From e4e58669f0678d9068b236cd6e91bc7e3f71339a Mon Sep 17 00:00:00 2001 From: Michael Opdenacker Date: Tue, 18 Jan 2022 12:06:00 +0100 Subject: migration-3.5: mention task specific network access (From yocto-docs rev: d8573e8a36eef61be1c9e7706c38ed28ca4c9962) Signed-off-by: Michael Opdenacker Signed-off-by: Richard Purdie --- documentation/migration-guides/migration-3.5.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'documentation/migration-guides') diff --git a/documentation/migration-guides/migration-3.5.rst b/documentation/migration-guides/migration-3.5.rst index bd807eb8c7..df15487b10 100644 --- a/documentation/migration-guides/migration-3.5.rst +++ b/documentation/migration-guides/migration-3.5.rst @@ -22,6 +22,18 @@ Recipe changes recipes now need to use ``;protocol=https`` at the end of GitHub URLs. The same script as above can be used to convert the recipes. +- Network access from tasks is now disabled by default on kernels which support + this feature (on most recent distros such as CentOS 8 and Debian 11 onwards). + This means that tasks accessing the network need to be marked as such with the ``network`` + flag. For example:: + + do_mytask[network] = "1" + + This is allowed by default from ``do_fetch`` but not from any of our other standard + tasks. Recipes shouldn't be accessing the network outside of ``do_fetch`` as it + usually undermines fetcher source mirroring, image and licence manifests, software + auditing and supply chain security. + - The :term:`TOPDIR` variable and the current working directory are no longer modified when parsing recipes. Any code depending on that behaviour will no longer work. -- cgit v1.2.3-54-g00ecf