openembedded-core.git/meta/classes/patch.bbclass, branch thud Mirror of openembedded-core patch: reproducibility: Fix host umask leakage 2019-01-28T16:56:29+00:00 Douglas Royds douglas.royds@taitradio.com 2018-12-20T23:10:22+00:00 9841962b5bfdaaeed31f79573f6fbd9d1d56dd17 Some patch files create entirely new files, so their permissions are subject to the host umask. If such a file is later installed into a package with no change in permissions, it breaks the reproducibility of the package. This was observed on libpam, for instance: The patch file pam-security-abstract-securetty-handling.patch creates a new file (tty_secure.c). This file is later copied into the -dbg package with no change in permissions. (From OE-Core rev: 2a2bbd755b330cd63f7f6e2f2b374a3ae065b37a) Signed-off-by: Douglas Royds <douglas.royds@taitradio.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Some patch files create entirely new files, so their permissions are subject to
the host umask. If such a file is later installed into a package with no change
in permissions, it breaks the reproducibility of the package.

This was observed on libpam, for instance: The patch file
pam-security-abstract-securetty-handling.patch creates a new file
(tty_secure.c). This file is later copied into the -dbg package with no change
in permissions.

(From OE-Core rev: 2a2bbd755b330cd63f7f6e2f2b374a3ae065b37a)

Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
patch: Jail patch_task_patch_prefunc in classes/patch into the workdir 2018-07-06T21:54:56+00:00 Pablo Saavedra psaavedra@igalia.com 2018-07-06T09:50:23+00:00 db6ce9d8838b1f9064604654ab579da3e237f361 With PATCHTOOL=git patches the changes in the patch_task_postfunc of the classes/patch. This works OK when the S dir is a Git repo but doesn't if the source is a tarball. The while condition in the patch_task_patch_prefunc must be jailed into the WORKDIR. In the opposite, when you are executing the recipe out of a Git subtree the function simply fails but when your recipes are into a Git repo the patch_task_postfunc execute a commit over your BSP local Git repo adding the changes in an arbitrary Git repo found in the path from the SOURCE directory to the '/'. This situation is highly probable in cases like ~home directories under the control of a .git repo or Yocto BSP which manage the meta layers as git submodules. This patch fix the changes introduced in classes/patch: when PATCHTOOL = "git" double-check the repository commit: 86ab56b55164393924b5e688b20e8f3f3f8fc578 Author: Paul Eggleton <paul.eggleton@linux.intel.com> Date: Tue Dec 5 14:36:58 2017 +1300 classes/patch: when PATCHTOOL = "git" double-check the repository If a bug is present or the user has set PATCHTOOL = "git" on a source tree that isn't git, if we try to perform git operations (such as committing or changing branches) when extracting source, then we might in fact be running those operations on the metadata repository if the build directory is underneath, say, poky or OE-Core, and that could make a mess. Check if the source tree is a git repository and refuse to continue if it isn't. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
With PATCHTOOL=git patches the changes in the patch_task_postfunc
of the classes/patch. This works OK when the S dir is a Git repo
but doesn't if the source is a tarball.

The while condition in the patch_task_patch_prefunc must be
jailed into the WORKDIR. In the opposite, when you are executing
the recipe out of a Git subtree the function simply fails but when
your recipes are into a Git repo the patch_task_postfunc execute a
commit over your BSP local Git repo adding the changes in an
arbitrary Git repo found in the path from the SOURCE directory to
the '/'. This situation is highly probable in  cases like ~home
directories under the control of a .git repo or Yocto BSP which
manage the meta layers as git submodules.

This patch fix the changes introduced in

  classes/patch: when PATCHTOOL = "git" double-check the repository
  commit: 86ab56b55164393924b5e688b20e8f3f3f8fc578
  Author: Paul Eggleton <paul.eggleton@linux.intel.com>
  Date:   Tue Dec 5 14:36:58 2017 +1300

