Tim Orling 78ef0313ee recipetool: pypi: do not clobber SRC_URI checksums ...

The pypi change:
"85a2a6f68af recipetool: create_buildsys_python: add pypi support"
deleted all the SRC_URI variables, including the SRC_URI checksums.
These are not generated by the pypi.bbclass (how could they be trusted?)

Without the checksum(s), we are vulnerable to a man-in-the-middle attack
and zero checks on the validity of the downloaded tarball from pypi.org.

Fix by only setting S and SRC_URI to None.

(From OE-Core rev: 560181a52111569f7bc57b09139b42510e0d0325)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2023-12-09 19:17:11 +00:00

..

build_perf

meta: correct collections vs collections.abc deprecation

2021-09-19 11:33:14 +01:00

checklayer

lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs

2023-10-27 10:53:43 +01:00

devtool

devtool: modify: Make --no-extract work again

2023-12-08 16:58:34 +00:00

recipetool

recipetool: pypi: do not clobber SRC_URI checksums

2023-12-09 19:17:11 +00:00

resulttool

scripts/resulttool: group all regressions in regression report

2023-11-05 08:44:06 +00:00

wic

wic: extend empty plugin with options to write zeros to partiton

2023-12-06 22:55:49 +00:00

argparse_oe.py

scripts: Add copyright statements to files without one

2022-08-12 11:58:01 +01:00

buildstats.py

scripts/lib/buildstats: handle top-level build_stats not being complete

2023-03-25 09:39:28 +00:00

scriptpath.py

meta/lib+scripts: Convert to SPDX license headers

2019-05-09 16:31:55 +01:00

scriptutils.py

recipes/classes/scripts: Drop SRCPV usage in OE-Core

2023-08-24 16:50:24 +01:00