diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 6c60d414ca..d94db03616 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -1008,8 +1008,8 @@ Here are the tests you can list with the :term:`WARN_QA` and software, like bootloaders, might need to bypass this check. - ``buildpaths:`` Checks for paths to locations on the build host - inside the output files. Currently, this test triggers too many false - positives and thus is not normally enabled. + inside the output files. Not only can these leak information about + the build environment, they also hinder binary reproducibility. - ``build-deps:`` Determines if a build-time dependency that is specified through :term:`DEPENDS`, explicit diff --git a/documentation/ref-manual/qa-checks.rst b/documentation/ref-manual/qa-checks.rst index 9455bec3fd..fb31dc16f9 100644 --- a/documentation/ref-manual/qa-checks.rst +++ b/documentation/ref-manual/qa-checks.rst @@ -748,6 +748,22 @@ Errors and Warnings other things in the patches, those can be discarded. +.. _qa-check-buildpaths: + +- ``File in package contains reference to TMPDIR [buildpaths]`` + + This check ensures that build system paths (including :term:`TMPDIR`) do not + appear in output files, which not only leaks build system configuration into + the target, but also hinders binary reproducibility as the output will change + if the build system configuration changes. + + Typically these paths will enter the output through some mechanism in the + configuration or compilation of the software being built by the recipe. To + resolve this issue you will need to determine how the detected path is + entering the output. Sometimes it may require adjusting scripts or code to + use a relative path rather than an absolute one, or to pick up the path from + runtime configuration or environment variables. + Configuring and Disabling QA Checks ===================================