* [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u'
@ 2025-09-05 12:34 haixiao.yan.cn
2025-09-09 14:16 ` Mathieu Dubois-Briand
0 siblings, 1 reply; 5+ messages in thread
From: haixiao.yan.cn @ 2025-09-05 12:34 UTC (permalink / raw)
To: openembedded-core
From: Haixiao Yan <haixiao.yan.cn@windriver.com>
When Bash runs with 'set -u' (nounset), accessing an unset variable
directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable"
error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR
is never triggered and the script aborts.
The current code assumes these variables may be unset or empty, but does
not guard against 'set -u'. This breaks builds in stricter shell
environments or when users explicitly enable 'set -u'.
Fix this by using parameter expansion with a default value, e.g.
"${SSL_CERT_FILE:-}", so that unset variables are treated as empty
strings. This preserves the intended logic (respect host env first, then
CAFILE/CAPATH, then buildtools defaults) and makes the script robust
under 'set -u'.
Note: environment.d-curl.sh, environment.d-python3-requests.sh,
and environment.d-git.sh have the same issue and should be fixed
similarly.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
---
.../openssl/files/environment.d-openssl.sh | 10 ++++++----
meta/recipes-devtools/git/git/environment.d-git.sh | 10 ++++++----
.../python3-requests/environment.d-python3-requests.sh | 6 ++++--
meta/recipes-support/curl/curl/environment.d-curl.sh | 10 ++++++----
4 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index c635be8acab3..292ec38ff721 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1,19 +1,21 @@
+set -eu
+
export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools
# CAFILE/CAPATH is auto-deteced when source buildtools
-if [ -z "$SSL_CERT_FILE" ]; then
- if [ -n "$CAFILE" ];then
+if [ -z "${SSL_CERT_FILE:-}" ]; then
+ if [ -n "${CAFILE:-}" ];then
export SSL_CERT_FILE="$CAFILE"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
fi
fi
-if [ -z "$SSL_CERT_DIR" ]; then
- if [ -n "$CAPATH" ];then
+if [ -z "${SSL_CERT_DIR:-}" ]; then
+ if [ -n "${CAPATH:-}" ];then
export SSL_CERT_DIR="$CAPATH"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh
index 9c7b5a92512a..1b7395b15aca 100644
--- a/meta/recipes-devtools/git/git/environment.d-git.sh
+++ b/meta/recipes-devtools/git/git/environment.d-git.sh
@@ -1,15 +1,17 @@
+set -eu
+
# Respect host env GIT_SSL_CAINFO/GIT_SSL_CAPATH first, then auto-detected host cert, then cert in buildtools
# CAFILE/CAPATH is auto-deteced when source buildtools
-if [ -z "$GIT_SSL_CAINFO" ]; then
- if [ -n "$CAFILE" ];then
+if [ -z "${GIT_SSL_CAINFO:-}" ]; then
+ if [ -n "${CAFILE:-}" ];then
export GIT_SSL_CAINFO="$CAFILE"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
fi
fi
-if [ -z "$GIT_SSL_CAPATH" ]; then
- if [ -n "$CAPATH" ];then
+if [ -z "${GIT_SSL_CAPATH:-}" ]; then
+ if [ -n "${CAPATH:-}" ];then
export GIT_SSL_CAPATH="$CAPATH"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export GIT_SSL_CAPATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs"
diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
index 492177a9c377..f86027aadfa5 100644
--- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
+++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
@@ -1,7 +1,9 @@
+set -eu
+
# Respect host env REQUESTS_CA_BUNDLE first, then auto-detected host cert, then cert in buildtools
# CAFILE/CAPATH is auto-deteced when source buildtools
-if [ -z "$REQUESTS_CA_BUNDLE" ]; then
- if [ -n "$CAFILE" ];then
+if [ -z "${REQUESTS_CA_BUNDLE:-}" ]; then
+ if [ -n "${CAFILE:-}" ];then
export REQUESTS_CA_BUNDLE="$CAFILE"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh
index 7c2971b3dad1..02329ba8426a 100644
--- a/meta/recipes-support/curl/curl/environment.d-curl.sh
+++ b/meta/recipes-support/curl/curl/environment.d-curl.sh
@@ -1,15 +1,17 @@
+set -eu
+
# Respect host env CURL_CA_BUNDLE/CURL_CA_PATH first, then auto-detected host cert, then cert in buildtools
# CAFILE/CAPATH is auto-deteced when source buildtools
-if [ -z "$CURL_CA_PATH" ]; then
- if [ -n "$CAFILE" ];then
+if [ -z "${CURL_CA_PATH:-}" ]; then
+ if [ -n "${CAFILE:-}" ];then
export CURL_CA_BUNDLE="$CAFILE"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
fi
fi
-if [ -z "$CURL_CA_PATH" ]; then
- if [ -n "$CAPATH" ];then
+if [ -z "${CURL_CA_PATH:-}" ]; then
+ if [ -n "${CAPATH:-}" ];then
export CURL_CA_PATH="$CAPATH"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export CURL_CA_PATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs"
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u' 2025-09-05 12:34 [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u' haixiao.yan.cn @ 2025-09-09 14:16 ` Mathieu Dubois-Briand 2025-09-10 8:52 ` Haixiao Yan 0 siblings, 1 reply; 5+ messages in thread From: Mathieu Dubois-Briand @ 2025-09-09 14:16 UTC (permalink / raw) To: Haixiao.Yan.CN, openembedded-core On Fri Sep 5, 2025 at 2:34 PM CEST, Haixiao (CN) via lists.openembedded.org Yan wrote: > From: Haixiao Yan <haixiao.yan.cn@windriver.com> > > When Bash runs with 'set -u' (nounset), accessing an unset variable > directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable" > error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR > is never triggered and the script aborts. > > The current code assumes these variables may be unset or empty, but does > not guard against 'set -u'. This breaks builds in stricter shell > environments or when users explicitly enable 'set -u'. > > Fix this by using parameter expansion with a default value, e.g. > "${SSL_CERT_FILE:-}", so that unset variables are treated as empty > strings. This preserves the intended logic (respect host env first, then > CAFILE/CAPATH, then buildtools defaults) and makes the script robust > under 'set -u'. > > Note: environment.d-curl.sh, environment.d-python3-requests.sh, > and environment.d-git.sh have the same issue and should be fixed > similarly. > > Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> > --- Hi Haixiao, Thanks for your patch. It looks like this is leading to failed SDK installations in some cases, as some other variables are undefined: ERROR: core-image-sato-1.0-r0 do_testsdkext: Couldn't install the extensible SDK: Poky (Yocto Project Reference Distro) Extensible SDK installer version 5.2.99+snapshot ====================================================================================== You are about to install the SDK to "/srv/pokybuild/yocto-worker/qemuarm64-armhost/build/build/tmp/work/qemuarm64-poky-linux/core-image-sato/1.0/testsdkext". Proceed [Y/n]? Y Extracting SDK................................................done Setting it up... Extracting buildtools... Preparing build system... Contents of preparing_build_system.log: sh: 17: /srv/pokybuild/yocto-worker/qemuarm64-armhost/build/build/tmp/work/qemuarm64-poky-linux/core-image-sato/1.0/testsdkext/layers/build/oe-init-build-env: BASH_SOURCE: parameter not set https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/2375 https://autobuilder.yoctoproject.org/valkyrie/#/builders/36/builds/2346 https://autobuilder.yoctoproject.org/valkyrie/#/builders/80/builds/2197 SDK testing environment: x86_64-pokysdk-linux Traceback (most recent call last): File "/srv/pokybuild/yocto-worker/buildtools/build/meta/lib/oeqa/buildtools/cases/build.py", line 21, in test_libc self._run('. %s/oe-init-build-env %s' % (corebase, testdir)) File "/srv/pokybuild/yocto-worker/buildtools/build/meta/lib/oeqa/sdk/case.py", line 17, in _run return subprocess.check_output(". %s > /dev/null; %s;" % \ File "/usr/lib64/python3.9/subprocess.py", line 424, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib64/python3.9/subprocess.py", line 528, in run raise CalledProcessError(retcode, process.args, oeqa.utils.subprocesstweak.OETestCalledProcessError: Command '. /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage-sdk/environment-setup-x86_64-pokysdk-linux > /dev/null; . /srv/pokybuild/yocto-worker/buildtools/build/oe-init-build-env /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage-sdk/bitbake-build-vbmlrryg;' returned non-zero exit status 1. Standard Output: /srv/pokybuild/yocto-worker/buildtools/build/oe-init-build-env: line 29: BBSERVER: unbound variable https://autobuilder.yoctoproject.org/valkyrie/#/builders/43/builds/2371 Can you fix these failures please? Thanks, Mathieu -- Mathieu Dubois-Briand, Bootlin Embedded Linux and Kernel engineering https://bootlin.com ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u' 2025-09-09 14:16 ` Mathieu Dubois-Briand @ 2025-09-10 8:52 ` Haixiao Yan 2025-09-11 13:28 ` Andreas Helbech Kleist 0 siblings, 1 reply; 5+ messages in thread From: Haixiao Yan @ 2025-09-10 8:52 UTC (permalink / raw) To: Mathieu Dubois-Briand, openembedded-core On 2025/9/9 22:16, Mathieu Dubois-Briand wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > On Fri Sep 5, 2025 at 2:34 PM CEST, Haixiao (CN) via lists.openembedded.org Yan wrote: >> From: Haixiao Yan <haixiao.yan.cn@windriver.com> >> >> When Bash runs with 'set -u' (nounset), accessing an unset variable >> directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable" >> error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR >> is never triggered and the script aborts. >> >> The current code assumes these variables may be unset or empty, but does >> not guard against 'set -u'. This breaks builds in stricter shell >> environments or when users explicitly enable 'set -u'. >> >> Fix this by using parameter expansion with a default value, e.g. >> "${SSL_CERT_FILE:-}", so that unset variables are treated as empty >> strings. This preserves the intended logic (respect host env first, then >> CAFILE/CAPATH, then buildtools defaults) and makes the script robust >> under 'set -u'. >> >> Note: environment.d-curl.sh, environment.d-python3-requests.sh, >> and environment.d-git.sh have the same issue and should be fixed >> similarly. >> >> Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> >> --- > Hi Haixiao, > > Thanks for your patch. > > It looks like this is leading to failed SDK installations in some cases, > as some other variables are undefined: > > ERROR: core-image-sato-1.0-r0 do_testsdkext: Couldn't install the extensible SDK: > Poky (Yocto Project Reference Distro) Extensible SDK installer version 5.2.99+snapshot > ====================================================================================== > You are about to install the SDK to "/srv/pokybuild/yocto-worker/qemuarm64-armhost/build/build/tmp/work/qemuarm64-poky-linux/core-image-sato/1.0/testsdkext". Proceed [Y/n]? Y > Extracting SDK................................................done > Setting it up... > Extracting buildtools... > Preparing build system... > > > Contents of preparing_build_system.log: > sh: 17: /srv/pokybuild/yocto-worker/qemuarm64-armhost/build/build/tmp/work/qemuarm64-poky-linux/core-image-sato/1.0/testsdkext/layers/build/oe-init-build-env: BASH_SOURCE: parameter not set > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/2375 > https://autobuilder.yoctoproject.org/valkyrie/#/builders/36/builds/2346 > https://autobuilder.yoctoproject.org/valkyrie/#/builders/80/builds/2197 > > > SDK testing environment: x86_64-pokysdk-linux > Traceback (most recent call last): > File "/srv/pokybuild/yocto-worker/buildtools/build/meta/lib/oeqa/buildtools/cases/build.py", line 21, in test_libc > self._run('. %s/oe-init-build-env %s' % (corebase, testdir)) > File "/srv/pokybuild/yocto-worker/buildtools/build/meta/lib/oeqa/sdk/case.py", line 17, in _run > return subprocess.check_output(". %s > /dev/null; %s;" % \ > File "/usr/lib64/python3.9/subprocess.py", line 424, in check_output > return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, > File "/usr/lib64/python3.9/subprocess.py", line 528, in run > raise CalledProcessError(retcode, process.args, > oeqa.utils.subprocesstweak.OETestCalledProcessError: Command '. /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage-sdk/environment-setup-x86_64-pokysdk-linux > /dev/null; . /srv/pokybuild/yocto-worker/buildtools/build/oe-init-build-env /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage-sdk/bitbake-build-vbmlrryg;' returned non-zero exit status 1. > Standard Output: /srv/pokybuild/yocto-worker/buildtools/build/oe-init-build-env: line 29: BBSERVER: unbound variable > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/43/builds/2371 > > > Can you fix these failures please? Remove 'set -eu' to avoid propagating strict mode to other environment.d scripts. Sent v3. Thanks, Haixiao > > Thanks, > Mathieu > > -- > Mathieu Dubois-Briand, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u' 2025-09-10 8:52 ` Haixiao Yan @ 2025-09-11 13:28 ` Andreas Helbech Kleist 2025-09-12 2:02 ` Yan, Haixiao (CN) 0 siblings, 1 reply; 5+ messages in thread From: Andreas Helbech Kleist @ 2025-09-11 13:28 UTC (permalink / raw) To: Haixiao.Yan.CN, Mathieu Dubois-Briand, openembedded-core Hi Haixiao, On Wed, 2025-09-10 at 16:52 +0800, Yan, Haixiao (CN) via lists.openembedded.org wrote: > > On 2025/9/9 22:16, Mathieu Dubois-Briand wrote: > > CAUTION: This email comes from a non Wind River email account! > > Do not click links or open attachments unless you recognize the > > sender and know the content is safe. > > > > On Fri Sep 5, 2025 at 2:34 PM CEST, Haixiao (CN) via > > lists.openembedded.org Yan wrote: > > > From: Haixiao Yan <haixiao.yan.cn@windriver.com> > > > > > > When Bash runs with 'set -u' (nounset), accessing an unset > > > variable > > > directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound > > > variable" > > > error. As a result, the fallback logic to set > > > SSL_CERT_FILE/SSL_CERT_DIR > > > is never triggered and the script aborts. > > > > > > The current code assumes these variables may be unset or empty, > > > but does > > > not guard against 'set -u'. This breaks builds in stricter shell > > > environments or when users explicitly enable 'set -u'. Thank you for working on this. We just ran into this issue after a small upgrade in the scarthgap branch, so I'm hoping this will also be backported to scarthgap. > > > > > > Fix this by using parameter expansion with a default value, e.g. > > > "${SSL_CERT_FILE:-}", so that unset variables are treated as > > > empty > > > strings. This preserves the intended logic (respect host env > > > first, then > > > CAFILE/CAPATH, then buildtools defaults) and makes the script > > > robust > > > under 'set -u'. > > > > > > Note: environment.d-curl.sh, environment.d-python3-requests.sh, > > > and environment.d-git.sh have the same issue and should be fixed > > > similarly. The patch title doesn't mention these changes. I don't know if changing the title or splitting the patches would be the preferred approach? > > > > > > Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> > > > --- > > Hi Haixiao, > > > > Thanks for your patch. > > > > It looks like this is leading to failed SDK installations in some > > cases, > > as some other variables are undefined: > > > > ERROR: core-image-sato-1.0-r0 do_testsdkext: Couldn't install the > > extensible SDK: > > Poky (Yocto Project Reference Distro) Extensible SDK installer > > version 5.2.99+snapshot > > =================================================================== > > =================== > > You are about to install the SDK to "/srv/pokybuild/yocto- > > worker/qemuarm64-armhost/build/build/tmp/work/qemuarm64-poky- > > linux/core-image-sato/1.0/testsdkext". Proceed [Y/n]? Y > > Extracting SDK................................................done > > Setting it up... > > Extracting buildtools... > > Preparing build system... > > > > > > Contents of preparing_build_system.log: > > sh: 17: /srv/pokybuild/yocto-worker/qemuarm64- > > armhost/build/build/tmp/work/qemuarm64-poky-linux/core-image- > > sato/1.0/testsdkext/layers/build/oe-init-build-env: BASH_SOURCE: > > parameter not set > > > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/2375 > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/36/builds/2346 > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/80/builds/2197 > > > > > > SDK testing environment: x86_64-pokysdk-linux > > Traceback (most recent call last): > > File "/srv/pokybuild/yocto- > > worker/buildtools/build/meta/lib/oeqa/buildtools/cases/build.py", > > line 21, in test_libc > > self._run('. %s/oe-init-build-env %s' % (corebase, testdir)) > > File "/srv/pokybuild/yocto- > > worker/buildtools/build/meta/lib/oeqa/sdk/case.py", line 17, in > > _run > > return subprocess.check_output(". %s > /dev/null; %s;" % \ > > File "/usr/lib64/python3.9/subprocess.py", line 424, in > > check_output > > return run(*popenargs, stdout=PIPE, timeout=timeout, > > check=True, > > File "/usr/lib64/python3.9/subprocess.py", line 528, in run > > raise CalledProcessError(retcode, process.args, > > oeqa.utils.subprocesstweak.OETestCalledProcessError: Command '. > > /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64- > > nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage- > > sdk/environment-setup-x86_64-pokysdk-linux > /dev/null; . > > /srv/pokybuild/yocto-worker/buildtools/build/oe-init-build-env > > /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64- > > nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage- > > sdk/bitbake-build-vbmlrryg;' returned non-zero exit status 1. > > Standard Output: /srv/pokybuild/yocto-worker/buildtools/build/oe- > > init-build-env: line 29: BBSERVER: unbound variable > > > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/43/builds/2371 > > > > > > Can you fix these failures please? > > Remove 'set -eu' to avoid propagating strict mode to other > environment.d > scripts. Instead of using 'set -eu' in each script, which as can be seen above doesn't work, I'd suggest adding a test case that sources the environment-setup-* from a shell with 'set -eu' called. > > Sent v3. > > Thanks, > > Haixiao > > > > > Thanks, > > Mathieu > > > > -- > > Mathieu Dubois-Briand, Bootlin > > Embedded Linux and Kernel engineering > > https://bootlin.com > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#223151): > https://lists.openembedded.org/g/openembedded-core/message/223151 > Mute This Topic: https://lists.openembedded.org/mt/115081014/7501392 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: > https://lists.openembedded.org/g/openembedded-core/unsub [ > andreaskleist@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u' 2025-09-11 13:28 ` Andreas Helbech Kleist @ 2025-09-12 2:02 ` Yan, Haixiao (CN) 0 siblings, 0 replies; 5+ messages in thread From: Yan, Haixiao (CN) @ 2025-09-12 2:02 UTC (permalink / raw) To: Andreas Helbech Kleist, Mathieu Dubois-Briand, openembedded-core On 9/11/2025 9:28 PM, Andreas Helbech Kleist wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > Hi Haixiao, > > On Wed, 2025-09-10 at 16:52 +0800, Yan, Haixiao (CN) via > lists.openembedded.org wrote: >> On 2025/9/9 22:16, Mathieu Dubois-Briand wrote: >>> CAUTION: This email comes from a non Wind River email account! >>> Do not click links or open attachments unless you recognize the >>> sender and know the content is safe. >>> >>> On Fri Sep 5, 2025 at 2:34 PM CEST, Haixiao (CN) via >>> lists.openembedded.org Yan wrote: >>>> From: Haixiao Yan <haixiao.yan.cn@windriver.com> >>>> >>>> When Bash runs with 'set -u' (nounset), accessing an unset >>>> variable >>>> directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound >>>> variable" >>>> error. As a result, the fallback logic to set >>>> SSL_CERT_FILE/SSL_CERT_DIR >>>> is never triggered and the script aborts. >>>> >>>> The current code assumes these variables may be unset or empty, >>>> but does >>>> not guard against 'set -u'. This breaks builds in stricter shell >>>> environments or when users explicitly enable 'set -u'. > Thank you for working on this. We just ran into this issue after a > small upgrade in the scarthgap branch, so I'm hoping this will also be > backported to scarthgap. Yes, I will handle this. >>>> Fix this by using parameter expansion with a default value, e.g. >>>> "${SSL_CERT_FILE:-}", so that unset variables are treated as >>>> empty >>>> strings. This preserves the intended logic (respect host env >>>> first, then >>>> CAFILE/CAPATH, then buildtools defaults) and makes the script >>>> robust >>>> under 'set -u'. >>>> >>>> Note: environment.d-curl.sh, environment.d-python3-requests.sh, >>>> and environment.d-git.sh have the same issue and should be fixed >>>> similarly. > The patch title doesn't mention these changes. > > I don't know if changing the title or splitting the patches would be > the preferred