  classes/patch: when PATCHTOOL = "git" double-check the repository

  If a bug is present or the user has set PATCHTOOL = "git" on a source
  tree that isn't git, if we try to perform git operations (such as
  committing or changing branches) when extracting source, then we might
  in fact be running those operations on the metadata repository if the
  build directory is underneath, say, poky or OE-Core, and that could
  make a mess. Check if the source tree is a git repository and refuse
  to continue if it isn't.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
classes/patch: when PATCHTOOL = "git" double-check the repository 2017-12-10T22:41:42+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2017-12-05T01:36:58+00:00 59ae5b7cbfeedb216a57c3f77fe52527b6c918cc If a bug is present or the user has set PATCHTOOL = "git" on a source tree that isn't git, if we try to perform git operations (such as committing or changing branches) when extracting source, then we might in fact be running those operations on the metadata repository if the build directory is underneath, say, poky or OE-Core, and that could make a mess. Check if the source tree is a git repository and refuse to continue if it isn't. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
If a bug is present or the user has set PATCHTOOL = "git" on a source
tree that isn't git, if we try to perform git operations (such as
committing or changing branches) when extracting source, then we might
in fact be running those operations on the metadata repository if the
build directory is underneath, say, poky or OE-Core, and that could
make a mess. Check if the source tree is a git repository and refuse
to continue if it isn't.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
classes/patch: remove unused variable 2017-12-10T22:41:42+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2017-12-05T01:36:57+00:00 5bc987fb1818ffb9748645bd6e0d80cf5914bad0 Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
classes/patch: switch to new bb.build.tasksbetween() function 2017-02-07T14:48:55+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2017-02-06T20:30:49+00:00 1226e2eb2678407c315befd5700e653602e616a0 A generic version of the code to work out the tasks between two tasks (based on the code here) has been added to bb.build, so use that instead. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
A generic version of the code to work out the tasks between two
tasks (based on the code here) has been added to bb.build, so use that
instead.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta: remove True option to getVarFlag calls 2016-12-16T08:30:03+00:00 Joshua Lock joshua.g.lock@intel.com 2016-12-14T21:13:06+00:00 2dea9e490a98377010b3d4118d054814c317a735 getVarFlag() now defaults to expanding by default, thus remove the True option from getVarFlag() calls with a regex search and replace. Search made with the following regex: getVarFlag ?\(( ?[^,()]*, ?[^,()]*), True\) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
getVarFlag() now defaults to expanding by default, thus remove the
True option from getVarFlag() calls with a regex search and
replace.

Search made with the following regex:
getVarFlag ?\(( ?[^,()]*, ?[^,()]*), True\)

Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta: remove True option to getVar calls 2016-12-16T08:30:03+00:00 Joshua Lock joshua.g.lock@intel.com 2016-12-14T21:13:04+00:00 7c552996597faaee2fbee185b250c0ee30ea3b5f getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Search made with the following regex: getVar ?\(( ?[^,()]*), True\)

Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
classes/patch: move several functions to oe.patch 2016-12-14T09:56:35+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2016-12-13T07:09:39+00:00 2724511e18810cc8082c1b028e3b7c8a8b5def56 Move patch_path(), src_patches() and should_apply() to oe.patch, making them easier to call from elsewhere (particularly across the UI/server boundary). Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Move patch_path(), src_patches() and should_apply() to oe.patch, making
them easier to call from elsewhere (particularly across the
UI/server boundary).

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
classes/patch: move in logic to commit for additional tasks 2016-12-14T09:56:35+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2016-12-13T07:09:38+00:00 f24f59ea1d8bc335ea8576f6a346d0935f4a3548 If PATCHTOOL is "git", and PATCH_COMMIT_FUNCTIONS is set to "1", for additional tasks between do_unpack and do_patch, make a git commit. This logic was previously implemented in devtool itself, but it makes more sense for it to be implemented in the patch class since that's where the rest of the logic is for this (or in lib/oe/patch.py). It also makes it possible for this to work with tinfoil2. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
If PATCHTOOL is "git", and PATCH_COMMIT_FUNCTIONS is set to "1", for
additional tasks between do_unpack and do_patch, make a git commit. This
logic was previously implemented in devtool itself, but it makes more
sense for it to be implemented in the patch class since that's where the
rest of the logic is for this (or in lib/oe/patch.py). It also makes
it possible for this to work with tinfoil2.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
devtool: update-recipe: fix handling of compressed local patches 2016-11-23T11:02:27+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2016-11-10T01:45:17+00:00 e47d21624dfec6f71742b837e91da553f18a28c5 It is possible to use gzip or bzip2 to compress patches and still refer to them in compressed form in the SRC_URI value within a recipe. If you run "devtool modify" on such a recipe, make changes to the commit for the patch and then run devtool update-recipe, we need to correctly associate the commit back to the compressed patch file and re-compress the patch, neither of which we were doing previously. Additionally, add an oe-selftest test to ensure this doesn't regress in future. Fixes [YOCTO #8278]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
It is possible to use gzip or bzip2 to compress patches and still refer
to them in compressed form in the SRC_URI value within a recipe. If you
run "devtool modify" on such a recipe, make changes to the commit for
the patch and then run devtool update-recipe, we need to correctly
associate the commit back to the compressed patch file and re-compress
the patch, neither of which we were doing previously.

Additionally, add an oe-selftest test to ensure this doesn't regress in
future.

Fixes [YOCTO #8278].

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>