From patchwork Wed Jun 18 13:50:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 272 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Jun 2025 15:51:11 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f55.google.com (mail-oo1-f55.google.com [209.85.161.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55IDpALK003034 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Jun 2025 15:51:11 +0200 Received: by mail-oo1-f55.google.com with SMTP id 006d021491bc7-6114d2ae259sf86701eaf.2 for ; Wed, 18 Jun 2025 06:51:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750254664; cv=pass; d=google.com; s=arc-20240605; b=irfawNvU77gu3De4eE9nADLJvl454sbxkR3A3huimzj+gcaNIVjaWGpykhkVi4HjTK T/61wndUX3MpOknDXdfdSJwnlj4lOQPelkWmweiUVB5h0z9bFbLKjxrpkqdNB6h+BCzv Ty6lG7XT6dwbSDAYmQKBbreBYB8cUoKtbF2SdroxdlHSrupFownwuH/cbFv2po/S+fuw 70C6nIiFfoEcI63ow6nsZYPsG8fU+SKSYE5MnOEcBNdLbeulgOqXhKMQ4Z3zGZrv5YmS A35MRDPT1vbSgYj5HSloeO2w1glSDD5ruSZLoNXyTPic3lQsUIczWapXKj+SeVTqR2n9 EWmQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eAcrMEpEyXdeiDcCKaCnPNPni1E6OrXxyBPhScbAN3E=; fh=dKBGtXDUxcL495+5syPZIYO+3URVPyqGnWpRrknO1VI=; b=hYIn1KSuOCcq8cF3ACeknP53WtYAxP+mve7XqJs7+EWCZr924kbKjIXzjkLAOCQR3e XMenegn4IEGrnUhPRIkPrz805426AJEPBbAPrqGXNlTpzposQqvpqADpggUXAqDT7LLr J/Rfrp89s2XoebPu0wthc10F/2SVl01JH+4X89dP21Pe8D1BH0FNlX3upEoVZ2vtJvoC sNqPXy2mmBO5MYXhCWgP4ER2LiTXjgqFPl5jTZSnQApy1Q1minYi5MXtyMsGSuBDLNQW 4EjiOcyYdF57NPjqJ2BBgdIjHpxrwO4Hpeatn5KGeDEUeajcnr/IGxMa/GFR2BvY2elG 01hA==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=CSyPH8iz; spf=pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250618135100d2af4189c1887e8583-JcD_kS@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750254664; x=1750859464; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=eAcrMEpEyXdeiDcCKaCnPNPni1E6OrXxyBPhScbAN3E=; b=xbj1bCdpeb4NoMtY7vTHXU79QQba+oXaJ1rsHkkxxtd9Mm9F9DlnwzWjjJyMIpz9Ch ODF7MftvpnBmccJvD/2SER2hJ4SBe2bsB4xrQSHNgdy13SmXW3gVe1ZlgQQDVTjFWlF+ mG7R0PvYhzpYQoNNF5r3eerHE3B/0t5hom0n3h7ZbV9Ti1deLaNWvwx0SQewITlarf2U IdNH0TdKAemcpa7rK8KXY391WysoB/T5A5/LMAQFpveZZLZ/W2iS9N66+01xhjThmQQr CJm+NL+GGM8u/YNmYsJb9m+w9sFU7SSQJxLqYJ/jCZRwGK3Z2YlucQNyWVRMtmZ/fvek rLYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750254664; x=1750859464; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=eAcrMEpEyXdeiDcCKaCnPNPni1E6OrXxyBPhScbAN3E=; b=qtoAwf/R98jWooCqMlXoC9tTaEXwbWO7pf0c3hplo6aWXEfJAkW8bRoxI5FO2qoyFK K+A+4GeTuloFeOU1W0f0yJxg9e5Oz6Vja/KIprFnqq6ymEAgo8IVAvJByJz6p9JmoLCU I3fxnHxS/Cz+Rc6oKWjRRGSjb9Fbc+ZxMDGrTirkkxknXCv+eiW8p8uh4y9HhBN89or7 tC1L0U8bw5lHWdYFUDs7k5lxCiDcJoNVQShq4d9IUEGb4IsZCijqWZlYgkD8zLH4WpXl tSd645pznOdgL4ejK+MYFg1oD79eAgFolPBDBP5n/4WQM0+Dttr1dEgoAWz3kMQIGanO jz/g== X-Forwarded-Encrypted: i=2; AJvYcCUx9WeuQ5l7IYp1eJl0PlrfWwqmiKqO5g3xAkDpQ+V+fI89OvqmtWp5syaOM5RMWVbLbYq5eD0=@isar-build.org X-Gm-Message-State: AOJu0Yw7xq7cDlLWFuqsGRfuB8MJjBhQrAG+KRu0rmWnRKSMy/xP+gOG 5NRPZ3SFbP14jaryu5tlAEoEJk1Q8i8ZmzYmiSBPHaNbca8eWXeylAO/ X-Google-Smtp-Source: AGHT+IGLPPIPsQh4yHh9j4XWIjvlUb1zuuGBXB41cjbd9JSIJULFk6M2SUyCL7FpYA8nYVO90Ja6NA== X-Received: by 2002:a05:6820:4418:b0:611:11a3:7cd8 with SMTP id 006d021491bc7-61111a37e81mr8693173eaf.3.1750254664482; Wed, 18 Jun 2025 06:51:04 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZfPwHOUv+c2gloG9ypG/PvLA/QqZDmKoA6tUN5Ilx92og== Received: by 2002:a4a:c546:0:b0:611:3b40:74a0 with SMTP id 006d021491bc7-6113b407531ls908308eaf.2.-pod-prod-08-us; Wed, 18 Jun 2025 06:51:03 -0700 (PDT) X-Received: by 2002:a05:6820:221e:b0:610:ee96:eca9 with SMTP id 006d021491bc7-61111020f63mr10321173eaf.8.1750254663493; Wed, 18 Jun 2025 06:51:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750254663; cv=none; d=google.com; s=arc-20240605; b=Nmd/0Ucwr2C+L1lof8di5ydUjYyvfj5YmYw/HhVq30E4bXtkW9Xm5mHSDg2EkqoGtz F1mYVUl4mBkoBWaXfSDYlc6hUTp7Lh18rbwJRot1bMy/7ImRydq02Vv+Gv1eFGcFWeUo mx8iP98PeICOWgYiHLjU2KVXRQVyDiU5gaLHUxASL+krL9jlbX/jaEB5A0tqKjuE6MGq xM0tNNEuFrtYlxQiaG6ccajiBwsdup3apMSDehO/tXk0t/lWNRdJVrjInZEVMufbk8cj v6j1n1IX3HmKS3VzWb2xhuMcGNS4xkEJxd1QDAhrIybniEp6RMttKbWsYdEos0Lu0s2d MrYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=TiaRTtgILeSX7ToLdgpDkqJiu7zRz+7jAza4vy/Qz/o=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=E+8aC3gC6B4to5U5TnGZV5ah1vTOAuVEcsFcbXRG8TvkvqZ1CdZNgAOCkUZU2rjCTT FCEo09WijQ+X6sIdoA0RZmazeMp4RUPgwdyoAkGPrwbsN8xGXAihAfYUj2+aztEGdz8Z 0mS/SBjhasYHNRdp3Y08fGPbulpImg2yaK2I0N3vqxGJhlUyjQJeNZOQbZOfLIkwixRq R3Ut47rxr0TKt0KYaZ2AAyRaUiiDK8nouO9aH9kAuZZvU0q+JuIFrRiJsxCOj6MaPdLN DNZ+53IgN26b/CujNkYqwi3p6zUT9qBNxhDT+K5XYGslr32EBYxCBsMR0E42mKZMWHH0 Bfvg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=CSyPH8iz; spf=pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250618135100d2af4189c1887e8583-JcD_kS@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id 006d021491bc7-61108c5e76fsi518193eaf.0.2025.06.18.06.51.03 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Jun 2025 06:51:03 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 20250618135100d2af4189c1887e8583 for ; Wed, 18 Jun 2025 15:51:00 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v2 0/4] non-privileged commands in chroot Date: Wed, 18 Jun 2025 15:50:36 +0200 Message-Id: <20250618135040.8252-1-cedric.hombourger@siemens.com> In-Reply-To: <20250519115750.3195300-1-cedric.hombourger@siemens.com> References: <20250519115750.3195300-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=CSyPH8iz; spf=pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250618135100d2af4189c1887e8583-JcD_kS@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When building root filesystems for foreign architectures