From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7120476383164235776 X-Received: by 2002:a05:6870:e245:b0:10b:b153:6841 with SMTP id d5-20020a056870e24500b0010bb1536841mr20924094oac.237.1658235627537; Tue, 19 Jul 2022 06:00:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a4a:5444:0:b0:435:5980:91c7 with SMTP id t65-20020a4a5444000000b00435598091c7ls18445ooa.9.-pod-prod-gmail; Tue, 19 Jul 2022 06:00:25 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t0EJ0LNkaTdgPXbZMmVfLMBjvkApCA16vEkbeaUqVxoHbnBA3G/P86b6TD1STs3YD4V0Eb X-Received: by 2002:a4a:96cd:0:b0:428:80dd:11c6 with SMTP id t13-20020a4a96cd000000b0042880dd11c6mr11153053ooi.57.1658235625452; Tue, 19 Jul 2022 06:00:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658235625; cv=none; d=google.com; s=arc-20160816; b=SRf62ufxL0h2AY101FQtzEMrMOZGauL3WhStXq4r0YJnGLCfzRbJ2tT8iSHOijm0Wg Qs9RTxODP9khz6Nx2idPqEde499KRADiOuaSn5tC45KWXF/rwLnW6hPiG1bPTBXWpbod sSOTuG84MtU/kDj6z228mA6xRqEjvwAyaNjSRmsNh0RKhk3qZpvFi3KVSvyOPF7IjfoU 14qzPDewgFUbVqWttDcI2bUhb7bcQI8yQj8ziqtO9MAsemMJH9vhE4lRe01UOOCcPOSC H3Tkz/4fAHf2RCQGq+UZNFPc3F4Veu13otwcPJnSoWuRx+fz3bVPddiZqAKwdB6CH/gm wt3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=1xECdap8+kATM0XwlNACzgBZZ1utd/yOYKWtjewnzpw=; b=DshVBpgX3qi7ZwOOKrOgrErnSNviDDjz6fFI9RrxmOBYF8YM4BBNQwmP+mDl2dQCCS gH0XY9w+8vYyoox7Y8qfN/3u0Aal15bCqUhbkrCf6/+V2QxjHzKRFffh/R9Zoh3ZhBY2 DSI8MtF2Soc593gWhQ/EAAE7lKY7M9sC2sQH0X2WCH46u26+bjVG6MqSt68UttCeYPsa nJUM1EWocW/JYYhDEQ6acPA/1bT4OfvvExKDyhoqkz9x42VgnaEjOdYQqpu+6hJoXSdI NJ77UKCSI8L2c63WmXjpIPuCWHTPspjMJcvGtmLEsQk9BRQYEUTm5pdTg8Q9prg/tsG+ DieQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id u3-20020a056870d58300b0010c1dbaff11si1634746oao.4.2022.07.19.06.00.25 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 19 Jul 2022 06:00:25 -0700 (PDT) Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Received: from localhost.localdomain (mm-181-76-214-37.mgts.dynamic.pppoe.byfly.by [37.214.76.181] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 26JD07MV015247 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Jul 2022 15:00:23 +0200 From: Anton Mikanovich To: isar-users@googlegroups.com Cc: Anton Mikanovich Subject: [PATCH v3 10/20] meta: mark network and sudo tasks Date: Tue, 19 Jul 2022 15:59:50 +0300 Message-Id: <20220719130000.15943-11-amikan@ilbers.de> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220719130000.15943-1-amikan@ilbers.de> References: <20220719130000.15943-1-amikan@ilbers.de> X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: oD4i5A3PHEhL Network access from tasks is now disabled by default. This means that tasks accessing the network need to be marked as such with the network flag. The same marking is also required for the tasks used sudo. Signed-off-by: Anton Mikanovich --- meta/classes/base.bbclass | 1 + meta/classes/dpkg-base.bbclass | 5 +++++ meta/classes/image-locales-extension.bbclass | 2 ++ meta/classes/image-tools-extension.bbclass | 1 + meta/classes/image.bbclass | 4 ++++ meta/classes/imagetypes_wic.bbclass | 1 + meta/classes/rootfs.bbclass | 5 +++++ meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 ++ 8 files changed, 21 insertions(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 4ec2c81..d62997a 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -178,6 +178,7 @@ def isar_export_ccache(d): do_fetch[dirs] = "${DL_DIR}" do_fetch[file-checksums] = "${@bb.fetch.get_checksum_file_list(d)}" do_fetch[vardeps] += "SRCREV" +do_fetch[network] = "1" # Fetch package from the source link python do_fetch() { diff --git a/meta/classes/dpkg-base.bbclass