markus.lehr/yoctor-layers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added my Recipes

Browse Source
This commit is contained in:
Markus Lehr
2024-07-11 14:16:35 +02:00
parent 38bc4f53ac
commit 09b621d929
7118 changed files with 525762 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
meta-openembedded/meta-python/classes/bandit.bbclass Normal file
View File

@@ -0,0 +1,63 @@
# Class to scan Python code for security issues, using Bandit.
#
# $ bitbake python-foo -c bandit
#
# Writes the report to $DEPLOY_DIR/bandit/python-foo.html.
# No output if no issues found, a warning if issues found.
#
# https://github.com/PyCQA/bandit
# Default location of sources, based on standard distutils
BANDIT_SOURCE ?= "${S}/build"
# The report format to use.
# https://bandit.readthedocs.io/en/latest/formatters/index.html
BANDIT_FORMAT ?= "html"
# Whether a scan should be done every time the recipe is built.
#
# By default the scanning needs to be done explicitly, but by setting BANDIT_AUTO
# to 1 the scan will be done whenever the recipe it built. Note that you
# shouldn't set BANDIT_AUTO to 1 globally as it will then try to scan every
# recipe, including non-Python recipes, causing circular loops.
BANDIT_AUTO ?= "0"
# Whether Bandit finding issues results in a warning (0) or an error (1).
BANDIT_FATAL ?= "0"
do_bandit[depends] = "python3-bandit-native:do_populate_sysroot"
python do_bandit() {
import os, subprocess
try:
report = d.expand("${DEPLOY_DIR}/bandit/${PN}-${PV}.${BANDIT_FORMAT}")
os.makedirs(os.path.dirname(report), exist_ok=True)
args = ("bandit",
"--format", d.getVar("BANDIT_FORMAT"),
"--output", report,
"-ll",
"--recursive", d.getVar("BANDIT_SOURCE"))
subprocess.check_output(args, stderr=subprocess.STDOUT)
bb.note("Bandit found no issues (report written to %s)" % report)
except subprocess.CalledProcessError as e:
if e.returncode == 1:
if oe.types.boolean(d.getVar("BANDIT_FATAL")):
bb.error("Bandit found issues (report written to %s)" % report)
else:
bb.warn("Bandit found issues (report written to %s)" % report)
else:
bb.error("Bandit failed:\n" + e.output.decode("utf-8"))
}
python() {
before = "do_build"
after = "do_compile"
if oe.types.boolean(d.getVar("BANDIT_AUTO")):
bb.build.addtask("do_bandit", before, after, d)
else:
bb.build.addtask("do_bandit", None, after, d)
}
# TODO: store report in sstate
# TODO: a way to pass extra args or .bandit file, basically control -ll

28
meta-openembedded/meta-python/classes/distutils-common-base.bbclass Normal file
View File

@@ -0,0 +1,28 @@
export STAGING_INCDIR
export STAGING_LIBDIR
# LDSHARED is the ld *command* used to create shared library
export LDSHARED = "${CCLD} -shared"
# LDXXSHARED is the ld *command* used to create shared library of C++
# objects
export LDCXXSHARED = "${CXX} -shared"
# CCSHARED are the C *flags* used to create objects to go into a shared
# library (module)
export CCSHARED = "-fPIC -DPIC"
# LINKFORSHARED are the flags passed to the $(CC) command that links
# the python executable
export LINKFORSHARED = "${SECURITY_CFLAGS} -Xlinker -export-dynamic"
FILES:${PN} += "${libdir}/* ${libdir}/${PYTHON_DIR}/*"
FILES:${PN}-staticdev += "\
${PYTHON_SITEPACKAGES_DIR}/*.a \
"
FILES:${PN}-dev += "\
${datadir}/pkgconfig \
${libdir}/pkgconfig \
${PYTHON_SITEPACKAGES_DIR}/*.la \
"
python __anonymous() {
bb.warn("distutils-common-base.bbclass is deprecated, please use setuptools3-base.bbclass instead")
}

9
meta-openembedded/meta-python/classes/distutils3-base.bbclass Normal file
View File

@@ -0,0 +1,9 @@
DEPENDS:append:class-target = " ${PYTHON_PN}-native ${PYTHON_PN}"
DEPENDS:append:class-nativesdk = " ${PYTHON_PN}-native ${PYTHON_PN}"
RDEPENDS:${PN} += "${@['', '${PYTHON_PN}-core']['${CLASSOVERRIDE}' == 'class-target']}"
inherit distutils-common-base python3native python3targetconfig
python __anonymous() {
bb.warn("distutils3-base.bbclass is deprecated, please use setuptools3-base.bbclass instead")

71
meta-openembedded/meta-python/classes/distutils3.bbclass Normal file
View File

@@ -0,0 +1,71 @@
inherit distutils3-base
B = "${WORKDIR}/build"
distutils_do_configure[cleandirs] = "${B}"
DISTUTILS_BUILD_ARGS ?= ""
DISTUTILS_INSTALL_ARGS ?= "--root=${D} \
--prefix=${prefix} \
--install-lib=${PYTHON_SITEPACKAGES_DIR} \
--install-data=${datadir}"
DISTUTILS_PYTHON = "python3"
DISTUTILS_PYTHON:class-native = "nativepython3"
DISTUTILS_SETUP_PATH ?= "${S}"
python __anonymous() {
bb.warn("distutils3.bbclass is deprecated, please use setuptools3.bbclass instead")
}
distutils3_do_configure() {
:
}
distutils3_do_compile() {
cd ${DISTUTILS_SETUP_PATH}
NO_FETCH_BUILD=1 \
STAGING_INCDIR=${STAGING_INCDIR} \
STAGING_LIBDIR=${STAGING_LIBDIR} \
${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py \
build --build-base=${B} ${DISTUTILS_BUILD_ARGS} || \
bbfatal_log "'${PYTHON_PN} setup.py build ${DISTUTILS_BUILD_ARGS}' execution failed."
}
distutils3_do_compile[vardepsexclude] = "MACHINE"
distutils3_do_install() {
cd ${DISTUTILS_SETUP_PATH}
install -d ${D}${PYTHON_SITEPACKAGES_DIR}
STAGING_INCDIR=${STAGING_INCDIR} \
STAGING_LIBDIR=${STAGING_LIBDIR} \
PYTHONPATH=${D}${PYTHON_SITEPACKAGES_DIR} \
${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py \
build --build-base=${B} install --skip-build ${DISTUTILS_INSTALL_ARGS} || \
bbfatal_log "'${PYTHON_PN} setup.py install ${DISTUTILS_INSTALL_ARGS}' execution failed."
# support filenames with *spaces*
find ${D} -name "*.py" -exec grep -q ${D} {} \; \
-exec sed -i -e s:${D}::g {} \;
for i in ${D}${bindir}/* ${D}${sbindir}/*; do
if [ -f "$i" ]; then
sed -i -e s:${PYTHON}:${USRBINPATH}/env\ ${DISTUTILS_PYTHON}:g $i
sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g $i
fi
done
rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/easy-install.pth
#
# FIXME: Bandaid against wrong datadir computation
#
if [ -e ${D}${datadir}/share ]; then
mv -f ${D}${datadir}/share/* ${D}${datadir}/
rmdir ${D}${datadir}/share
fi
}
distutils3_do_install[vardepsexclude] = "MACHINE"
EXPORT_FUNCTIONS do_configure do_compile do_install
export LDSHARED="${CCLD} -shared"