Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow sha256sum from SRC_URI option in srcurichecksum and srcurioptions checks #671

Merged
merged 2 commits into from
Dec 10, 2024
Merged

Allow sha256sum from SRC_URI option in srcurichecksum and srcurioptions checks #671

merged 2 commits into from
Dec 10, 2024

Conversation

amuetzel
Copy link
Contributor

The bitbake manual specifies that the checksum of downloaded files may not only be specified in the SRC_URI[sha256sum] = form, but also appended to the URL as http://<url>;sha256sum=123...:

You can also specify the checksums as parameters on the SRC_URI as shown below:
SRC_URI = "http://example.com/foobar.tar.bz2;md5sum=4a8e0f237e961fd7785d19d07fdb994d"

Expected behavior

Given a SRC_URI with embedded sha256sum, bitbake verifies the checksum correctly and oelint-adv does not output any warning.

Observed behavior

Using this form results bitbake correctly verifying the checksum, but oelint-adv produces two warnings per entry. This was observed with the https fetcher:

error:oelint.vars.srcurichecksum:SRC_URI[sha256sum] is needed
warning:oelint.vars.srcurioptions:Option 'sha256sum' is not known with this fetcher type

Fix

This PR adds the sha256sum and md5sum options to the list of allowed options for the file download fetchers for the srcurioptions check to remove the warning.
And it lets the srcurichecksum accept the sha256sum option by skipping the check for a SRC_URI[sha256sum] flag if that option is set for the given source, which fixes the error.

Note: the list of file download fetchers was taken from tests/test_class_oelint_vars_srcurichecksum.py, so any fetcher that was previously included in the srcurichecksum check now is able to handle this syntax. I am not familar with the az and s3 fetchers and do not have access to sources on these services to verify that the sha256sum= option actually works with these fetchers.
However, the fetcher code implies that it does in bitbake/lib/bb/fetch2, since there is no special checksum handling in the respective fetchers and they all set the supports_checksum/recommends_checksum just like the wget fetcher does (which is responsible for fetching https urls).

Pull request checklist

Bugfix

  • A testcase was added to test the behavior

## New feature

- [ ] A testcase was added to test the behavior
- [ ] wiki-creator.py was run and a new wiki document was filled with information
- [ ] New functions are documented with docstrings
- [ ] No debug code is left
- [ ] README.md was updated to reflect the changes (check even if n.a.)

@amuetzel
srcurichecksum: use checksum from url line
3a3bc2b 
The bitbake documentation states that it is allowed to specify the
checksum as a part of the SRC_URI line instead of setting it as a flag
for the variable.
This is rarely used but valid, so do not emit a finding in this case.
@amuetzel
srcurioptions: allow checksums for file fetchers
7f798e1 
The bitbake documentation states that file checksums can be specified in
the options of a SRC_URI, not only as a flag for that variable. So allow
these options for the respective file URLs.
@amuetzel amuetzel force-pushed the allow-srcuri-checksum-in-url branch from b1997c4 to 7f798e1 Compare December 10, 2024 14:30
@priv-kweihmann priv-kweihmann merged commit c8c9e9e into priv-kweihmann:master Dec 10, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amuetzel @priv-kweihmann