summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-16 09:42:30 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-16 10:21:02 +0100
commitf01b909a266498853e6b3f10e6b39f2d95148129 (patch)
tree75963289e06fd4b08be7ebcfec45d30785fbdc34
parent5bb92a3166ce0983bbef9df9db5110bd6e567eca (diff)
downloadpoky-pyro-nfvaccess.tar.gz
package_ipk: Clean up Source entry in ipk packagespyro-nfvaccess
There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone. Since ipks don't appear to be generated at all if we don't set this, set the field to the recipe name used (basename only, no paths). This avoids information leaking. We may want to drop the field if opkg can allow that at a future point but the recipe name is a suitable identifier for now. Reported-by: Andrej Valek <andrej.valek@siemens.com> (From OE-Core rev: 0b5e0d072f93a958e4211a8aeb2fd8cc3c25cc21) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/classes/package_ipk.bbclass7
1 files changed, 3 insertions, 4 deletions
diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass
index c7cec9d63d..a1e51ee690 100644
--- a/meta/classes/package_ipk.bbclass
+++ b/meta/classes/package_ipk.bbclass
@@ -48,6 +48,8 @@ python do_package_ipk () {
48 if os.path.exists(p): 48 if os.path.exists(p):
49 bb.utils.prunedir(p) 49 bb.utils.prunedir(p)
50 50
51 recipesource = os.path.basename(d.getVar('FILE'))
52
51 for pkg in packages.split(): 53 for pkg in packages.split():
52 localdata = bb.data.createCopy(d) 54 localdata = bb.data.createCopy(d)
53 root = "%s/%s" % (pkgdest, pkg) 55 root = "%s/%s" % (pkgdest, pkg)
@@ -204,10 +206,7 @@ python do_package_ipk () {
204 ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces)) 206 ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces))
205 if rconflicts: 207 if rconflicts:
206 ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts)) 208 ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts))
207 src_uri = localdata.getVar("SRC_URI").strip() or "None" 209 ctrlfile.write("Source: %s\n" % recipesource)
208 if src_uri:
209 src_uri = re.sub("\s+", " ", src_uri)
210 ctrlfile.write("Source: %s\n" % " ".join(src_uri.split()))
211 ctrlfile.close() 210 ctrlfile.close()
212 211
213 for script in ["preinst", "postinst", "prerm", "postrm"]: 212 for script in ["preinst", "postinst", "prerm", "postrm"]: