diff options
author | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2016-11-21 14:31:43 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-30 15:48:10 +0000 |
commit | 38438b6cf42fb7ad45b9a901f57913af7e7591a3 (patch) | |
tree | 1ea9bd4fa7b7b90fb4a0d4a65235e18062ff2872 | |
parent | 4e48892b859b3fe04c8c12b22d8975eed21c086b (diff) | |
download | poky-38438b6cf42fb7ad45b9a901f57913af7e7591a3.tar.gz |
bitbake: fetch2: obey BB_ALLOWED_NETWORKS when checking network access
[YOCTO #10508]
(Bitbake rev: ddd3bc2d64d7240ecb6b6e4a1ae29b1faef6cc22)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | bitbake/lib/bb/fetch2/__init__.py | 7 | ||||
-rw-r--r-- | bitbake/lib/bb/fetch2/git.py | 4 | ||||
-rw-r--r-- | bitbake/lib/bb/fetch2/hg.py | 2 | ||||
-rw-r--r-- | bitbake/lib/bb/fetch2/npm.py | 2 | ||||
-rw-r--r-- | bitbake/lib/bb/fetch2/perforce.py | 8 | ||||
-rw-r--r-- | bitbake/lib/bb/fetch2/svn.py | 2 | ||||
-rw-r--r-- | bitbake/lib/bb/fetch2/wget.py | 2 |
7 files changed, 15 insertions, 12 deletions
diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py index 2bb41a4a94..d6d7850dfb 100644 --- a/bitbake/lib/bb/fetch2/__init__.py +++ b/bitbake/lib/bb/fetch2/__init__.py | |||
@@ -856,12 +856,15 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None): | |||
856 | 856 | ||
857 | return output | 857 | return output |
858 | 858 | ||
859 | def check_network_access(d, info = "", url = None): | 859 | def check_network_access(d, info, url): |
860 | """ | 860 | """ |
861 | log remote network access, and error if BB_NO_NETWORK is set | 861 | log remote network access, and error if BB_NO_NETWORK is set or the given |
862 | URI is untrusted | ||
862 | """ | 863 | """ |
863 | if d.getVar("BB_NO_NETWORK") == "1": | 864 | if d.getVar("BB_NO_NETWORK") == "1": |
864 | raise NetworkAccess(url, info) | 865 | raise NetworkAccess(url, info) |
866 | elif not trusted_network(d, url): | ||
867 | raise UntrustedUrl(url, info) | ||
865 | else: | 868 | else: |
866 | logger.debug(1, "Fetcher accessed the network with the command %s" % info) | 869 | logger.debug(1, "Fetcher accessed the network with the command %s" % info) |
867 | 870 | ||
diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py index cb9fa3fb1a..f7a0c01868 100644 --- a/bitbake/lib/bb/fetch2/git.py +++ b/bitbake/lib/bb/fetch2/git.py | |||
@@ -252,7 +252,7 @@ class Git(FetchMethod): | |||
252 | repourl = repourl[7:] | 252 | repourl = repourl[7:] |
253 | clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, repourl, ud.clonedir) | 253 | clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, repourl, ud.clonedir) |
254 | if ud.proto.lower() != 'file': | 254 | if ud.proto.lower() != 'file': |
255 | bb.fetch2.check_network_access(d, clone_cmd) | 255 | bb.fetch2.check_network_access(d, clone_cmd, ud.url) |
256 | progresshandler = GitProgressHandler(d) | 256 | progresshandler = GitProgressHandler(d) |
257 | runfetchcmd(clone_cmd, d, log=progresshandler) | 257 | runfetchcmd(clone_cmd, d, log=progresshandler) |
258 | 258 | ||
@@ -384,7 +384,7 @@ class Git(FetchMethod): | |||
384 | cmd = "%s ls-remote %s %s" % \ | 384 | cmd = "%s ls-remote %s %s" % \ |
385 | (ud.basecmd, repourl, search) | 385 | (ud.basecmd, repourl, search) |
386 | if ud.proto.lower() != 'file': | 386 | if ud.proto.lower() != 'file': |
