8 files changed, 21 insertions(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 4ec2c81..d62997a 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -178,6 +178,7 @@ def isar_export_ccache(d): do_fetch[dirs] = "${DL_DIR}" do_fetch[file-checksums] = "${@bb.fetch.get_checksum_file_list(d)}" do_fetch[vardeps] += "SRCREV" +do_fetch[network] = "1" # Fetch package from the source link python do_fetch() { diff --git a/meta/classes/dpkg-base.bbclass b/meta/classes/dpkg-base.bbclass index 79c1ce1..b38d1ca 100644 --- a/meta/classes/dpkg-base.bbclass +++ b/meta/classes/dpkg-base.bbclass @@ -122,6 +122,7 @@ do_apt_fetch() { addtask apt_fetch do_apt_fetch[lockfiles] += "${REPO_ISAR_DIR}/isar.lock" +do_apt_fetch[network] = "1" # Add dependency from the correct buildchroot: host or target do_apt_fetch[depends] += "${BUILDCHROOT_DEP}" @@ -129,6 +130,7 @@ do_apt_fetch[depends] += "${BUILDCHROOT_DEP}" # Add dependency from the correct schroot: host or target do_apt_fetch[depends] += "${SCHROOT_DEP}" +do_apt_unpack[network] = "1" do_apt_unpack() { rm -rf ${S} schroot_create_configs @@ -242,6 +244,7 @@ def isar_export_build_settings(d): os.environ['DEB_BUILD_OPTIONS'] = isar_deb_build_options(d) os.environ['DEB_BUILD_PROFILES'] = isar_deb_build_profiles(d) +do_dpkg_build[network] = "1" python do_dpkg_build() { bb.build.exec_func('schroot_create_configs', d) try: @@ -336,6 +339,7 @@ addtask devshell after do_prepare_build DEVSHELL_STARTDIR ?= "${S}" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" +do_devshell[network] = "1" python do_devshell_nodeps() { bb.build.exec_func('do_devshell', d) @@ -346,3 +350,4 @@ python do_devshell_nodeps() { addtask devshell_nodeps after do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" +do_devshell_nodeps[network] = "1" diff --git a/meta/classes/image-locales-extension.bbclass b/meta/classes/image-locales-extension.bbclass index 25af540..e4f41a6 100644 --- a/meta/classes/image-locales-extension.bbclass +++ b/meta/classes/image-locales-extension.bbclass @@ -27,6 +27,7 @@ def get_nopurge(d): ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" +image_install_localepurge_download[network] = "1" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge @@ -34,6 +35,7 @@ image_install_localepurge_download() { ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" image_install_localepurge_install[weight] = "700" +image_install_localepurge_install[network] = "1" image_install_localepurge_install() { # Generate locale and localepurge configuration: diff --git a/meta/classes/image-tools-extension.bbclass b/meta/classes/image-tools-extension.bbclass index b996813..c979c3c 100644 --- a/meta/classes/image-tools-extension.bbclass +++ b/meta/classes/image-tools-extension.bbclass @@ -17,6 +17,7 @@ DEPENDS += "${IMAGER_BUILD_DEPS}" do_install_imager_deps[depends] = "${BUILDCHROOT_DEP} isar-apt:do_cache_config" do_install_imager_deps[deptask] = "do_deploy_deb" do_install_imager_deps[lockfiles] += "${REPO_ISAR_DIR}/isar.lock" +do_install_imager_deps[network] = "1" do_install_imager_deps() { if [ -z "${@d.getVar("IMAGER_INSTALL", True).strip()}" ]; then exit diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 7eeed7d..53a1a8e 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -291,6 +291,7 @@ python() { task = 'do_image_%s' % bt_clean d.setVar(task, '\n'.join(cmds)) d.setVarFlag(task, 'func', '1') + d.setVarFlag(task, 'network', '1') d.appendVarFlag(task, 'prefuncs', ' set_image_size') d.appendVarFlag(task, 'vardeps', ' ' + ' '.join(vardeps)) d.appendVarFlag(task, 'vardepsexclude', ' ' + ' '.join(vardepsexclude)) @@ -345,6 +346,7 @@ DTB_IMG = "${PP_DEPLOY}/${@(d.getVar('DTB_FILES').split() or [''])[0]}" do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" do_copy_boot_files[lockfiles] += "${DEPLOY_DIR_IMAGE}/isar.lock" +do_copy_boot_files[network] = "1" do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" if [ ! -f "$kernel" ]; then @@ -393,6 +395,7 @@ python do_deploy() { } addtask deploy before do_build after do_image +do_rootfs_finalize[network] = "1" do_rootfs_finalize() { sudo -s <<'EOSUDO' set -e @@ -436,6 +439,7 @@ addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess ROOTFS_QA_FIND_ARGS ?