From patchwork Tue Jul 19 20:13:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 10384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D03CC43334 for ; Tue, 19 Jul 2022 20:14:01 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.45475.1658261640407845095 for ; Tue, 19 Jul 2022 13:14:00 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7623B15A1; Tue, 19 Jul 2022 13:14:00 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 80F993F766; Tue, 19 Jul 2022 13:13:59 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 6/9] arm/optee: ignore buildpath warnings Date: Tue, 19 Jul 2022 21:13:50 +0100 Message-Id: <20220719201353.1467716-6-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220719201353.1467716-1-ross.burton@arm.com> References: <20220719201353.1467716-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Jul 2022 20:14:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3579 Latest oe-core has enabled the buildpaths QA check, which warns if the build paths are present inside binaries. This is because build paths in deployed binaries is both information leakage and non-reproducible. Until this is fixed, skip this check. Signed-off-by: Ross Burton --- meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb | 3 +++ meta-arm/recipes-security/optee/optee-os.inc | 3 ++- meta-arm/recipes-security/optee/optee-spdevkit_git.bb | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb index 5d54d4ed..5ff373ad 100644 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.17.0.bb @@ -20,3 +20,6 @@ do_deploy() { } FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index eee715f5..8942facd 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -63,7 +63,8 @@ FILES:${PN} = "${nonarch_base_libdir}/firmware/" # note: "textrel" is not triggered on all archs INSANE_SKIP:${PN} = "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" INSANE_SKIP:${PN}-dev = "staticdev" - INHIBIT_PACKAGE_STRIP = "1" diff --git a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb index def2d8d9..7608cec0 100644 --- a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb +++ b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb @@ -301,3 +301,5 @@ COMPATIBLE_HOST = "aarch64.*-linux" # optee-spdevkit static library is part of optee-os image. No need to package this library in a staticdev package INSANE_SKIP:${PN}-dev = "staticdev" +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths"