From 3dbc1e83f26ab1575b93c83273c9c9877d14633f Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Fri, 7 Oct 2022 09:32:24 +1300 Subject: ref-manual: update buildpaths QA check documentation The buildpaths QA check is now practically usable and enabled by default, so update the comment and add a section with the warning message since users may start seeing it in their builds. (From yocto-docs rev: a14997e3b8576cd1a6e1c38d13b5b8e05ac03b88) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- documentation/ref-manual/classes.rst | 4 ++-- documentation/ref-manual/qa-checks.rst | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'documentation') diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 6c60d414ca..d94db03616 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -1008,8 +1008,8 @@ Here are the tests you can list with the :term:`WARN_QA` and software, like bootloaders, might need to bypass this check. - ``buildpaths:`` Checks for paths to locations on the build host - inside the output files. Currently, this test triggers too many false - positives and thus is not normally enabled. + inside the output files. Not only can these leak information about + the build environment, they also hinder binary reproducibility. - ``build-deps:`` Determines if a build-time dependency that is specified through :term:`DEPENDS`, explicit diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst index 9455bec3fd..fb31dc16f9 100644 --- a/documentation/ref-manual/qa-checks.rst +++ b/documentation/ref-manual/qa-checks.rst @@ -748,6 +748,22 @@ Errors and Warnings other things in the patches, those can be discarded. +.. _qa-check-buildpaths: + +- ``File in package contains reference to TMPDIR [buildpaths]`` + + This check ensures that build system paths (including :term:`TMPDIR`) do not + appear in output files, which not only leaks build system configuration into + the target, but also hinders binary reproducibility as the output will change + if the build system configuration changes. + + Typically these paths will enter the output through some mechanism in the + configuration or compilation of the software being built by the recipe. To + resolve this issue you will need to determine how the detected path is + entering the output. Sometimes it may require adjusting scripts or code to + use a relative path rather than an absolute one, or to pick up the path from + runtime configuration or environment variables. + Configuring and Disabling QA Checks =================================== -- cgit v1.2.3-54-g00ecf