| Message ID | 20240215171506.2989385-1-joe.slater@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-security,1/1] sanity-meta-security.bbclass: allow warning customization | expand |
On Thu, Feb 15, 2024 at 12:15 PM Joe Slater via lists.yoctoproject.org <joe.slater=windriver.com@lists.yoctoproject.org> wrote: > > From: Joe Slater <joe.slater@windriver.com> > > Introduce META_SECURITY_SANITY_CHECK_WARNING variable which > can be overridden, if desired. The existence of the patch implies that there's a reason why the warning message isn't appropriate for your use case. That's something that should be explained in the patch. A knob to disable the warning if you know what you are doing has already been provided. So again, this patch implies that you want the warning, but want to change the message .. it would be good to understand why. Bruce > > Signed-off-by: Joe Slater <joe.slater@windriver.com> > --- > classes/sanity-meta-security.bbclass | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/classes/sanity-meta-security.bbclass b/classes/sanity-meta-security.bbclass > index f9e2698..95180aa 100644 > --- a/classes/sanity-meta-security.bbclass > +++ b/classes/sanity-meta-security.bbclass > @@ -1,10 +1,15 @@ > addhandler security_bbappend_distrocheck > security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck" > + > python security_bbappend_distrocheck() { > skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1" > if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check: > - bb.warn("You have included the meta-security layer, but \ > -'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files \ > -and preferred version setting may not take effect. See the meta-security README \ > -for details on enabling security support.") > + bb.warn(e.data.getVar('META_SECURITY_SANITY_CHECK_WARNING')) > } > + > +META_SECURITY_SANITY_CHECK_WARNING ??= "\ > +You have included the meta-security layer, but 'security' has not been \ > +enabled in your DISTRO_FEATURES. Some bbappend files and preferred version \ > +settings may not take effect. See the meta-security README for details on \ > +enabling security support." > + > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#62497): https://lists.yoctoproject.org/g/yocto/message/62497 > Mute This Topic: https://lists.yoctoproject.org/mt/104377037/1050810 > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
> -----Original Message----- > From: Bruce Ashfield <bruce.ashfield@gmail.com> > Sent: Thursday, February 15, 2024 9:57 AM > To: yocto@lists.yoctoproject.org; Slater, Joseph <joe.slater@windriver.com> > Cc: MacLeod, Randy <Randy.MacLeod@windriver.com> > Subject: Re: [yocto] [meta-security][PATCH 1/1] sanity-meta-security.bbclass: > allow warning customization > > On Thu, Feb 15, 2024 at 12:15 PM Joe Slater via lists.yoctoproject.org > <joe.slater=windriver.com@lists.yoctoproject.org> wrote: > > > > From: Joe Slater <joe.slater@windriver.com> > > > > Introduce META_SECURITY_SANITY_CHECK_WARNING variable which can be > > overridden, if desired. > > The existence of the patch implies that there's a reason why the warning > message isn't appropriate for your use case. > > That's something that should be explained in the patch. > > A knob to disable the warning if you know what you are doing has already been > provided. So again, this patch implies that you want the warning, but want to > change the message .. it would be good to understand why. > > Bruce Some people want to know how to disable the warning without reading the README. I don't think that's a great idea, but allowing customization would let that be done on a distro or similar basis. I didn't want to mention that stuff in a commit message, but maybe it should be there. Joe > > > > > Signed-off-by: Joe Slater <joe.slater@windriver.com> > > --- > > classes/sanity-meta-security.bbclass | 13 +++++++++---- > > 1 file changed, 9 insertions(+), 4 deletions(-) > > > > diff --git a/classes/sanity-meta-security.bbclass > > b/classes/sanity-meta-security.bbclass > > index f9e2698..95180aa 100644 > > --- a/classes/sanity-meta-security.bbclass > > +++ b/classes/sanity-meta-security.bbclass > > @@ -1,10 +1,15 @@ > > addhandler security_bbappend_distrocheck > > security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck" > > + > > python security_bbappend_distrocheck() { > > skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1" > > if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not > skip_check: > > - bb.warn("You have included the meta-security layer, but \ > > -'security' has not been enabled in your DISTRO_FEATURES. Some > > bbappend files \ -and preferred version setting may not take effect. > > See the meta-security README \ -for details on enabling security > > support.") > > + bb.warn(e.data.getVar('META_SECURITY_SANITY_CHECK_WARNING')) > > } > > + > > +META_SECURITY_SANITY_CHECK_WARNING ??= "\ You have included the > > +meta-security layer, but 'security' has not been \ enabled in your > > +DISTRO_FEATURES. Some bbappend files and preferred version \ settings > > +may not take effect. See the meta-security README for details on \ > > +enabling security support." > > + > > -- > > 2.25.1 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#62497): > > https://lists.yoctoproject.org/g/yocto/message/62497 > > Mute This Topic: https://lists.yoctoproject.org/mt/104377037/1050810 > > Group Owner: yocto+owner@lists.yoctoproject.org > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub > > [bruce.ashfield@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its > end > - "Use the force Harry" - Gandalf, Star Trek II
