From: Anton Mikanovich <amikan@ilbers.de>
To: isar-users@googlegroups.com
Cc: Anton Mikanovich <amikan@ilbers.de>
Subject: [PATCH v5 10/21] meta: mark network and sudo tasks
Date: Fri, 2 Dec 2022 17:36:50 +0300 [thread overview]
Message-ID: <20221202143701.6665-11-amikan@ilbers.de> (raw)
In-Reply-To: <20221202143701.6665-1-amikan@ilbers.de>
Network access from tasks is now disabled by default. This means that
tasks accessing the network need to be marked as such with the network
flag.
The same marking is also required for the tasks used sudo.
Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
---
meta/classes/base.bbclass | 1 +
meta/classes/dpkg-base.bbclass | 6 ++++++
meta/classes/image-locales-extension.bbclass | 2 ++
meta/classes/image-tools-extension.bbclass | 1 +
meta/classes/image.bbclass | 4 ++++
meta/classes/imagetypes_container.bbclass | 1 +
meta/classes/imagetypes_wic.bbclass | 1 +
meta/classes/rootfs.bbclass | 5 +++++
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 ++
9 files changed, 23 insertions(+)
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 8c874f31..109029b9 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -183,6 +183,7 @@ def isar_export_ccache(d):
do_fetch[dirs] = "${DL_DIR}"
do_fetch[file-checksums] = "${@bb.fetch.get_checksum_file_list(d)}"
do_fetch[vardeps] += "SRCREV"
+do_fetch[network] = "1"
# Fetch package from the source link
python do_fetch() {
diff --git a/meta/classes/dpkg-base.bbclass b/meta/classes/dpkg-base.bbclass
index e4f6711c..ed5abf70 100644
--- a/meta/classes/dpkg-base.bbclass
+++ b/meta/classes/dpkg-base.bbclass
@@ -122,6 +122,7 @@ do_apt_fetch() {
addtask apt_fetch
do_apt_fetch[lockfiles] += "${REPO_ISAR_DIR}/isar.lock"
+do_apt_fetch[network] = "1"
# Add dependency from the correct buildchroot: host or target
do_apt_fetch[depends] += "${BUILDCHROOT_DEP}"
@@ -129,6 +130,7 @@ do_apt_fetch[depends] += "${BUILDCHROOT_DEP}"
# Add dependency from the correct schroot: host or target
do_apt_fetch[depends] += "${SCHROOT_DEP}"
+do_apt_unpack[network] = "1"
do_apt_unpack() {
rm -rf ${S}
schroot_create_configs
@@ -242,6 +244,7 @@ def isar_export_build_settings(d):
os.environ['DEB_BUILD_OPTIONS'] = isar_deb_build_options(d)
os.environ['DEB_BUILD_PROFILES'] = isar_deb_build_profiles(d)
+do_dpkg_build[network] = "1"
python do_dpkg_build() {
bb.build.exec_func('schroot_create_configs', d)
try:
@@ -292,6 +295,7 @@ deb_clean() {
}
# the clean function modifies isar-apt
do_clean[lockfiles] = "${REPO_ISAR_DIR}/isar.lock"
+do_clean[network] = "1"
do_deploy_deb() {
deb_clean
@@ -343,6 +347,7 @@ addtask devshell after do_prepare_build
DEVSHELL_STARTDIR ?= "${S}"
do_devshell[dirs] = "${DEVSHELL_STARTDIR}"
do_devshell[nostamp] = "1"
+do_devshell[network] = "1"
python do_devshell_nodeps() {
bb.build.exec_func('do_devshell', d)
@@ -353,3 +358,4 @@ python do_devshell_nodeps() {
addtask devshell_nodeps after do_prepare_build
do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}"
do_devshell_nodeps[nostamp] = "1"
+do_devshell_nodeps[network] = "1"
diff --git a/meta/classes/image-locales-extension.bbclass b/meta/classes/image-locales-extension.bbclass
index 0932630f..d5f66ec2 100644
--- a/meta/classes/image-locales-extension.bbclass
+++ b/meta/classes/image-locales-extension.bbclass
@@ -27,6 +27,7 @@ def get_nopurge(d):
ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download"
image_install_localepurge_download[weight] = "40"
+image_install_localepurge_download[network] = "1"
image_install_localepurge_download() {
sudo -E chroot '${ROOTFSDIR}' \
/usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge
@@ -34,6 +35,7 @@ image_install_localepurge_download() {
ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install"
image_install_localepurge_install[weight] = "700"
+image_install_localepurge_install[network] = "1"
image_install_localepurge_install() {
# Generate locale and localepurge configuration:
diff --git a/meta/classes/image-tools-extension.bbclass b/meta/classes/image-tools-extension.bbclass
index ecd4365b..aaf951c0 100644
--- a/meta/classes/image-tools-extension.bbclass
+++ b/meta/classes/image-tools-extension.bbclass
@@ -14,6 +14,7 @@ DEPENDS += "${IMAGER_BUILD_DEPS}"
do_install_imager_deps[depends] = "${BUILDCHROOT_DEP} isar-apt:do_cache_config"
do_install_imager_deps[deptask] = "do_deploy_deb"
do_install_imager_deps[lockfiles] += "${REPO_ISAR_DIR}/isar.lock"
+do_install_imager_deps[network] = "1"
do_install_imager_deps() {
if [ -z "${@d.getVar("IMAGER_INSTALL", True).strip()}" ]; then
exit
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 813e1f34..e15b9f74 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -291,6 +291,7 @@ python() {
task = 'do_image_%s' % bt_clean
d.setVar(task, '\n'.join(cmds))
d.setVarFlag(task, 'func', '1')
+ d.setVarFlag(task, 'network', '1')
d.appendVarFlag(task, 'prefuncs', ' set_image_size')
d.appendVarFlag(task, 'vardeps', ' ' + ' '.join(vardeps))
d.appendVarFlag(task, 'vardepsexclude', ' ' + ' '.join(vardepsexclude))
@@ -345,6 +346,7 @@ DTB_IMG = "${PP_DEPLOY}/${@(d.getVar('DTB_FILES').split() or [''])[0]}"
do_copy_boot_files[dirs] = "${DEPLOY_DIR_IMAGE}"
do_copy_boot_files[lockfiles] += "${DEPLOY_DIR_IMAGE}/isar.lock"
+do_copy_boot_files[network] = "1"
do_copy_boot_files() {
kernel="$(realpath -q '${IMAGE_ROOTFS}'/vmlinu[xz])"
if [ ! -f "$kernel" ]; then
@@ -393,6 +395,7 @@ python do_deploy() {
}
addtask deploy before do_build after do_image
+do_rootfs_finalize[network] = "1"
do_rootfs_finalize() {
sudo -s <<'EOSUDO'
set -e
@@ -436,6 +439,7 @@ addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess
ROOTFS_QA_FIND_ARGS ?= ""
+do_rootfs_quality_check[network] = "1"
do_rootfs_quality_check() {
rootfs_install_stamp=$( ls -1 "${STAMP}".do_rootfs_install* | head -1 )
test -f "$rootfs_install_stamp"
diff --git a/meta/classes/imagetypes_container.bbclass b/meta/classes/imagetypes_container.bbclass
index 436a0051..ba09bebf 100644
--- a/meta/classes/imagetypes_container.bbclass
+++ b/meta/classes/imagetypes_container.bbclass
@@ -19,6 +19,7 @@ python() {
t_clean = t.replace('-', '_').replace('.', '_')
d.setVar('IMAGE_CMD_' + t_clean, 'convert_container %s "${CONTAINER_IMAGE_NAME}" "${IMAGE_FILE_HOST}"' % t)
d.setVar('IMAGE_FULLNAME_' + t_clean, '${PN}-${DISTRO}-${DISTRO_ARCH}')
+ d.appendVarFlag('do_containerize', 'network', '1')
bb.build.addtask('containerize', 'do_image_' + t_clean, 'do_image_tools', d)
}
diff --git a/meta/classes/imagetypes_wic.bbclass b/meta/classes/imagetypes_wic.bbclass
index 3869525b..cb4917a2 100644
--- a/meta/classes/imagetypes_wic.bbclass
+++ b/meta/classes/imagetypes_wic.bbclass
@@ -134,6 +134,7 @@ python do_rootfs_wicenv () {
addtask do_rootfs_wicenv after do_rootfs before do_image_wic
do_rootfs_wicenv[vardeps] += "${WICVARS}"
do_rootfs_wicenv[prefuncs] = 'set_image_size'
+do_rootfs_wicenv[network] = "1"
check_for_wic_warnings() {
WARN="$(grep -e '^WARNING' ${T}/log.do_image_wic || true)"
diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass
index d19ac037..53222db0 100644
--- a/meta/classes/rootfs.bbclass
+++ b/meta/classes/rootfs.bbclass
@@ -118,6 +118,7 @@ EOSUDO
ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_update"
rootfs_install_pkgs_update[weight] = "5"
rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before"
+rootfs_install_pkgs_update[network] = "1"
rootfs_install_pkgs_update() {
sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \
-o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \
@@ -143,6 +144,7 @@ rootfs_import_package_cache() {
ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_download"
rootfs_install_pkgs_download[weight] = "600"
rootfs_install_pkgs_download[isar-apt-lock] = "release-after"
+rootfs_install_pkgs_download[network] = "1"
rootfs_install_pkgs_download() {
sudo -E chroot '${ROOTFSDIR}' \
/usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES}
@@ -166,6 +168,7 @@ rootfs_install_clean_files() {
ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_install"
rootfs_install_pkgs_install[weight] = "8000"
+rootfs_install_pkgs_install[network] = "1"
rootfs_install_pkgs_install() {
sudo -E chroot "${ROOTFSDIR}" \
/usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES}
@@ -176,6 +179,7 @@ do_rootfs_install[vardeps] += "${ROOTFS_CONFIGURE_COMMAND} ${ROOTFS_INSTALL_COMM
do_rootfs_install[vardepsexclude] += "IMAGE_ROOTFS"
