From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: adriaan.schmidt@siemens.com,
Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH 1/1] fix expansion of variables in SRC_URI of dpkg-prebuilt
Date: Fri, 12 Jul 2024 11:22:45 +0200 [thread overview]
Message-ID: <20240712092245.47054-1-felix.moessbauer@siemens.com> (raw)
The processing of the items in SRC_URI of dpkg-prebuilt previously was
executed on the non expanded variables. This was introduced to fix
credential leaks and to avoid absolute paths in the signatures (caching
issues). However, this does not work when putting whole SRC_URI entries
into variables (which potentially can be empty), as then the
unpack=false is added to the non-expanded variable which either might
already contain this, or is empty. This led to broken urls.
To fix this, the patch changes the processing logic to work on the
expanded string. As this would re-introduce the credential and caching
issues, we further add a vardepvalue with the non-expanded string. By
that, the signatures just contain the original string in its non
expanded version.
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
meta/classes/dpkg-prebuilt.bbclass | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/meta/classes/dpkg-prebuilt.bbclass b/meta/classes/dpkg-prebuilt.bbclass
index a6187a07..ecf0d383 100644
--- a/meta/classes/dpkg-prebuilt.bbclass
+++ b/meta/classes/dpkg-prebuilt.bbclass
@@ -7,13 +7,16 @@ inherit dpkg-base
python do_unpack:prepend() {
# enforce unpack=false
- src_uri = (d.getVar('SRC_URI', False) or '').split()
- if len(src_uri) == 0:
+ src_uri_raw = d.getVar('SRC_URI', False)
+ src_uri_exp = (d.getVar('SRC_URI', True) or '').split()
+ if len(src_uri_exp) == 0:
return
def ensure_unpack_false(uri):
return ';'.join([x for x in uri.split(';') if not x.startswith('unpack=')] + ['unpack=false'])
- src_uri = [ensure_unpack_false(uri) for uri in src_uri]
+ src_uri = [ensure_unpack_false(uri) for uri in src_uri_exp]
d.setVar('SRC_URI', ' '.join(src_uri))
+ if src_uri_raw:
+ d.appendVarFlag('SRC_URI', 'vardepvalue', src_uri_raw)
}
# also breaks inherited (from dpkg-base) dependency on sbuild_chroot
--
2.39.2
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/20240712092245.47054-1-felix.moessbauer%40siemens.com.
next reply other threads:[~2024-07-12 9:23 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-12 9:22 'Felix Moessbauer' via isar-users [this message]
2024-07-22 8:57 ` Uladzimir Bely
2024-07-22 12:05 ` 'MOESSBAUER, Felix' via isar-users
2024-07-30 8:04 ` Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240712092245.47054-1-felix.moessbauer@siemens.com \
--to=isar-users@googlegroups.com \
--cc=adriaan.schmidt@siemens.com \
--cc=felix.moessbauer@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox