Patchwork scripts/oe-buildenv-internal: Add SOCKS5_{USER, PASSWD} to BB_ENV_EXTRAWHITE

login
register
mail settings
Submitter Kumar Gala
Date July 28, 2011, 1:10 p.m.
Message ID <1311858624-3686-1-git-send-email-galak@kernel.crashing.org>
Download mbox | patch
Permalink /patch/8803/
State New, archived
Headers show

Comments

Kumar Gala - July 28, 2011, 1:10 p.m.
If a SOCKS5 gateway is needed for a proxy access like git it might also
require authentication to the proxy via a password and username.  Adding
SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
of the authentication request to occur when something like a git fetch
is going through the proxy.

Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
---
* Fixes issue with a git fetch request failing to get pass a firewall

 scripts/oe-buildenv-internal |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Tom Rini - July 28, 2011, 3:09 p.m.
On 07/28/2011 06:10 AM, Kumar Gala wrote:
> If a SOCKS5 gateway is needed for a proxy access like git it might also
> require authentication to the proxy via a password and username.  Adding
> SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
> of the authentication request to occur when something like a git fetch
> is going through the proxy.
> 
> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>

We also need to make sure these variables do NOT make it into the sstate
signature, which I think means one more change somewhere else (but I
don't recall where off-hand).
Kumar Gala - July 28, 2011, 3:40 p.m.
On Jul 28, 2011, at 10:09 AM, Tom Rini wrote:

> On 07/28/2011 06:10 AM, Kumar Gala wrote:
>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>> require authentication to the proxy via a password and username.  Adding
>> SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>> of the authentication request to occur when something like a git fetch
>> is going through the proxy.
>> 
>> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
> 
> We also need to make sure these variables do NOT make it into the sstate
> signature, which I think means one more change somewhere else (but I
> don't recall where off-hand).

Yeah, I didn't find anything obvious while grepping.

- k
Paul Eggleton - July 28, 2011, 3:55 p.m.
On Thursday 28 July 2011 16:40:34 Kumar Gala wrote:
> On Jul 28, 2011, at 10:09 AM, Tom Rini wrote:
> > On 07/28/2011 06:10 AM, Kumar Gala wrote:
> >> If a SOCKS5 gateway is needed for a proxy access like git it might also
> >> require authentication to the proxy via a password and username.  Adding
> >> SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
> >> of the authentication request to occur when something like a git fetch
> >> is going through the proxy.
> >> 
> >> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
> > 
> > We also need to make sure these variables do NOT make it into the sstate
> > signature, which I think means one more change somewhere else (but I
> > don't recall where off-hand).
> 
> Yeah, I didn't find anything obvious while grepping.

I think what you're looking for is BB_HASHBASE_WHITELIST; however IIRC it's 
only really necessary if another variable refers to SOCKS5_*, or it is used in 
some bit of python/shell script; otherwise it shouldn't appear in the variable 
dependencies and thus won't make it's way into the sstate signature.

Cheers,
Paul
Kumar Gala - Aug. 3, 2011, 5 p.m.
On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:

> If a SOCKS5 gateway is needed for a proxy access like git it might also
> require authentication to the proxy via a password and username.  Adding
> SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
> of the authentication request to occur when something like a git fetch
> is going through the proxy.
> 
> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
> ---
> * Fixes issue with a git fetch request failing to get pass a firewall
> 
> scripts/oe-buildenv-internal |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
> index c13fc40..b223292 100755
> --- a/scripts/oe-buildenv-internal
> +++ b/scripts/oe-buildenv-internal
> @@ -55,4 +55,4 @@ unset BITBAKEDIR
> export BUILDDIR
> export PATH
> 
> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
> -- 
> 1.7.3.4

Ping on this patch

- k
Saul Wold - Aug. 3, 2011, 5:30 p.m.
On 08/03/2011 10:00 AM, Kumar Gala wrote:
>
> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>
>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>> require authentication to the proxy via a password and username.  Adding
>> SOCKS5_USER&  SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>> of the authentication request to occur when something like a git fetch
>> is going through the proxy.
>>
>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>> ---
>> * Fixes issue with a git fetch request failing to get pass a firewall
>>
>> scripts/oe-buildenv-internal |    2 +-
>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>> index c13fc40..b223292 100755
>> --- a/scripts/oe-buildenv-internal
>> +++ b/scripts/oe-buildenv-internal
>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>> export BUILDDIR
>> export PATH
>>
>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>> --
>> 1.7.3.4
>
> Ping on this patch
>
Kumar,

I think you were asked to modify this patch so that the additinal 
SOCKS5_* do not get into sstate, Paul Eggleton provided the 
BB_HASHSPACE_WHITELIST info.

Please update this patch

Thanks
	Sau!

> - k
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
Kumar Gala - Aug. 3, 2011, 7:41 p.m.
On Aug 3, 2011, at 12:30 PM, Saul Wold wrote:

> On 08/03/2011 10:00 AM, Kumar Gala wrote:
>> 
>> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>> 
>>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>>> require authentication to the proxy via a password and username.  Adding
>>> SOCKS5_USER&  SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>>> of the authentication request to occur when something like a git fetch
>>> is going through the proxy.
>>> 
>>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>>> ---
>>> * Fixes issue with a git fetch request failing to get pass a firewall
>>> 
>>> scripts/oe-buildenv-internal |    2 +-
>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>> 
>>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>>> index c13fc40..b223292 100755
>>> --- a/scripts/oe-buildenv-internal
>>> +++ b/scripts/oe-buildenv-internal
>>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>>> export BUILDDIR
>>> export PATH
>>> 
>>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>>> --
>>> 1.7.3.4
>> 
>> Ping on this patch
>> 
> Kumar,
> 
> I think you were asked to modify this patch so that the additinal SOCKS5_* do not get into sstate, Paul Eggleton provided the BB_HASHSPACE_WHITELIST info.
> 
> Please update this patch
> 
> Thanks
> 	Sau!

From the thread it sounded as if that was NOT needed.  As nothing refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't have SSH_AGENT_PID or SSH_AUTH_SOCK in it.

- k
Richard Purdie - Aug. 3, 2011, 10:34 p.m.
On Wed, 2011-08-03 at 14:41 -0500, Kumar Gala wrote:
> On Aug 3, 2011, at 12:30 PM, Saul Wold wrote:
> 
> > On 08/03/2011 10:00 AM, Kumar Gala wrote:
> >> 
> >> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
> >> 
> >>> If a SOCKS5 gateway is needed for a proxy access like git it might also
> >>> require authentication to the proxy via a password and username.  Adding
> >>> SOCKS5_USER&  SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
> >>> of the authentication request to occur when something like a git fetch
> >>> is going through the proxy.
> >>> 
> >>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
> >>> ---
> >>> * Fixes issue with a git fetch request failing to get pass a firewall
> >>> 
> >>> scripts/oe-buildenv-internal |    2 +-
> >>> 1 files changed, 1 insertions(+), 1 deletions(-)
> >>> 
> >>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
> >>> index c13fc40..b223292 100755
> >>> --- a/scripts/oe-buildenv-internal
> >>> +++ b/scripts/oe-buildenv-internal
> >>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
> >>> export BUILDDIR
> >>> export PATH
> >>> 
> >>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
> >>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
> >>> --
> >>> 1.7.3.4
> >> 
> >> Ping on this patch
> >> 
> > Kumar,
> > 
> > I think you were asked to modify this patch so that the additinal
> SOCKS5_* do not get into sstate, Paul Eggleton provided the
> BB_HASHSPACE_WHITELIST info.
> > 
> > Please update this patch
> > 
> > Thanks
> > 	Sau!
> 
> From the thread it sounded as if that was NOT needed.  As nothing
> refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't
> have SSH_AGENT_PID or SSH_AUTH_SOCK in it.

It would be good is someone could confirm it but its in the environment
so it likely is needed.

Cheers,

Richard
Kumar Gala - Aug. 4, 2011, 2:56 a.m.
On Aug 3, 2011, at 5:34 PM, Richard Purdie wrote:

> On Wed, 2011-08-03 at 14:41 -0500, Kumar Gala wrote:
>> On Aug 3, 2011, at 12:30 PM, Saul Wold wrote:
>> 
>>> On 08/03/2011 10:00 AM, Kumar Gala wrote:
>>>> 
>>>> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>>>> 
>>>>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>>>>> require authentication to the proxy via a password and username.  Adding
>>>>> SOCKS5_USER&  SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>>>>> of the authentication request to occur when something like a git fetch
>>>>> is going through the proxy.
>>>>> 
>>>>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>>>>> ---
>>>>> * Fixes issue with a git fetch request failing to get pass a firewall
>>>>> 
>>>>> scripts/oe-buildenv-internal |    2 +-
>>>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>>> 
>>>>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>>>>> index c13fc40..b223292 100755
>>>>> --- a/scripts/oe-buildenv-internal
>>>>> +++ b/scripts/oe-buildenv-internal
>>>>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>>>>> export BUILDDIR
>>>>> export PATH
>>>>> 
>>>>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>>>>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>>>>> --
>>>>> 1.7.3.4
>>>> 
>>>> Ping on this patch
>>>> 
>>> Kumar,
>>> 
>>> I think you were asked to modify this patch so that the additinal
>> SOCKS5_* do not get into sstate, Paul Eggleton provided the
>> BB_HASHSPACE_WHITELIST info.
>>> 
>>> Please update this patch
>>> 
>>> Thanks
>>> 	Sau!
>> 
>> From the thread it sounded as if that was NOT needed.  As nothing
>> refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't
>> have SSH_AGENT_PID or SSH_AUTH_SOCK in it.
> 
> It would be good is someone could confirm it but its in the environment
> so it likely is needed.

Not sure I follow.  Confirm what?

- k
Saul Wold - Aug. 4, 2011, 3:54 a.m.
On 08/03/2011 07:56 PM, Kumar Gala wrote:
>
> On Aug 3, 2011, at 5:34 PM, Richard Purdie wrote:
>
>> On Wed, 2011-08-03 at 14:41 -0500, Kumar Gala wrote:
>>> On Aug 3, 2011, at 12:30 PM, Saul Wold wrote:
>>>
>>>> On 08/03/2011 10:00 AM, Kumar Gala wrote:
>>>>>
>>>>> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>>>>>
>>>>>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>>>>>> require authentication to the proxy via a password and username.  Adding
>>>>>> SOCKS5_USER&   SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>>>>>> of the authentication request to occur when something like a git fetch
>>>>>> is going through the proxy.
>>>>>>
>>>>>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>>>>>> ---
>>>>>> * Fixes issue with a git fetch request failing to get pass a firewall
>>>>>>
>>>>>> scripts/oe-buildenv-internal |    2 +-
>>>>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>>>>
>>>>>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>>>>>> index c13fc40..b223292 100755
>>>>>> --- a/scripts/oe-buildenv-internal
>>>>>> +++ b/scripts/oe-buildenv-internal
>>>>>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>>>>>> export BUILDDIR
>>>>>> export PATH
>>>>>>
>>>>>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>>>>>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>>>>>> --
>>>>>> 1.7.3.4
>>>>>
>>>>> Ping on this patch
>>>>>
>>>> Kumar,
>>>>
>>>> I think you were asked to modify this patch so that the additinal
>>> SOCKS5_* do not get into sstate, Paul Eggleton provided the
>>> BB_HASHSPACE_WHITELIST info.
>>>>
>>>> Please update this patch
>>>>
>>>> Thanks
>>>> 	Sau!
>>>
>>>  From the thread it sounded as if that was NOT needed.  As nothing
>>> refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't
>>> have SSH_AGENT_PID or SSH_AUTH_SOCK in it.
>>
>> It would be good is someone could confirm it but its in the environment
>> so it likely is needed.
>
> Not sure I follow.  Confirm what?
>
Kumar,

I think Richard wants you to confirm that the SSH_* and SOCKS5_* 
information is not stored in the shared state hash.

Sau!

> - k
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
Kumar Gala - Aug. 4, 2011, 4:20 a.m.
On Aug 3, 2011, at 10:54 PM, Saul Wold wrote:

