CMake includes a FetchContent module, which will download further
source code at configure time. With the network isolation this will now
fail, but as not all environments support network isolation we can tell
cmake to not download either for extra safety.

Signed-off-by: Ross Burton <ross.burton@...>
---
meta/classes/cmake.bbclass | 1 +
1 file changed, 1 insertion(+)

diff --git a/meta/classes/cmake.bbclass b/meta/classes/cmake.bbclass
index 92b9197c487..fac7bbca7a3 100644
--- a/meta/classes/cmake.bbclass
+++ b/meta/classes/cmake.bbclass
@@ -189,6 +189,7 @@ cmake_do_configure() {
-DCMAKE_TOOLCHAIN_FILE=3D${WORKDIR}/toolchain.cmake \
-DCMAKE_NO_SYSTEM_FROM_IMPORTED=3D1 \
-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=3DON \
+ -DFETCHCONTENT_FULLY_DISCONNECTED=3DON \
${EXTRA_OECMAKE} \
-Wno-dev
}
--=20
2.25.1

On 2/9/22 4:53 AM, Ross Burton wrote:

CMake includes a FetchContent module, which will download further
source code at configure time. With the network isolation this will now
fail, but as not all environments support network isolation we can tell
cmake to not download either for extra safety.

what is cmake's default ? I think it could become a constant source of pain if it is not default. Since many cmake based packages might start to depend on it indirectly in future.

Signed-off-by: Ross Burton <ross.burton@...>
---
meta/classes/cmake.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/cmake.bbclass b/meta/classes/cmake.bbclass
index 92b9197c487..fac7bbca7a3 100644
--- a/meta/classes/cmake.bbclass
+++ b/meta/classes/cmake.bbclass
@@ -189,6 +189,7 @@ cmake_do_configure() {
-DCMAKE_TOOLCHAIN_FILE=${WORKDIR}/toolchain.cmake \
-DCMAKE_NO_SYSTEM_FROM_IMPORTED=1 \
-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON \
+ -DFETCHCONTENT_FULLY_DISCONNECTED=ON \
${EXTRA_OECMAKE} \
-Wno-dev
}

On Wed, 2022-02-09 at 09:45 -0800, Khem Raj via lists.openembedded.org
wrote:

On 2/9/22 4:53 AM, Ross Burton wrote:

CMake includes a FetchContent module, which will download further
source code at configure time. With the network isolation this
will now fail, but as not all environments support network
isolation we can tell cmake to not download either for extra
safety.

what is cmake's default ? I think it could become a constant source
of pain if it is not default. Since many cmake based packages might
start to depend on it indirectly in future.

CMake's default is to allow downloads.

It's possible to write CMake projects so that they try find_package
first and then fall back to downloading. I think
FETCHCONTENT_FULLY_DISCONNECTED might be a helpful flag so that the
build can then simply report if a required dependency has the wrong
version or so.

CMake projects that use _only_ FetchContent will likely need heavier
patching.


Eero

On Thu, 10 Feb 2022 at 10:13, Eero Aaltonen <eero.aaltonen@...> wrote:

what is cmake's default ? I think it could become a constant source
of pain if it is not default. Since many cmake based packages might
start to depend on it indirectly in future.

CMake's default is to allow downloads.

It's possible to write CMake projects so that they try find_package
first and then fall back to downloading. I think
FETCHCONTENT_FULLY_DISCONNECTED might be a helpful flag so that the
build can then simply report if a required dependency has the wrong
version or so.

CMake projects that use _only_ FetchContent will likely need heavier
patching.

The reasoning for this patch is that with the network isolation change
the FetchContents will fail, but as in some environments the network
isolation doesn't work (eg Docker containers) we can disable
FetchContent explicitly too.

Yes, projects which just use FetchContent are a pain. Lets guess why
I wrote this patch. :)

Ross