diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-python2/classes | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-python2/classes')
7 files changed, 196 insertions, 0 deletions
diff --git a/external/meta-python2/classes/bandit.bbclass b/external/meta-python2/classes/bandit.bbclass new file mode 100644 index 00000000..dc1041e4 --- /dev/null +++ b/external/meta-python2/classes/bandit.bbclass @@ -0,0 +1,63 @@ +# Class to scan Python code for security issues, using Bandit. +# +# $ bitbake python-foo -c bandit +# +# Writes the report to $DEPLOY_DIR/bandit/python-foo.html. +# No output if no issues found, a warning if issues found. +# +# https://github.com/PyCQA/bandit + +# Default location of sources, based on standard distutils +BANDIT_SOURCE ?= "${S}/build" + +# The report format to use. +# https://bandit.readthedocs.io/en/latest/formatters/index.html +BANDIT_FORMAT ?= "html" + +# Whether a scan should be done every time the recipe is built. +# +# By default the scanning needs to be done explicitly, but by setting BANDIT_AUTO +# to 1 the scan will be done whenever the recipe it built. Note that you +# shouldn't set BANDIT_AUTO to 1 globally as it will then try to scan every +# recipe, including non-Python recipes, causing circular loops. +BANDIT_AUTO ?= "0" + +# Whether Bandit finding issues results in a warning (0) or an error (1). +BANDIT_FATAL ?= "0" + +do_bandit[depends] = "python3-bandit-native:do_populate_sysroot" +python do_bandit() { + import os, subprocess + try: + report = d.expand("${DEPLOY_DIR}/bandit/${PN}-${PV}.${BANDIT_FORMAT}") + os.makedirs(os.path.dirname(report), exist_ok=True) + + args = ("bandit", + "--format", d.getVar("BANDIT_FORMAT"), + "--output", report, + "-ll", + "--recursive", d.getVar("BANDIT_SOURCE")) + subprocess.check_output(args, stderr=subprocess.STDOUT) + bb.note("Bandit found no issues (report written to %s)" % report) + except subprocess.CalledProcessError as e: + if e.returncode == 1: + if oe.types.boolean(d.getVar("BANDIT_FATAL")): + bb.error("Bandit found issues (report written to %s)" % report) + else: + bb.warn("Bandit found issues (report written to %s)" % report) + else: + bb.error("Bandit failed:\n" + e.output.decode("utf-8")) +} + +python() { + before = "do_build" + after = "do_compile" + + if oe.types.boolean(d.getVar("BANDIT_AUTO")): + bb.build.addtask("do_bandit", before, after, d) + else: + bb.build.addtask("do_bandit", None, after, d) +} + +# TODO: store report in sstate +# TODO: a way to pass extra args or .bandit file, basically control -ll diff --git a/external/meta-python2/classes/distutils-base.bbclass b/external/meta-python2/classes/distutils-base.bbclass new file mode 100644 index 00000000..9f398d70 --- /dev/null +++ b/external/meta-python2/classes/distutils-base.bbclass @@ -0,0 +1,4 @@ +DEPENDS += "${@["${PYTHON_PN}-native ${PYTHON_PN}", ""][(d.getVar('PACKAGES') == '')]}" +RDEPENDS_${PN} += "${@['', '${PYTHON_PN}-core']['${CLASSOVERRIDE}' == 'class-target']}" + +inherit distutils-common-base pythonnative diff --git a/external/meta-python2/classes/distutils.bbclass b/external/meta-python2/classes/distutils.bbclass new file mode 100644 index 00000000..3759b582 --- /dev/null +++ b/external/meta-python2/classes/distutils.bbclass @@ -0,0 +1,87 @@ +inherit distutils-base + +DISTUTILS_BUILD_ARGS ?= "" +DISTUTILS_STAGE_HEADERS_ARGS ?= "--install-dir=${STAGING_INCDIR}/${PYTHON_DIR}" +DISTUTILS_STAGE_ALL_ARGS ?= "--prefix=${STAGING_DIR_HOST}${prefix} \ + --install-data=${STAGING_DATADIR}" +DISTUTILS_INSTALL_ARGS ?= "--root=${D} \ + --prefix=${prefix} \ + --install-lib=${PYTHON_SITEPACKAGES_DIR} \ + --install-data=${datadir}" + +DISTUTILS_PYTHON = "python" +DISTUTILS_PYTHON_class-native = "nativepython" + +distutils_do_configure() { + if [ "${CLEANBROKEN}" != "1" ] ; then + NO_FETCH_BUILD=1 \ + ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py clean ${DISTUTILS_BUILD_ARGS} + fi +} + +distutils_do_compile() { + NO_FETCH_BUILD=1 \ + STAGING_INCDIR=${STAGING_INCDIR} \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py build ${DISTUTILS_BUILD_ARGS} || \ + bbfatal_log "'${PYTHON_PN} setup.py build ${DISTUTILS_BUILD_ARGS}' execution failed." +} + +distutils_stage_headers() { + install -d ${STAGING_DIR_HOST}${PYTHON_SITEPACKAGES_DIR} + ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py install_headers ${DISTUTILS_STAGE_HEADERS_ARGS} || \ + bbfatal_log "'${PYTHON_PN} setup.py