insane.bbclass: add host-user-contaminated test

- Add a test which checks for any paths outside of /home which are owned by the user running bitbake. - Add the test to WARN_QA by default. This test has been in meta-mentor for some time, and in our ERROR_QA for our builds, and has caught a number of issues for us. (From OE-Core rev: 1854dc60a4c7e97f0d6d26208fd42bf0dc1bfa7f) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Christopher Larson <chris_larson@mentor.com> 2015-09-01 15:23:03 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-09-04 16:23:47 +0100
commit: 2d4976772c9d9c718607ab31097b1a993e514b7d (patch)
tree: ae37ee7ffbe1becf85e011bc91961140748575a7 /meta
parent: b95c3404432cb8986533c52a16a13f68b200c7a3 (diff)
download: poky-2d4976772c9d9c718607ab31097b1a993e514b7d.tar.gz
1 files changed, 35 insertions, 2 deletions
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 7ea80dc90c..5c8629af1d 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -32,14 +32,14 @@ WARN_QA ?= "ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \
            installed-vs-shipped compile-host-path install-host-path \
            pn-overrides infodir build-deps file-rdeps \
            unknown-configure-option symlink-to-sysroot multilib \
-            invalid-pkgconfig \
+            invalid-pkgconfig host-user-contaminated \
            "
 ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
            perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
            split-strip packages-list pkgv-undefined var-undefined \
            version-going-backwards expanded-d invalid-chars \
            "
-FAKEROOT_QA = ""
+FAKEROOT_QA = "host-user-contaminated"
 FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \
 enabled tests are listed here, the do_package_qa task will run under fakeroot."
@@ -969,6 +969,39 @@ def package_qa_check_encoding(keys, encode, d):
        if not sane:
            break
+HOST_USER_UID := "${@os.getuid()}"
+HOST_USER_GID := "${@os.getgid()}"
+QAPATHTEST[host-user-contaminated] = "package_qa_check_host_user"
+def package_qa_check_host_user(path, name, d, elf, messages):
+    """Check for paths outside of /home which are owned by the user running bitbake."""
+    if not os.path.lexists(path):
+        return
+    dest = d.getVar('PKGDEST', True)
+    home = os.path.join(dest, 'home')
+    if path == home or path.startswith(home + os.sep):
+        return
+    try:
+        stat = os.lstat(path)
+    except OSError as exc:
+        import errno
+        if exc.errno != errno.ENOENT:
+            raise
+    else:
+        check_uid = int(d.getVar('HOST_USER_UID', True))
+        if stat.st_uid == check_uid:
+            messages["host-user-contaminated"] = "%s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_uid)
+            return False
+        check_gid = int(d.getVar('HOST_USER_GID', True))
+        if stat.st_gid == check_gid:
+            messages["host-user-contaminated"] = "%s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_gid)
+            return False
+    return True
 # The PACKAGE FUNC to scan each package
 python do_package_qa () {
    import subprocess
author	Christopher Larson <chris_larson@mentor.com>	2015-09-01 15:23:03 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-09-04 16:23:47 +0100
commit	2d4976772c9d9c718607ab31097b1a993e514b7d (patch)
tree	ae37ee7ffbe1becf85e011bc91961140748575a7 /meta
parent	b95c3404432cb8986533c52a16a13f68b200c7a3 (diff)
download	poky-2d4976772c9d9c718607ab31097b1a993e514b7d.tar.gz

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index 7ea80dc90c..5c8629af1d 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass
@@ -32,14 +32,14 @@ WARN_QA ?= "ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \
32	installed-vs-shipped compile-host-path install-host-path \	32	installed-vs-shipped compile-host-path install-host-path \
33	pn-overrides infodir build-deps file-rdeps \	33	pn-overrides infodir build-deps file-rdeps \
34	unknown-configure-option symlink-to-sysroot multilib \	34	unknown-configure-option symlink-to-sysroot multilib \
35	invalid-pkgconfig \	35	invalid-pkgconfig host-user-contaminated \
36	"	36	"
37	ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \	37	ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
38	perms dep-cmp pkgvarcheck perm-config perm-line perm-link \	38	perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
39	split-strip packages-list pkgv-undefined var-undefined \	39	split-strip packages-list pkgv-undefined var-undefined \
40	version-going-backwards expanded-d invalid-chars \	40	version-going-backwards expanded-d invalid-chars \
41	"	41	"
42	FAKEROOT_QA = ""	42	FAKEROOT_QA = "host-user-contaminated"
43	FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \	43	FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \
44	enabled tests are listed here, the do_package_qa task will run under fakeroot."	44	enabled tests are listed here, the do_package_qa task will run under fakeroot."
45		45
@@ -969,6 +969,39 @@ def package_qa_check_encoding(keys, encode, d):
969	if not sane:	969	if not sane:
970	break	970	break
971		971
		972	HOST_USER_UID := "${@os.getuid()}"
		973	HOST_USER_GID := "${@os.getgid()}"
		974
		975	QAPATHTEST[host-user-contaminated] = "package_qa_check_host_user"
		976	def package_qa_check_host_user(path, name, d, elf, messages):
		977	"""Check for paths outside of /home which are owned by the user running bitbake."""
		978
		979	if not os.path.lexists(path):
		980	return
		981
		982	dest = d.getVar('PKGDEST', True)
		983	home = os.path.join(dest, 'home')
		984	if path == home or path.startswith(home + os.sep):
		985	return
		986
		987	try:
		988	stat = os.lstat(path)
		989	except OSError as exc:
		990	import errno
		991	if exc.errno != errno.ENOENT:
		992	raise
		993	else:
		994	check_uid = int(d.getVar('HOST_USER_UID', True))
		995	if stat.st_uid == check_uid:
		996	messages["host-user-contaminated"] = "%s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_uid)
		997	return False
		998
		999	check_gid = int(d.getVar('HOST_USER_GID', True))
		1000	if stat.st_gid == check_gid:
		1001	messages["host-user-contaminated"] = "%s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_gid)
		1002	return False
		1003	return True
		1004
972	# The PACKAGE FUNC to scan each package	1005	# The PACKAGE FUNC to scan each package
973	python do_package_qa () {	1006	python do_package_qa () {
974	import subprocess	1007	import subprocess