I think this is the right way to go. To me, it seems equally easy to
subvert both forms, but with this one, the abuse can be easily seen and
exposed as such.

Alex

On Sat, 8 Jan 2022 at 00:17, Richard Purdie <
richard.purdie@linuxfoundation.org> wrote:

> On Fri, 2022-01-07 at 23:15 +0000, Richard Purdie via
> lists.openembedded.org
> wrote:
> > Use the newly added network task flag against tasks where network
> > access is expected. This is do_fetch, do_checkuri, do_testimage,
> do_testsdk
> > and do_testsdkext.
> >
> > We can't disable networking in sstate tasks due to sstate downloads and
> > also so we can report hash equivalence to the server so network access
> > is enabled in sstate tasks.
> >
> > Access within build-appliance do_image is also allowed due to the use
> > of pip, this is a poor example made rather obvious now and needs to be
> reworked.
> >
> > Network access anywhere else in any other task isn't allowed.
> >
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > ---
> >  meta/classes/base.bbclass                                | 1 +
> >  meta/classes/sstate.bbclass                              | 2 ++
> >  meta/classes/testimage.bbclass                           | 1 +
> >  meta/classes/testsdk.bbclass                             | 2 ++
> >  meta/classes/utility-tasks.bbclass                       | 1 +
> >  meta/recipes-core/images/build-appliance-image_15.0.0.bb | 2 ++
> >  6 files changed, 9 insertions(+)
>
> This patch (and corresponding bitbake patches) does the opposite of the
> previous
> version, it uses a network flag which allows network access in a task and
> network access is otherwise disabled. I've shared it since several people
> requested this form of patch instead of the other.
>
> I think this version may be easier to "abuse". It does highlight the
> rather poor
> design choices to support toaster in build-appliance.
>
> Cheers,
>
> Richard
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#160272):
> https://lists.openembedded.org/g/openembedded-core/message/160272
> Mute This Topic: https://lists.openembedded.org/mt/88273730/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>