* [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID
@ 2022-04-19 15:47 Devarsh Thakkar
2022-04-19 23:34 ` Nishanth Menon
0 siblings, 1 reply; 4+ messages in thread
From: Devarsh Thakkar @ 2022-04-19 15:47 UTC (permalink / raw)
To: meta-ti, praneeth
Cc: nikhil.nd, nsekhar, devarsht, vigneshr, Ryan Eatmon, a-m1, nm
Due to recent security update in git, we are
not able to fetch revision currently using existing method:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
So instead, use the SRCREV to parse the short commit ID
and set the UBOOT_LOCALVERSION variable.
Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
---
recipes-bsp/u-boot/u-boot-ti.inc | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/recipes-bsp/u-boot/u-boot-ti.inc b/recipes-bsp/u-boot/u-boot-ti.inc
index 231b7647..cc775e2e 100644
--- a/recipes-bsp/u-boot/u-boot-ti.inc
+++ b/recipes-bsp/u-boot/u-boot-ti.inc
@@ -1,14 +1,6 @@
# UBOOT_LOCALVERSION can be set to add a tag to the end of the
# U-boot version string. such as the commit id
-def get_git_revision(p):
- import subprocess
-
- try:
- return subprocess.Popen("git rev-parse HEAD 2>/dev/null ", cwd=p, shell=True, stdout=subprocess.PIPE, universal_newlines=True).communicate()[0].rstrip()
- except OSError:
- return None
-
-UBOOT_LOCALVERSION = "-g${@get_git_revision('${S}').__str__()[:10]}"
+UBOOT_LOCALVERSION = "-g${@d.getVar("SRCREV", False).__str__()[:10]}"
UBOOT_SUFFIX ?= "img"
SPL_BINARY ?= "MLO"
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID
2022-04-19 15:47 [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID Devarsh Thakkar
@ 2022-04-19 23:34 ` Nishanth Menon
2022-04-27 14:20 ` Devarsh Thakkar
0 siblings, 1 reply; 4+ messages in thread
From: Nishanth Menon @ 2022-04-19 23:34 UTC (permalink / raw)
To: Devarsh Thakkar
Cc: meta-ti, praneeth, nikhil.nd, nsekhar, vigneshr, Ryan Eatmon, a-m1
On 21:17-20220419, Devarsh Thakkar wrote:
> Due to recent security update in git, we are
> not able to fetch revision currently using existing method:
> https://github.blog/2022-04-12-git-security-vulnerability-announced/
>
> So instead, use the SRCREV to parse the short commit ID
> and set the UBOOT_LOCALVERSION variable.
>
> Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
> ---
> recipes-bsp/u-boot/u-boot-ti.inc | 10 +---------
> 1 file changed, 1 insertion(+), 9 deletions(-)
>
> diff --git a/recipes-bsp/u-boot/u-boot-ti.inc b/recipes-bsp/u-boot/u-boot-ti.inc
> index 231b7647..cc775e2e 100644
> --- a/recipes-bsp/u-boot/u-boot-ti.inc
> +++ b/recipes-bsp/u-boot/u-boot-ti.inc
> @@ -1,14 +1,6 @@
> # UBOOT_LOCALVERSION can be set to add a tag to the end of the
> # U-boot version string. such as the commit id
> -def get_git_revision(p):
> - import subprocess
> -
> - try:
> - return subprocess.Popen("git rev-parse HEAD 2>/dev/null ", cwd=p, shell=True, stdout=subprocess.PIPE, universal_newlines=True).communicate()[0].rstrip()
I see a similar logic in
recipes-kernel/linux/setup-defconfig.inc as well.
Considering similar problem
https://lore.kernel.org/all/20220413155249.3458236-2-raj.khem@gmail.com/
was wondering as to what might be a better way to solve this?
There is also git rev-parse HEAD instances in oe-core as well and
bitbake(lib/layerindexlib/cooker.py) as well.
I wonder since we know cwd=p, could we use that to set
https://git-scm.com/docs/git/2.35.2#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode
(which if my understanding is right, came in around v1.5.5.1-319-g0454dd93bfb2)
OR maybe just set it to the base conf similar to what was done on
master oe-core/meta/conf/bitbake.conf (commit
02ecf3e2a98a614805f6f2574c2bf14162192d01 "bitbake.conf: Prevent git from
detecting parent repo in recipe")?
I am not sure if we should considering just side stepping this issue via
just not using the git to get the version string.. just my 2 cents.
> - except OSError:
> - return None
> -
> -UBOOT_LOCALVERSION = "-g${@get_git_revision('${S}').__str__()[:10]}"
> +UBOOT_LOCALVERSION = "-g${@d.getVar("SRCREV", False).__str__()[:10]}"
>
> UBOOT_SUFFIX ?= "img"
> SPL_BINARY ?= "MLO"
> --
> 2.17.1
>
--
Regards,
Nishanth Menon
Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID
2022-04-19 23:34 ` Nishanth Menon
@ 2022-04-27 14:20 ` Devarsh Thakkar
2022-04-27 14:43 ` Denys Dmytriyenko
0 siblings, 1 reply; 4+ messages in thread
From: Devarsh Thakkar @ 2022-04-27 14:20 UTC (permalink / raw)
To: Nishanth Menon
Cc: meta-ti, praneeth, nikhil.nd, nsekhar, vigneshr, Ryan Eatmon, a-m1
On 20/04/22 05:04, Nishanth Menon wrote:
> On 21:17-20220419, Devarsh Thakkar wrote:
>> Due to recent security update in git, we are
>> not able to fetch revision currently using existing method:
>> https://github.blog/2022-04-12-git-security-vulnerability-announced/
>>
>> So instead, use the SRCREV to parse the short commit ID
>> and set the UBOOT_LOCALVERSION variable.
>>
>> Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
>> ---
>> recipes-bsp/u-boot/u-boot-ti.inc | 10 +---------
>> 1 file changed, 1 insertion(+), 9 deletions(-)
>>
>> diff --git a/recipes-bsp/u-boot/u-boot-ti.inc b/recipes-bsp/u-boot/u-boot-ti.inc
>> index 231b7647..cc775e2e 100644
>> --- a/recipes-bsp/u-boot/u-boot-ti.inc
>> +++ b/recipes-bsp/u-boot/u-boot-ti.inc
>> @@ -1,14 +1,6 @@
>> # UBOOT_LOCALVERSION can be set to add a tag to the end of the
>> # U-boot version string. such as the commit id
>> -def get_git_revision(p):
>> - import subprocess
>> -
>> - try:
>> - return subprocess.Popen("git rev-parse HEAD 2>/dev/null ", cwd=p, shell=True, stdout=subprocess.PIPE, universal_newlines=True).communicate()[0].rstrip()
>
> I see a similar logic in
> recipes-kernel/linux/setup-defconfig.inc as well.
>
> Considering similar problem
>
> https://lore.kernel.org/all/20220413155249.3458236-2-raj.khem@gmail.com/
>
> was wondering as to what might be a better way to solve this?
>
> There is also git rev-parse HEAD instances in oe-core as well and
> bitbake(lib/layerindexlib/cooker.py) as well.
>
> I wonder since we know cwd=p, could we use that to set
> https://git-scm.com/docs/git/2.35.2#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode
> (which if my understanding is right, came in around v1.5.5.1-319-g0454dd93bfb2)
>
> OR maybe just set it to the base conf similar to what was done on
> master oe-core/meta/conf/bitbake.conf (commit
> 02ecf3e2a98a614805f6f2574c2bf14162192d01 "bitbake.conf: Prevent git from
> detecting parent repo in recipe")?
>
> I am not sure if we should considering just side stepping this issue via
> just not using the git to get the version string.. just my 2 cents.
My top level understanding was the security update was suggesting to avoid
doing what we were doing already i.e. calling git from
a sub-process through a recipe due to security concerns and so avoided
using git
and also I think below change also achieves same what was achieved
before with SRCREV, I have
similar fix on the kernel bb too which was failing with same error.
>> - except OSError:
>> - return None
>> -
>> -UBOOT_LOCALVERSION = "-g${@get_git_revision('${S}').__str__()[:10]}"
>> +UBOOT_LOCALVERSION = "-g${@d.getVar("SRCREV", False).__str__()[:10]}"
>>
>> UBOOT_SUFFIX ?= "img"
>> SPL_BINARY ?= "MLO"
>> --
>> 2.17.1
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID
2022-04-27 14:20 ` Devarsh Thakkar
@ 2022-04-27 14:43 ` Denys Dmytriyenko
0 siblings, 0 replies; 4+ messages in thread
From: Denys Dmytriyenko @ 2022-04-27 14:43 UTC (permalink / raw)
To: devarsht
Cc: Nishanth Menon, meta-ti, praneeth, nikhil.nd, nsekhar, vigneshr,
Ryan Eatmon, a-m1
On Wed, Apr 27, 2022 at 07:50:13PM +0530, Devarsh Thakkar via lists.yoctoproject.org wrote:
>
> On 20/04/22 05:04, Nishanth Menon wrote:
> > On 21:17-20220419, Devarsh Thakkar wrote:
> >> Due to recent security update in git, we are
> >> not able to fetch revision currently using existing method:
> >> https://github.blog/2022-04-12-git-security-vulnerability-announced/
> >>
> >> So instead, use the SRCREV to parse the short commit ID
> >> and set the UBOOT_LOCALVERSION variable.
> >>
> >> Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
> >> ---
> >> recipes-bsp/u-boot/u-boot-ti.inc | 10 +---------
> >> 1 file changed, 1 insertion(+), 9 deletions(-)
> >>
> >> diff --git a/recipes-bsp/u-boot/u-boot-ti.inc b/recipes-bsp/u-boot/u-boot-ti.inc
> >> index 231b7647..cc775e2e 100644
> >> --- a/recipes-bsp/u-boot/u-boot-ti.inc
> >> +++ b/recipes-bsp/u-boot/u-boot-ti.inc
> >> @@ -1,14 +1,6 @@
> >> # UBOOT_LOCALVERSION can be set to add a tag to the end of the
> >> # U-boot version string. such as the commit id
> >> -def get_git_revision(p):
> >> - import subprocess
> >> -
> >> - try:
> >> - return subprocess.Popen("git rev-parse HEAD 2>/dev/null ", cwd=p, shell=True, stdout=subprocess.PIPE, universal_newlines=True).communicate()[0].rstrip()
> >
> > I see a similar logic in
> > recipes-kernel/linux/setup-defconfig.inc as well.
> >
> > Considering similar problem
> >
> > https://lore.kernel.org/all/20220413155249.3458236-2-raj.khem@gmail.com/
> >
> > was wondering as to what might be a better way to solve this?
> >
> > There is also git rev-parse HEAD instances in oe-core as well and
> > bitbake(lib/layerindexlib/cooker.py) as well.
> >
> > I wonder since we know cwd=p, could we use that to set
> > https://git-scm.com/docs/git/2.35.2#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode
> > (which if my understanding is right, came in around v1.5.5.1-319-g0454dd93bfb2)
> >
> > OR maybe just set it to the base conf similar to what was done on
> > master oe-core/meta/conf/bitbake.conf (commit
> > 02ecf3e2a98a614805f6f2574c2bf14162192d01 "bitbake.conf: Prevent git from
> > detecting parent repo in recipe")?
> >
> > I am not sure if we should considering just side stepping this issue via
> > just not using the git to get the version string.. just my 2 cents.
>
> My top level understanding was the security update was suggesting to avoid
>
> doing what we were doing already i.e. calling git from
>
> a sub-process through a recipe due to security concerns and so avoided
> using git
>
> and also I think below change also achieves same what was achieved
> before with SRCREV, I have
>
> similar fix on the kernel bb too which was failing with same error.
>
> >> - except OSError:
> >> - return None
> >> -
> >> -UBOOT_LOCALVERSION = "-g${@get_git_revision('${S}').__str__()[:10]}"
> >> +UBOOT_LOCALVERSION = "-g${@d.getVar("SRCREV", False).__str__()[:10]}"
You should probably use SRCPV here to also work with AUTOREV.
> >> UBOOT_SUFFIX ?= "img"
> >> SPL_BINARY ?= "MLO"
> >> --
> >> 2.17.1
> >>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-27 14:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-19 15:47 [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID Devarsh Thakkar
2022-04-19 23:34 ` Nishanth Menon
2022-04-27 14:20 ` Devarsh Thakkar
2022-04-27 14:43 ` Denys Dmytriyenko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).