do_rootfs_install[depends] = "isar-bootstrap-${@'target' if d.getVar('ROOTFS_ARCH') == d.getVar('DISTRO_ARCH') else 'host'}:do_build"
do_rootfs_install[recrdeptask] = "do_deploy_deb"
+do_rootfs_install[network] = "1"
python do_rootfs_install() {
configure_cmds = (d.getVar("ROOTFS_CONFIGURE_COMMAND", True) or "").split()
install_cmds = (d.getVar("ROOTFS_INSTALL_COMMAND", True) or "").split()
@@ -268,6 +272,7 @@ rootfs_export_dpkg_status() {
}
do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}"
+do_rootfs_postprocess[network] = "1"
python do_rootfs_postprocess() {
# Take care that its correctly mounted:
bb.build.exec_func('rootfs_do_mounts', d)
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index f32d192e..7d344dba 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -222,6 +222,7 @@ DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg"
do_generate_keyrings[cleandirs] = "${APT_KEYS_DIR}"
do_generate_keyrings[dirs] = "${DL_DIR}"
do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS THIRD_PARTY_APT_KEYS"
+do_generate_keyrings[network] = "1"
do_generate_keyrings() {
if [ -n "${@d.getVar("THIRD_PARTY_APT_KEYFILES", True) or ""}" ]; then
chmod 777 "${APT_KEYS_DIR}"
@@ -277,6 +278,7 @@ do_bootstrap[vardeps] += " \
"
do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP}"
do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config"
+do_bootstrap[network] = "1"
do_bootstrap() {
if [ "${ISAR_ENABLE_COMPAT_ARCH}" = "1" ]; then
--
2.17.1
next prev parent reply other threads:[~2022-12-02 14:37 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 14:36 [PATCH v5 00/21] Migrate to Bitbake 2.0 Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 01/21] meta: change deprecated parse calls Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 02/21] scripts/contrib: Add override conversion script Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 03/21] scripts/contrib: configure " Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 04/21] meta-isar: set default branch names Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 05/21] meta: remove non recommended syntax Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 06/21] bitbake: Update to Bitbake 2.0.5 Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 07/21] doc: require zstd tool Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 08/21] meta: update bitbake variables Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 09/21] bitbake.conf: align hash vars with openembedded Anton Mikanovich
2022-12-02 14:36 ` Anton Mikanovich [this message]
2022-12-02 14:36 ` [PATCH v5 11/21] meta: update overrides syntax Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 12/21] sstate: update bbclass Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 13/21] bitbake.conf: declare default XZ and ZSTD options Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 14/21] Revert "devshell: Use different termination test to avoid warnings" Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 15/21] meta: align with OE-core libraries update Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 16/21] Revert "Revert "devshell: Use different termination test to avoid warnings"" Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 17/21] CI: Adopt tests to syntax change Anton Mikanovich
2022-12-02 14:36 ` [PATCH v5 18/21] isar-sstate: adopt sstate maintenance script Anton Mikanovich
2022-12-03 4:57 ` Moessbauer, Felix
2022-12-03 5:29 ` Schmidt, Adriaan
2022-12-06 8:57 ` Anton Mikanovich
2022-12-06 9:36 ` Moessbauer, Felix
2022-12-02 14:36 ` [PATCH v5 19/21] RECIPE-API-CHANGELOG: Add tips after bitbake version update Anton Mikanovich
2022-12-02 14:37 ` [PATCH v5 20/21] Revert "bitbake: Make 3.6.0 the minimum python version" Anton Mikanovich
2022-12-02 14:37 ` [PATCH v5 21/21] Revert "utils/ply: Change md5 usages to work on FIPS enabled hosts" Anton Mikanovich
2022-12-02 14:45 ` [PATCH v5 00/21] Migrate to Bitbake 2.0 Anton Mikanovich
2022-12-05 11:34 ` Florian Bezdeka
2022-12-05 11:57 ` Anton Mikanovich
2022-12-05 11:52 ` Moessbauer, Felix
2022-12-05 12:31 ` Anton Mikanovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221202143701.6665-11-amikan@ilbers.de \
--to=amikan@ilbers.de \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox