summaryrefslogtreecommitdiffstats
path: root/bitbake
diff options
context:
space:
mode:
authorMarkus Lehtonen <markus.lehtonen@linux.intel.com>2016-11-21 14:31:43 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-11-30 15:48:10 +0000
commit38438b6cf42fb7ad45b9a901f57913af7e7591a3 (patch)
tree1ea9bd4fa7b7b90fb4a0d4a65235e18062ff2872 /bitbake
parent4e48892b859b3fe04c8c12b22d8975eed21c086b (diff)
downloadpoky-38438b6cf42fb7ad45b9a901f57913af7e7591a3.tar.gz
bitbake: fetch2: obey BB_ALLOWED_NETWORKS when checking network access
[YOCTO #10508] (Bitbake rev: ddd3bc2d64d7240ecb6b6e4a1ae29b1faef6cc22) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'bitbake')
-rw-r--r--bitbake/lib/bb/fetch2/__init__.py7
-rw-r--r--bitbake/lib/bb/fetch2/git.py4
-rw-r--r--bitbake/lib/bb/fetch2/hg.py2
-rw-r--r--bitbake/lib/bb/fetch2/npm.py2
-rw-r--r--bitbake/lib/bb/fetch2/perforce.py8
-rw-r--r--bitbake/lib/bb/fetch2/svn.py2
-rw-r--r--bitbake/lib/bb/fetch2/wget.py2
7 files changed, 15 insertions, 12 deletions
diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index 2bb41a4a94..d6d7850dfb 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -856,12 +856,15 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None):
856 856
857 return output 857 return output
858 858
859def check_network_access(d, info = "", url = None): 859def check_network_access(d, info, url):
860 """ 860 """
861 log remote network access, and error if BB_NO_NETWORK is set 861 log remote network access, and error if BB_NO_NETWORK is set or the given
862 URI is untrusted
862 """ 863 """
863 if d.getVar("BB_NO_NETWORK") == "1": 864 if d.getVar("BB_NO_NETWORK") == "1":
864 raise NetworkAccess(url, info) 865 raise NetworkAccess(url, info)
866 elif not trusted_network(d, url):
867 raise UntrustedUrl(url, info)
865 else: 868 else:
866 logger.debug(1, "Fetcher accessed the network with the command %s" % info) 869 logger.debug(1, "Fetcher accessed the network with the command %s" % info)
867 870
diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
index cb9fa3fb1a..f7a0c01868 100644
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -252,7 +252,7 @@ class Git(FetchMethod):
252 repourl = repourl[7:] 252 repourl = repourl[7:]
253 clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, repourl, ud.clonedir) 253 clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, repourl, ud.clonedir)
254 if ud.proto.lower() != 'file': 254 if ud.proto.lower() != 'file':
255 bb.fetch2.check_network_access(d, clone_cmd) 255 bb.fetch2.check_network_access(d, clone_cmd, ud.url)
256 progresshandler = GitProgressHandler(d) 256 progresshandler = GitProgressHandler(d)
257 runfetchcmd(clone_cmd, d, log=progresshandler) 257 runfetchcmd(clone_cmd, d, log=progresshandler)
258 258
@@ -384,7 +384,7 @@ class Git(FetchMethod):
384 cmd = "%s ls-remote %s %s" % \ 384 cmd = "%s ls-remote %s %s" % \
385 (ud.basecmd, repourl, search) 385 (ud.basecmd, repourl, search)
386 if ud.proto.lower() != 'file': 386 if ud.proto.lower() != 'file':
387 bb.fetch2.check_network_access(d, cmd) 387 bb.fetch2.check_network_access(d, cmd, repourl)
388 output = runfetchcmd(cmd, d, True) 388 output = runfetchcmd(cmd, d, True)
389 if not output: 389 if not output:
390 raise bb.fetch2.FetchError("The command %s gave empty output unexpectedly" % cmd, ud.url) 390 raise bb.fetch2.FetchError("The command %s gave empty output unexpectedly" % cmd, ud.url)
diff --git a/bitbake/lib/bb/fetch2/hg.py b/bitbake/lib/bb/fetch2/hg.py
index ee5b2dd6f3..7e9afceac8 100644
--- a/bitbake/lib/bb/fetch2/hg.py
+++ b/bitbake/lib/bb/fetch2/hg.py
@@ -221,7 +221,7 @@ class Hg(FetchMethod):
221 """ 221 """
222 Compute tip revision for the url 222 Compute tip revision for the url
223 """ 223 """
224 bb.fetch2.check_network_access(d, self._buildhgcommand(ud, d, "info")) 224 bb.fetch2.check_network_access(d, self._buildhgcommand(ud, d, "info"), ud.url)
225 output = runfetchcmd(self._buildhgcommand(ud, d, "info"), d) 225 output = runfetchcmd(self._buildhgcommand(ud, d, "info"), d)
226 return output.strip() 226 return output.strip()
227 227
diff --git a/bitbake/lib/bb/fetch2/npm.py b/bitbake/lib/bb/fetch2/npm.py
index cbeb8ff889..3e352922e0 100644
--- a/bitbake/lib/bb/fetch2/npm.py
+++ b/bitbake/lib/bb/fetch2/npm.py
@@ -101,7 +101,7 @@ class Npm(FetchMethod):
101 101
102 def _runwget(self, ud, d, command, quiet): 102 def _runwget(self, ud, d, command, quiet):
103 logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command)) 103 logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command))
104 bb.fetch2.check_network_access(d, command) 104 bb.fetch2.check_network_access(d, command, ud.url)
105 dldir = d.getVar("DL_DIR") 105 dldir = d.getVar("DL_DIR")
106 runfetchcmd(command, d, quiet, workdir=dldir) 106 runfetchcmd(command, d, quiet, workdir=dldir)
107 107
diff --git a/bitbake/lib/bb/fetch2/perforce.py b/bitbake/lib/bb/fetch2/perforce.py
index be73ca0518..0f0d7393c1 100644
--- a/bitbake/lib/bb/fetch2/perforce.py
+++ b/bitbake/lib/bb/fetch2/perforce.py
@@ -71,7 +71,7 @@ class Perforce(FetchMethod):
71 logger.debug(1, 'Trying to use P4CONFIG to automatically set P4PORT...') 71 logger.debug(1, 'Trying to use P4CONFIG to automatically set P4PORT...')
72 ud.usingp4config = True 72 ud.usingp4config = True
73 p4cmd = '%s info | grep "Server address"' % ud.basecmd 73 p4cmd = '%s info | grep "Server address"' % ud.basecmd
74 bb.fetch2.check_network_access(d, p4cmd) 74 bb.fetch2.check_network_access(d, p4cmd, ud.url)
75 ud.host = runfetchcmd(p4cmd, d, True) 75 ud.host = runfetchcmd(p4cmd, d, True)
76 ud.host = ud.host.split(': ')[1].strip() 76 ud.host = ud.host.split(': ')[1].strip()
77 logger.debug(1, 'Determined P4PORT to be: %s' % ud.host) 77 logger.debug(1, 'Determined P4PORT to be: %s' % ud.host)
@@ -140,7 +140,7 @@ class Perforce(FetchMethod):
140 'p4 files' command, including trailing '#rev' file revision indicator 140 'p4 files' command, including trailing '#rev' file revision indicator
141 """ 141 """
142 p4cmd = self._buildp4command(ud, d, 'files') 142 p4cmd = self._buildp4command(ud, d, 'files')
143 bb.fetch2.check_network_access(d, p4cmd) 143 bb.fetch2.check_network_access(d, p4cmd, ud.url)
144 p4fileslist = runfetchcmd(p4cmd, d, True) 144 p4fileslist = runfetchcmd(p4cmd, d, True)
145 p4fileslist = [f.rstrip() for f in p4fileslist.splitlines()] 145 p4fileslist = [f.rstrip() for f in p4fileslist.splitlines()]
146 146
@@ -171,7 +171,7 @@ class Perforce(FetchMethod):
171 171
172 for afile in filelist: 172 for afile in filelist:
173 p4fetchcmd = self._buildp4command(ud, d, 'print', afile) 173 p4fetchcmd = self._buildp4command(ud, d, 'print', afile)
174 bb.fetch2.check_network_access(d, p4fetchcmd) 174 bb.fetch2.check_network_access(d, p4fetchcmd, ud.url)
175 runfetchcmd(p4fetchcmd, d, workdir=ud.pkgdir) 175 runfetchcmd(p4fetchcmd, d, workdir=ud.pkgdir)
176 176
177 runfetchcmd('tar -czf %s p4' % (ud.localpath), d, cleanup=[ud.localpath], workdir=ud.pkgdir) 177 runfetchcmd('tar -czf %s p4' % (ud.localpath), d, cleanup=[ud.localpath], workdir=ud.pkgdir)
@@ -191,7 +191,7 @@ class Perforce(FetchMethod):
191 def _latest_revision(self, ud, d, name): 191 def _latest_revision(self, ud, d, name):
192 """ Return the latest upstream scm revision number """ 192 """ Return the latest upstream scm revision number """
193 p4cmd = self._buildp4command(ud, d, "changes") 193 p4cmd = self._buildp4command(ud, d, "changes")
194 bb.fetch2.check_network_access(d, p4cmd) 194 bb.fetch2.check_network_access(d, p4cmd, ud.url)
195 tip = runfetchcmd(p4cmd, d, True) 195 tip = runfetchcmd(p4cmd, d, True)
196 196
197 if not tip: 197 if not tip:
diff --git a/bitbake/lib/bb/fetch2/svn.py b/bitbake/lib/bb/fetch2/svn.py
index b568c72049..d6feeb22a4 100644
--- a/bitbake/lib/bb/fetch2/svn.py
+++ b/bitbake/lib/bb/fetch2/svn.py
@@ -173,7 +173,7 @@ class Svn(FetchMethod):
173 """ 173 """
174 Return the latest upstream revision number 174 Return the latest upstream revision number
175 """ 175 """
176 bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1")) 176 bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"), ud.url)
177 177
178 output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True) 178 output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True)
179 179
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py
index 4ba63df0a8..6dfb27bd95 100644
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -95,7 +95,7 @@ class Wget(FetchMethod):
95 progresshandler = WgetProgressHandler(d) 95 progresshandler = WgetProgressHandler(d)
96 96
97 logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command)) 97 logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command))
98 bb.fetch2.check_network_access(d, command) 98 bb.fetch2.check_network_access(d, command, ud.url)
99 runfetchcmd(command + ' --progress=dot -v', d, quiet, log=progresshandler) 99 runfetchcmd(command + ' --progress=dot -v', d, quiet, log=progresshandler)
100 100
101 def download(self, ud, d): 101 def download(self, ud, d):