diff options
Diffstat (limited to 'meta/classes-global/sanity.bbclass')
-rw-r--r-- | meta/classes-global/sanity.bbclass | 58 |
1 files changed, 45 insertions, 13 deletions
diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass index 6cb0d6cf88..72dab0fea2 100644 --- a/meta/classes-global/sanity.bbclass +++ b/meta/classes-global/sanity.bbclass @@ -40,7 +40,7 @@ BBLAYERS_CONF_UPDATE_FUNCS += " \ conf/site.conf:SCONF_VERSION:SITE_CONF_VERSION:oecore_update_siteconf \ " -SANITY_DIFF_TOOL ?= "meld" +SANITY_DIFF_TOOL ?= "diff -u" SANITY_LOCALCONF_SAMPLE ?= "${COREBASE}/meta*/conf/templates/default/local.conf.sample" python oecore_update_localconf() { @@ -475,7 +475,30 @@ def check_wsl(d): bb.warn("You are running bitbake under WSLv2, this works properly but you should optimize your VHDX file eventually to avoid running out of storage space") return None -# Require at least gcc version 7.5. +def check_userns(): + """ + Check that user namespaces are functional, as they're used for network isolation. + """ + + # There is a known failure case with AppAmrmor where the unshare() call + # succeeds (at which point the uid is nobody) but writing to the uid_map + # fails (so the uid isn't reset back to the user's uid). We can detect this. + parentuid = os.getuid() + pid = os.fork() + if not pid: + try: + bb.utils.disable_network() + except: + pass + os._exit(parentuid != os.getuid()) + + ret = os.waitpid(pid, 0)[1] + if ret: + bb.fatal("User namespaces are not usable by BitBake, possibly due to AppArmor.\n" + "See https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions for more information.") + + +# Require at least gcc version 8.0 # # This can be fixed on CentOS-7 with devtoolset-6+ # https://www.softwarecollections.org/en/scls/rhscl/devtoolset-6/ @@ -488,19 +511,22 @@ def check_gcc_version(sanity_data): build_cc, version = oe.utils.get_host_compiler_version(sanity_data) if build_cc.strip() == "gcc": - if bb.utils.vercmp_string_op(version, "7.5", "<"): - return "Your version of gcc is older than 7.5 and will break builds. Please install a newer version of gcc (you could use the project's buildtools-extended-tarball or use scripts/install-buildtools).\n" + if bb.utils.vercmp_string_op(version, "8.0", "<"): + return "Your version of gcc is older than 8.0 and will break builds. Please install a newer version of gcc (you could use the project's buildtools-extended-tarball or use scripts/install-buildtools).\n" return None # Tar version 1.24 and onwards handle overwriting symlinks correctly # but earlier versions do not; this needs to work properly for sstate -# Version 1.28 is needed so opkg-build works correctly when reproducibile builds are enabled +# Version 1.28 is needed so opkg-build works correctly when reproducible builds are enabled +# Gtar is assumed at to be used as tar in poky def check_tar_version(sanity_data): import subprocess try: result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8') except subprocess.CalledProcessError as e: return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output) + if not "GNU" in result: + return "Your version of tar is not gtar. Please install gtar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" version = result.split()[3] if bb.utils.vercmp_string_op(version, "1.28", "<"): return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" @@ -532,7 +558,7 @@ def check_git_version(sanity_data): def check_perl_modules(sanity_data): import subprocess ret = "" - modules = ( "Text::ParseWords", "Thread::Queue", "Data::Dumper" ) + modules = ( "Text::ParseWords", "Thread::Queue", "Data::Dumper", "File::Compare", "File::Copy", "open ':std'", "FindBin" ) errresult = '' for m in modules: try: @@ -622,10 +648,10 @@ def check_sanity_sstate_dir_change(sstate_dir, data): def check_sanity_version_change(status, d): # Sanity checks to be done when SANITY_VERSION or NATIVELSBSTRING changes # In other words, these tests run once in a given build directory and then - # never again until the sanity version or host distrubution id/version changes. + # never again until the sanity version or host distribution id/version changes. # Check the python install is complete. Examples that are often removed in - # minimal installations: glib-2.0-natives requries # xml.parsers.expat + # minimal installations: glib-2.0-natives requires xml.parsers.expat try: import xml.parsers.expat except ImportError as e: @@ -638,6 +664,7 @@ def check_sanity_version_change(status, d): status.addresult(check_git_version(d)) status.addresult(check_perl_modules(d)) status.addresult(check_wsl(d)) + status.addresult(check_userns()) missing = "" @@ -682,7 +709,7 @@ def check_sanity_version_change(status, d): if i and workdir.startswith(i): status.addresult("You are building in a path included in PSEUDO_IGNORE_PATHS " + str(i) + " please locate the build outside this path.\n") - # Check if PSEUDO_IGNORE_PATHS and and paths under pseudo control overlap + # Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap pseudoignorepaths = d.getVar('PSEUDO_IGNORE_PATHS', expand=True).split(",") pseudo_control_dir = "${D},${PKGD},${PKGDEST},${IMAGEROOTFS},${SDK_OUTPUT}" pseudocontroldir = d.expand(pseudo_control_dir).split(",") @@ -759,10 +786,10 @@ def check_sanity_everybuild(status, d): if 0 == os.getuid(): raise_sanity_error("Do not use Bitbake as root.", d) - # Check the Python version, we now have a minimum of Python 3.6 + # Check the Python version, we now have a minimum of Python 3.8 import sys - if sys.hexversion < 0x030600F0: - status.addresult('The system requires at least Python 3.6 to run. Please update your Python interpreter.\n') + if sys.hexversion < 0x030800F0: + status.addresult('The system requires at least Python 3.8 to run. Please update your Python interpreter.\n') # Check the bitbake version meets minimum requirements minversion = d.getVar('BB_MIN_VERSION') @@ -840,6 +867,10 @@ def check_sanity_everybuild(status, d): status.addresult("Please use a umask which allows a+rx and u+rwx\n") os.umask(omask) + # Ensure /tmp is NOT mounted with noexec + if os.statvfs("/tmp").f_flag & os.ST_NOEXEC: + raise_sanity_error("/tmp shouldn't be mounted with noexec.", d) + if d.getVar('TARGET_ARCH') == "arm": # This path is no longer user-readable in modern (very recent) Linux try: @@ -871,7 +902,8 @@ def check_sanity_everybuild(status, d): mirror_vars = ['MIRRORS', 'PREMIRRORS', 'SSTATE_MIRRORS'] protocols = ['http', 'ftp', 'file', 'https', \ 'git', 'gitsm', 'hg', 'osc', 'p4', 'svn', \ - 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az', 'ftps', 'crate'] + 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', \ + 'az', 'ftps', 'crate', 'gs'] for mirror_var in mirror_vars: mirrors = (d.getVar(mirror_var) or '').replace('\\n', ' ').split() |