b/meta/classes/dpkg-base.bbclass index 79c1ce1..b38d1ca 100644 --- a/meta/classes/dpkg-base.bbclass +++ b/meta/classes/dpkg-base.bbclass @@ -122,6 +122,7 @@ do_apt_fetch() { addtask apt_fetch do_apt_fetch[lockfiles] += "${REPO_ISAR_DIR}/isar.lock" +do_apt_fetch[network] = "1" # Add dependency from the correct buildchroot: host or target do_apt_fetch[depends] += "${BUILDCHROOT_DEP}" @@ -129,6 +130,7 @@ do_apt_fetch[depends] += "${BUILDCHROOT_DEP}" # Add dependency from the correct schroot: host or target do_apt_fetch[depends] += "${SCHROOT_DEP}" +do_apt_unpack[network] = "1" do_apt_unpack() { rm -rf ${S} schroot_create_configs @@ -242,6 +244,7 @@ def isar_export_build_settings(d): os.environ['DEB_BUILD_OPTIONS'] = isar_deb_build_options(d) os.environ['DEB_BUILD_PROFILES'] = isar_deb_build_profiles(d) +do_dpkg_build[network] = "1" python do_dpkg_build() { bb.build.exec_func('schroot_create_configs', d) try: @@ -336,6 +339,7 @@ addtask devshell after do_prepare_build DEVSHELL_STARTDIR ?= "${S}" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" +do_devshell[network] = "1" python do_devshell_nodeps() { bb.build.exec_func('do_devshell', d) @@ -346,3 +350,4 @@ python do_devshell_nodeps() { addtask devshell_nodeps after do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" +do_devshell_nodeps[network] = "1" diff --git a/meta/classes/image-locales-extension.bbclass b/meta/classes/image-locales-extension.bbclass index 25af540..e4f41a6 100644 --- a/meta/classes/image-locales-extension.bbclass +++ b/meta/classes/image-locales-extension.bbclass @@ -27,6 +27,7 @@ def get_nopurge(d): ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" +image_install_localepurge_download[network] = "1" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge @@ -34,6 +35,7 @@ image_install_localepurge_download() { ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" image_install_localepurge_install[weight] = "700" +image_install_localepurge_install[network] = "1" image_install_localepurge_install() { # Generate locale and localepurge configuration: diff --git a/meta/classes/image-tools-extension.bbclass b/meta/classes/image-tools-extension.bbclass index b996813..c979c3c 100644 --- a/meta/classes/image-tools-extension.bbclass +++ b/meta/classes/image-tools-extension.bbclass @@ -17,6 +17,7 @@ DEPENDS += "${IMAGER_BUILD_DEPS}" do_install_imager_deps[depends] = "${BUILDCHROOT_DEP} isar-apt:do_cache_config" do_install_imager_deps[deptask] = "do_deploy_deb" do_install_imager_deps[lockfiles] += "${REPO_ISAR_DIR}/isar.lock" +do_install_imager_deps[network] = "1" do_install_imager_deps() { if [ -z "${@d.getVar("IMAGER_INSTALL", True).strip()}" ]; then exit diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 7eeed7d..53a1a8e 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -291,6 +291,7 @@ python() { task = 'do_image_%s' % bt_clean d.setVar(task, '\n'.join(cmds)) d.setVarFlag(task, 'func', '1') + d.setVarFlag(task, 'network', '1') d.appendVarFlag(task, 'prefuncs', ' set_image_size') d.appendVarFlag(task, 'vardeps', ' ' + ' '.join(vardeps)) d.appendVarFlag(task, 'vardepsexclude', ' ' + ' '.join(vardepsexclude)) @@ -345,6 +346,7 @@ DTB_IMG = "${PP_DEPLOY}/${@(d.getVar('DTB_FILES').split() or [''])[0]}" do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}" do_copy_boot_files[lockfiles] += "${DEPLOY_DIR_IMAGE}/isar.lock" +do_copy_boot_files[network] = "1" do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])" if [ ! -f "$kernel" ]; then @@ -393,6 +395,7 @@ python do_deploy() { } addtask deploy before do_build after do_image +do_rootfs_finalize[network] = "1" do_rootfs_finalize() { sudo -s <<'EOSUDO' set -e @@ -436,6 +439,7 @@ addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess ROOTFS_QA_FIND_ARGS ?