From: Devarsh Thakkar <devarsht@ti.com>
To: Nishanth Menon <nm@ti.com>
Cc: <meta-ti@lists.yoctoproject.org>, <praneeth@ti.com>,
<nikhil.nd@ti.com>, <nsekhar@ti.com>, <vigneshr@ti.com>,
Ryan Eatmon <reatmon@ti.com>, <a-m1@ti.com>
Subject: Re: [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID
Date: Wed, 27 Apr 2022 19:50:13 +0530 [thread overview]
Message-ID: <851dcd0d-5a62-bf19-2c86-f228ccccede8@ti.com> (raw)
In-Reply-To: <20220419233421.ngbixhxdyjqr7hbc@penholder>
On 20/04/22 05:04, Nishanth Menon wrote:
> On 21:17-20220419, Devarsh Thakkar wrote:
>> Due to recent security update in git, we are
>> not able to fetch revision currently using existing method:
>> https://github.blog/2022-04-12-git-security-vulnerability-announced/
>>
>> So instead, use the SRCREV to parse the short commit ID
>> and set the UBOOT_LOCALVERSION variable.
>>
>> Signed-off-by: Devarsh Thakkar <devarsht@ti.com>
>> ---
>> recipes-bsp/u-boot/u-boot-ti.inc | 10 +---------
>> 1 file changed, 1 insertion(+), 9 deletions(-)
>>
>> diff --git a/recipes-bsp/u-boot/u-boot-ti.inc b/recipes-bsp/u-boot/u-boot-ti.inc
>> index 231b7647..cc775e2e 100644
>> --- a/recipes-bsp/u-boot/u-boot-ti.inc
>> +++ b/recipes-bsp/u-boot/u-boot-ti.inc
>> @@ -1,14 +1,6 @@
>> # UBOOT_LOCALVERSION can be set to add a tag to the end of the
>> # U-boot version string. such as the commit id
>> -def get_git_revision(p):
>> - import subprocess
>> -
>> - try:
>> - return subprocess.Popen("git rev-parse HEAD 2>/dev/null ", cwd=p, shell=True, stdout=subprocess.PIPE, universal_newlines=True).communicate()[0].rstrip()
>
> I see a similar logic in
> recipes-kernel/linux/setup-defconfig.inc as well.
>
> Considering similar problem
>
> https://lore.kernel.org/all/20220413155249.3458236-2-raj.khem@gmail.com/
>
> was wondering as to what might be a better way to solve this?
>
> There is also git rev-parse HEAD instances in oe-core as well and
> bitbake(lib/layerindexlib/cooker.py) as well.
>
> I wonder since we know cwd=p, could we use that to set
> https://git-scm.com/docs/git/2.35.2#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode
> (which if my understanding is right, came in around v1.5.5.1-319-g0454dd93bfb2)
>
> OR maybe just set it to the base conf similar to what was done on
> master oe-core/meta/conf/bitbake.conf (commit
> 02ecf3e2a98a614805f6f2574c2bf14162192d01 "bitbake.conf: Prevent git from
> detecting parent repo in recipe")?
>
> I am not sure if we should considering just side stepping this issue via
> just not using the git to get the version string.. just my 2 cents.
My top level understanding was the security update was suggesting to avoid
doing what we were doing already i.e. calling git from
a sub-process through a recipe due to security concerns and so avoided
using git
and also I think below change also achieves same what was achieved
before with SRCREV, I have
similar fix on the kernel bb too which was failing with same error.
>> - except OSError:
>> - return None
>> -
>> -UBOOT_LOCALVERSION = "-g${@get_git_revision('${S}').__str__()[:10]}"
>> +UBOOT_LOCALVERSION = "-g${@d.getVar("SRCREV", False).__str__()[:10]}"
>>
>> UBOOT_SUFFIX ?= "img"
>> SPL_BINARY ?= "MLO"
>> --
>> 2.17.1
>>
next prev parent reply other threads:[~2022-04-27 14:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-19 15:47 [meta-ti][dunfell][PATCH] u-boot-ti: Use SRCREV to get short commit ID Devarsh Thakkar
2022-04-19 23:34 ` Nishanth Menon
2022-04-27 14:20 ` Devarsh Thakkar [this message]
2022-04-27 14:43 ` Denys Dmytriyenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=851dcd0d-5a62-bf19-2c86-f228ccccede8@ti.com \
--to=devarsht@ti.com \
--cc=a-m1@ti.com \
--cc=meta-ti@lists.yoctoproject.org \
--cc=nikhil.nd@ti.com \
--cc=nm@ti.com \
--cc=nsekhar@ti.com \
--cc=praneeth@ti.com \
--cc=reatmon@ti.com \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).