From 59ce7d02a57e0a642d839ab48677f6ac1886180f Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" Date: Thu, 16 Apr 2015 13:23:18 -0400 Subject: bitbake: fetch2: Add BB_ALLOWED_NETWORKS support BB_ALLOWED_NETWORKS is a list of hosts that the fetcher will be allowed to use when BB_NO_NETWORK is not set. If BB_NO_NETWORK is set, then networking is still disabled. If BB_ALLOWED_NETWORKS is not set, the behaviour remains the same as today. If BB_NO_NETWORK is NOT set, and BB_ALLOWED_NETWORKS is configured, then only the hosts in the list are usable by the fetcher. eg: BB_ALLOWED_NETWORKS="yoctoproject.org git.gnu.org" The fetcher will be able to download from yoctoproject.org, git.gnu.org, but not ftp.gnu.org or any other hostname that is not in the list. There is also limited support for wildcards on the beginning of the hosts, so BB_ALLOWED_NETWORKS="*.gnu.org" with match git.gnu.org and ftp.gnu.org as well as foo.git.gnu.org (Bitbake rev: c7263096ba31ba45daeeb9de90c1cb9ebef24a28) Signed-off-by: Liam R. Howlett Signed-off-by: Richard Purdie --- bitbake/lib/bb/tests/fetch.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'bitbake/lib/bb/tests') diff --git a/bitbake/lib/bb/tests/fetch.py b/bitbake/lib/bb/tests/fetch.py index d56ef49948..d3f7b6ac6c 100644 --- a/bitbake/lib/bb/tests/fetch.py +++ b/bitbake/lib/bb/tests/fetch.py @@ -547,6 +547,43 @@ class FetcherNetworkTest(FetcherTest): os.chdir(os.path.dirname(self.unpackdir)) fetcher.unpack(self.unpackdir) + def test_trusted_network(self): + # Ensure trusted_network returns False when the host IS in the list. + url = "git://Someserver.org/foo;rev=1" + self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org someserver.org server2.org server3.org") + self.assertTrue(bb.fetch.trusted_network(self.d, url)) + + def test_wild_trusted_network(self): + # Ensure trusted_network returns true when the *.host IS in the list. + url = "git://Someserver.org/foo;rev=1" + self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org *.someserver.org server2.org server3.org") + self.assertTrue(bb.fetch.trusted_network(self.d, url)) + + def test_prefix_wild_trusted_network(self): + # Ensure trusted_network returns true when the prefix matches *.host. + url = "git://git.Someserver.org/foo;rev=1" + self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org *.someserver.org server2.org server3.org") + self.assertTrue(bb.fetch.trusted_network(self.d, url)) + + def test_two_prefix_wild_trusted_network(self): + # Ensure trusted_network returns true when the prefix matches *.host. + url = "git://something.git.Someserver.org/foo;rev=1" + self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org *.someserver.org server2.org server3.org") + self.assertTrue(bb.fetch.trusted_network(self.d, url)) + + def test_untrusted_network(self): + # Ensure trusted_network returns False when the host is NOT in the list. + url = "git://someserver.org/foo;rev=1" + self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org server2.org server3.org") + self.assertFalse(bb.fetch.trusted_network(self.d, url)) + + def test_wild_untrusted_network(self): + # Ensure trusted_network returns False when the host is NOT in the list. + url = "git://*.someserver.org/foo;rev=1" + self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org server2.org server3.org") + self.assertFalse(bb.fetch.trusted_network(self.d, url)) + + class URLHandle(unittest.TestCase): datatable = { -- cgit v1.2.3-54-g00ecf