Re: [PATCH 2/3] insane.bbclass: add host-user-contaminated test

[Joshua Lock <joshua.lock@collabora.co.uk>]

On 24/08/15 23:19, Christopher Larson wrote:
> From: Christopher Larson <chris_larson@mentor.com>
>
> - Add a test which checks for any paths outside of /home which are owned by
>    the user running bitbake.
> - Add the test to WARN_QA by default.

I do all of my builds on a separate partition in a directory hierarchy 
which is owned by my user - if I'm understanding this correctly I'll get 
QA WARNINGS for all of my builds with this change?

It would be nice to be able to bless my build directory and still 
benefit from this check.

Regards,

Joshua

> This test has been in meta-mentor for some time, and in our ERROR_QA for our
> builds, and has caught a number of issues for us.
>
> Signed-off-by: Christopher Larson <chris_larson@mentor.com>
> ---
>   meta/classes/insane.bbclass | 32 ++++++++++++++++++++++++++++++--
>   1 file changed, 30 insertions(+), 2 deletions(-)
>
> diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
> index cd773b7..aec9800 100644
> --- a/meta/classes/insane.bbclass
> +++ b/meta/classes/insane.bbclass
> @@ -31,14 +31,14 @@ WARN_QA ?= "ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi \
>               installed-vs-shipped compile-host-path install-host-path \
>               pn-overrides infodir build-deps file-rdeps \
>               unknown-configure-option symlink-to-sysroot multilib \
> -            invalid-pkgconfig \
> +            invalid-pkgconfig host-user-contaminated \
>               "
>   ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \
>               perms dep-cmp pkgvarcheck perm-config perm-line perm-link \
>               split-strip packages-list pkgv-undefined var-undefined \
>               version-going-backwards expanded-d \
>               "
> -FAKEROOT_QA = ""
> +FAKEROOT_QA = "host-user-contaminated"
>   FAKEROOT_QA[doc] = "QA tests which need to run under fakeroot. If any \
>   enabled tests are listed here, the do_package_qa task will run under fakeroot."
>
> @@ -950,6 +950,34 @@ def package_qa_check_expanded_d(path,name,d,elf,messages):
>                           sane = False
>       return sane
>
> +HOST_USER_UID := "${@os.getuid()}"
> +HOST_USER_GID := "${@os.getgid()}"
> +
> +QAPATHTEST[host-user-contaminated] = "package_qa_check_host_user"
> +def package_qa_check_host_user(path, name, d, elf, messages):
> +    """Check for paths outside of /home which are owned by the user running bitbake."""
> +
> +    if not os.path.lexists(path):
> +        return
> +
> +    check_uid = int(d.getVar('HOST_USER_UID', True))
> +    check_gid = int(d.getVar('HOST_USER_GID', True))
> +
> +    dest = d.getVar('PKGDEST', True)
> +    home = os.path.join(dest, 'home')
> +    if path == home or path.startswith(home + os.sep):
> +        return
> +
> +    stat = os.lstat(path)
> +    if stat.st_uid == check_uid:
> +        messages["host-user-contaminated"] = "%s is owned by uid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_uid)
> +        return False
> +
> +    if stat.st_gid == check_gid:
> +        messages["host-user-contaminated"] = "%s is owned by gid %d, which is the same as the user running bitbake. This may be due to host contamination" % (path, check_gid)
> +        return False
> +    return True
> +
>   # The PACKAGE FUNC to scan each package
>   python do_package_qa () {
>       import subprocess
>