checklayer: Fix current_tune tracking

Previous attempts to fix get_signatures() (see fixes tags below) were
misguided.

SIGGEN_UNIHASHMAP was added by commit 11373def3171
("sstatesig/populate_sdk_ext: Improve unihash cache handling"), and
exists to map taskhashes to unihashes for use by other code.
Importantly, entries in the list are duplicates of entries in
SIGGEN_LOCKEDSIGS_t-* lists but are not split by tune here.

The code in get_signatures() was not updated to handle SIGGEN_UNIHASHMAP
and so was accidentally treating these as additional signatures to check
for conflicts. However, current_tune was stuck at the value of the last
SIGGEN_LOCKEDSIGS_t-* assignment seen, typically x86-64 due to sorting.
So, we got nonsensical errors like the following (split for
readability):

    AssertionError: The machines have conflicting signatures for some shared tasks:
       x86-64 busybox:do_recipe_qa: 5638e2062f09663bf2536a5f91e8788511aa6c31eac8e173dae1aee49e895945 (beaglebone-yocto, genericarm64, genericx86)
       != ae5900e39ac275822744f241eefc7f0e707e43e03fd3107d82b5190e4a4e6da9 (genericx86-64)

The error only occurred with a hash equivalence server running, since
without one SIGGEN_UNIHASHMAP is empty. It was also non-deterministic -
a task only appears in the unihash map after the hashequiv server has
recorded a mapping for it, which may not happen on the first build after
a metadata change.

After this change, the locked-sigs.inc parser in yocto-check-layer is
still somewhat fragile and we need to be careful with future changes
that modify the locked sigs output. However, we can at least track which
variable we are looking at now :)

Fixes: 225923f3bfec ("checklayer: Really fix regex in get_signatures")
Fixes: a2f7052cf832 ("checklayer: Fix regex in get_signatures")
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py
index f9ba44d08d881fd1ef19eabad358e4e11fa5c1ff..274dc7578fda2f8e3789490da96eaaca1f809e4d 100644 (file)
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -324,15 +324,27 @@ def get_signatures(builddir, failsafe=False, machine=None, extravars=None):
         else:
             raise
 
-    sig_regex = re.compile(r"^(?P<task>[^:]*:[^:]*)(:(?P<taskhash>[^:]*))?:(?P<hash>.*) .$")
-    tune_regex = re.compile(r"(^|\s)SIGGEN_LOCKEDSIGS_t-(?P<tune>\S*)\s*=\s*")
+    sig_regex = re.compile(r"^(?P<task>[^:]*:[^:]*):(?P<hash>[^:]*) .$")
+    assignment_regex = re.compile(r"^\s*(?P<var>\S+)\s*\+?=")
+    lockedsigs_regex = re.compile(r"^SIGGEN_LOCKEDSIGS_t-(?P<tune>\S*)$")
     current_tune = None
     with open(sigs_file, 'r') as f:
         for line in f.readlines():
             line = line.strip()
-            t = tune_regex.search(line)
-            if t:
-                current_tune = t.group('tune')
+            assignment = assignment_regex.search(line)
+            if assignment:
+                lockedsigs = lockedsigs_regex.search(assignment.group('var'))
+                if lockedsigs:
+                    # This variable contains signatures we want to compare
+                    current_tune = lockedsigs.group('tune')
+                else:
+                    # This variable isn't relevant for us
+                    current_tune = None
+                continue
+
+            if not current_tune:
+                continue
+
             s = sig_regex.match(line)
             if s:
                 exclude = False