> On 08/03/2011 07:56 PM, Kumar Gala wrote:
>> 
>> On Aug 3, 2011, at 5:34 PM, Richard Purdie wrote:
>> 
>>> On Wed, 2011-08-03 at 14:41 -0500, Kumar Gala wrote:
>>>> On Aug 3, 2011, at 12:30 PM, Saul Wold wrote:
>>>> 
>>>>> On 08/03/2011 10:00 AM, Kumar Gala wrote:
>>>>>> 
>>>>>> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>>>>>> 
>>>>>>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>>>>>>> require authentication to the proxy via a password and username.  Adding
>>>>>>> SOCKS5_USER&   SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>>>>>>> of the authentication request to occur when something like a git fetch
>>>>>>> is going through the proxy.
>>>>>>> 
>>>>>>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>>>>>>> ---
>>>>>>> * Fixes issue with a git fetch request failing to get pass a firewall
>>>>>>> 
>>>>>>> scripts/oe-buildenv-internal |    2 +-
>>>>>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>>>>> 
>>>>>>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>>>>>>> index c13fc40..b223292 100755
>>>>>>> --- a/scripts/oe-buildenv-internal
>>>>>>> +++ b/scripts/oe-buildenv-internal
>>>>>>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>>>>>>> export BUILDDIR
>>>>>>> export PATH
>>>>>>> 
>>>>>>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>>>>>>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>>>>>>> --
>>>>>>> 1.7.3.4
>>>>>> 
>>>>>> Ping on this patch
>>>>>> 
>>>>> Kumar,
>>>>> 
>>>>> I think you were asked to modify this patch so that the additinal
>>>> SOCKS5_* do not get into sstate, Paul Eggleton provided the
>>>> BB_HASHSPACE_WHITELIST info.
>>>>> 
>>>>> Please update this patch
>>>>> 
>>>>> Thanks
>>>>> 	Sau!
>>>> 
>>>> From the thread it sounded as if that was NOT needed.  As nothing
>>>> refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't
>>>> have SSH_AGENT_PID or SSH_AUTH_SOCK in it.
>>> 
>>> It would be good is someone could confirm it but its in the environment
>>> so it likely is needed.
>> 
>> Not sure I follow.  Confirm what?
>> 
> Kumar,
> 
> I think Richard wants you to confirm that the SSH_* and SOCKS5_* information is not stored in the shared state hash.

How?

- k
Kumar Gala - Aug. 5, 2011, 4:52 p.m.
>>>>>>> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>>>>>>> 
>>>>>>>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>>>>>>>> require authentication to the proxy via a password and username.  Adding
>>>>>>>> SOCKS5_USER&   SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>>>>>>>> of the authentication request to occur when something like a git fetch
>>>>>>>> is going through the proxy.
>>>>>>>> 
>>>>>>>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>>>>>>>> ---
>>>>>>>> * Fixes issue with a git fetch request failing to get pass a firewall
>>>>>>>> 
>>>>>>>> scripts/oe-buildenv-internal |    2 +-
>>>>>>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>>>>>> 
>>>>>>>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>>>>>>>> index c13fc40..b223292 100755
>>>>>>>> --- a/scripts/oe-buildenv-internal
>>>>>>>> +++ b/scripts/oe-buildenv-internal
>>>>>>>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>>>>>>>> export BUILDDIR
>>>>>>>> export PATH
>>>>>>>> 
>>>>>>>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>>>>>>>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>>>>>>>> --
>>>>>>>> 1.7.3.4
>>>>>>> 
>>>>>>> Ping on this patch
>>>>>>> 
>>>>>> Kumar,
>>>>>> 
>>>>>> I think you were asked to modify this patch so that the additinal
>>>>> SOCKS5_* do not get into sstate, Paul Eggleton provided the
>>>>> BB_HASHSPACE_WHITELIST info.
>>>>>> 
>>>>>> Please update this patch
>>>>>> 
>>>>>> Thanks
>>>>>> 	Sau!
>>>>> 
>>>>> From the thread it sounded as if that was NOT needed.  As nothing
>>>>> refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't
>>>>> have SSH_AGENT_PID or SSH_AUTH_SOCK in it.
>>>> 
>>>> It would be good is someone could confirm it but its in the environment
>>>> so it likely is needed.
>>> 
>>> Not sure I follow.  Confirm what?
>>> 
>> Kumar,
>> 
>> I think Richard wants you to confirm that the SSH_* and SOCKS5_* information is not stored in the shared state hash.
> 
> How?

Still looking for directions on how to verify this.

