[Buildroot] [PATCH] utils/check-package: new check for Buildroot's defconfig files

[Buildroot] [PATCH] utils/check-package: new check for Buildroot's defconfig files

[Yann E. MORIN]

Now that we do have support for checking hashes for custom versions
(for the few packages for which we do support custom versions, like the
kernel, some bootloaders...), we want to ensure that our defconfig
files, when they enable one or more such custom version, do enable
checking the hashes for those versions, and thus we want to require all
our defconfigs do enable BR2_DOWNLOAD_FORCE_CHECK_HASHES.

Add a check for that condition.

We need to be careful that we only check Buildroot's defconfig, whether
in-tree or in a br2-external, and not kernel or other kconfig-based
defconfig files, like those in board/ sub-directories. So we only match
defconfig files that are in a configs/ directory, whether at the
toplevel (for in-tree defconfigs), or not (for br2-external defconfigs).

Since we only have two defconfigs that check hashes for custom versions,
regnerate .checkpackageignore to ignore all so-far broken defconfigs.

Suggested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>

---
Note: this patch does not contain a regenerated .checkpackageignore, for
ease of review; I can resubmit with it regenerated after reviews, or a
committer may regenerate when applying.
---
 utils/check-package                    |  9 +++++++++
 utils/checkpackagelib/lib_defconfig.py | 20 ++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 utils/checkpackagelib/lib_defconfig.py

diff --git a/utils/check-package b/utils/check-package
index 373bc63f52..6678f68794 100755
--- a/utils/check-package
+++ b/utils/check-package
@@ -10,6 +10,7 @@ import sys
 
 import checkpackagelib.base
 import checkpackagelib.lib_config
+import checkpackagelib.lib_defconfig
 import checkpackagelib.lib_hash
 import checkpackagelib.lib_ignore
 import checkpackagelib.lib_mk
@@ -113,6 +114,7 @@ DO_CHECK_INTREE = re.compile(r"|".join([
     r"arch/",
     r"board/",
     r"boot/",
+    r"configs/",
     r"fs/",
     r"linux/",
     r"package/",
@@ -137,6 +139,11 @@ DO_NOT_CHECK_INTREE = re.compile(r"|".join([
 
 SYSV_INIT_SCRIPT_FILENAME = re.compile(r"/S\d\d[^/]+$")
 
+# For defconfigs: avoid matching kernel, uboot... defconfig files, so
+# limit to defconfig files in a configs/ directory, either in-tree or
+# in a br2-external tree.
+BR_DEFCONFIG_FILENAME = re.compile(r"^(.+/)?configs/[^/]+_defconfig$")
+
 
 def get_lib_from_filename(fname):
     if flags.intree_only:
@@ -152,6 +159,8 @@ def get_lib_from_filename(fname):
         return checkpackagelib.lib_ignore
     if CONFIG_IN_FILENAME.search(fname):
         return checkpackagelib.lib_config
+    if BR_DEFCONFIG_FILENAME.search(fname):
+        return checkpackagelib.lib_defconfig
     if fname.endswith(".hash"):
         return checkpackagelib.lib_hash
     if fname.endswith(".mk"):
diff --git a/utils/checkpackagelib/lib_defconfig.py b/utils/checkpackagelib/lib_defconfig.py
new file mode 100644
index 0000000000..ab0e361b57
--- /dev/null
+++ b/utils/checkpackagelib/lib_defconfig.py
@@ -0,0 +1,20 @@
+# See utils/checkpackagelib/readme.txt before editing this file.
+
+from checkpackagelib.base import _CheckFunction
+
+
+class ForceCheckHash(_CheckFunction):
+    """Checks that a defconfig does force checking all hashes"""
+
+    def before(self):
+        self.forces = False
+
+    def check_line(self, lineno, text):
+        if self.forces:
+            return
+        if text == "BR2_DOWNLOAD_FORCE_CHECK_HASHES=y\n":
+            self.forces = True
+
+    def after(self):
+        if not self.forces:
+            return [f"{self.filename}:0: missing BR2_DOWNLOAD_FORCE_CHECK_HASHES"]
-- 
2.44.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] utils/check-package: new check for Buildroot's defconfig files

[Thomas Petazzoni via buildroot]

On Sun, 31 Mar 2024 22:34:03 +0200
"Yann E. MORIN" <yann.morin.1998@free.fr> wrote:

> Now that we do have support for checking hashes for custom versions
> (for the few packages for which we do support custom versions, like the
> kernel, some bootloaders...), we want to ensure that our defconfig
> files, when they enable one or more such custom version, do enable
> checking the hashes for those versions, and thus we want to require all
> our defconfigs do enable BR2_DOWNLOAD_FORCE_CHECK_HASHES.
> 
> Add a check for that condition.
> 
> We need to be careful that we only check Buildroot's defconfig, whether
> in-tree or in a br2-external, and not kernel or other kconfig-based
> defconfig files, like those in board/ sub-directories. So we only match
> defconfig files that are in a configs/ directory, whether at the
> toplevel (for in-tree defconfigs), or not (for br2-external defconfigs).
> 
> Since we only have two defconfigs that check hashes for custom versions,
> regnerate .checkpackageignore to ignore all so-far broken defconfigs.
> 
> Suggested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
> Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
> 
> ---
> Note: this patch does not contain a regenerated .checkpackageignore, for
> ease of review; I can resubmit with it regenerated after reviews, or a
> committer may regenerate when applying.
> ---
>  utils/check-package                    |  9 +++++++++
>  utils/checkpackagelib/lib_defconfig.py | 20 ++++++++++++++++++++
>  2 files changed, 29 insertions(+)
>  create mode 100644 utils/checkpackagelib/lib_defconfig.py

Applied to master, after updating .checkpackageignore of course. Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] utils/check-package: new check for Buildroot's defconfig files

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:

 > On Sun, 31 Mar 2024 22:34:03 +0200
 > "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:

 >> Now that we do have support for checking hashes for custom versions
 >> (for the few packages for which we do support custom versions, like the
 >> kernel, some bootloaders...), we want to ensure that our defconfig
 >> files, when they enable one or more such custom version, do enable
 >> checking the hashes for those versions, and thus we want to require all
 >> our defconfigs do enable BR2_DOWNLOAD_FORCE_CHECK_HASHES.
 >> 
 >> Add a check for that condition.
 >> 
 >> We need to be careful that we only check Buildroot's defconfig, whether
 >> in-tree or in a br2-external, and not kernel or other kconfig-based
 >> defconfig files, like those in board/ sub-directories. So we only match
 >> defconfig files that are in a configs/ directory, whether at the
 >> toplevel (for in-tree defconfigs), or not (for br2-external defconfigs).

I wonder if it really makes sense to enforce this for br2-external
defconfigs, as it is basically a question about policy and they are "out of
our hands". Depending on the use case it may or may not make sense for
those defconfigs to use hashes.

E.G. at $WORK I have a br2-external tree where check-package is used to
ensure that the packages are well behaved (E.G. do not negatively impact
the rest), but E.G. the kernel is downloaded from a trusted git server
and changed often, so the overhead of maintaining hashes of the
(buildroot internally generated) tarball is quite annoying.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot