d3a98ba771
When copying files as part of the unpack we currently use cp -p, which is a shortcut for --preserve=mode,ownership,timestamps. We do want to preserve timestamps, because some fetchers set these explicitly. We don't care about ownership. If the files are owned by us then they ill remain owned by us, and if they're not then the attempt to change ownership will be silently ignored. In a shared DL_DIR where files have group ownership this group access isn't relevant in the single-user build tree. We do want to preserve executable bits in the mode, but cp always does this. The difference between --preserve=mode and no --preserve is that the mode isn't preserved exactly (no sticky bits, no suid, umask is applied) but this also isn't a relevant difference in a build tree. Also expand the arguments to be clearer about what options are being passed. The impetus for this is that coreutils 9.4 includes a change in gnulib[1] and will now try to preserve permission-based xattrs if asked to preserve the mode. This can result in cp failing when copying a file from a NFSv4 server with ACLs stored in xattrs to a non-NFS directory where those xattrs cannot be written: cp: preserving permissions for ‘./jquery-3.7.1.js’: Operation not supported The error comes from the kernel refusing to write a system.nfs4_acl xattr to a file on ext4. This situation doesn't appear on all systems with coreutils 9.4, at the time of writing it fails on Ubuntu 24.04 onwards but not Fedora 40. This is because /etc/xattr.conf is used to determine which xattrs describe permissions, and Fedora 40 has removed the NFSv4 attributes[2]. Also, use long-form options to make the cp command clearer. [1] https://github.com/coreutils/gnulib/commit/eb6a8a4dfb [2] https://src.fedoraproject.org/rpms/attr/blob/rawhide/f/0003-attr-2.4.48-xattr-conf-nfs4-acls.patch [ YOCTO #15596 ] (Bitbake rev: 2f35dac0c821ab231459922ed98e1b2cc599ca9a) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are expectations of users of the fetcher code. This file attempts to document some of the constraints that are present. Some are obvious, some are less so. It is documented in the context of how OE uses it but the API calls are generic.
a) network access for sources is only expected to happen in the do_fetch task. This is not enforced or tested but is required so that we can:
i) audit the sources used (i.e. for license/manifest reasons) ii) support offline builds with a suitable cache iii) allow work to continue even with downtime upstream iv) allow for changes upstream in incompatible ways v) allow rebuilding of the software in X years time
b) network access is not expected in do_unpack task.
c) you can take DL_DIR and use it as a mirror for offline builds.
d) access to the network is only made when explicitly configured in recipes (e.g. use of AUTOREV, or use of git tags which change revision).
e) fetcher output is deterministic (i.e. if you fetch configuration XXX now it will match in future exactly in a clean build with a new DL_DIR). One specific pain point example are git tags. They can be replaced and change so the git fetcher has to resolve them with the network. We use git revisions where possible to avoid this and ensure determinism.
f) network access is expected to work with the standard linux proxy variables so that access behind firewalls works (the fetcher sets these in the environment but only in the do_fetch tasks).
g) access during parsing has to be minimal, a "git ls-remote" for an AUTOREV git recipe might be ok but you can't expect to checkout a git tree.
h) we need to provide revision information during parsing such that a version for the recipe can be constructed.
i) versions are expected to be able to increase in a way which sorts allowing package feeds to operate (see PR server required for git revisions to sort).
j) API to query for possible version upgrades of a url is highly desireable to allow our automated upgrage code to function (it is implied this does always have network access).
k) Where fixes or changes to behaviour in the fetcher are made, we ask that test cases are added (run with "bitbake-selftest bb.tests.fetch"). We do have fairly extensive test coverage of the fetcher as it is the only way to track all of its corner cases, it still doesn't give entire coverage though sadly.
l) If using tools during parse time, they will have to be in ASSUME_PROVIDED in OE's context as we can't build git-native, then parse a recipe and use git ls-remote.
Not all fetchers support all features, autorev is optional and doesn't make sense for some. Upgrade detection means different things in different contexts too.