From: Michal Sieron <michalwsieron@gmail.com>
Date: Mon, 12 Feb 2024 09:09:26 +0000 (+0100)
Subject: sanity.bbclass: raise_sanity_error if /tmp is noexec
X-Git-Tag: uninative-4.4~156
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee93a8e89322143252040bd5bc99259c5efff831;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

sanity.bbclass: raise_sanity_error if /tmp is noexec

Older meson versions save temporary scripts in /tmp.
Similarly some recipies also do that (e.g. ccan in sbsigntool).

As this can lead to unexpected build failures with no simple way
to workaround, make such setup a fatal error.

Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
---

diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass
index 1bd74e1935a..bbbc41ddae9 100644
--- a/meta/classes-global/sanity.bbclass
+++ b/meta/classes-global/sanity.bbclass
@@ -840,6 +840,10 @@ def check_sanity_everybuild(status, d):
         status.addresult("Please use a umask which allows a+rx and u+rwx\n")
     os.umask(omask)
 
+    # Ensure /tmp is NOT mounted with noexec
+    if os.statvfs("/tmp").f_flag & os.ST_NOEXEC:
+        raise_sanity_error("/tmp shouldn't be mounted with noexec.", d)
+
     if d.getVar('TARGET_ARCH') == "arm":
         # This path is no longer user-readable in modern (very recent) Linux
         try: