MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
2df986746b
poky/scripts/lib
History
Tim Orling 78ef0313ee recipetool: pypi: do not clobber SRC_URI checksums 
The pypi change:
"85a2a6f68af recipetool: create_buildsys_python: add pypi support"
deleted all the SRC_URI variables, including the SRC_URI checksums.
These are not generated by the pypi.bbclass (how could they be trusted?)

Without the checksum(s), we are vulnerable to a man-in-the-middle attack
and zero checks on the validity of the downloaded tarball from pypi.org.

Fix by only setting S and SRC_URI to None.

(From OE-Core rev: 560181a52111569f7bc57b09139b42510e0d0325)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-12-09 19:17:11 +00:00
..
build_perf meta: correct collections vs collections.abc deprecation 2021-09-19 11:33:14 +01:00
checklayer lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs 2023-10-27 10:53:43 +01:00
devtool devtool: modify: Make --no-extract work again 2023-12-08 16:58:34 +00:00
recipetool recipetool: pypi: do not clobber SRC_URI checksums 2023-12-09 19:17:11 +00:00
resulttool scripts/resulttool: group all regressions in regression report 2023-11-05 08:44:06 +00:00
wic wic: extend empty plugin with options to write zeros to partiton 2023-12-06 22:55:49 +00:00
argparse_oe.py scripts: Add copyright statements to files without one 2022-08-12 11:58:01 +01:00
buildstats.py scripts/lib/buildstats: handle top-level build_stats not being complete 2023-03-25 09:39:28 +00:00
scriptpath.py meta/lib+scripts: Convert to SPDX license headers 2019-05-09 16:31:55 +01:00
scriptutils.py recipes/classes/scripts: Drop SRCPV usage in OE-Core 2023-08-24 16:50:24 +01:00