approach? > Change the title and sent v4. Thanks, Haixiao >>>> Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> >>>> --- >>> Hi Haixiao, >>> >>> Thanks for your patch. >>> >>> It looks like this is leading to failed SDK installations in some >>> cases, >>> as some other variables are undefined: >>> >>> ERROR: core-image-sato-1.0-r0 do_testsdkext: Couldn't install the >>> extensible SDK: >>> Poky (Yocto Project Reference Distro) Extensible SDK installer >>> version 5.2.99+snapshot >>> =================================================================== >>> =================== >>> You are about to install the SDK to "/srv/pokybuild/yocto- >>> worker/qemuarm64-armhost/build/build/tmp/work/qemuarm64-poky- >>> linux/core-image-sato/1.0/testsdkext". Proceed [Y/n]? Y >>> Extracting SDK................................................done >>> Setting it up... >>> Extracting buildtools... >>> Preparing build system... >>> >>> >>> Contents of preparing_build_system.log: >>> sh: 17: /srv/pokybuild/yocto-worker/qemuarm64- >>> armhost/build/build/tmp/work/qemuarm64-poky-linux/core-image- >>> sato/1.0/testsdkext/layers/build/oe-init-build-env: BASH_SOURCE: >>> parameter not set >>> >>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/2375 >>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/36/builds/2346 >>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/80/builds/2197 >>> >>> >>> SDK testing environment: x86_64-pokysdk-linux >>> Traceback (most recent call last): >>> File "/srv/pokybuild/yocto- >>> worker/buildtools/build/meta/lib/oeqa/buildtools/cases/build.py", >>> line 21, in test_libc >>> self._run('. %s/oe-init-build-env %s' % (corebase, testdir)) >>> File "/srv/pokybuild/yocto- >>> worker/buildtools/build/meta/lib/oeqa/sdk/case.py", line 17, in >>> _run >>> return subprocess.check_output(". %s > /dev/null; %s;" % \ >>> File "/usr/lib64/python3.9/subprocess.py", line 424, in >>> check_output >>> return run(*popenargs, stdout=PIPE, timeout=timeout, >>> check=True, >>> File "/usr/lib64/python3.9/subprocess.py", line 528, in run >>> raise CalledProcessError(retcode, process.args, >>> oeqa.utils.subprocesstweak.OETestCalledProcessError: Command '. >>> /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64- >>> nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage- >>> sdk/environment-setup-x86_64-pokysdk-linux > /dev/null; . >>> /srv/pokybuild/yocto-worker/buildtools/build/oe-init-build-env >>> /srv/pokybuild/yocto-worker/buildtools/build/build/tmp/work/x86_64- >>> nativesdk-pokysdk-linux/buildtools-tarball/1.0/testimage- >>> sdk/bitbake-build-vbmlrryg;' returned non-zero exit status 1. >>> Standard Output: /srv/pokybuild/yocto-worker/buildtools/build/oe- >>> init-build-env: line 29: BBSERVER: unbound variable >>> >>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/43/builds/2371 >>> >>> >>> Can you fix these failures please? >> Remove 'set -eu' to avoid propagating strict mode to other >> environment.d >> scripts. > Instead of using 'set -eu' in each script, which as can be seen above > doesn't work, I'd suggest adding a test case that sources the > environment-setup-* from a shell with 'set -eu' called. > > >> Sent v3. >> >> Thanks, >> >> Haixiao >> >>> Thanks, >>> Mathieu >>> >>> -- >>> Mathieu Dubois-Briand, Bootlin >>> Embedded Linux and Kernel engineering >>> https://bootlin.com >>> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#223151): >> https://lists.openembedded.org/g/openembedded-core/message/223151 >> Mute This Topic: https://lists.openembedded.org/mt/115081014/7501392 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: >> https://lists.openembedded.org/g/openembedded-core/unsub [ >> andreaskleist@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-12 2:03 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-09-05 12:34 [OE-core][PATCH v2] environment.d-openssl.sh: fix unbound variable with 'set -u' haixiao.yan.cn 2025-09-09 14:16 ` Mathieu Dubois-Briand 2025-09-10 8:52 ` Haixiao Yan 2025-09-11 13:28 ` Andreas Helbech Kleist 2025-09-12 2:02 ` Yan, Haixiao (CN)
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox