summaryrefslogtreecommitdiffstats
path: root/meta/classes
diff options
context:
space:
mode:
authorChristopher Larson <chris_larson@mentor.com>2015-09-01 15:23:03 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-09-04 16:23:47 +0100
commit2d4976772c9d9c718607ab31097b1a993e514b7d (patch)
treeae37ee7ffbe1becf85e011bc91961140748575a7 /meta/classes
parentb95c3404432cb8986533c52a16a13f68b200c7a3 (diff)
downloadpoky-2d4976772c9d9c718607ab31097b1a993e514b7d.tar.gz
insane.bbclass: add host-user-contaminated test
- Add a test which checks for any paths outside of /home which are owned by the user running bitbake. - Add the test to WARN_QA by default. This test has been in meta-mentor for some time, and in our ERROR_QA for our builds, and has caught a number of issues for us. (From OE-Core rev: 1854dc60a4c7e97f0d6d26208fd42bf0dc1bfa7f) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/insane.bbclass37
1 files changed, 35 insertions, 2 deletions
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 7ea80dc90c..5c8629af1d 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -32,14 +32,14 @@ WARN_QA ?= "ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \
32 installed-vs-shipped compile-host-path install-host-path \ 32 installed-vs-shipped compile-host-path install-host-path \
33 pn-overrides infodir build-deps file-rdeps \ 33 pn-overrides infodir build-deps file-rdeps \
34 unknown-configure-option symlink-to-sysroot multilib \ 34 unknown-configure-option symlink-to-sysroot multilib \
35 invalid-pkgconfig \ 35 invalid-pkgconfig host-user-contaminated \
36 " 36 "
37ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \ 37ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
38 perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ 38 perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
39 split-strip packages-list pkgv-undefined var-undefined \ 39 split-strip packages-list pkgv-undefined var-undefined \
40 version-going-backwards expanded-d invalid-chars \ 40 version-going-backwards expanded-d invalid-chars \
41 " 41 "
42FAKEROOT_QA = "" 42FAKEROOT_QA = "host-user-contaminated"
43FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \ 43FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \
44enabled tests are listed here, the do_package_qa task will run under fakeroot." 44enabled tests are listed here, the do_package_qa task will run under fakeroot."
45 45
@@ -969,6 +969,39 @@ def package_qa_check_encoding(keys, encode, d):
969 if not sane: 969 if not sane:
970 break 970 break
971 971
972HOST_USER_UID := "${@os.getuid()}"
973HOST_USER_GID := "${@os.getgid()}"
974
975QAPATHTEST[host-user-contaminated] = "package_qa_check_host_user"
976def package_qa_check_host_user(path, name, d, elf, messages):
977 """Check for paths outside of /home which are owned by the user running bitbake."""
978
979 if not os.path.lexists(path):
980 return
981
982 dest = d.getVar('PKGDEST', True)
983 home = os.path.join(dest, 'home')
984 if path == home or path.startswith(home + os.sep):
985 return
986
987 try:
988 stat = os.lstat(path)
989 except OSError as exc:
990 import errno
991 if exc.errno != errno.ENOENT:
992 raise
993 else:
994 check_uid = int(d.getVar('HOST_USER_UID', True))
995 if stat.st_uid == check_uid:
996 messages["host-user-contaminated"] = "%s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_uid)
997 return False
998
999 check_gid = int(d.getVar('HOST_USER_GID', True))
1000 if stat.st_gid == check_gid:
1001 messages["host-user-contaminated"] = "%s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_gid)
1002 return False
1003 return True
1004
972# The PACKAGE FUNC to scan each package 1005# The PACKAGE FUNC to scan each package
973python do_package_qa () { 1006python do_package_qa () {
974 import subprocess 1007 import subprocess