From 4eea21b7addd091c7e549684699897fe7d60533c Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 21 Dec 2021 17:38:58 +0000 Subject: classes: Only allow network in existing network accessing code Use the newly added network task flag against tasks where network access is expected. This is do_fetch, do_checkuri, do_testimage, do_testsdk and do_testsdkext. We can't disable networking in sstate tasks due to sstate downloads and also so we can report hash equivalence to the server so network access is enabled in sstate tasks. Access within build-appliance do_image is also allowed due to the use of pip, this is a poor example made rather obvious now and needs to be reworked. Network access anywhere else in any other task isn't allowed. (From OE-Core rev: 7ce1e88a3ad85bbb925bb9f7167dc0a5fd1c27f4) Signed-off-by: Richard Purdie --- meta/classes/base.bbclass | 1 + meta/classes/sstate.bbclass | 2 ++ meta/classes/testimage.bbclass | 1 + meta/classes/testsdk.bbclass | 2 ++ meta/classes/utility-tasks.bbclass | 1 + meta/recipes-core/images/build-appliance-image_15.0.0.bb | 2 ++ 6 files changed, 9 insertions(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index b709777f24..5f4956a1d3 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -150,6 +150,7 @@ do_fetch[dirs] = "${DL_DIR}" do_fetch[file-checksums] = "${@bb.fetch.get_checksum_file_list(d)}" do_fetch[file-checksums] += " ${@get_lic_checksum_file_list(d)}" do_fetch[vardeps] += "SRCREV" +do_fetch[network] = "1" python base_do_fetch() { src_uri = (d.getVar('SRC_URI') or "").split() diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 0326d27c74..645377fdd8 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -158,6 +158,8 @@ python () { for task in unique_tasks: d.prependVarFlag(task, 'prefuncs', "sstate_task_prefunc ") d.appendVarFlag(task, 'postfuncs', " sstate_task_postfunc") + d.setVarFlag(task, 'network', '1') + d.setVarFlag(task + "_setscene", 'network', '1') } def sstate_init(task, d): diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 1c5fd4ee6a..898248992c 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -139,6 +139,7 @@ python do_testimage() { addtask testimage do_testimage[nostamp] = "1" +do_testimage[network] = "1" do_testimage[depends] += "${TESTIMAGEDEPENDS}" do_testimage[lockfiles] += "${TESTIMAGELOCK}" diff --git a/meta/classes/testsdk.bbclass b/meta/classes/testsdk.bbclass index 758a23ac55..8b2e74f606 100644 --- a/meta/classes/testsdk.bbclass +++ b/meta/classes/testsdk.bbclass @@ -36,12 +36,14 @@ python do_testsdk() { } addtask testsdk do_testsdk[nostamp] = "1" +do_testsdk[network] = "1" python do_testsdkext() { import_and_run('TESTSDKEXT_CLASS_NAME', d) } addtask testsdkext do_testsdkext[nostamp] = "1" +do_testsdkext[network] = "1" python () { if oe.types.boolean(d.getVar("TESTIMAGE_AUTO") or "False"): diff --git a/meta/classes/utility-tasks.bbclass b/meta/classes/utility-tasks.bbclass index 34d6b8f4d5..0466325c13 100644 --- a/meta/classes/utility-tasks.bbclass +++ b/meta/classes/utility-tasks.bbclass @@ -38,6 +38,7 @@ python do_clean() { addtask checkuri do_checkuri[nostamp] = "1" +do_checkuri[network] = "1" python do_checkuri() { src_uri = (d.getVar('SRC_URI') or "").split() if len(src_uri) == 0: diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index ce72a944e7..b774095b97 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -109,6 +109,8 @@ fakeroot do_populate_poky_src () { } IMAGE_PREPROCESS_COMMAND += "do_populate_poky_src; " +# For pip usage above +do_image[network] = "1" addtask rootfs after do_unpack -- cgit v1.2.3-54-g00ecf