I think this is the right way to go. To me, it seems equally easy to subvert both forms, but with this one, the abuse can be easily seen and exposed as such.
Alex On Sat, 8 Jan 2022 at 00:17, Richard Purdie < [email protected]> wrote: > On Fri, 2022-01-07 at 23:15 +0000, Richard Purdie via > lists.openembedded.org > wrote: > > Use the newly added network task flag against tasks where network > > access is expected. This is do_fetch, do_checkuri, do_testimage, > do_testsdk > > and do_testsdkext. > > > > We can't disable networking in sstate tasks due to sstate downloads and > > also so we can report hash equivalence to the server so network access > > is enabled in sstate tasks. > > > > Access within build-appliance do_image is also allowed due to the use > > of pip, this is a poor example made rather obvious now and needs to be > reworked. > > > > Network access anywhere else in any other task isn't allowed. > > > > Signed-off-by: Richard Purdie <[email protected]> > > --- > > meta/classes/base.bbclass | 1 + > > meta/classes/sstate.bbclass | 2 ++ > > meta/classes/testimage.bbclass | 1 + > > meta/classes/testsdk.bbclass | 2 ++ > > meta/classes/utility-tasks.bbclass | 1 + > > meta/recipes-core/images/build-appliance-image_15.0.0.bb | 2 ++ > > 6 files changed, 9 insertions(+) > > This patch (and corresponding bitbake patches) does the opposite of the > previous > version, it uses a network flag which allows network access in a task and > network access is otherwise disabled. I've shared it since several people > requested this form of patch instead of the other. > > I think this version may be easier to "abuse". It does highlight the > rather poor > design choices to support toaster in build-appliance. > > Cheers, > > Richard > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160462): https://lists.openembedded.org/g/openembedded-core/message/160462 Mute This Topic: https://lists.openembedded.org/mt/88273730/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