= "" +do_rootfs_quality_check[network] = "1" do_rootfs_quality_check() { rootfs_install_stamp=$( ls -1 "${STAMP}".do_rootfs_install* | head -1 ) test -f "$rootfs_install_stamp" diff --git a/meta/classes/imagetypes_wic.bbclass b/meta/classes/imagetypes_wic.bbclass index 61a74d4..dd2268f 100644 --- a/meta/classes/imagetypes_wic.bbclass +++ b/meta/classes/imagetypes_wic.bbclass @@ -133,6 +133,7 @@ python do_rootfs_wicenv () { addtask do_rootfs_wicenv after do_rootfs before do_image_wic do_rootfs_wicenv[vardeps] += "${WICVARS}" do_rootfs_wicenv[prefuncs] = 'set_image_size' +do_rootfs_wicenv[network] = "1" check_for_wic_warnings() { WARN="$(grep -e '^WARNING' ${T}/log.do_image_wic || true)" diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index f3272c0..fbce073 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -118,6 +118,7 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_update" rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" +rootfs_install_pkgs_update[network] = "1" rootfs_install_pkgs_update() { sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ @@ -143,6 +144,7 @@ rootfs_import_package_cache() { ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_download" rootfs_install_pkgs_download[weight] = "600" rootfs_install_pkgs_download[isar-apt-lock] = "release-after" +rootfs_install_pkgs_download[network] = "1" rootfs_install_pkgs_download() { sudo -E chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} @@ -166,6 +168,7 @@ rootfs_install_clean_files() { ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_install" rootfs_install_pkgs_install[weight] = "8000" +rootfs_install_pkgs_install[network] = "1" rootfs_install_pkgs_install() { sudo -E chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} @@ -176,6 +179,7 @@ do_rootfs_install[vardeps] += "${ROOTFS_CONFIGURE_COMMAND} ${ROOTFS_INSTALL_COMM do_rootfs_install[vardepsexclude] += "IMAGE_ROOTFS" do_rootfs_install[depends] = "isar-bootstrap-${@'target' if d.getVar('ROOTFS_ARCH') == d.getVar('DISTRO_ARCH') else 'host'}:do_build" do_rootfs_install[recrdeptask] = "do_deploy_deb" +do_rootfs_install[network] = "1" python do_rootfs_install() { configure_cmds = (d.getVar("ROOTFS_CONFIGURE_COMMAND", True) or "").split() install_cmds = (d.getVar("ROOTFS_INSTALL_COMMAND", True) or "").split() @@ -268,6 +272,7 @@ rootfs_export_dpkg_status() { } do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}" +do_rootfs_postprocess[network] = "1" python do_rootfs_postprocess() { # Take care that its correctly mounted: bb.build.exec_func('rootfs_do_mounts', d) diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index a453b36..9eae903 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -222,6 +222,7 @@ DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg" do_generate_keyrings[cleandirs] = "${APT_KEYS_DIR}" do_generate_keyrings[dirs] = "${DL_DIR}" do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS THIRD_PARTY_APT_KEYS" +do_generate_keyrings[network] = "1" do_generate_keyrings() { if [ -n "${@d.getVar("THIRD_PARTY_APT_KEYFILES", True) or ""}" ]; then chmod 777 "${APT_KEYS_DIR}" @@ -277,6 +278,7 @@ do_bootstrap[vardeps] += " \ " do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP}" do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config" +do_bootstrap[network] = "1" do_bootstrap() { if [ "${ISAR_ENABLE_COMPAT_ARCH}" = "1" ]; then -- 2.17.1