diff options
| author | Haixiao Yan <haixiao.yan.cn@windriver.com> | 2025-09-12 09:59:33 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-09-15 17:57:23 +0100 |
| commit | f5adf527f2e3279432800218986505f894167d3d (patch) | |
| tree | 5e97bafcaa389f6a0cb09c6198b18ae33eb5337e /meta/recipes-devtools/python/python3-requests | |
| parent | 6091eb2b58a5004f68acb1819387eb80a1001ca6 (diff) | |
| download | poky-f5adf527f2e3279432800218986505f894167d3d.tar.gz | |
buildtools-tarball: fix unbound variable issues under 'set -u'
When Bash runs with 'set -u' (nounset), accessing an unset variable
directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable"
error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR
is never triggered and the script aborts.
The current code assumes these variables may be unset or empty, but does
not guard against 'set -u'. This breaks builds in stricter shell
environments or when users explicitly enable 'set -u'.
Fix this by using parameter expansion with a default value, e.g.
"${SSL_CERT_FILE:-}", so that unset variables are treated as empty
strings. This preserves the intended logic (respect host env first, then
CAFILE/CAPATH, then buildtools defaults) and makes the script robust
under 'set -u'.
(From OE-Core rev: 4d880c2eccd534133a2a4e6579d955605c0956ec)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python/python3-requests')
| -rw-r--r-- | meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh index 492177a9c3..400972814b 100644 --- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | # Respect host env REQUESTS_CA_BUNDLE first, then auto-detected host cert, then cert in buildtools | 1 | # Respect host env REQUESTS_CA_BUNDLE first, then auto-detected host cert, then cert in buildtools |
| 2 | # CAFILE/CAPATH is auto-deteced when source buildtools | 2 | # CAFILE/CAPATH is auto-deteced when source buildtools |
| 3 | if [ -z "$REQUESTS_CA_BUNDLE" ]; then | 3 | if [ -z "${REQUESTS_CA_BUNDLE:-}" ]; then |
| 4 | if [ -n "$CAFILE" ];then | 4 | if [ -n "${CAFILE:-}" ];then |
| 5 | export REQUESTS_CA_BUNDLE="$CAFILE" | 5 | export REQUESTS_CA_BUNDLE="$CAFILE" |
| 6 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | 6 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then |
| 7 | export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" | 7 | export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" |