Network access during build for multiple recipes breaks build isolation #46
Description
Several recipes in meta-dstack/ fetch source tarballs over the network during the Yocto build using SRC_URI with HTTP(S) URLs, making the build non-reproducible and vulnerable to supply-chain attacks if the upstream source is compromised.
Root Cause
Three build recipes enable network access during compilation via do_compile[network] = "1":
- libnvidia-container: Also uses
curl --insecure - dstack-guest: Go dependencies fetched during build
- dstack-sysbox: Go dependencies fetched during build
Yocto's default build isolation disables network access during do_compile to ensure reproducibility and supply-chain integrity. When do_compile[network] = "1" is set, dependencies are fetched at build time without the checksum verification that SRC_URI provides in do_fetch.
Attack Path
- Attacker compromises a dependency server or performs a MitM attack on the build network
- During
do_compile, the build fetches Go modules or other dependencies over the network - Fetched dependencies are not checksum-verified (unlike
SRC_URIentries indo_fetch) - Malicious code is compiled into the resulting binaries
- Affected binaries are included in the dstack guest image
Impact
Supply-chain integrity gap. Dependencies fetched during compilation bypass Yocto's integrity verification. A compromised upstream server or network attacker can inject malicious code into three components: NVIDIA container runtime, dstack guest agent, and sysbox container runtime.
Suggested Fix
- Pre-fetch all Go dependencies during
do_fetchwith checksum verification:
SRC_URI += "file://vendor.tar.gz"
do_compile:prepend() {
cp -r ${WORKDIR}/vendor ${S}/vendor
export GOFLAGS="-mod=vendor"
}- Use Go module vendoring (
go mod vendor) and include the vendor directory in the source - Remove
do_compile[network] = "1"from all three recipes
Note: This issue was created automatically. The vulnerability report was generated by Claude and has not been verified by a human.