There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone.
Since ipks don't appear to be generated at all if we don't set this, set the field to the recipe name used (basename only, no paths). This avoids information leaking. We may want to drop the field if opkg can allow that at a future point but the recipe name is a suitable identifier for now. Reported-by: Andrej Valek <[email protected]> Signed-off-by: Richard Purdie <[email protected]> --- meta/classes/package_ipk.bbclass | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/meta/classes/package_ipk.bbclass b/meta/classes/package_ipk.bbclass index d2ce3b3..8e69b5d 100644 --- a/meta/classes/package_ipk.bbclass +++ b/meta/classes/package_ipk.bbclass @@ -57,6 +57,7 @@ def ipk_write_pkg(pkg, d): outdir = d.getVar('PKGWRITEDIRIPK') pkgdest = d.getVar('PKGDEST') + recipesource = os.path.basename(d.getVar('FILE')) localdata = bb.data.createCopy(d) root = "%s/%s" % (pkgdest, pkg) @@ -205,10 +206,7 @@ def ipk_write_pkg(pkg, d): ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces)) if rconflicts: ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts)) - src_uri = localdata.getVar("SRC_URI").strip() or "None" - if src_uri: - src_uri = re.sub("\s+", " ", src_uri) - ctrlfile.write("Source: %s\n" % " ".join(src_uri.split())) + ctrlfile.write("Source: %s\n" % recipesource) ctrlfile.close() for script in ["preinst", "postinst", "prerm", "postrm"]: -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
