Add support to parse build params from _buildparams file #1037
Conversation
To allow for custom build tweaks such as `-j1` and `--vm-custom-opt=-cpu qemu64` written as separate lines in `_buildparams`
to minimize risk to OBS operations. The pattern for jobs deliberately does not have a * or + to not allow DoS or integer overflows.
bmwiedemann
force-pushed
the
buildparams
branch
from
3bcb66a to
0317136
Compare
PBuild runs build without chdir into the source-dir
|
After some discussion, a possible way to implement this could be via buildflags. eg. #!BuildFlags: cputype:$KNOWN_GOOD_CPU_TYPE the known good cpu type may cause issues when eg. an AMD cpu gets enforced on a Intel hardware? But at least cpu types like "qemu64" on x86_64 could be supported here. Alternative/Additionally we may support #!BuildFlags: cpuflag:$FLAG FLAG can be for example "-avx" to disable avx support. This way we can have architecture specific definitions, because these can be sourounded via %ifarch statements. |
|
To be honest, I don't like this at all. Which packages would need this at all? If this is a very small list, can't that be fixed in the packages in a different and more sane way? |
|
There is a small list:
These are still left after quite some time. I agree that this patch is somewhat dirty and we probably need something nicer - that is why I had opened https://jira.suse.com/browse/OBS-362 |
3 participants
To allow for custom build tweaks such as
-j1and--vm-custom-opt=-cpu qemu64written as separate lines in the_buildparamsfile.This includes regexp whitelist validation to minimize risk to OBS operations.
The pattern for jobs deliberately does not have a
*or+to not allow DoS or integer overflows.The pattern for CPU allows to enable or disable individual CPUID flags. IMHO this should be safe.