diff --git a/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.xml b/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.xml
index 66d8f844e..b0c129000 100644
--- a/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.xml
+++ b/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.xml
@@ -125,6 +125,11 @@
BB_ALLOWED_NETWORKS = "*.gnu.org"
+
+ Limit path control is also possible like.
+ BB_ALLOWED_NETWORKS = "github.com/your_project bitbucket.org/your_company"
+
+
Mirrors not in the host list are skipped and
logged in debug.
diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
index 70387f52d..ce5ff6bd2 100644
--- a/lib/bb/fetch2/__init__.py
+++ b/lib/bb/fetch2/__init__.py
@@ -1071,12 +1071,27 @@ def trusted_network(d, url):
network = network.split(':')[0]
network = network.lower()
+ path = path.lower()
+
+ for host_path in trusted_hosts.split(" "):
+ host_path = host_path.lower()
+ is_trusted = False
+ split_data = host_path.split("/", 1)
+ host = split_data[0]
+ trusted_path = None
+ if len(split_data) == 2:
+ trusted_path = "/" + split_data[1]
- for host in trusted_hosts.split(" "):
- host = host.lower()
if host.startswith("*.") and ("." + network).endswith(host[1:]):
- return True
- if host == network:
+ is_trusted = True
+ elif host == network:
+ is_trusted = True
+
+ if trusted_path and is_trusted:
+ if not path.startswith(trusted_path):
+ is_trusted = False
+
+ if is_trusted:
return True
return False
diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
index 0fd2c0216..7d1651094 100644
--- a/lib/bb/tests/fetch.py
+++ b/lib/bb/tests/fetch.py
@@ -698,6 +698,18 @@ class TrustedNetworksTest(FetcherTest):
self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org server2.org server3.org")
self.assertFalse(bb.fetch.trusted_network(self.d, url))
+ def test_trusted_network_path(self):
+ # Ensure trusted_network returns true when the host and path IS in the list.
+ url = "git://Someserver.org/RightPath/foo;rev=1;branch=master"
+ self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org *.someserver.org/rightpath server2.org")
+ self.assertTrue(bb.fetch.trusted_network(self.d, url))
+
+ def test_untrusted_network_path(self):
+ # Ensure trusted_network returns False when the host is in list but the path is wrong.
+ url = "git://Someserver.org/WrongPath/foo;rev=1;branch=master"
+ self.d.setVar("BB_ALLOWED_NETWORKS", "server1.org *.someserver.org/rightpath server2.org")
+ self.assertFalse(bb.fetch.trusted_network(self.d, url))
+
class URLHandle(unittest.TestCase):
datatable = {