diff options
Diffstat (limited to 'meta/classes-global/sanity.bbclass')
-rw-r--r-- | meta/classes-global/sanity.bbclass | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass index 180c6b77d8..72dab0fea2 100644 --- a/meta/classes-global/sanity.bbclass +++ b/meta/classes-global/sanity.bbclass | |||
@@ -475,6 +475,29 @@ def check_wsl(d): | |||
475 | bb.warn("You are running bitbake under WSLv2, this works properly but you should optimize your VHDX file eventually to avoid running out of storage space") | 475 | bb.warn("You are running bitbake under WSLv2, this works properly but you should optimize your VHDX file eventually to avoid running out of storage space") |
476 | return None | 476 | return None |
477 | 477 | ||
478 | def check_userns(): | ||
479 | """ | ||
480 | Check that user namespaces are functional, as they're used for network isolation. | ||
481 | """ | ||
482 | |||
483 | # There is a known failure case with AppAmrmor where the unshare() call | ||
484 | # succeeds (at which point the uid is nobody) but writing to the uid_map | ||
485 | # fails (so the uid isn't reset back to the user's uid). We can detect this. | ||
486 | parentuid = os.getuid() | ||
487 | pid = os.fork() | ||
488 | if not pid: | ||
489 | try: | ||
490 | bb.utils.disable_network() | ||
491 | except: | ||
492 | pass | ||
493 | os._exit(parentuid != os.getuid()) | ||
494 | |||
495 | ret = os.waitpid(pid, 0)[1] | ||
496 | if ret: | ||
497 | bb.fatal("User namespaces are not usable by BitBake, possibly due to AppArmor.\n" | ||
498 | "See https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions for more information.") | ||
499 | |||
500 | |||
478 | # Require at least gcc version 8.0 | 501 | # Require at least gcc version 8.0 |
479 | # | 502 | # |
480 | # This can be fixed on CentOS-7 with devtoolset-6+ | 503 | # This can be fixed on CentOS-7 with devtoolset-6+ |
@@ -495,12 +518,15 @@ def check_gcc_version(sanity_data): | |||
495 | # Tar version 1.24 and onwards handle overwriting symlinks correctly | 518 | # Tar version 1.24 and onwards handle overwriting symlinks correctly |
496 | # but earlier versions do not; this needs to work properly for sstate | 519 | # but earlier versions do not; this needs to work properly for sstate |
497 | # Version 1.28 is needed so opkg-build works correctly when reproducible builds are enabled | 520 | # Version 1.28 is needed so opkg-build works correctly when reproducible builds are enabled |
521 | # Gtar is assumed at to be used as tar in poky | ||
498 | def check_tar_version(sanity_data): | 522 | def check_tar_version(sanity_data): |
499 | import subprocess | 523 | import subprocess |
500 | try: | 524 | try: |
501 | result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8') | 525 | result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8') |
502 | except subprocess.CalledProcessError as e: | 526 | except subprocess.CalledProcessError as e: |
503 | return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output) | 527 | return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output) |
528 | if not "GNU" in result: | ||
529 | return "Your version of tar is not gtar. Please install gtar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" | ||
504 | version = result.split()[3] | 530 | version = result.split()[3] |
505 | if bb.utils.vercmp_string_op(version, "1.28", "<"): | 531 | if bb.utils.vercmp_string_op(version, "1.28", "<"): |
506 | return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" | 532 | return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" |
@@ -638,6 +664,7 @@ def check_sanity_version_change(status, d): | |||
638 | status.addresult(check_git_version(d)) | 664 | status.addresult(check_git_version(d)) |
639 | status.addresult(check_perl_modules(d)) | 665 | status.addresult(check_perl_modules(d)) |
640 | status.addresult(check_wsl(d)) | 666 | status.addresult(check_wsl(d)) |
667 | status.addresult(check_userns()) | ||
641 | 668 | ||
642 | missing = "" | 669 | missing = "" |
643 | 670 | ||