diff options
author | Christopher Larson <chris_larson@mentor.com> | 2015-09-01 15:23:03 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-09-03 13:32:11 +0100 |
commit | 1854dc60a4c7e97f0d6d26208fd42bf0dc1bfa7f (patch) | |
tree | 10381d0952bd486c57ccdaac29b073f3560b7a12 /meta/classes/insane.bbclass | |
parent | 1b697a5e92be01725ad20298f54c277c852c974d (diff) | |
download | openembedded-core-1854dc60a4c7e97f0d6d26208fd42bf0dc1bfa7f.tar.gz openembedded-core-1854dc60a4c7e97f0d6d26208fd42bf0dc1bfa7f.tar.bz2 openembedded-core-1854dc60a4c7e97f0d6d26208fd42bf0dc1bfa7f.zip |
insane.bbclass: add host-user-contaminated test
- Add a test which checks for any paths outside of /home which are owned by
the user running bitbake.
- Add the test to WARN_QA by default.
This test has been in meta-mentor for some time, and in our ERROR_QA for our
builds, and has caught a number of issues for us.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/insane.bbclass')
-rw-r--r-- | meta/classes/insane.bbclass | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass index 7ea80dc90c..5c8629af1d 100644 --- a/meta/classes/insane.bbclass +++ b/meta/classes/insane.bbclass @@ -32,14 +32,14 @@ WARN_QA ?= "ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \ installed-vs-shipped compile-host-path install-host-path \ pn-overrides infodir build-deps file-rdeps \ unknown-configure-option symlink-to-sysroot multilib \ - invalid-pkgconfig \ + invalid-pkgconfig host-user-contaminated \ " ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \ perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ split-strip packages-list pkgv-undefined var-undefined \ version-going-backwards expanded-d invalid-chars \ " -FAKEROOT_QA = "" +FAKEROOT_QA = "host-user-contaminated" FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \ enabled tests are listed here, the do_package_qa task will run under fakeroot." @@ -969,6 +969,39 @@ def package_qa_check_encoding(keys, encode, d): if not sane: break +HOST_USER_UID := "${@os.getuid()}" +HOST_USER_GID := "${@os.getgid()}" + +QAPATHTEST[host-user-contaminated] = "package_qa_check_host_user" +def package_qa_check_host_user(path, name, d, elf, messages): + """Check for paths outside of /home which are owned by the user running bitbake.""" + + if not os.path.lexists(path): + return + + dest = d.getVar('PKGDEST', True) + home = os.path.join(dest, 'home') + if path == home or path.startswith(home + os.sep): + return + + try: + stat = os.lstat(path) + except OSError as exc: + import errno + if exc.errno != errno.ENOENT: + raise + else: + check_uid = int(d.getVar('HOST_USER_UID', True)) + if stat.st_uid == check_uid: + messages["host-user-contaminated"] = "%s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_uid) + return False + + check_gid = int(d.getVar('HOST_USER_GID', True)) + if stat.st_gid == check_gid: + messages["host-user-contaminated"] = "%s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_gid) + return False + return True + # The PACKAGE FUNC to scan each package python do_package_qa () { import subprocess |