There seems to a typo in a comment in archiver.bbclass; ARCHIVE_MODE should be ARCHIVER_MODE for "mirror" (letter R is missing).

https://github.com/openembedded/openembedded-core/blob/master/meta/classes/archiver.bbclass#L8

Joseph

P.S. The archiver class is awesome.  Thank you!


-------- Forwarded Message --------
Subject: Re: [yocto-security] Unicode Bidi CVE-2021-42574 - tool to list source files?
Date: Wed, 02 Feb 2022 09:39:06 +0000
From: Richard Purdie <richard.purdie@...>
To: Joseph Reynolds <jrey@...>, Mark Hatle <mark.hatle@...>, yocto-security@..., Armin Kuster <akuster808@...>



On Tue, 2022-02-01 at 21:20 -0600, Joseph Reynolds wrote:

On 1/23/22 5:34 PM, Joseph Reynolds wrote:

On 1/20/22 4:16 PM, Mark Hatle wrote:

Any protection on the compiler side would come from the compiler

of > > choice.  It is my understanding this has not yet been merged into the > > included GCC version.

But in the end, the issue is someone hiding code via unicode >

characters so...

Mark and Richard,
Thanks for your detailed review of Bitbake/OE/Yocto capabilities

in > this area, and for your guidance.

I have no further questions at this time, and will let you know if

we > come up with a scanner for this.

Does OE/bitbakle have best practices, guidelines, or tooling for developers who perform a bitbake build and then want the get a list of all the (fetched, unpacked, and patched) source code which was used in that build?  Would it be something like iterating all packages included in the build, and looking through the "S" directory?
Algorithm (sketch):

  for package in allPackagesInMyBuild:
    cd to the `S` directory for the package
    find . -type '*.cpp'

Have a look at archiver.bbclass. I think it has some documentation in the manual
too.

Cheers,

Richard