| Message ID | 20251008142620.692102-1-ross.burton@arm.com |
|---|---|
| State | Accepted, archived |
| Commit | 9247e242bf0e2384142427b67e5f1f7b4018c45d |
| Headers | show |
| Series | clang: consolidate LLVM_APPEND_VC_REV=OFF | expand |
LGTM On Wed, Oct 8, 2025 at 7:26 AM Ross Burton via lists.openembedded.org <ross.burton=arm.com@lists.openembedded.org> wrote: > > Whilst the change to add TMPDIR to GIT_CEILING_DIRECTORIES should stop > LLVM from embedding git information into the recipes, also disable this > behaviour explicitly. > > We do this because it's not just the sha of the source tree but also > the full URL of the repository, which would be an information leak if > an internal git mirror was being used. > > Signed-off-by: Ross Burton <ross.burton@arm.com> > --- > meta/recipes-devtools/clang/clang_git.bb | 1 - > meta/recipes-devtools/clang/common-clang.inc | 4 ++++ > meta/recipes-devtools/clang/openmp_git.bb | 1 - > 3 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-devtools/clang/clang_git.bb b/meta/recipes-devtools/clang/clang_git.bb > index ca539635902..e10c327a2af 100644 > --- a/meta/recipes-devtools/clang/clang_git.bb > +++ b/meta/recipes-devtools/clang/clang_git.bb > @@ -57,7 +57,6 @@ SOLIBSDEV:mingw32 = ".pyd" > #CMAKE_VERBOSE = "VERBOSE=1" > > EXTRA_OECMAKE += "-DLLVM_ENABLE_ASSERTIONS=OFF \ > - -DLLVM_APPEND_VC_REV=OFF \ > -DLLVM_ENABLE_PIC=ON \ > -DCLANG_DEFAULT_PIE_ON_LINUX=ON \ > -DFFI_INCLUDE_DIR=$(pkg-config --variable=includedir libffi) \ > diff --git a/meta/recipes-devtools/clang/common-clang.inc b/meta/recipes-devtools/clang/common-clang.inc > index f7b7a1cf9a0..2e9d3d73f92 100644 > --- a/meta/recipes-devtools/clang/common-clang.inc > +++ b/meta/recipes-devtools/clang/common-clang.inc > @@ -48,4 +48,8 @@ def get_clang_target_arch(bb, d): > # install they cause non-deterministic binaries. > EXTRA_OECMAKE += "-DCMAKE_BUILD_WITH_INSTALL_RPATH=ON" > > +# Don't embed found git information into the version string as this > +# will include the git server URL. > +EXTRA_OECMAKE += "-DLLVM_APPEND_VC_REV=OFF" > + > require common.inc > diff --git a/meta/recipes-devtools/clang/openmp_git.bb b/meta/recipes-devtools/clang/openmp_git.bb > index 2d86718dee6..b6b1cc29785 100644 > --- a/meta/recipes-devtools/clang/openmp_git.bb > +++ b/meta/recipes-devtools/clang/openmp_git.bb > @@ -18,7 +18,6 @@ inherit cmake pkgconfig perlnative python3native python3targetconfig > DEPENDS += "elfutils libffi clang" > > EXTRA_OECMAKE += "-DCMAKE_BUILD_TYPE=RelWithDebInfo \ > - -DLLVM_APPEND_VC_REV=OFF \ > -DLLVM_ENABLE_PER_TARGET_RUNTIME_DIR=OFF \ > -DOPENMP_LIBDIR_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \ > -DOPENMP_STANDALONE_BUILD=ON \ > -- > 2.43.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#224583): https://lists.openembedded.org/g/openembedded-core/message/224583 > Mute This Topic: https://lists.openembedded.org/mt/115654687/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/clang/clang_git.bb b/meta/recipes-devtools/clang/clang_git.bb index ca539635902..e10c327a2af 100644 --- a/meta/recipes-devtools/clang/clang_git.bb +++ b/meta/recipes-devtools/clang/clang_git.bb @@ -57,7 +57,6 @@ SOLIBSDEV:mingw32 = ".pyd" #CMAKE_VERBOSE = "VERBOSE=1" EXTRA_OECMAKE += "-DLLVM_ENABLE_ASSERTIONS=OFF \ - -DLLVM_APPEND_VC_REV=OFF \ -DLLVM_ENABLE_PIC=ON \ -DCLANG_DEFAULT_PIE_ON_LINUX=ON \ -DFFI_INCLUDE_DIR=$(pkg-config --variable=includedir libffi) \ diff --git a/meta/recipes-devtools/clang/common-clang.inc b/meta/recipes-devtools/clang/common-clang.inc index f7b7a1cf9a0..2e9d3d73f92 100644 --- a/meta/recipes-devtools/clang/common-clang.inc +++ b/meta/recipes-devtools/clang/common-clang.inc @@ -48,4 +48,8 @@ def get_clang_target_arch(bb, d): # install they cause non-deterministic binaries. EXTRA_OECMAKE += "-DCMAKE_BUILD_WITH_INSTALL_RPATH=ON" +# Don't embed found git information into the version string as this +# will include the git server URL. +EXTRA_OECMAKE += "-DLLVM_APPEND_VC_REV=OFF" + require common.inc diff --git a/meta/recipes-devtools/clang/openmp_git.bb b/meta/recipes-devtools/clang/openmp_git.bb index 2d86718dee6..b6b1cc29785 100644 --- a/meta/recipes-devtools/clang/openmp_git.bb +++ b/meta/recipes-devtools/clang/openmp_git.bb @@ -18,7 +18,6 @@ inherit cmake pkgconfig perlnative python3native python3targetconfig DEPENDS += "elfutils libffi clang" EXTRA_OECMAKE += "-DCMAKE_BUILD_TYPE=RelWithDebInfo \ - -DLLVM_APPEND_VC_REV=OFF \ -DLLVM_ENABLE_PER_TARGET_RUNTIME_DIR=OFF \ -DOPENMP_LIBDIR_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \ -DOPENMP_STANDALONE_BUILD=ON \
Whilst the change to add TMPDIR to GIT_CEILING_DIRECTORIES should stop LLVM from embedding git information into the recipes, also disable this behaviour explicitly. We do this because it's not just the sha of the source tree but also the full URL of the repository, which would be an information leak if an internal git mirror was being used. Signed-off-by: Ross Burton <ross.burton@arm.com> --- meta/recipes-devtools/clang/clang_git.bb | 1 - meta/recipes-devtools/clang/common-clang.inc | 4 ++++ meta/recipes-devtools/clang/openmp_git.bb | 1 - 3 files changed, 4 insertions(+), 2 deletions(-)