From patchwork Fri Jul 12 09:22:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 3683 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 12 Jul 2024 11:23:09 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f188.google.com (mail-lj1-f188.google.com [209.85.208.188]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46C9N8nm022097 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 12 Jul 2024 11:23:09 +0200 Received: by mail-lj1-f188.google.com with SMTP id 38308e7fff4ca-2ee9b1b2cdcsf15716491fa.1 for ; Fri, 12 Jul 2024 02:23:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1720776183; cv=pass; d=google.com; s=arc-20160816; b=RhJ8Mh/LVBDipkiL3M8bKJB+kGNRpjZqBgAj/cEKzAdEplvEFtWLGGpzobbJXYLCc9 ULbi2hbBcSDx7EGLzEB3ZMIYVREMxHaeJSjMs/xt77OM48c4itRnsQ9VMhYbU5pPkfLN w8tvr040Hjs8as0bESJIsKzOSQs0ZJrSMyH5ensdtTZ17xzqdic06vffd4x+0dlA57h2 +2r4mmB4PFV7wHF215EtxdkgYd0X8vVIhchwef3EPCZQbdBPCJtHustNB79hPF0GICjr 5AZ4C9bJWwvPvNtkXk5a4ANxBYGAWuO0cg42den3wjA/RW4OVds4a4roVQ6+gaPATKY+ 3X+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=9yc6Hpmn2y7g2152w6Xh+T0q2rGq8C8sHeSEFZEa1WY=; fh=7snv8fa6HdTMrlrlHGOKN1TJrkMr4xtjweLPLuPvVvA=; b=fpmclSy1R9dBgMyudhDDMV3Tp+dWdSlKU5f1q2bMOnZ28mGQ75AzqQO0TOV/196pE2 AKpDcI21UBsOJ506nG9Z0rYz/FKc+sxeHGQDt9VU2Kr3QG/a2K1LmnO4cO4cBhC1VKKl IunNv28OdMJ4zokn1jNhu1rHzEQXoD7370jHeQ4QsTavyNXiv5yuOQDoFSl9Lt80SX8R J1XJIlpo1K/QdzP2pXF0IiwrvLmc1q3BeOliUD+ptm/W7ZzUIJohShE0VGfxRkMQ9Pb9 xKV9Z6kUQ7669xsDgy6KjtD6dHxYHKylqgDDyWE+HnDeZyaXQ/AHejK0j0KMtITfu5Qw km2Q==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=vg4O17xk; spf=pass (google.com: domain of fm-1321639-2024071209225923272f310c8e4a0018-tkcujd@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1321639-2024071209225923272f310c8e4a0018-TKcujd@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1720776183; x=1721380983; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=9yc6Hpmn2y7g2152w6Xh+T0q2rGq8C8sHeSEFZEa1WY=; b=tCl3VA3U2ZYxuoTfOgje3uvmQfxmDbIREHX5jlu/ZfOqub3yZHSDXi5gY8ZnA2ZzOe aIsC9RaPt36/EQHdpR1R0DNm6CXSmKadBglCPAgPzIxScVCAfgB93dhnVKLFptmGG8Ma gN5Sv8P0ZxyFYibBXEzUyvzvWk8Omz6p64J0hyQibXeici5YzB1y8mJ/ZT2ydIyAaJrg czoPxuWd/cTzwiwPwmZQe9drR9ngVA/D9nPjtub/gv2LG+C7fXca81MPo79RtXw9lxjR mJPh2Bk/BilXAUdgtQpifLmtunTXhqOrlnGXIyXDxz3N9KiYHrHOpwt5LuD7yMtkVve/ YH+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720776183; x=1721380983; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9yc6Hpmn2y7g2152w6Xh+T0q2rGq8C8sHeSEFZEa1WY=; b=jwktmm+7Q61MYvDTUPcS5kyuSI5M245X8Y/mAyWJpHLq+STjbpfUBDwdWSed/n4jLr VRDGNaAiddCKN6ui5ePZlQdZOot1nsm2xCn2ML1gUxMhmqGHyGYdoa937wFEBMxN0STW X2ncmsXY1t5y96UwHC3bAxfykSJDIk0IWu7IgzwSdERkE4ANl14EIZHHE9ZQIeWbtlG/ 5q/L2e+c8uTy/ODgSVQalVyC96ifqTEL1NPtkjebQnPkt6NRjAPlt/l0Zb6gmJ5LNhSQ 57a81iHP6+OW29ZoSZu2OHt6TOp1jV2Hwthnht+997pu+rtzBXEOUo1i/iMPTv3VL/Im BB5g== X-Forwarded-Encrypted: i=2; AJvYcCUaIR+e2oF5oIuJ89BKd7bEZwv4aPDMzJEkJYPBemQoV6o303hqZjv5FhQPdScJLphvngEKCHUb8twkjN49cFJ0aSih20k= X-Gm-Message-State: AOJu0YxjIMHumvMORdUSELC1sc0X3wCL3opKPb/WbA8nYmnCghNjtuVu 9UUzTIiXxaO4dm12GFdkA4dpZZ3IEl/u0qGPQ4sI6CcAtGU8tafS X-Google-Smtp-Source: AGHT+IE5jjk8k05G/yb504zBwgfb7SFwyxinVcisOe3ARYA0ikAUu4a/JvztSo30iJrr9WR4/HguZg== X-Received: by 2002:a2e:9847:0:b0:2ec:59b6:ad71 with SMTP id 38308e7fff4ca-2eeb3188d7cmr68346791fa.40.1720776182754; Fri, 12 Jul 2024 02:23:02 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:a373:0:b0:2ec:5130:5666 with SMTP id 38308e7fff4ca-2eec93b4cb7ls8381601fa.2.