From patchwork Fri Sep 14 13:49:07 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [v2] patch.bbclass: increase security Date: Fri, 14 Sep 2012 13:49:07 -0000 From: Constantin Musca X-Patchwork-Id: 36543 Message-Id: <1347630547-9863-1-git-send-email-constantinx.musca@intel.com> To: openembedded-core@lists.openembedded.org Cc: Constantin Musca - Use mkdtemp for generating temp dir names - Use bb.utils.remove for removing temp dirs - Add comment for explaining the "patch" workaround [YOCTO #3070] Signed-off-by: Constantin Musca --- meta/classes/patch.bbclass | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass index d010438..9601260 100644 --- a/meta/classes/patch.bbclass +++ b/meta/classes/patch.bbclass @@ -139,11 +139,12 @@ python patch_do_patch() { path = os.getenv('PATH') os.putenv('PATH', d.getVar('PATH', True)) - import shutil - process_tmpdir = os.path.join('/tmp', str(os.getpid())) - if os.path.exists(process_tmpdir): - shutil.rmtree(process_tmpdir) - os.makedirs(process_tmpdir) + # We must use one TMPDIR per process (/tmp/${PID}${random_chars}) + # so that the "patch" processes don't generate the same temp + # file name. + + import tempfile + process_tmpdir = tempfile.mkdtemp(prefix="bitbake_patch") os.environ['TMPDIR'] = process_tmpdir for patch in src_patches(d): @@ -168,15 +169,15 @@ python patch_do_patch() { try: patchset.Import({"file":local, "strippath": parm['striplevel']}, True) except Exception as exc: - shutil.rmtree(process_tmpdir) + bb.utils.remove(process_tmpdir, True) bb.fatal(str(exc)) try: resolver.Resolve() except bb.BBHandledException as e: - shutil.rmtree(process_tmpdir) + bb.utils.remove(process_tmpdir, True) bb.fatal(str(e)) - shutil.rmtree(process_tmpdir) + bb.utils.remove(process_tmpdir, True) } patch_do_patch[vardepsexclude] = "PATCHRESOLVE"