On Mon, Jul 10, 2023 at 05:41:19PM +0530, Aniket Limaye wrote: > > On 07/07/23 02:53, Denys Dmytriyenko wrote: > >From: Denys Dmytriyenko <[email protected]> > > > >Deprecate custom recipe-data class. It was added when Bitbake started > >sanitizing "source" field of generated binary packages due to a CVE > >security vulnerability that could potentially leak local resource > >passwords. This class would bypass the sanitizing step by preserving > >source URLs from recipes to be used in TISDK bundle manifest. > > > >Even with a valid use case, this approach was still questionable and > >now it complicates latest TISDK bundle changes necessary for adding > >a proper secondary toolchain support. Plus bundle manifests don't seem > >to be used that much lately, so deprecate this class. > > Hi Denys, Ryan, > > I was a little concerned with the last statement here. At SDK level > we do use the manifest .txt files that to upload on the release > page. > > I am not sure yet about how this patch affects the manifest txt > file. Does this change the structure at all or just the Source field > for each recipe?
Yes, this change only affects the source field of each recipe/package listed in the manifest. > If the change really is significant, I will be creating a build with > this patch and get back to you if i have concerns. Please let us know if this is a showstopper. -- Denys -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14795): https://lists.yoctoproject.org/g/meta-arago/message/14795 Mute This Topic: https://lists.yoctoproject.org/mt/99994843/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-arago/leave/10763299/21656/89520264/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