On Thu, Feb 15, 2024 at 2:06 PM Slater, Joseph <joe.slater@windriver.com> wrote: > > > > > -----Original Message----- > > From: Bruce Ashfield <bruce.ashfield@gmail.com> > > Sent: Thursday, February 15, 2024 9:57 AM > > To: yocto@lists.yoctoproject.org; Slater, Joseph <joe.slater@windriver.com> > > Cc: MacLeod, Randy <Randy.MacLeod@windriver.com> > > Subject: Re: [yocto] [meta-security][PATCH 1/1] sanity-meta-security.bbclass: > > allow warning customization > > > > On Thu, Feb 15, 2024 at 12:15 PM Joe Slater via lists.yoctoproject.org > > <joe.slater=windriver.com@lists.yoctoproject.org> wrote: > > > > > > From: Joe Slater <joe.slater@windriver.com> > > > > > > Introduce META_SECURITY_SANITY_CHECK_WARNING variable which can be > > > overridden, if desired. > > > > The existence of the patch implies that there's a reason why the warning > > message isn't appropriate for your use case. > > > > That's something that should be explained in the patch. > > > > A knob to disable the warning if you know what you are doing has already been > > provided. So again, this patch implies that you want the warning, but want to > > change the message .. it would be good to understand why. > > > > Bruce > > Some people want to know how to disable the warning without reading the README. I don't think that's a great idea, but allowing customization would let that be done on a distro or similar basis. I didn't want to mention that stuff in a commit message, but maybe it should be there. Things like that should always be mentioned in a commit message. Technical parts of the changes can be understood by looking at the commit, the why is the important part. I wouldn't allow this to be tweaked in my layers, since it opens the door for incorrect information to be injected into the layer's warning, but that decision is up to the layer maintainer :) Bruce > > Joe > > > > > > > > > Signed-off-by: Joe Slater <joe.slater@windriver.com> > > > --- > > > classes/sanity-meta-security.bbclass | 13 +++++++++---- > > > 1 file changed, 9 insertions(+), 4 deletions(-) > > > > > > diff --git a/classes/sanity-meta-security.bbclass > > > b/classes/sanity-meta-security.bbclass > > > index f9e2698..95180aa 100644 > > > --- a/classes/sanity-meta-security.bbclass > > > +++ b/classes/sanity-meta-security.bbclass > > > @@ -1,10 +1,15 @@ > > > addhandler security_bbappend_distrocheck > > > security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck" > > > + > > > python security_bbappend_distrocheck() { > > > skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1" > > > if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not > > skip_check: > > > - bb.warn("You have included the meta-security layer, but \ > > > -'security' has not been enabled in your DISTRO_FEATURES. Some > > > bbappend files \ -and preferred version setting may not take effect. > > > See the meta-security README \ -for details on enabling security > > > support.") > > > + bb.warn(e.data.getVar('META_SECURITY_SANITY_CHECK_WARNING')) > > > } > > > + > > > +META_SECURITY_SANITY_CHECK_WARNING ??= "\ You have included the > > > +meta-security layer, but 'security' has not been \ enabled in your > > > +DISTRO_FEATURES. Some bbappend files and preferred version \ settings > > > +may not take effect. See the meta-security README for details on \ > > > +enabling security support." > > > + > > > -- > > > 2.25.1 > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > Links: You receive all messages sent to this group. > > > View/Reply Online (#62497): > > > https://lists.yoctoproject.org/g/yocto/message/62497 > > > Mute This Topic: https://lists.yoctoproject.org/mt/104377037/1050810 > > > Group Owner: yocto+owner@lists.yoctoproject.org > > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub > > > [bruce.ashfield@gmail.com] > > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its > > end > > - "Use the force Harry" - Gandalf, Star Trek II
diff --git a/classes/sanity-meta-security.bbclass b/classes/sanity-meta-security.bbclass index f9e2698..95180aa 100644 --- a/classes/sanity-meta-security.bbclass +++ b/classes/sanity-meta-security.bbclass @@ -1,10 +1,15 @@ addhandler security_bbappend_distrocheck security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck" + python security_bbappend_distrocheck() { skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1" if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check: - bb.warn("You have included the meta-security layer, but \ -'security' has not been enabled in your DISTRO_FEATURES. Some bbappend files \ -and preferred version setting may not take effect. See the meta-security README \ -for details on enabling security support.") + bb.warn(e.data.getVar('META_SECURITY_SANITY_CHECK_WARNING')) } + +META_SECURITY_SANITY_CHECK_WARNING ??= "\ +You have included the meta-security layer, but 'security' has not been \ +enabled in your DISTRO_FEATURES. Some bbappend files and preferred version \ +settings may not take effect. See the meta-security README for details on \ +enabling security support." +