diff options
author | Andreas Müller <schnitzeltony@gmail.com> | 2019-04-06 01:45:56 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-04-09 13:44:39 +0100 |
commit | b54bff841bba13c4f4799928814824f3d11db3dc (patch) | |
tree | ee69ec2fc3c69f3bcd65b61d67ebfbc60f673a66 | |
parent | 0dd6823875cac63a7119f63851a0dc01ea1f2e80 (diff) | |
download | poky-b54bff841bba13c4f4799928814824f3d11db3dc.tar.gz |
patch/insane: Rework patch fuzz handling
Currently there are three issues which can be enhanced:
1. Fuzz warnings cannot be configured as errors for hardening. It happened
often to me that these warnings were overseen and detected after commits
were already out.
2. The output is too verbose - particularly when more than one file is
affected. Meanwhile all users should know why patch fuzz check is performed.
So move links with background information to insane.bbclass.
3. Reduce copy & paste effort slightly by printing PN (nit: <recipe> was not
a correct suggestion e.g for native extended recipe - see example below)
To achieve patch.py drops patch-fuzz info encapsulated by a header- and footer-
string into log.do_patch. With this insane.bbclass can drop warnings/errors
depending on 'patch-fuzz' in ERROR_QA or WARN_QA. Default remains unchanged:
Spit out warnings only.
A message for two fuzzed patches and 'pact-fuzz' in ERROR_QA now looks like:
| ERROR: autoconf-native-2.69-r11 do_patch: Fuzz detected:
|
| Applying patch autoreconf-exclude.patch
| patching file bin/autoreconf.in
| Hunk #1 succeeded at 73 with fuzz 1 (offset -3 lines).
| Hunk #2 succeeded at 143 (offset 6 lines).
| Hunk #3 succeeded at 167 (offset 6 lines).
| Hunk #4 succeeded at 177 (offset 6 lines).
| Hunk #5 succeeded at 281 (offset 15 lines).
| Hunk #6 succeeded at 399 (offset 15 lines).
| Hunk #7 succeeded at 571 (offset 20 lines).
| Hunk #8 succeeded at 612 (offset 20 lines).
| Hunk #9 succeeded at 636 (offset 20 lines).
| Hunk #10 succeeded at 656 (offset 20 lines).
| Hunk #11 succeeded at 683 (offset 20 lines).
|
| Applying patch autoreconf-gnuconfigize.patch
| patching file bin/autoreconf.in
| Hunk #1 succeeded at 55 with fuzz 1 (offset -3 lines).
| Hunk #3 succeeded at 663 (offset 18 lines).
|
| The context lines in the patches can be updated with devtool:
|
| devtool modify autoconf-native
| devtool finish --force-patch-refresh autoconf-native <layer_path>
|
| Don't forget to review changes done by devtool!
|
| ERROR: autoconf-native-2.69-r11 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]
(From OE-Core rev: c762c0be43a3854a43cb4b9db559b03126d50706)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/classes/insane.bbclass | 53 | ||||
-rw-r--r-- | meta/lib/oe/patch.py | 19 |
2 files changed, 56 insertions, 16 deletions
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index 37b8bb0032..b7893a4c35 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass | |||
@@ -27,7 +27,7 @@ WARN_QA ?= "ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \ | |||
27 | installed-vs-shipped compile-host-path install-host-path \ | 27 | installed-vs-shipped compile-host-path install-host-path \ |
28 | pn-overrides infodir build-deps \ | 28 | pn-overrides infodir build-deps \ |
29 | unknown-configure-option symlink-to-sysroot multilib \ | 29 | unknown-configure-option symlink-to-sysroot multilib \ |
30 | invalid-packageconfig host-user-contaminated uppercase-pn \ | 30 | invalid-packageconfig host-user-contaminated uppercase-pn patch-fuzz \ |
31 | " | 31 | " |
32 | ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \ | 32 | ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \ |
33 | perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ | 33 | perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ |
@@ -1033,6 +1033,54 @@ python do_qa_staging() { | |||
1033 | bb.fatal("QA staging was broken by the package built above") | 1033 | bb.fatal("QA staging was broken by the package built above") |
1034 | } | 1034 | } |
1035 | 1035 | ||
1036 | python do_qa_patch() { | ||
1037 | import subprocess | ||
1038 | |||
1039 | ########################################################################### | ||
1040 | # Check patch.log for fuzz warnings | ||
1041 | # | ||
1042 | # Further information on why we check for patch fuzz warnings: | ||
