bitbake: fetch2: obey BB_ALLOWED_NETWORKS when checking network access
[YOCTO #10508] (Bitbake rev: ddd3bc2d64d7240ecb6b6e4a1ae29b1faef6cc22) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
4e48892b85
commit
38438b6cf4
|
@ -856,12 +856,15 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None):
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
def check_network_access(d, info = "", url = None):
|
def check_network_access(d, info, url):
|
||||||
"""
|
"""
|
||||||
log remote network access, and error if BB_NO_NETWORK is set
|
log remote network access, and error if BB_NO_NETWORK is set or the given
|
||||||
|
URI is untrusted
|
||||||
"""
|
"""
|
||||||
if d.getVar("BB_NO_NETWORK") == "1":
|
if d.getVar("BB_NO_NETWORK") == "1":
|
||||||
raise NetworkAccess(url, info)
|
raise NetworkAccess(url, info)
|
||||||
|
elif not trusted_network(d, url):
|
||||||
|
raise UntrustedUrl(url, info)
|
||||||
else:
|
else:
|
||||||
logger.debug(1, "Fetcher accessed the network with the command %s" % info)
|
logger.debug(1, "Fetcher accessed the network with the command %s" % info)
|
||||||
|
|
||||||
|
|
|
@ -252,7 +252,7 @@ class Git(FetchMethod):
|
||||||
repourl = repourl[7:]
|
repourl = repourl[7:]
|
||||||
clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, repourl, ud.clonedir)
|
clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, repourl, ud.clonedir)
|
||||||
if ud.proto.lower() != 'file':
|
if ud.proto.lower() != 'file':
|
||||||
bb.fetch2.check_network_access(d, clone_cmd)
|
bb.fetch2.check_network_access(d, clone_cmd, ud.url)
|
||||||
progresshandler = GitProgressHandler(d)
|
progresshandler = GitProgressHandler(d)
|
||||||
runfetchcmd(clone_cmd, d, log=progresshandler)
|
runfetchcmd(clone_cmd, d, log=progresshandler)
|
||||||
|
|
||||||
|
@ -384,7 +384,7 @@ class Git(FetchMethod):
|
||||||
cmd = "%s ls-remote %s %s" % \
|
cmd = "%s ls-remote %s %s" % \
|
||||||
(ud.basecmd, repourl, search)
|
(ud.basecmd, repourl, search)
|
||||||
if ud.proto.lower() != 'file':
|
if ud.proto.lower() != 'file':
|
||||||
bb.fetch2.check_network_access(d, cmd)
|
bb.fetch2.check_network_access(d, cmd, repourl)
|
||||||
output = runfetchcmd(cmd, d, True)
|
output = runfetchcmd(cmd, d, True)
|
||||||
if not output:
|
if not output:
|
||||||
raise bb.fetch2.FetchError("The command %s gave empty output unexpectedly" % cmd, ud.url)
|
raise bb.fetch2.FetchError("The command %s gave empty output unexpectedly" % cmd, ud.url)
|
||||||
|
|
|
@ -221,7 +221,7 @@ class Hg(FetchMethod):
|
||||||
"""
|
"""
|
||||||
Compute tip revision for the url
|
Compute tip revision for the url
|
||||||
"""
|
"""
|
||||||
bb.fetch2.check_network_access(d, self._buildhgcommand(ud, d, "info"))
|
bb.fetch2.check_network_access(d, self._buildhgcommand(ud, d, "info"), ud.url)
|
||||||
output = runfetchcmd(self._buildhgcommand(ud, d, "info"), d)
|
output = runfetchcmd(self._buildhgcommand(ud, d, "info"), d)
|
||||||
return output.strip()
|
return output.strip()
|
||||||
|
|
||||||
|
|
|
@ -101,7 +101,7 @@ class Npm(FetchMethod):
|
||||||
|
|
||||||
def _runwget(self, ud, d, command, quiet):
|
def _runwget(self, ud, d, command, quiet):
|
||||||
logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command))
|
logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command))
|
||||||
bb.fetch2.check_network_access(d, command)
|
bb.fetch2.check_network_access(d, command, ud.url)
|
||||||
dldir = d.getVar("DL_DIR")
|
dldir = d.getVar("DL_DIR")
|
||||||
runfetchcmd(command, d, quiet, workdir=dldir)
|
runfetchcmd(command, d, quiet, workdir=dldir)
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,7 @@ class Perforce(FetchMethod):
|
||||||
logger.debug(1, 'Trying to use P4CONFIG to automatically set P4PORT...')
|
logger.debug(1, 'Trying to use P4CONFIG to automatically set P4PORT...')
|
||||||
ud.usingp4config = True
|
ud.usingp4config = True
|
||||||
p4cmd = '%s info | grep "Server address"' % ud.basecmd
|
p4cmd = '%s info | grep "Server address"' % ud.basecmd
|
||||||
bb.fetch2.check_network_access(d, p4cmd)
|
bb.fetch2.check_network_access(d, p4cmd, ud.url)
|
||||||
ud.host = runfetchcmd(p4cmd, d, True)
|
ud.host = runfetchcmd(p4cmd, d, True)
|
||||||
ud.host = ud.host.split(': ')[1].strip()
|
ud.host = ud.host.split(': ')[1].strip()
|
||||||
logger.debug(1, 'Determined P4PORT to be: %s' % ud.host)
|
logger.debug(1, 'Determined P4PORT to be: %s' % ud.host)
|
||||||
|
@ -140,7 +140,7 @@ class Perforce(FetchMethod):
|
||||||
'p4 files' command, including trailing '#rev' file revision indicator
|
'p4 files' command, including trailing '#rev' file revision indicator
|
||||||
"""
|
"""
|
||||||
p4cmd = self._buildp4command(ud, d, 'files')
|
p4cmd = self._buildp4command(ud, d, 'files')
|
||||||
bb.fetch2.check_network_access(d, p4cmd)
|
bb.fetch2.check_network_access(d, p4cmd, ud.url)
|
||||||
p4fileslist = runfetchcmd(p4cmd, d, True)
|
p4fileslist = runfetchcmd(p4cmd, d, True)
|
||||||
p4fileslist = [f.rstrip() for f in p4fileslist.splitlines()]
|
p4fileslist = [f.rstrip() for f in p4fileslist.splitlines()]
|
||||||
|
|
||||||
|
@ -171,7 +171,7 @@ class Perforce(FetchMethod):
|
||||||
|
|
||||||
for afile in filelist:
|
for afile in filelist:
|
||||||
p4fetchcmd = self._buildp4command(ud, d, 'print', afile)
|
p4fetchcmd = self._buildp4command(ud, d, 'print', afile)
|
||||||
bb.fetch2.check_network_access(d, p4fetchcmd)
|
bb.fetch2.check_network_access(d, p4fetchcmd, ud.url)
|
||||||
runfetchcmd(p4fetchcmd, d, workdir=ud.pkgdir)
|
runfetchcmd(p4fetchcmd, d, workdir=ud.pkgdir)
|
||||||
|
|
||||||
runfetchcmd('tar -czf %s p4' % (ud.localpath), d, cleanup=[ud.localpath], workdir=ud.pkgdir)
|
runfetchcmd('tar -czf %s p4' % (ud.localpath), d, cleanup=[ud.localpath], workdir=ud.pkgdir)
|
||||||
|
@ -191,7 +191,7 @@ class Perforce(FetchMethod):
|
||||||
def _latest_revision(self, ud, d, name):
|
def _latest_revision(self, ud, d, name):
|
||||||
""" Return the latest upstream scm revision number """
|
""" Return the latest upstream scm revision number """
|
||||||
p4cmd = self._buildp4command(ud, d, "changes")
|
p4cmd = self._buildp4command(ud, d, "changes")
|
||||||
bb.fetch2.check_network_access(d, p4cmd)
|
bb.fetch2.check_network_access(d, p4cmd, ud.url)
|
||||||
tip = runfetchcmd(p4cmd, d, True)
|
tip = runfetchcmd(p4cmd, d, True)
|
||||||
|
|
||||||
if not tip:
|
if not tip:
|
||||||
|
|
|
@ -173,7 +173,7 @@ class Svn(FetchMethod):
|
||||||
"""
|
"""
|
||||||
Return the latest upstream revision number
|
Return the latest upstream revision number
|
||||||
"""
|
"""
|
||||||
bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"))
|
bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"), ud.url)
|
||||||
|
|
||||||
output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True)
|
output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True)
|
||||||
|
|
||||||
|
|
|
@ -95,7 +95,7 @@ class Wget(FetchMethod):
|
||||||
progresshandler = WgetProgressHandler(d)
|
progresshandler = WgetProgressHandler(d)
|
||||||
|
|
||||||
logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command))
|
logger.debug(2, "Fetching %s using command '%s'" % (ud.url, command))
|
||||||
bb.fetch2.check_network_access(d, command)
|
bb.fetch2.check_network_access(d, command, ud.url)
|
||||||
runfetchcmd(command + ' --progress=dot -v', d, quiet, log=progresshandler)
|
runfetchcmd(command + ' --progress=dot -v', d, quiet, log=progresshandler)
|
||||||
|
|
||||||
def download(self, ud, d):
|
def download(self, ud, d):
|
||||||
|
|
Loading…
Reference in New Issue