387 | bb.fetch2.check_network_access(d, cmd) | 387 | bb.fetch2.check_network_access(d, cmd, repourl) |
388 | output = runfetchcmd(cmd, d, True) | 388 | output = runfetchcmd(cmd, d, True) |
389 | if not output: | 389 | if not output: |
390 | raise bb.fetch2.FetchError("The command %s gave empty output unexpectedly" % cmd, ud.url) | 390 | raise bb.fetch2.FetchError("The command %s gave empty output unexpectedly" % cmd, ud.url) |
diff --git a/bitbake/lib/bb/fetch2/hg.py b/bitbake/lib/bb/fetch2/hg.py index ee5b2dd6f3..7e9afceac8 100644 --- a/bitbake/lib/bb/fetch2/hg.py +++ b/bitbake/lib/bb/fetch2/hg.py | |||
@@ -221,7 +221,7 @@ class Hg(FetchMethod): | |||
221 | """ | 221 | """ |
222 | Compute tip revision for the url | 222 | Compute tip revision for the url |
223 | """ | 223 | """ |
224 | bb.fetch2.check_network_access(d, self._buildhgcommand(ud, d, "info")) | 224 | bb.fetch2.check_network_access(d, self._buildhgcommand(ud, d, "info"), ud.url) |
225 | output = runfetchcmd(self._buildhgcommand(ud, d, "info"), d) | 225 | output = runfetchcmd(self._buildhgcommand(ud, d, "info"), d) |
226 | return output.strip() | 226 | return output.strip() |
227 | 227 | ||
diff --git a/bitbake/lib/bb/fetch2/npm.py b/bitbake/lib/bb/fetch2/npm.py index cbeb8ff889..3e352922e0 100644 --- a/bitbake/lib/bb/fetch2/npm.py +++ b/bitbake/lib/bb/fetch2/npm.py | |||
@@ -101,7 +101,7 @@ class Npm(FetchMethod): | |||
101 | 101 | ||
102 | def _runwget(self, ud, d, command, quiet): | 102 | def _runwget(self, ud, d, command, quiet): |
103 | logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command)) | 103 | logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command)) |
104 | bb.fetch2.check_network_access(d, command) | 104 | bb.fetch2.check_network_access(d, command, ud.url) |
105 | dldir = d.getVar("DL_DIR") | 105 | dldir = d.getVar("DL_DIR") |
106 | runfetchcmd(command, d, quiet, workdir=dldir) | 106 | runfetchcmd(command, d, quiet, workdir=dldir) |
107 | 107 | ||
diff --git a/bitbake/lib/bb/fetch2/perforce.py b/bitbake/lib/bb/fetch2/perforce.py index be73ca0518..0f0d7393c1 100644 --- a/bitbake/lib/bb/fetch2/perforce.py +++ b/bitbake/lib/bb/fetch2/perforce.py | |||
@@ -71,7 +71,7 @@ class Perforce(FetchMethod): | |||
71 | logger.debug(1, 'Trying to use P4CONFIG to automatically set P4PORT...') | 71 | logger.debug(1, 'Trying to use P4CONFIG to automatically set P4PORT...') |
72 | ud.usingp4config = True | 72 | ud.usingp4config = True |
73 | p4cmd = '%s info | grep "Server address"' % ud.basecmd | 73 | p4cmd = '%s info | grep "Server address"' % ud.basecmd |
74 | bb.fetch2.check_network_access(d, p4cmd) | 74 | bb.fetch2.check_network_access(d, p4cmd, ud.url) |
75 | ud.host = runfetchcmd(p4cmd, d, True) | 75 | ud.host = runfetchcmd(p4cmd, d, True) |
76 | ud.host = ud.host.split(': ')[1].strip() | 76 | ud.host = ud.host.split(': ')[1].strip() |
77 | logger.debug(1, 'Determined P4PORT to be: %s' % ud.host) | 77 | logger.debug(1, 'Determined P4PORT to be: %s' % ud.host) |
@@ -140,7 +140,7 @@ class Perforce(FetchMethod): | |||
140 | 'p4 files' command, including trailing '#rev' file revision indicator | 140 | 'p4 files' command, including trailing '#rev' file revision indicator |
141 | """ | 141 | """ |
142 | p4cmd = self._buildp4command(ud, d, 'files') | 142 | p4cmd = self._buildp4command(ud, d, 'files') |
143 | bb.fetch2.check_network_access(d, p4cmd) | 143 | bb.fetch2.check_network_access(d, p4cmd, ud.url) |
144 | p4fileslist = runfetchcmd(p4cmd, d, True) | 144 | p4fileslist = runfetchcmd(p4cmd, d, True) |
145 | p4fileslist = [f.rstrip() for f in p4fileslist.splitlines()] | 145 | p4fileslist = [f.rstrip() for f in p4fileslist.splitlines()] |
146 | 146 | ||
@@ -171,7 +171,7 @@ class Perforce(FetchMethod): | |||
171 | 171 | ||
172 | for afile in filelist: | 172 | for afile in filelist: |
173 | p4fetchcmd = self._buildp4command(ud, d, 'print', afile) | 173 | p4fetchcmd = self._buildp4command(ud, d, 'print', afile) |
174 | bb.fetch2.check_network_access(d, p4fetchcmd) | 174 | bb.fetch2.check_network_access(d, p4fetchcmd, ud.url) |
175 | runfetchcmd(p4fetchcmd, d, workdir=ud.pkgdir) | 175 | runfetchcmd(p4fetchcmd, d, workdir=ud.pkgdir) |
176 | 176 | ||
177 | runfetchcmd('tar -czf %s p4' % (ud.localpath), d, cleanup=[ud.localpath], workdir=ud.pkgdir) | 177 | runfetchcmd('tar -czf %s p4' % (ud.localpath), d, cleanup=[ud.localpath], workdir=ud.pkgdir) |
@@ -191,7 +191,7 @@ class Perforce(FetchMethod): | |||
191 | def _latest_revision(self, ud, d, name): | 191 | def _latest_revision(self, ud, d, name): |
192 | """ Return the latest upstream scm revision number """ | 192 | """ Return the latest upstream scm revision number """ |
193 | p4cmd = self._buildp4command(ud, d, "changes") | 193 | p4cmd = self._buildp4command(ud, d, "changes") |
194 | bb.fetch2.check_network_access(d, p4cmd) | 194 | bb.fetch2.check_network_access(d, p4cmd, ud.url) |
195 | tip = runfetchcmd(p4cmd, d, True) | 195 | tip = runfetchcmd(p4cmd, d, True) |
196 | 196 | ||
197 | if not tip: | 197 | if not tip: |
diff --git a/bitbake/lib/bb/fetch2/svn.py b/bitbake/lib/bb/fetch2/svn.py index b568c72049..d6feeb22a4 100644 --- a/bitbake/lib/bb/fetch2/svn.py +++ b/bitbake/lib/bb/fetch2/svn.py | |||
@@ -173,7 +173,7 @@ class Svn(FetchMethod): | |||
173 | """ | 173 | """ |
174 | Return the latest upstream revision number | 174 | Return the latest upstream revision number |
175 | """ | 175 | """ |
176 | bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1")) | 176 | bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"), ud.url) |
177 | 177 | ||
178 | output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True) | 178 | output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True) |
179 | 179 | ||
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py index 4ba63df0a8..6dfb27bd95 100644 --- a/bitbake/lib/bb/fetch2/wget.py +++ b/bitbake/lib/bb/fetch2/wget.py | |||
@@ -95,7 +95,7 @@ class Wget(FetchMethod): | |||
95 | progresshandler = WgetProgressHandler(d) | 95 | progresshandler = WgetProgressHandler(d) |
96 | 96 | ||
97 | logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command)) | 97 | logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command)) |
98 | bb.fetch2.check_network_access(d, command) | 98 | bb.fetch2.check_network_access(d, command, ud.url) |
99 | runfetchcmd(command + ' --progress=dot -v', d, quiet, log=progresshandler) | 99 | runfetchcmd(command + ' --progress=dot -v', d, quiet, log=progresshandler) |
100 | 100 | ||
101 | def download(self, ud, d): | 101 | def download(self, ud, d): |