From patchwork Wed Sep 5 22:22:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Angelo Compagnucci X-Patchwork-Id: 966723 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="LtTE2lnP"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 425J9K5QX4z9sCh for ; Thu, 6 Sep 2018 08:22:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id BBF6088840; Wed, 5 Sep 2018 22:22:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME+jHJUd56I2; Wed, 5 Sep 2018 22:22:23 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id D11B188838; Wed, 5 Sep 2018 22:22:23 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id C83381C2B9B for ; Wed, 5 Sep 2018 22:22:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id C57558786F for ; Wed, 5 Sep 2018 22:22:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWmcBZoIF7qt for ; Wed, 5 Sep 2018 22:22:21 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 4459B8786B for ; Wed, 5 Sep 2018 22:22:21 +0000 (UTC) Received: by mail-wr1-f47.google.com with SMTP id z96-v6so9230033wrb.8 for ; Wed, 05 Sep 2018 15:22:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cdYllzhSdAwzGCXyZ1l2oRxelQf8UiZbgp03/q7nmoc=; b=LtTE2lnP+rIGUp50omvkr3B4uXl8f/ggOVhf/dQYMVz+tuR0e2Y/pTojdafUohlQ/U qCL7BaWVSMsGb0aQ8u2fTZaB9RJRIz8Fe62mgaxBFph5sMHQtr9EYBljQUv4HlqE1djY yVzY0VJR0tCBxewkGWZJBaDc1E+w+vlsIBaWhKv2GwPUZuXUmFHikbHeE5FFZORF1pfc NGt3L0oHn//l3zdXIdGf+Kz5VPwuMVSMu3J0xM2fw7g+Hy38vrbXaZGXXrW+qDDjYL9q aMdvuhuH/fsTBF2HS1g/IDkN0v8kIWRuqJ+RPCOSyvekEiB5/IyDE5y20YFt4nCX2I71 vaWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cdYllzhSdAwzGCXyZ1l2oRxelQf8UiZbgp03/q7nmoc=; b=PKPem2KW8+lKp3pd86HDrQOFiSHXY+Y3WdEa7H81fguYM7QSt6jZwWsVIyLoiAz5GM 2/GMqNwIQa/F/MBYwaePMvMrVT30Kq8Ve6AiXuZuXViC68SPGddt65B0qOaMzbrsCsvg N7bqK6vOZ7LKF3cRNKbM6r9UBZMPFk53h/jjRzouLAxZGb4iHqITdFbh+z1pPupexqZB 3R1vhldCgvDk8kcjTUqIausD60G8LGXX7Qi4BKdBZW5BfxeJ8xjZVO8RNeayq2eKOOF3 Dwxop1IvYHG0fX3m0FNfw019S+0JbAQnmS/8WC6En6Fo06UBjam53PXcW+X6OiU9HSJ2 6b8Q== X-Gm-Message-State: APzg51DuA606iuNQXr83WKdA+Z1zQopjkkdTmnisvbGdWCP6/Ki9ow54 GWIKF/+zuywlji5ATlPqU87jNAuG X-Google-Smtp-Source: ANB0VdZNOIuco+x3QT70L92TiEBtQk4U0of4cBRY2EW0XtoGX4XKh9d6F1kMNFUmfRP0qZ3qZA8r7Q== X-Received: by 2002:a5d:6103:: with SMTP id v3-v6mr29180392wrt.265.1536186139577; Wed, 05 Sep 2018 15:22:19 -0700 (PDT) Received: from localhost.localdomain ([37.162.44.87]) by smtp.gmail.com with ESMTPSA id b10-v6sm4303981wmc.28.2018.09.05.15.22.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 05 Sep 2018 15:22:18 -0700 (PDT) From: Angelo Compagnucci To: buildroot@buildroot.org Date: Thu, 6 Sep 2018 00:22:11 +0200 Message-Id: <1536186133-9933-2-git-send-email-angelo.compagnucci@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1536186133-9933-1-git-send-email-angelo.compagnucci@gmail.com> References: <1536186133-9933-1-git-send-email-angelo.compagnucci@gmail.com> Subject: [Buildroot] [PATCH v5 1/3] Makefile: add tainting support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Angelo Compagnucci MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Packages who harms the build reproducibility or licensing can declare FOO_TAINTS variable. If a package taints the build it will be added to a list of tainting packages. The build ends with a warning if the tainting packages list is not empty. Moreover, legal info will show a warning in presence of a tainting package. Tainting of host packages is not supported right now. Signed-off-by: Angelo Compagnucci Signed-off-by: Angelo Compagnucci --- Makefile | 10 ++++++++++ package/pkg-generic.mk | 15 +++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/Makefile b/Makefile index 9d66bba..ad61130 100644 --- a/Makefile +++ b/Makefile @@ -758,12 +758,21 @@ endif touch $(TARGET_DIR)/usr +.PHONY: check-tainted +check-tainted: +ifneq ($(BR2_TAINTED_BY),) + $(error Your buildroot configuration is tainted by: $(BR2_TAINTED_BY)) +else + @echo "Your buildroot configuration is not tainted" +endif + .PHONY: target-post-image target-post-image: $(TARGETS_ROOTFS) target-finalize @rm -f $(ROOTFS_COMMON_TAR) @$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_IMAGE_SCRIPT)), \ $(call MESSAGE,"Executing post-image script $(s)"); \ $(EXTRA_ENV) $(s) $(BINARIES_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep)) + $(if $(BR2_TAINTED_BY),@echo "WARNING: Your buildroot configuration is tainted by: $(BR2_TAINTED_BY).") .PHONY: source source: $(foreach p,$(PACKAGES),$(p)-all-source) @@ -1070,6 +1079,7 @@ help: @echo ' source - download all sources needed for offline-build' @echo ' external-deps - list external packages used' @echo ' legal-info - generate info about license compliance' + @echo ' check-tainted - check if any selected package harms build reproducibility or licensing' @echo ' printvars - dump all the internal variables' @echo @echo ' make V=0|1 - 0 => quiet build (default), 1 => verbose build' diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 91b61c6..465916c 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -870,6 +870,15 @@ else $(2)_KCONFIG_VAR = BR2_PACKAGE_$(2) endif +ifdef $(2)_TAINTS +ifeq ($$($$($(2)_KCONFIG_VAR)),y) +BR2_TAINTED_BY+=$$($(2)_RAWNAME) +endif +ifeq ($$($(2)_TYPE),host) +$$(error "Host package $(1) has $(2)_TAINTS set: not supported) +endif +endif + # legal-info: declare dependencies and set values used later for the manifest ifneq ($$($(2)_LICENSE_FILES),) $(2)_MANIFEST_LICENSE_FILES = $$($(2)_LICENSE_FILES) @@ -909,6 +918,12 @@ else $(Q)$$(foreach F,$$($(2)_LICENSE_FILES),$$(call legal-license-file,$$($(2)_RAWNAME),$$($(2)_BASENAME_RAW),$$($(2)_PKGDIR),$$(F),$$($(2)_DIR)/$$(F),$$(call UPPERCASE,$(4)))$$(sep)) endif # license files +ifeq ($$(call qstrip,$$($(2)_TAINTS)),YES) +ifeq ($$($$($(2)_KCONFIG_VAR)),y) + $(Q)$$(call legal-warning-pkg,$$($(2)_RAWNAME),unknown license for additional modules or dependencies) +endif +endif + ifeq ($$($(2)_SITE_METHOD),local) # Packages without a tarball: don't save and warn @$$(call legal-warning-nosource,$$($(2)_RAWNAME),local)