From: Olaf Mandel <o.mandel@menlosystems.com>
To: bitbake-devel@lists.openembedded.org
Cc: Olaf Mandel <o.mandel@menlosystems.com>
Subject: [PATCH v2] fetch2/git: stop generated tarballs from leaking info
Date: Mon, 28 Mar 2022 19:33:31 +0200 [thread overview]
Message-ID: <20220328173331.960896-1-o.mandel@menlosystems.com> (raw)
In-Reply-To: <20220324164759.4097867-1-o.mandel@menlosystems.com>
When using BB_GENERATE_MIRROR_TARBALLS="1" to generate mirror tarballs
of git repositories, they leaked local information: username, group and
time of the last fetch. Remove all these by setting fixed information:
* uname = pokybuild (6000)
* gname = users (100)
* mtime = committer time of newest commit in repo
The username and group value were taken from the archives available on
the downloads.yoctoproject.org mirror. The modification time is chosen
so it still retains some relationship to the contents of the archive.
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
---
lib/bb/fetch2/git.py | 5 ++++-
lib/bb/tests/fetch.py | 30 ++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/lib/bb/fetch2/git.py b/lib/bb/fetch2/git.py
index f6f6b63a..ac3fd7ce 100644
--- a/lib/bb/fetch2/git.py
+++ b/lib/bb/fetch2/git.py
@@ -448,7 +448,10 @@ class Git(FetchMethod):
logger.info("Creating tarball of git repository")
with create_atomic(ud.fullmirror) as tfile:
- runfetchcmd("tar -czf %s ." % tfile, d, workdir=ud.clonedir)
+ mtime = runfetchcmd("git log --all -1 --format=%cD", d,
+ quiet=True, workdir=ud.clonedir)
+ runfetchcmd("tar -czf %s --owner pokybuild --group users --mtime \"%s\" ."
+ % (tfile, mtime), d, workdir=ud.clonedir)
runfetchcmd("touch %s.done" % ud.fullmirror, d)
def clone_shallow_local(self, ud, dest, d):
diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
index 301c4683..0f066394 100644
--- a/lib/bb/tests/fetch.py
+++ b/lib/bb/tests/fetch.py
@@ -11,6 +11,7 @@ import hashlib
import tempfile
import collections
import os
+import tarfile
from bb.fetch2 import URI
from bb.fetch2 import FetchMethod
import bb
@@ -584,6 +585,35 @@ class GitShallowTarballNamingTest(FetcherTest):
self.assertIn(self.mirror_tarball, dir)
+class CleanTarballTest(FetcherTest):
+ def setUp(self):
+ super(CleanTarballTest, self).setUp()
+ self.recipe_url = "git://git.openembedded.org/bitbake"
+ self.recipe_tarball = "git2_git.openembedded.org.bitbake.tar.gz"
+
+ self.d.setVar('BB_GENERATE_MIRROR_TARBALLS', '1')
+ self.d.setVar('SRCREV', '82ea737a0b42a8b53e11c9cde141e9e9c0bd8c40')
+
+ @skipIfNoNetwork()
+ def test_that_the_tarball_contents_does_not_leak_info(self):
+ fetcher = bb.fetch.Fetch([self.recipe_url], self.d)
+
+ fetcher.download()
+
+ fetcher.unpack(self.unpackdir)
+ mtime = bb.process.run('git log --all -1 --format=%ct',
+ cwd=os.path.join(self.unpackdir, 'git'))
+ self.assertEqual(len(mtime), 2)
+ mtime = int(mtime[0])
+
+ archive = tarfile.open(os.path.join(self.dldir, self.recipe_tarball))
+ self.assertNotEqual(len(archive.members), 0)
+ for member in archive.members:
+ self.assertEqual(member.uname, 'pokybuild')
+ self.assertEqual(member.gname, 'users')
+ self.assertEqual(member.mtime, mtime)
+
+
class FetcherLocalTest(FetcherTest):
def setUp(self):
def touch(fn):
--
2.25.1
next prev parent reply other threads:[~2022-03-28 17:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-24 16:47 [PATCH] fetch2/git: stop generated tarballs from leaking info Olaf Mandel
2022-03-28 17:33 ` Olaf Mandel [this message]
2022-03-28 17:36 ` [PATCH v3] " Olaf Mandel
2022-04-05 11:38 ` Olaf Mandel
2022-04-05 13:19 ` [bitbake-devel] " Alexandre Belloni
2022-04-05 14:29 ` Richard Purdie
2022-04-08 14:50 ` [PATCH] fetch2/git: canonicalize ids in generated tarballs Olaf Mandel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328173331.960896-1-o.mandel@menlosystems.com \
--to=o.mandel@menlosystems.com \
--cc=bitbake-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.