@@ -324,15 +324,27 @@ def get_signatures(builddir, failsafe=False, machine=None, extravars=None):
else:
raise
- sig_regex = re.compile(r"^(?P<task>[^:]*:[^:]*)(:(?P<taskhash>[^:]*))?:(?P<hash>.*) .$")
- tune_regex = re.compile(r"(^|\s)SIGGEN_LOCKEDSIGS_t-(?P<tune>\S*)\s*=\s*")
+ sig_regex = re.compile(r"^(?P<task>[^:]*:[^:]*):(?P<hash>[^:]*) .$")
+ assignment_regex = re.compile(r"^\s*(?P<var>\S+)\s*\+?=")
+ lockedsigs_regex = re.compile(r"^SIGGEN_LOCKEDSIGS_t-(?P<tune>\S*)$")
current_tune = None
with open(sigs_file, 'r') as f:
for line in f.readlines():
line = line.strip()
- t = tune_regex.search(line)
- if t:
- current_tune = t.group('tune')
+ assignment = assignment_regex.search(line)
+ if assignment:
+ lockedsigs = lockedsigs_regex.search(assignment.group('var'))
+ if lockedsigs:
+ # This variable contains signatures we want to compare
+ current_tune = lockedsigs.group('tune')
+ else:
+ # This variable isn't relevant for us
+ current_tune = None
+ continue
+
+ if not current_tune:
+ continue
+
s = sig_regex.match(line)
if s:
exclude = False
Previous attempts to fix get_signatures() (see fixes tags below) were misguided. SIGGEN_UNIHASHMAP was added by commit 11373def3171 ("sstatesig/populate_sdk_ext: Improve unihash cache handling"), and exists to map taskhashes to unihashes for use by other code. Importantly, entries in the list are duplicates of entries in SIGGEN_LOCKEDSIGS_t-* lists but are not split by tune here. The code in get_signatures() was not updated to handle SIGGEN_UNIHASHMAP and so was accidentally treating these as additional signatures to check for conflicts. However, current_tune was stuck at the value of the last SIGGEN_LOCKEDSIGS_t-* assignment seen, typically x86-64 due to sorting. So, we got nonsensical errors like the following (split for readability): AssertionError: The machines have conflicting signatures for some shared tasks: x86-64 busybox:do_recipe_qa: 5638e2062f09663bf2536a5f91e8788511aa6c31eac8e173dae1aee49e895945 (beaglebone-yocto, genericarm64, genericx86) != ae5900e39ac275822744f241eefc7f0e707e43e03fd3107d82b5190e4a4e6da9 (genericx86-64) The error only occurred with a hash equivalence server running, since without one SIGGEN_UNIHASHMAP is empty. It was also non-deterministic - a task only appears in the unihash map after the hashequiv server has recorded a mapping for it, which may not happen on the first build after a metadata change. After this change, the locked-sigs.inc parser in yocto-check-layer is still somewhat fragile and we need to be careful with future changes that modify the locked sigs output. However, we can at least track which variable we are looking at now :) Fixes: 225923f3bfec ("checklayer: Really fix regex in get_signatures") Fixes: a2f7052cf832 ("checklayer: Fix regex in get_signatures") Signed-off-by: Paul Barker <paul@pbarker.dev> --- Tested on the autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/27/builds/3565 Also confirmed ability to detect signature conflicts by adding `echo ${MACHINE}` to do_compile in an allarch recipe: https://autobuilder.yoctoproject.org/valkyrie/#/builders/27/builds/3568 --- scripts/lib/checklayer/__init__.py | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) --- base-commit: e954a94b5b528b2430e8da331107d7d58287f89b change-id: 20260403-checklayer-3-b9b89d51bdee Best regards, -- Paul Barker