with package source caching enabled, apt operations are executed within the rootfs through QEMU emulation. This results in significantly degraded performance, particularly when downloading source packages sequentially. This patch series introduces a new wrapper function that enables native command execution against a rootfs while preserving special mount points (such as /isar-apt). The approach: - Improves build performance for foreign architecture builds - Maintains filesystem isolation using bubblewrap - Preserves access to special mount points required by isar Testing: - Basic smoke tests performed successfully (citest.py -t dev) - Performance improvements observed in source package acquisition - Tested with various foreign architecture configurations Dependencies: - Adds bubblewrap as a new host tool requirement - Uses kas-container 4.8.0 or later (see [1]) Changes since v1 patch: - Rebase (resolve RECIPE-API-CHANGELOG.md merge conflicts) - Prefix rootfs variable in rootfs_cmd with bwrap to avoid clashes Changes since RFC patch: - Let caller decide where to bind-mount the rootfs to - Make the rootfs argument optional - Support 32-bit rootfs (no lib64 there) (Re-)validated with "citest.py -t dev" (using kas-container 4.8.1): JOB ID : be45cf0e3937b95d283e7acd687787df259c4341 JOB LOG : job-results/job-2025-06-18T12.43-be45cf0/job.log (1/6) citest.py:DevTest.test_dev: STARTED (1/6) citest.py:DevTest.test_dev: PASS (1177.32 s) (2/6) citest.py:DevTest.test_dev_apps: STARTED (2/6) citest.py:DevTest.test_dev_apps: PASS (1128.83 s) (3/6) citest.py:DevTest.test_dev_rebuild: STARTED (3/6) citest.py:DevTest.test_dev_rebuild: PASS (412.72 s) (4/6) citest.py:DevTest.test_dev_run_amd64_bookworm: STARTED (4/6) citest.py:DevTest.test_dev_run_amd64_bookworm: PASS (77.60 s) (5/6) citest.py:DevTest.test_dev_run_arm64_bookworm: STARTED (5/6) citest.py:DevTest.test_dev_run_arm64_bookworm: PASS (50.17 s) (6/6) citest.py:DevTest.test_dev_run_arm_bookworm: STARTED (6/6) citest.py:DevTest.test_dev_run_arm_bookworm: PASS (52.95 s) RESULTS : PASS 6 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 JOB TIME : 2905.62 s Cedric Hombourger' via isar-users (4): rootfs: introduce wrapper to run commands against a rootfs deb-dl-dir: optimize caching of source packages using apt natively image-postproc-extension: refactor systemd version checks image-postproc-extension: extract systemd's version using rootfs_cmd RECIPE-API-CHANGELOG.md | 7 ++ doc/user_manual.md | 1 + meta/classes/deb-dl-dir.bbclass | 37 +++-------- meta/classes/image-postproc-extension.bbclass | 12 ++-- meta/classes/rootfs.bbclass | 66 +++++++++++++++++++ 5 files changed, 90 insertions(+), 33 deletions(-) [1] https://lists.isar-build.org/isar-users/20250616155748.561641-1-cedric.hombourger@siemens.com/T/#u