- k
Kumar Gala - Aug. 9, 2011, 1:47 p.m.
On Aug 5, 2011, at 11:52 AM, Kumar Gala wrote:

>>>>>>>> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
>>>>>>>> 
>>>>>>>>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>>>>>>>>> require authentication to the proxy via a password and username.  Adding
>>>>>>>>> SOCKS5_USER&   SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>>>>>>>>> of the authentication request to occur when something like a git fetch
>>>>>>>>> is going through the proxy.
>>>>>>>>> 
>>>>>>>>> Signed-off-by: Kumar Gala<galak@kernel.crashing.org>
>>>>>>>>> ---
>>>>>>>>> * Fixes issue with a git fetch request failing to get pass a firewall
>>>>>>>>> 
>>>>>>>>> scripts/oe-buildenv-internal |    2 +-
>>>>>>>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>>>>>>> 
>>>>>>>>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>>>>>>>>> index c13fc40..b223292 100755
>>>>>>>>> --- a/scripts/oe-buildenv-internal
>>>>>>>>> +++ b/scripts/oe-buildenv-internal
>>>>>>>>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>>>>>>>>> export BUILDDIR
>>>>>>>>> export PATH
>>>>>>>>> 
>>>>>>>>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>>>>>>>>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>>>>>>>>> --
>>>>>>>>> 1.7.3.4
>>>>>>>> 
>>>>>>>> Ping on this patch
>>>>>>>> 
>>>>>>> Kumar,
>>>>>>> 
>>>>>>> I think you were asked to modify this patch so that the additinal
>>>>>> SOCKS5_* do not get into sstate, Paul Eggleton provided the
>>>>>> BB_HASHSPACE_WHITELIST info.
>>>>>>> 
>>>>>>> Please update this patch
>>>>>>> 
>>>>>>> Thanks
>>>>>>> 	Sau!
>>>>>> 
>>>>>> From the thread it sounded as if that was NOT needed.  As nothing
>>>>>> refers to SOCKS5_* we didn't need to add it.  Much like how it doesn't
>>>>>> have SSH_AGENT_PID or SSH_AUTH_SOCK in it.
>>>>> 
>>>>> It would be good is someone could confirm it but its in the environment
>>>>> so it likely is needed.
>>>> 
>>>> Not sure I follow.  Confirm what?
>>>> 
>>> Kumar,
>>> 
>>> I think Richard wants you to confirm that the SSH_* and SOCKS5_* information is not stored in the shared state hash.
>> 
>> How?
> 
> Still looking for directions on how to verify this.

ping

- k
Kumar Gala - Aug. 31, 2011, 5:06 a.m.
On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:

> If a SOCKS5 gateway is needed for a proxy access like git it might also
> require authentication to the proxy via a password and username.  Adding
> SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
> of the authentication request to occur when something like a git fetch
> is going through the proxy.
> 
> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
> ---
> * Fixes issue with a git fetch request failing to get pass a firewall
> 
> scripts/oe-buildenv-internal |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
> index c13fc40..b223292 100755
> --- a/scripts/oe-buildenv-internal
> +++ b/scripts/oe-buildenv-internal
> @@ -55,4 +55,4 @@ unset BITBAKEDIR
> export BUILDDIR
> export PATH
> 
> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
> -- 
> 1.7.3.4

Richard,

I'm able reproduce this, with out my patch I get prompted for a socks password, w/it having SOCKS5_PASSWD set in my environment the git clone is able to succeed.

So from our discussion a while back on IRC:

Aug 11 10:54:20 <RP__>	galak: Well, it will but it will only place it in the internal data store
Aug 11 10:54:42 <RP__>	galak: there isn't anything to say "also export this from the data store into the environment that bitbake uses"

From the way I read  bitbake/lib/bb/utils.py:

def approved_variables():
    """
    Determine and return the list of whitelisted variables which are approved
    to remain in the environment.
    """
...

[ this will add SOCKS5_PASSWD to the 'approved' list ]

and

def filter_environment(good_vars):

[ will not skip unsetting it from the environment since its in the 'approved' list ]

That seems to explain how this ends up working.

So question is what else needs to be done to get this accepted ?

- k
Kumar Gala - Sept. 2, 2011, 2:32 p.m.
On Aug 31, 2011, at 12:06 AM, Kumar Gala wrote:

> 
> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
> 
>> If a SOCKS5 gateway is needed for a proxy access like git it might also
>> require authentication to the proxy via a password and username.  Adding
>> SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
>> of the authentication request to occur when something like a git fetch
>> is going through the proxy.
>> 
>> Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
>> ---
>> * Fixes issue with a git fetch request failing to get pass a firewall
>> 
>> scripts/oe-buildenv-internal |    2 +-
>> 1 files changed, 1 insertions(+), 1 deletions(-)
>> 
>> diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
>> index c13fc40..b223292 100755
>> --- a/scripts/oe-buildenv-internal
>> +++ b/scripts/oe-buildenv-internal
>> @@ -55,4 +55,4 @@ unset BITBAKEDIR
>> export BUILDDIR
>> export PATH
>> 
>> -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
>> +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
>> -- 
>> 1.7.3.4
> 
> Richard,
> 
> I'm able reproduce this, with out my patch I get prompted for a socks password, w/it having SOCKS5_PASSWD set in my environment the git clone is able to succeed.
> 
> So from our discussion a while back on IRC:
> 
> Aug 11 10:54:20 <RP__>	galak: Well, it will but it will only place it in the internal data store
> Aug 11 10:54:42 <RP__>	galak: there isn't anything to say "also export this from the data store into the environment that bitbake uses"
> 
>> From the way I read  bitbake/lib/bb/utils.py:
> 
> def approved_variables():
>    """
>    Determine and return the list of whitelisted variables which are approved
>    to remain in the environment.
>    """
> ...
> 
> [ this will add SOCKS5_PASSWD to the 'approved' list ]
> 
> and
> 
> def filter_environment(good_vars):
> 
> [ will not skip unsetting it from the environment since its in the 'approved' list ]
> 
> That seems to explain how this ends up working.
> 
> So question is what else needs to be done to get this accepted ?

ping

- k
Richard Purdie - Sept. 7, 2011, 5:04 p.m.
On Wed, 2011-08-31 at 00:06 -0500, Kumar Gala wrote:
> On Jul 28, 2011, at 8:10 AM, Kumar Gala wrote:
> 
> > If a SOCKS5 gateway is needed for a proxy access like git it might also
> > require authentication to the proxy via a password and username.  Adding
> > SOCKS5_USER & SOCKS5_PASSWD to BB_ENV_EXTRAWHITE allow for automation
> > of the authentication request to occur when something like a git fetch
> > is going through the proxy.
> > 
> > Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
> > ---
> > * Fixes issue with a git fetch request failing to get pass a firewall
> > 
> > scripts/oe-buildenv-internal |    2 +-
> > 1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
> > index c13fc40..b223292 100755
> > --- a/scripts/oe-buildenv-internal
> > +++ b/scripts/oe-buildenv-internal
> > @@ -55,4 +55,4 @@ unset BITBAKEDIR
> > export BUILDDIR
> > export PATH
> > 
> > -export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
> > +export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"
> > -- 
> > 1.7.3.4
> 
> Richard,
> 
> I'm able reproduce this, with out my patch I get prompted for a socks password, w/it having SOCKS5_PASSWD set in my environment the git clone is able to succeed.
> 
> So from our discussion a while back on IRC:
> 
> Aug 11 10:54:20 <RP__>	galak: Well, it will but it will only place it in the internal data store
> Aug 11 10:54:42 <RP__>	galak: there isn't anything to say "also export this from the data store into the environment that bitbake uses"
> 
> From the way I read  bitbake/lib/bb/utils.py:
> 
> def approved_variables():
>     """
>     Determine and return the list of whitelisted variables which are approved
>     to remain in the environment.
>     """
> ...
> 
> [ this will add SOCKS5_PASSWD to the 'approved' list ]
> 
> and
> 
> def filter_environment(good_vars):
> 
> [ will not skip unsetting it from the environment since its in the 'approved' list ]
> 
> That seems to explain how this ends up working.
> 
> So question is what else needs to be done to get this accepted ?

To put this simply, this patch shouldn't work. The fact that it does
worried me and there is a bitbake bug. You can do something like this:

BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE FOO" FOO=1 bitbake quilt-native -c devshell

and see FOO=1 in the shell. It should only do that if the metadata also
does "export FOO" which it does not.

So, no, this patch isn't right and we'll need to actually export the
variables once I fix the above bug.

Cheers,

Richard

Patch

diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
index c13fc40..b223292 100755
--- a/scripts/oe-buildenv-internal
+++ b/scripts/oe-buildenv-internal
@@ -55,4 +55,4 @@  unset BITBAKEDIR
 export BUILDDIR
 export PATH
 
-export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND"
+export BB_ENV_EXTRAWHITE="MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND SOCKS5_PASSWD SOCSK5_USER"