From f01b909a266498853e6b3f10e6b39f2d95148129 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 16 Jun 2017 09:42:30 +0100 Subject: package_ipk: Clean up Source entry in ipk packages There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone. Since ipks don't appear to be generated at all if we don't set this, set the field to the recipe name used (basename only, no paths). This avoids information leaking. We may want to drop the field if opkg can allow that at a future point but the recipe name is a suitable identifier for now. Reported-by: Andrej Valek (From OE-Core rev: 0b5e0d072f93a958e4211a8aeb2fd8cc3c25cc21) Signed-off-by: Richard Purdie --- meta/classes/package_ipk.bbclass | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'meta') diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass index c7cec9d63d..a1e51ee690 100644 --- a/meta/classes/package_ipk.bbclass +++ b/meta/classes/package_ipk.bbclass @@ -48,6 +48,8 @@ python do_package_ipk () { if os.path.exists(p): bb.utils.prunedir(p) + recipesource = os.path.basename(d.getVar('FILE')) + for pkg in packages.split(): localdata = bb.data.createCopy(d) root = "%s/%s" % (pkgdest, pkg) @@ -204,10 +206,7 @@ python do_package_ipk () { ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces)) if rconflicts: ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts)) - src_uri = localdata.getVar("SRC_URI").strip() or "None" - if src_uri: - src_uri = re.sub("\s+", " ", src_uri) - ctrlfile.write("Source: %s\n" % " ".join(src_uri.split())) + ctrlfile.write("Source: %s\n" % recipesource) ctrlfile.close() for script in ["preinst", "postinst", "prerm", "postrm"]: -- cgit v1.2.3-54-g00ecf