diff options
| -rw-r--r-- | meta/classes/sstate.bbclass | 8 | ||||
| -rw-r--r-- | meta/lib/oe/sstatesig.py | 27 | ||||
| -rw-r--r-- | meta/lib/oeqa/selftest/signing.py | 4 |
3 files changed, 30 insertions, 9 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 3234e7914c..8c623271ad 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -53,7 +53,13 @@ SSTATEPOSTINSTFUNCS = "" EXTRA_STAGING_FIXMES ?= "" SSTATECLEANFUNCS = "" -SIGGEN_LOCKEDSIGS_CHECK_LEVEL ?= 'error' +# Check whether sstate exists for tasks that support sstate and are in the +# locked signatures file. +SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK ?= 'error' + +# Check whether the task's computed hash matches the task's hash in the +# locked signatures file. +SIGGEN_LOCKEDSIGS_TASKSIG_CHECK ?= "error" # The GnuPG key ID and passphrase to use to sign sstate archives (or unset to # not sign) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 5828a9def8..b2319ff213 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -189,20 +189,35 @@ class SignatureGeneratorOEBasicHash(bb.siggen.SignatureGeneratorBasicHash): f.write('SIGGEN_LOCKEDSIGS_TYPES_%s = "%s"' % (self.machine, " ".join(types.keys()))) def checkhashes(self, missed, ret, sq_fn, sq_task, sq_hash, sq_hashfn, d): - checklevel = d.getVar("SIGGEN_LOCKEDSIGS_CHECK_LEVEL", True) + warn_msgs = [] + error_msgs = [] + sstate_missing_msgs = [] + for task in range(len(sq_fn)): if task not in ret: for pn in self.lockedsigs: if sq_hash[task] in self.lockedsigs[pn].itervalues(): if sq_task[task] == 'do_shared_workdir': continue - self.mismatch_msgs.append("Locked sig is set for %s:%s (%s) yet not in sstate cache?" + sstate_missing_msgs.append("Locked sig is set for %s:%s (%s) yet not in sstate cache?" % (pn, sq_task[task], sq_hash[task])) - if self.mismatch_msgs and checklevel == 'warn': - bb.warn("\n".join(self.mismatch_msgs)) - elif self.mismatch_msgs and checklevel == 'error': - bb.fatal("\n".join(self.mismatch_msgs)) + checklevel = d.getVar("SIGGEN_LOCKEDSIGS_TASKSIG_CHECK", True) + if checklevel == 'warn': + warn_msgs += self.mismatch_msgs + elif checklevel == 'error': + error_msgs += self.mismatch_msgs + + checklevel = d.getVar("SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK", True) + if checklevel == 'warn': + warn_msgs += sstate_missing_msgs + elif checklevel == 'error': + error_msgs += sstate_missing_msgs + + if warn_msgs: + bb.warn("\n".join(warn_msgs)) + if error_msgs: + bb.fatal("\n".join(error_msgs)) # Insert these classes into siggen's namespace so it can see and select them diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py index d2b3f0003c..1babca07df 100644 --- a/meta/lib/oeqa/selftest/signing.py +++ b/meta/lib/oeqa/selftest/signing.py @@ -160,7 +160,7 @@ class LockedSignatures(oeSelfTest): bitbake('-S none %s' % test_recipe) feature = 'require %s\n' % locked_sigs_file - feature += 'SIGGEN_LOCKEDSIGS_CHECK_LEVEL = "warn"\n' + feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n' self.write_config(feature) # Build a locked recipe @@ -180,7 +180,7 @@ class LockedSignatures(oeSelfTest): ret = bitbake(test_recipe) # Verify you get the warning and that the real task *isn't* run (i.e. the locked signature has worked) - patt = r'WARNING: The %s:do_package sig \S+ changed, use locked sig \S+ to instead' % test_recipe + patt = r'WARNING: The %s:do_package sig is computed to be \S+, but the sig is locked to \S+ in SIGGEN_LOCKEDSIGS\S+' % test_recipe found_warn = re.search(patt, ret.output) self.assertIsNotNone(found_warn, "Didn't find the expected warning message. Output: %s" % ret.output) |