On Thu, Feb 15, 2024 at 2:06 PM Slater, Joseph <joe.sla...@windriver.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Bruce Ashfield <bruce.ashfi...@gmail.com>
> > Sent: Thursday, February 15, 2024 9:57 AM
> > To: yocto@lists.yoctoproject.org; Slater, Joseph <joe.sla...@windriver.com>
> > Cc: MacLeod, Randy <randy.macl...@windriver.com>
> > Subject: Re: [yocto] [meta-security][PATCH 1/1]
> > sanity-meta-security.bbclass:
> > allow warning customization
> >
> > On Thu, Feb 15, 2024 at 12:15 PM Joe Slater via lists.yoctoproject.org
> > <joe.slater=windriver....@lists.yoctoproject.org> wrote:
> > >
> > > From: Joe Slater <joe.sla...@windriver.com>
> > >
> > > Introduce META_SECURITY_SANITY_CHECK_WARNING variable which can be
> > > overridden, if desired.
> >
> > The existence of the patch implies that there's a reason why the warning
> > message isn't appropriate for your use case.
> >
> > That's something that should be explained in the patch.
> >
> > A knob to disable the warning if you know what you are doing has already
> > been
> > provided. So again, this patch implies that you want the warning, but want
> > to
> > change the message .. it would be good to understand why.
> >
> > Bruce
>
> Some people want to know how to disable the warning without reading the
> README. I don't think that's a great idea, but allowing customization would
> let that be done on a distro or similar basis. I didn't want to mention that
> stuff in a commit message, but maybe it should be there.
Things like that should always be mentioned in a commit message.
Technical parts of the changes can be understood by looking at the
commit, the why is the important part.
I wouldn't allow this to be tweaked in my layers, since it opens the
door for incorrect information to be injected into the layer's
warning, but that decision is up to the layer maintainer :)
Bruce
>
> Joe
>
> >
> > >
> > > Signed-off-by: Joe Slater <joe.sla...@windriver.com>
> > > ---
> > > classes/sanity-meta-security.bbclass | 13 +++++++++----
> > > 1 file changed, 9 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/classes/sanity-meta-security.bbclass
> > > b/classes/sanity-meta-security.bbclass
> > > index f9e2698..95180aa 100644
> > > --- a/classes/sanity-meta-security.bbclass
> > > +++ b/classes/sanity-meta-security.bbclass
> > > @@ -1,10 +1,15 @@
> > > addhandler security_bbappend_distrocheck
> > > security_bbappend_distrocheck[eventmask] = "bb.event.SanityCheck"
> > > +
> > > python security_bbappend_distrocheck() {
> > > skip_check = e.data.getVar('SKIP_META_SECURITY_SANITY_CHECK') == "1"
> > > if 'security' not in e.data.getVar('DISTRO_FEATURES').split() and not
> > skip_check:
> > > - bb.warn("You have included the meta-security layer, but \
> > > -'security' has not been enabled in your DISTRO_FEATURES. Some
> > > bbappend files \ -and preferred version setting may not take effect.
> > > See the meta-security README \ -for details on enabling security
> > > support.")
> > > + bb.warn(e.data.getVar('META_SECURITY_SANITY_CHECK_WARNING'))
> > > }
> > > +
> > > +META_SECURITY_SANITY_CHECK_WARNING ??= "\ You have included the
> > > +meta-security layer, but 'security' has not been \ enabled in your
> > > +DISTRO_FEATURES. Some bbappend files and preferred version \ settings
> > > +may not take effect. See the meta-security README for details on \
> > > +enabling security support."
> > > +
> > > --
> > > 2.25.1
> > >
> > >
> > >
> > >
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness await thee
> > at its
> > end
> > - "Use the force Harry" - Gandalf, Star Trek II
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62552): https://lists.yoctoproject.org/g/yocto/message/62552
Mute This Topic: https://lists.yoctoproject.org/mt/104377037/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