1043 | # http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html | ||
1044 | # https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 | ||
1045 | ########################################################################### | ||
1046 | |||
1047 | logdir = d.getVar('T') | ||
1048 | patchlog = os.path.join(logdir,"log.do_patch") | ||
1049 | |||
1050 | if os.path.exists(patchlog): | ||
1051 | fuzzheader = '--- Patch fuzz start ---' | ||
1052 | fuzzfooter = '--- Patch fuzz end ---' | ||
1053 | statement = "grep -e '%s' %s > /dev/null" % (fuzzheader, patchlog) | ||
1054 | if subprocess.call(statement, shell=True) == 0: | ||
1055 | msg = "Fuzz detected:\n\n" | ||
1056 | fuzzmsg = "" | ||
1057 | inFuzzInfo = False | ||
1058 | f = open(patchlog, "r") | ||
1059 | for line in f: | ||
1060 | if fuzzheader in line: | ||
1061 | inFuzzInfo = True | ||
1062 | fuzzmsg = "" | ||
1063 | elif fuzzfooter in line: | ||
1064 | fuzzmsg = fuzzmsg.replace('\n\n', '\n') | ||
1065 | msg += fuzzmsg | ||
1066 | msg += "\n" | ||
1067 | inFuzzInfo = False | ||
1068 | elif inFuzzInfo and not 'Now at patch' in line: | ||
1069 | fuzzmsg += line | ||
1070 | f.close() | ||
1071 | msg += "The context lines in the patches can be updated with devtool:\n" | ||
1072 | msg += "\n" | ||
1073 | msg += " devtool modify %s\n" % d.getVar('PN') | ||
1074 | msg += " devtool finish --force-patch-refresh %s <layer_path>\n\n" % d.getVar('PN') | ||
1075 | msg += "Don't forget to review changes done by devtool!\n" | ||
1076 | if 'patch-fuzz' in d.getVar('ERROR_QA'): | ||
1077 | bb.error(msg) | ||
1078 | elif 'patch-fuzz' in d.getVar('WARN_QA'): | ||
1079 | bb.warn(msg) | ||
1080 | msg = "Patch log indicates that patches do not apply cleanly." | ||
1081 | package_qa_handle_error("patch-fuzz", msg, d) | ||
1082 | } | ||
1083 | |||
1036 | python do_qa_configure() { | 1084 | python do_qa_configure() { |
1037 | import subprocess | 1085 | import subprocess |
1038 | 1086 | ||
@@ -1137,6 +1185,9 @@ python do_qa_unpack() { | |||
1137 | #addtask qa_staging after do_populate_sysroot before do_build | 1185 | #addtask qa_staging after do_populate_sysroot before do_build |
1138 | do_populate_sysroot[postfuncs] += "do_qa_staging " | 1186 | do_populate_sysroot[postfuncs] += "do_qa_staging " |
1139 | 1187 | ||
1188 | # Check for patch fuzz | ||
1189 | do_patch[postfuncs] += "do_qa_patch " | ||
1190 | |||
1140 | # Check broken config.log files, for packages requiring Gettext which | 1191 | # Check broken config.log files, for packages requiring Gettext which |
1141 | # don't have it in DEPENDS. | 1192 | # don't have it in DEPENDS. |
1142 | #addtask qa_configure after do_configure before do_compile | 1193 | #addtask qa_configure after do_configure before do_compile |
diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py index 7dd31d9d46..f43cf047c0 100644 --- a/meta/lib/oe/patch.py +++ b/meta/lib/oe/patch.py | |||
@@ -38,21 +38,10 @@ def runcmd(args, dir = None): | |||
38 | if exitstatus != 0: | 38 | if exitstatus != 0: |
39 | raise CmdError(cmd, exitstatus >> 8, output) | 39 | raise CmdError(cmd, exitstatus >> 8, output) |
40 | if " fuzz " in output: | 40 | if " fuzz " in output: |
41 | bb.warn(""" | 41 | # Drop patch fuzz info with header and footer to log file so |
42 | Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. | 42 | # insane.bbclass can handle to throw error/warning |
43 | The context lines in the patches can be updated with devtool: | 43 | bb.note("--- Patch fuzz start ---\n%s\n--- Patch fuzz end ---" % format(output)) |
44 | 44 | ||
45 | devtool modify <recipe> | ||
46 | devtool finish --force-patch-refresh <recipe> <layer_path> | ||
47 | |||
48 | Then the updated patches and the source tree (in devtool's workspace) | ||
49 | should be reviewed to make sure the patches apply in the correct place | ||
50 | and don't introduce duplicate lines (which can, and does happen | ||
51 | when some of the context is ignored). Further information: | ||
52 | http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html | ||
53 | https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 | ||
54 | Details: | ||
55 | {}""".format(output)) | ||
56 | return output | 45 | return output |
57 | 46 | ||
58 | finally: | 47 | finally: |