From d595615c6a027b80d6f7ea80ab25e85e97b2436f Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Thu, 18 Jun 2026 16:39:43 +0100
Subject: [PATCH] sstate: Reduce native sysroot execution race potential

Whilst this doesn't remove all possible issues, removing files in /bin/
directories, then removing support files (like shared libraries) does
reduce the potential for weird failures if the system calls things like
python3.

[YOCTO #16323]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes-global/sstate.bbclass | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/classes-global/sstate.bbclass b/meta/classes-global/sstate.bbclass
index 50dd0e51c4..4ad71a70da 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -474,6 +474,10 @@ def sstate_clean_manifest(manifest, d, canrace=False, prefix=None):
     with open(manifest) as mfile:
         entries = mfile.readlines()
 
+    # Remove binaries first, then all the other files, just in case somehow something
+    # is trying to execute something in a sysroot (e.g. python3 from PATH).
+    entries.sort(key=lambda d: '/bin/' not in d)
+
     for entry in entries:
         entry = entry.strip()
         if prefix and not entry.startswith("/"):
-- 
2.47.3