diff options
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/base.bbclass | 4 | ||||
| -rw-r--r-- | meta/classes/cross-canadian.bbclass | 6 | ||||
| -rw-r--r-- | meta/classes/cve-check.bbclass | 31 | ||||
| -rw-r--r-- | meta/classes/insane.bbclass | 7 | ||||
| -rw-r--r-- | meta/classes/populate_sdk_ext.bbclass | 18 | ||||
| -rw-r--r-- | meta/classes/sstate.bbclass | 4 |
6 files changed, 36 insertions, 34 deletions
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index b7869da3b3..cc81461473 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass | |||
| @@ -329,9 +329,9 @@ python base_eventhandler() { | |||
| 329 | source_mirror_fetch = d.getVar('SOURCE_MIRROR_FETCH', False) | 329 | source_mirror_fetch = d.getVar('SOURCE_MIRROR_FETCH', False) |
| 330 | if not source_mirror_fetch: | 330 | if not source_mirror_fetch: |
| 331 | provs = (d.getVar("PROVIDES") or "").split() | 331 | provs = (d.getVar("PROVIDES") or "").split() |
| 332 | multiwhitelist = (d.getVar("BB_MULTI_PROVIDER_ALLOWED") or "").split() | 332 | multiprovidersallowed = (d.getVar("BB_MULTI_PROVIDER_ALLOWED") or "").split() |
| 333 | for p in provs: | 333 | for p in provs: |
| 334 | if p.startswith("virtual/") and p not in multiwhitelist: | 334 | if p.startswith("virtual/") and p not in multiprovidersallowed: |
| 335 | profprov = d.getVar("PREFERRED_PROVIDER_" + p) | 335 | profprov = d.getVar("PREFERRED_PROVIDER_" + p) |
| 336 | if profprov and pn != profprov: | 336 | if profprov and pn != profprov: |
| 337 | raise bb.parse.SkipRecipe("PREFERRED_PROVIDER_%s set to %s, not %s" % (p, profprov, pn)) | 337 | raise bb.parse.SkipRecipe("PREFERRED_PROVIDER_%s set to %s, not %s" % (p, profprov, pn)) |
diff --git a/meta/classes/cross-canadian.bbclass b/meta/classes/cross-canadian.bbclass index ac82e86356..a0e9d23836 100644 --- a/meta/classes/cross-canadian.bbclass +++ b/meta/classes/cross-canadian.bbclass | |||
| @@ -36,7 +36,7 @@ python () { | |||
| 36 | return | 36 | return |
| 37 | 37 | ||
| 38 | tos = d.getVar("TARGET_OS") | 38 | tos = d.getVar("TARGET_OS") |
| 39 | whitelist = ["mingw32"] | 39 | tos_known = ["mingw32"] |
| 40 | extralibcs = [""] | 40 | extralibcs = [""] |
| 41 | if "musl" in d.getVar("BASECANADIANEXTRAOS"): | 41 | if "musl" in d.getVar("BASECANADIANEXTRAOS"): |
| 42 | extralibcs.append("musl") | 42 | extralibcs.append("musl") |
| @@ -51,8 +51,8 @@ python () { | |||
| 51 | entry = entry + "-gnu" + variant | 51 | entry = entry + "-gnu" + variant |
| 52 | elif libc: | 52 | elif libc: |
| 53 | entry = entry + "-" + libc | 53 | entry = entry + "-" + libc |
| 54 | whitelist.append(entry) | 54 | tos_known.append(entry) |
| 55 | if tos not in whitelist: | 55 | if tos not in tos_known: |
| 56 | bb.fatal("Building cross-candian for an unknown TARGET_SYS (%s), please update cross-canadian.bbclass" % d.getVar("TARGET_SYS")) | 56 | bb.fatal("Building cross-candian for an unknown TARGET_SYS (%s), please update cross-canadian.bbclass" % d.getVar("TARGET_SYS")) |
| 57 | 57 | ||
| 58 | for n in ["PROVIDES", "DEPENDS"]: | 58 | for n in ["PROVIDES", "DEPENDS"]: |
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 079d09a76f..dfad10c22b 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -43,11 +43,12 @@ CVE_CHECK_CREATE_MANIFEST ??= "1" | |||
| 43 | 43 | ||
| 44 | CVE_CHECK_REPORT_PATCHED ??= "1" | 44 | CVE_CHECK_REPORT_PATCHED ??= "1" |
| 45 | 45 | ||
| 46 | # Whitelist for packages (PN) | 46 | # Skip CVE Check for packages (PN) |
| 47 | CVE_CHECK_SKIP_RECIPE ?= "" | 47 | CVE_CHECK_SKIP_RECIPE ?= "" |
| 48 | 48 | ||
| 49 | # Whitelist for CVE. If a CVE is found, then it is considered patched. | 49 | # Ingore the check for a given list of CVEs. If a CVE is found, |
| 50 | # The value is a string containing space separated CVE values: | 50 | # then it is considered patched. The value is a string containing |
| 51 | # space separated CVE values: | ||
| 51 | # | 52 | # |
| 52 | # CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234' | 53 | # CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234' |
| 53 | # | 54 | # |
| @@ -101,10 +102,10 @@ python do_cve_check () { | |||
| 101 | patched_cves = get_patched_cves(d) | 102 | patched_cves = get_patched_cves(d) |
| 102 | except FileNotFoundError: | 103 | except FileNotFoundError: |
| 103 | bb.fatal("Failure in searching patches") | 104 | bb.fatal("Failure in searching patches") |
| 104 | whitelisted, patched, unpatched = check_cves(d, patched_cves) | 105 | ignored, patched, unpatched = check_cves(d, patched_cves) |
| 105 | if patched or unpatched: | 106 | if patched or unpatched: |
| 106 | cve_data = get_cve_info(d, patched + unpatched) | 107 | cve_data = get_cve_info(d, patched + unpatched) |
| 107 | cve_write_data(d, patched, unpatched, whitelisted, cve_data) | 108 | cve_write_data(d, patched, unpatched, ignored, cve_data) |
| 108 | else: | 109 | else: |
| 109 | bb.note("No CVE database found, skipping CVE check") | 110 | bb.note("No CVE database found, skipping CVE check") |
| 110 | 111 | ||
| @@ -176,12 +177,12 @@ def check_cves(d, patched_cves): | |||
| 176 | return ([], [], []) | 177 | return ([], [], []) |
| 177 | pv = d.getVar("CVE_VERSION").split("+git")[0] | 178 | pv = d.getVar("CVE_VERSION").split("+git")[0] |
| 178 | 179 | ||
| 179 | # If the recipe has been whitelisted we return empty lists | 180 | # If the recipe has been skipped/ignored we return empty lists |
| 180 | if pn in d.getVar("CVE_CHECK_SKIP_RECIPE").split(): | 181 | if pn in d.getVar("CVE_CHECK_SKIP_RECIPE").split(): |
| 181 | bb.note("Recipe has been whitelisted, skipping check") | 182 | bb.note("Recipe has been skipped by cve-check") |
| 182 | return ([], [], []) | 183 | return ([], [], []) |
| 183 | 184 | ||
| 184 | cve_whitelist = d.getVar("CVE_CHECK_IGNORE").split() | 185 | cve_ignore = d.getVar("CVE_CHECK_IGNORE").split() |
| 185 | 186 | ||
| 186 | import sqlite3 | 187 | import sqlite3 |
| 187 | db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") | 188 | db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") |
| @@ -198,9 +199,9 @@ def check_cves(d, patched_cves): | |||
| 198 | for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): | 199 | for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): |
| 199 | cve = cverow[0] | 200 | cve = cverow[0] |
| 200 | 201 | ||
| 201 | if cve in cve_whitelist: | 202 | if cve in cve_ignore: |
| 202 | bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) | 203 | bb.note("%s-%s has been ignored for %s" % (product, pv, cve)) |
| 203 | # TODO: this should be in the report as 'whitelisted' | 204 | # TODO: this should be in the report as 'ignored' |
| 204 | patched_cves.add(cve) | 205 | patched_cves.add(cve) |
| 205 | continue | 206 | continue |
| 206 | elif cve in patched_cves: | 207 | elif cve in patched_cves: |
| @@ -254,7 +255,7 @@ def check_cves(d, patched_cves): | |||
| 254 | 255 | ||
| 255 | conn.close() | 256 | conn.close() |
| 256 | 257 | ||
| 257 | return (list(cve_whitelist), list(patched_cves), cves_unpatched) | 258 | return (list(cve_ignore), list(patched_cves), cves_unpatched) |
| 258 | 259 | ||
| 259 | def get_cve_info(d, cves): | 260 | def get_cve_info(d, cves): |
| 260 | """ | 261 | """ |
| @@ -279,7 +280,7 @@ def get_cve_info(d, cves): | |||
| 279 | conn.close() | 280 | conn.close() |
| 280 | return cve_data | 281 | return cve_data |
| 281 | 282 | ||
| 282 | def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | 283 | def cve_write_data(d, patched, unpatched, ignored, cve_data): |
| 283 | """ | 284 | """ |
| 284 | Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and | 285 | Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and |
| 285 | CVE manifest if enabled. | 286 | CVE manifest if enabled. |
| @@ -312,8 +313,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): | |||
| 312 | write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") | 313 | write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") |
| 313 | write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) | 314 | write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) |
| 314 | write_string += "CVE: %s\n" % cve | 315 | write_string += "CVE: %s\n" % cve |
| 315 | if cve in whitelisted: | 316 | if cve in ignored: |
| 316 | write_string += "CVE STATUS: Whitelisted\n" | 317 | write_string += "CVE STATUS: Ignored\n" |
| 317 | elif is_patched: | 318 | elif is_patched: |
| 318 | write_string += "CVE STATUS: Patched\n" | 319 | write_string += "CVE STATUS: Patched\n" |
| 319 | else: | 320 | else: |
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index 270b7860c7..0deebdb148 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass | |||
| @@ -441,7 +441,8 @@ def package_qa_hash_style(path, name, d, elf, messages): | |||
| 441 | QAPATHTEST[buildpaths] = "package_qa_check_buildpaths" | 441 | QAPATHTEST[buildpaths] = "package_qa_check_buildpaths" |
| 442 | def package_qa_check_buildpaths(path, name, d, elf, messages): | 442 | def package_qa_check_buildpaths(path, name, d, elf, messages): |
| 443 | """ | 443 | """ |
| 444 | Check for build paths inside target files and error if not found in the whitelist | 444 | Check for build paths inside target files and error if paths are not |
| 445 | explicitly ignored. | ||
| 445 | """ | 446 | """ |
| 446 | # Ignore .debug files, not interesting | 447 | # Ignore .debug files, not interesting |
| 447 | if path.find(".debug") != -1: | 448 | if path.find(".debug") != -1: |
| @@ -1283,8 +1284,8 @@ Rerun configure task after fixing this.""" | |||
| 1283 | options = set() | 1284 | options = set() |
| 1284 | for line in output.splitlines(): | 1285 | for line in output.splitlines(): |
| 1285 | options |= set(line.partition(flag)[2].split()) | 1286 | options |= set(line.partition(flag)[2].split()) |
| 1286 | whitelist = set(d.getVar("UNKNOWN_CONFIGURE_OPT_IGNORE").split()) | 1287 | ignore_opts = set(d.getVar("UNKNOWN_CONFIGURE_OPT_IGNORE").split()) |
| 1287 | options -= whitelist | 1288 | options -= ignore_opts |
| 1288 | if options: | 1289 | if options: |
| 1289 | pn = d.getVar('PN') | 1290 | pn = d.getVar('PN') |
| 1290 | error_msg = pn + ": configure was passed unrecognised options: " + " ".join(options) | 1291 | error_msg = pn + ": configure was passed unrecognised options: " + " ".join(options) |
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass index 9c9561c5c6..e2019f9bbf 100644 --- a/meta/classes/populate_sdk_ext.bbclass +++ b/meta/classes/populate_sdk_ext.bbclass | |||
| @@ -282,8 +282,8 @@ python copy_buildsystem () { | |||
| 282 | bb.utils.mkdirhier(uninative_outdir) | 282 | bb.utils.mkdirhier(uninative_outdir) |
| 283 | shutil.copy(uninative_file, uninative_outdir) | 283 | shutil.copy(uninative_file, uninative_outdir) |
| 284 | 284 | ||
| 285 | env_whitelist = (d.getVar('BB_ENV_PASSTHROUGH_ADDITIONS') or '').split() | 285 | env_passthrough = (d.getVar('BB_ENV_PASSTHROUGH_ADDITIONS') or '').split() |
| 286 | env_whitelist_values = {} | 286 | env_passthrough_values = {} |
| 287 | 287 | ||
| 288 | # Create local.conf | 288 | # Create local.conf |
| 289 | builddir = d.getVar('TOPDIR') | 289 | builddir = d.getVar('TOPDIR') |
| @@ -294,15 +294,15 @@ python copy_buildsystem () { | |||
| 294 | if derivative: | 294 | if derivative: |
| 295 | shutil.copyfile(builddir + '/conf/local.conf', baseoutpath + '/conf/local.conf') | 295 | shutil.copyfile(builddir + '/conf/local.conf', baseoutpath + '/conf/local.conf') |
| 296 | else: | 296 | else: |
| 297 | local_conf_whitelist = (d.getVar('ESDK_LOCALCONF_ALLOW') or '').split() | 297 | local_conf_allowed = (d.getVar('ESDK_LOCALCONF_ALLOW') or '').split() |
| 298 | local_conf_blacklist = (d.getVar('ESDK_LOCALCONF_REMOVE') or '').split() | 298 | local_conf_remove = (d.getVar('ESDK_LOCALCONF_REMOVE') or '').split() |
| 299 | def handle_var(varname, origvalue, op, newlines): | 299 | def handle_var(varname, origvalue, op, newlines): |
| 300 | if varname in local_conf_blacklist or (origvalue.strip().startswith('/') and not varname in local_conf_whitelist): | 300 | if varname in local_conf_remove or (origvalue.strip().startswith('/') and not varname in local_conf_allowed): |
| 301 | newlines.append('# Removed original setting of %s\n' % varname) | 301 | newlines.append('# Removed original setting of %s\n' % varname) |
| 302 | return None, op, 0, True | 302 | return None, op, 0, True |
| 303 | else: | 303 | else: |
| 304 | if varname in env_whitelist: | 304 | if varname in env_passthrough: |
| 305 | env_whitelist_values[varname] = origvalue | 305 | env_passthrough_values[varname] = origvalue |
| 306 | return origvalue, op, 0, True | 306 | return origvalue, op, 0, True |
| 307 | varlist = ['[^#=+ ]*'] | 307 | varlist = ['[^#=+ ]*'] |
| 308 | oldlines = [] | 308 | oldlines = [] |
| @@ -356,7 +356,7 @@ python copy_buildsystem () { | |||
| 356 | # We want to be able to set this without a full reparse | 356 | # We want to be able to set this without a full reparse |
| 357 | f.write('BB_HASHCONFIG_IGNORE_VARS:append = " SIGGEN_UNLOCKED_RECIPES"\n\n') | 357 | f.write('BB_HASHCONFIG_IGNORE_VARS:append = " SIGGEN_UNLOCKED_RECIPES"\n\n') |
| 358 | 358 | ||
| 359 | # Set up whitelist for run on install | 359 | # Set up which tasks are ignored for run on install |
| 360 | f.write('BB_SETSCENE_ENFORCE_IGNORE_TASKS = "%:* *:do_shared_workdir *:do_rm_work wic-tools:* *:do_addto_recipe_sysroot"\n\n') | 360 | f.write('BB_SETSCENE_ENFORCE_IGNORE_TASKS = "%:* *:do_shared_workdir *:do_rm_work wic-tools:* *:do_addto_recipe_sysroot"\n\n') |
| 361 | 361 | ||
| 362 | # Hide the config information from bitbake output (since it's fixed within the SDK) | 362 | # Hide the config information from bitbake output (since it's fixed within the SDK) |
| @@ -438,7 +438,7 @@ python copy_buildsystem () { | |||
| 438 | # Ensure any variables set from the external environment (by way of | 438 | # Ensure any variables set from the external environment (by way of |
| 439 | # BB_ENV_PASSTHROUGH_ADDITIONS) are set in the SDK's configuration | 439 | # BB_ENV_PASSTHROUGH_ADDITIONS) are set in the SDK's configuration |
| 440 | extralines = [] | 440 | extralines = [] |
| 441 | for name, value in env_whitelist_values.items(): | 441 | for name, value in env_passthrough_values.items(): |
| 442 | actualvalue = d.getVar(name) or '' | 442 | actualvalue = d.getVar(name) or '' |
| 443 | if value != actualvalue: | 443 | if value != actualvalue: |
| 444 | extralines.append('%s = "%s"\n' % (name, actualvalue)) | 444 | extralines.append('%s = "%s"\n' % (name, actualvalue)) |
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 7aca415159..163bdf0b5f 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass | |||
| @@ -259,13 +259,13 @@ def sstate_install(ss, d): | |||
| 259 | shareddirs.append(dstdir) | 259 | shareddirs.append(dstdir) |
| 260 | 260 | ||
| 261 | # Check the file list for conflicts against files which already exist | 261 | # Check the file list for conflicts against files which already exist |
| 262 | whitelist = (d.getVar("SSTATE_ALLOW_OVERLAP_FILES") or "").split() | 262 | overlap_allowed = (d.getVar("SSTATE_ALLOW_OVERLAP_FILES") or "").split() |
| 263 | match = [] | 263 | match = [] |
| 264 | for f in sharedfiles: | 264 | for f in sharedfiles: |
| 265 | if os.path.exists(f) and not os.path.islink(f): | 265 | if os.path.exists(f) and not os.path.islink(f): |
| 266 | f = os.path.normpath(f) | 266 | f = os.path.normpath(f) |
| 267 | realmatch = True | 267 | realmatch = True |
| 268 | for w in whitelist: | 268 | for w in overlap_allowed: |
| 269 | w = os.path.normpath(w) | 269 | w = os.path.normpath(w) |
| 270 | if f.startswith(w): | 270 | if f.startswith(w): |
| 271 | realmatch = False | 271 | realmatch = False |