= "" +do_rootfs_quality_check[network] = "1" do_rootfs_quality_check() { rootfs_install_stamp=$( ls -1 "${STAMP}".do_rootfs_install* | head -1 ) test -f "$rootfs_install_stamp" diff --git a/meta/classes/imagetypes_wic.bbclass b/meta/classes/imagetypes_wic.bbclass index 61a74d4..dd2268f 100644 --- a/meta/classes/imagetypes_wic.bbclass +++ b/meta/classes/imagetypes_wic.bbclass @@ -133,6 +133,7 @@ python do_rootfs_wicenv () { addtask do_rootfs_wicenv after do_rootfs before do_image_wic do_rootfs_wicenv[vardeps] += "${WICVARS}" do_rootfs_wicenv[prefuncs] = 'set_image_size' +do_rootfs_wicenv[network] = "1" check_for_wic_warnings() { WARN="$(grep -e '^WARNING' ${T}/log.do_image_wic || true)" diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index f3272c0..fbce073 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -118,6 +118,7 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_update" rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" +rootfs_install_pkgs_update[network] = "1" rootfs_install_pkgs_update() { sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ @@ -143,6 +144,7 @@ rootfs_import_package_cache() { ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_download" rootfs_install_pkgs_download[weight] = "600" rootfs_install_pkgs_download[isar-apt-lock] = "release-after" +rootfs_install_pkgs_download[network] = "1" rootfs_install_pkgs_download() { sudo -E chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} @@ -166,6 +168,7 @@ rootfs_install_clean_files() { ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_install" rootfs_install_pkgs_install[weight] = "8000" +rootfs_install_pkgs_install[network] = "1" rootfs_install_pkgs_install() { sudo -E chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} @@ -176,6 +179,7 @@ do_rootfs_install[vardeps] += "${ROOTFS_CONFIGURE_COMMAND} ${ROOTFS_INSTALL_COMM do_rootfs_install[vardepsexclude] += "IMAGE_ROOTFS" do_rootfs_install[depends] = "isar-bootstrap-${@'target' if d.getVar('ROOTFS_ARCH') == d.getVar('DISTRO_ARCH') else 'host'}:do_build" do_rootfs_install[recrdeptask] = "do_deploy_deb" +do_rootfs_install[network] = "1" python do_rootfs_install() { configure_cmds = (d.getVar("ROOTFS_CONFIGURE_COMMAND", True) or "").split() install_cmds = (d.getVar("ROOTFS_INSTALL_COMMAND", True) or "").split() @@ -268,6 +272,7 @@ rootfs_export_dpkg_status() { } do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}" +do_rootfs_postprocess[network] = "1" python do_rootfs_postprocess() { # Take care that its correctly mounted: bb.build.exec_func('rootfs_do_mounts', d) diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index a453b36..9eae903 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -222,6 +222,7 @@ DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg" do_generate_keyrings[cleandirs] = "${APT_KEYS_DIR}" do_generate_keyrings[dirs] = "${DL_DIR}" do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS THIRD_PARTY_APT_KEYS" +do_generate_keyrings[network] = "1" do_generate_keyrings() { if [ -n "${@d.getVar("THIRD_PARTY_APT_KEYFILES", True) or ""}" ]; then chmod 777 "${APT_KEYS_DIR}" @@ -277,6 +278,7 @@ do_bootstrap[vardeps] += " \ " do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP}" do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config" +do_bootstrap[network] = "1" do_bootstrap() { if [ "${ISAR_ENABLE_COMPAT_ARCH}" = "1" ]; then -- 2.17.1