How to Block External Network Downloads in Yocto Using BB_NO_NETWORK

The Yocto Project is a powerful and flexible toolset for creating custom Linux distributions for embedded systems. However, during the build process, it often needs to download various files from the internet. In certain scenarios, you might want to prevent Yocto from accessing the external network, such as for security reasons or when building in a network-isolated environment. This is where the BB_NO_NETWORK variable comes into play. In this post, we will explore how to use BB_NO_NETWORK to block external network downloads during the Yocto build process.

Understanding BB_NO_NETWORK

BB_NO_NETWORK is a BitBake variable that, when set to “1”, instructs BitBake to avoid any network activity during the build process. This means that if any recipe tries to fetch files from the internet, it will fail, ensuring that no external downloads are performed.

Why Use BB_NO_NETWORK?

  1. Security:
    Prevent unauthorized network access and ensure all files come from trusted sources.
  2. Compliance:
    Adhere to organizational policies that restrict internet access during builds.
  3. Network Isolation:
    Useful in environments with limited or no internet connectivity.

How to Use BB_NO_NETWORK

To use BB_NO_NETWORK, you need to set it in your build configuration. This can be done in the local.conf file, which is typically located in the conf directory of your Yocto build environment.

  1. Open local.conf:
    Navigate to the conf directory and open the local.conf file in a text editor.
   nano conf/local.conf
  1. Set BB_NO_NETWORK:
    Add the following line to the local.conf file to enable the BB_NO_NETWORK variable:
   BB_NO_NETWORK = "1"
  1. Save and Close:
    Save the changes and close the text editor.

With BB_NO_NETWORK set, BitBake will not attempt any network downloads during the build process.

Handling Missing Files

When BB_NO_NETWORK is enabled, all necessary source files and dependencies must be available locally. This means you need to ensure that all required files are either pre-fetched or available in your source mirrors.

  1. Mirror Configuration:
    Configure local mirrors to serve the required files. This can be done using the PREMIRRORS and MIRRORS variables in the local.conf file.
   PREMIRRORS = "\
   git://.*/.* file:///path/to/local/mirror/ \
   https://.*/.* file:///path/to/local/mirror/ \
   ftp://.*/.* file:///path/to/local/mirror/ \
   "
  1. Fetch All Sources:
    Before enabling BB_NO_NETWORK, perform a build to fetch all sources.
   bitbake <your-target>
  1. Create Source Archive:
    Alternatively, you can create a source archive using the bitbake -c fetchall <your-target> command. This will download all necessary files without building the target.
   bitbake -c fetchall <your-target>
  1. Verify Local Availability:
    Ensure that all source files are present in the DL_DIR directory, which is typically located in the downloads directory of your Yocto build environment.

Blocking external network downloads using BB_NO_NETWORK is a crucial step for maintaining security and compliance in certain build environments. By setting BB_NO_NETWORK and ensuring all necessary files are available locally, you can prevent BitBake from accessing the internet during the build process. This approach helps maintain a controlled and secure build environment, which is essential for many embedded Linux projects.

Leave a Comment