install_headers ${DISTUTILS_STAGE_HEADERS_ARGS}' execution for stage_headers failed." +} + +distutils_stage_all() { + STAGING_INCDIR=${STAGING_INCDIR} \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + install -d ${STAGING_DIR_HOST}${PYTHON_SITEPACKAGES_DIR} + PYTHONPATH=${STAGING_DIR_HOST}${PYTHON_SITEPACKAGES_DIR} \ + ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py install ${DISTUTILS_STAGE_ALL_ARGS} || \ + bbfatal_log "'${PYTHON_PN} setup.py install ${DISTUTILS_STAGE_ALL_ARGS}' execution for stage_all failed." +} + +distutils_do_install() { + install -d ${D}${PYTHON_SITEPACKAGES_DIR} + STAGING_INCDIR=${STAGING_INCDIR} \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + PYTHONPATH=${D}${PYTHON_SITEPACKAGES_DIR} \ + ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py install ${DISTUTILS_INSTALL_ARGS} || \ + bbfatal_log "'${PYTHON_PN} setup.py install ${DISTUTILS_INSTALL_ARGS}' execution failed." + + # support filenames with *spaces* + # only modify file if it contains path and recompile it + find ${D} -name "*.py" -exec grep -q ${D} {} \; \ + -exec sed -i -e s:${D}::g {} \; \ + -exec ${STAGING_BINDIR_NATIVE}/python-native/python -mcompileall {} \; + + for i in ${D}${bindir}/* ${D}${sbindir}/*; do + if [ -f "$i" ]; then + sed -i -e s:${PYTHON}:${USRBINPATH}/env\ ${DISTUTILS_PYTHON}:g $i + sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g $i + fi + done + + rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/easy-install.pth + rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/site.py* + + # + # FIXME: Bandaid against wrong datadir computation + # + if [ -e ${D}${datadir}/share ]; then + mv -f ${D}${datadir}/share/* ${D}${datadir}/ + rmdir ${D}${datadir}/share + fi + + # Fix backport modules + if [ -e ${STAGING_LIBDIR}/${PYTHON_DIR}/site-packages/backports/__init__.py ] && + [ -e ${D}${PYTHON_SITEPACKAGES_DIR}/backports/__init__.py ]; then + rm ${D}${PYTHON_SITEPACKAGES_DIR}/backports/__init__.py; + rm ${D}${PYTHON_SITEPACKAGES_DIR}/backports/__init__.pyc; + fi +} + +EXPORT_FUNCTIONS do_configure do_compile do_install + +export LDSHARED="${CCLD} -shared" diff --git a/external/meta-python2/classes/python-backports-init.bbclass b/external/meta-python2/classes/python-backports-init.bbclass new file mode 100644 index 00000000..727bc4a8 --- /dev/null +++ b/external/meta-python2/classes/python-backports-init.bbclass @@ -0,0 +1,7 @@ +inherit python-dir + +RDEPENDS_${PN} += "python-backports-init" + +do_install_prepend() { + rm -rf $(find . -path "*/backports/__init__.py" -type f) +} diff --git a/external/meta-python2/classes/python-dir.bbclass b/external/meta-python2/classes/python-dir.bbclass new file mode 100644 index 00000000..a11dc350 --- /dev/null +++ b/external/meta-python2/classes/python-dir.bbclass @@ -0,0 +1,5 @@ +PYTHON_BASEVERSION = "2.7" +PYTHON_ABI = "" +PYTHON_DIR = "python${PYTHON_BASEVERSION}" +PYTHON_PN = "python" +PYTHON_SITEPACKAGES_DIR = "${libdir}/${PYTHON_DIR}/site-packages" diff --git a/external/meta-python2/classes/pythonnative.bbclass b/external/meta-python2/classes/pythonnative.bbclass new file mode 100644 index 00000000..0e9019d1 --- /dev/null +++ b/external/meta-python2/classes/pythonnative.bbclass @@ -0,0 +1,27 @@ + +inherit python-dir + +PYTHON="${STAGING_BINDIR_NATIVE}/python-native/python" +# PYTHON_EXECUTABLE is used by cmake +PYTHON_EXECUTABLE="${PYTHON}" +EXTRANATIVEPATH += "python-native" +DEPENDS_append = " python-native " + +# python-config and other scripts are using distutils modules +# which we patch to access these variables +export STAGING_INCDIR +export STAGING_LIBDIR + +# Packages can use +# find_package(PythonInterp REQUIRED) +# find_package(PythonLibs REQUIRED) +# which ends up using libs/includes from build host +# Therefore pre-empt that effort +export PYTHON_LIBRARY="${STAGING_LIBDIR}/lib${PYTHON_DIR}${PYTHON_ABI}.so" +export PYTHON_INCLUDE_DIR="${STAGING_INCDIR}/${PYTHON_DIR}${PYTHON_ABI}" + +# suppress host user's site-packages dirs. +export PYTHONNOUSERSITE = "1" + +# autoconf macros will use their internal default preference otherwise +export PYTHON diff --git a/external/meta-python2/classes/setuptools.bbclass b/external/meta-python2/classes/setuptools.bbclass new file mode 100644 index 00000000..a923ea3c --- /dev/null +++ b/external/meta-python2/classes/setuptools.bbclass @@ -0,0 +1,3 @@ +inherit distutils + +DEPENDS += "python-setuptools-native" |