-pod-prod-02-eu; Fri, 12 Jul 2024 02:23:00 -0700 (PDT) X-Received: by 2002:a2e:9f0d:0:b0:2ec:3d74:88ca with SMTP id 38308e7fff4ca-2eeb30fc820mr71069511fa.25.1720776180348; Fri, 12 Jul 2024 02:23:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1720776180; cv=none; d=google.com; s=arc-20160816; b=m2CdfP+0/je+vcT+vqIoEDKlctu/d+yPnKCbzfcfvjWvmOLTfsXxEr8EABNCTa1sRv 1+NQ8p7Ppfr4l1O6IE9trGWZT71ZAMFaBWxW2LGoFqMYN2E0EQ6SjrdrM6rGfzM+B/sJ SJsiymnSdlcTi5R9E/gJysWshZflhUwm9EVA76OVihhElGpaqdU5un5JpuXQMeGyA1iM iM7WI46lbMj+EJgiXeFubEfYSfphwimZKk7z/N3bwUyoSqBQwlm0cg5C95M3wrKTwRrL fYraTVsZ02H/+bXhKg6n8R0hyMvIpcH9xS2VGRAgihk+DbcTZl+77LWtHFk9k48X0UT1 9ZJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=T/UQ+L/gM91zvunhUltIT7SpBY1448SWPtqOlIr1/Gk=; fh=Xwx5KAQd7M5XPJvQVz6xz/z//08kOEttrlFeLBySLJ8=; b=WnRuiyUtg+tR8AQPsJl7Gbf65TOVkXptgdgo0K+cjMdh1oA9rR2elgDTCJgaq/3aHn TBnh9nZ24ysQOjIS6IiZBaAfOtNF7sRihFhEBuOCKebkv7oZIvT0NFKNtDLLkdK8Gcg2 L/r8hUHBRfG1CLfyLAb/WlXEp5c3acw/m/OuJCxtZTvwkHjtNfIEPR93HeZOkLmdPL7l 61d15OI+ytZxGR9yXKLSQg66HLh5Sqk2f1kpATlt+jEB312IVJN+1ShMIgU/WM+iEqgK mUvUEfpPpiFqiMj5QJa2uFC5kTb2kVSSURvwqUKATR2noIr7ytZOrO8OoXOJQxk2HVaM p20g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=vg4O17xk; spf=pass (google.com: domain of fm-1321639-2024071209225923272f310c8e4a0018-tkcujd@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1321639-2024071209225923272f310c8e4a0018-TKcujd@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net. [185.136.65.227]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-367cdf9f8c7si160336f8f.3.2024.07.12.02.23.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jul 2024 02:23:00 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1321639-2024071209225923272f310c8e4a0018-tkcujd@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) client-ip=185.136.65.227; Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 2024071209225923272f310c8e4a0018 for ; Fri, 12 Jul 2024 11:22:59 +0200 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: adriaan.schmidt@siemens.com, Felix Moessbauer Subject: [PATCH 1/1] fix expansion of variables in SRC_URI of dpkg-prebuilt Date: Fri, 12 Jul 2024 11:22:45 +0200 Message-Id: <20240712092245.47054-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1321639:519-21489:flowmailer X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=vg4O17xk; spf=pass (google.com: domain of fm-1321639-2024071209225923272f310c8e4a0018-tkcujd@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1321639-2024071209225923272f310c8e4a0018-TKcujd@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The processing of the items in SRC_URI of dpkg-prebuilt previously was executed on the non expanded variables. This was introduced to fix credential leaks and to avoid absolute paths in the signatures (caching issues). However, this does not work when putting whole SRC_URI entries into variables (which potentially can be empty), as then the unpack=false is added to the non-expanded variable which either might already contain this, or is empty. This led to broken urls. To fix this, the patch changes the processing logic to work on the expanded string. As this would re-introduce the credential and caching issues, we further add a vardepvalue with the non-expanded string. By that, the signatures just contain the original string in its non expanded version. Signed-off-by: Felix Moessbauer --- meta/classes/dpkg-prebuilt.bbclass | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/meta/classes/dpkg-prebuilt.bbclass b/meta/classes/dpkg-prebuilt.bbclass index a6187a07..ecf0d383 100644 --- a/meta/classes/dpkg-prebuilt.bbclass +++ b/meta/classes/dpkg-prebuilt.bbclass @@ -7,13 +7,16 @@ inherit dpkg-base python do_unpack:prepend() { # enforce unpack=false - src_uri = (d.getVar('SRC_URI', False) or '').split() - if len(src_uri) == 0: + src_uri_raw = d.getVar('SRC_URI', False) + src_uri_exp = (d.getVar('SRC_URI', True) or '').split() + if len(src_uri_exp) == 0: return def ensure_unpack_false(uri): return ';'.join([x for x in uri.split(';') if not x.startswith('unpack=')] + ['unpack=false']) - src_uri = [ensure_unpack_false(uri) for uri in src_uri] + src_uri = [ensure_unpack_false(uri) for uri in src_uri_exp] d.setVar('SRC_URI', ' '.join(src_uri)) + if src_uri_raw: + d.appendVarFlag('SRC_URI', 'vardepvalue', src_uri_raw) } # also breaks inherited (from dpkg-base) dependency on sbuild_chroot