[RFC,v1] image-container-extension: exclude proc sys dev

Message ID	20220404115420.31933-1-martin.banov.dev@gmail.com
State	Superseded, archived
Headers	show Return-Path: <isar-users+bncBDVJDMG6XMDBB4FYVOJAMGQETVCV5CA@googlegroups.com> Sender: isar-users@googlegroups.com Received-SPF: pass (google.com: domain of martin.banov.dev@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) client-ip=2a00:1450:4864:20::12c; From: martin.banov.dev@gmail.com To: isar-users@googlegroups.com Cc: mabo <mabo@universal-robots.com>, Daniel Machon <dama@universal-robots.com> Subject: [RFC PATCH v1] image-container-extension: exclude proc sys dev Date: Mon, 4 Apr 2022 13:54:20 +0200 Message-Id: <20220404115420.31933-1-martin.banov.dev@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
Series	[RFC,v1] image-container-extension: exclude proc sys dev \| expand [RFC,v1] image-container-extension: exclude proc sys dev

Message ID

20220404115420.31933-1-martin.banov.dev@gmail.com

State

Superseded, archived

Headers

Sender: isar-users@googlegroups.com
Received-SPF: pass (google.com: domain of martin.banov.dev@gmail.com
	designates 2a00:1450:4864:20::12c as permitted sender)
	client-ip=2a00:1450:4864:20::12c; 
From: martin.banov.dev@gmail.com
To: isar-users@googlegroups.com
Cc: mabo <mabo@universal-robots.com>,
	Daniel Machon <dama@universal-robots.com>
Subject: [RFC PATCH v1] image-container-extension: exclude proc sys dev
Date: Mon,  4 Apr 2022 13:54:20 +0200
Message-Id: <20220404115420.31933-1-martin.banov.dev@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
	contact isar-users+owners@googlegroups.com

Series

[RFC,v1] image-container-extension: exclude proc sys dev | expand

Commit Message

martin.banov.dev@gmail.com April 4, 2022, 3:54 a.m. UTC

From: mabo <mabo@universal-robots.com>

The patch prevents 'cp' from copying the kernel filesystems
into the docker container.
We had CI issues with 'cp' trying to copy /proc/<pid>/pagemap.

Signed-off-by: mabo <mabo@universal-robots.com>
Signed-off-by: Daniel Machon <dama@universal-robots.com>
---
 meta/classes/image-container-extension.bbclass | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Henning Schild April 4, 2022, 5:41 a.m. UTC | #1

Am Mon,  4 Apr 2022 13:54:20 +0200
schrieb martin.banov.dev@gmail.com:

> From: mabo <mabo@universal-robots.com>
> 
> The patch prevents 'cp' from copying the kernel filesystems
> into the docker container.
> We had CI issues with 'cp' trying to copy /proc/<pid>/pagemap.

I would expect that to only run once that thing is ready to be
"shipped", so all those filesystems should not be mounted any longer.
But the whole mounting logic has been reworked and some of the
umounting might remain lazy ... So we can probably not rule out that
they might for whatever reason be mounted.
And it seems pretty clear that we only want "--one-file-system".

> Signed-off-by: mabo <mabo@universal-robots.com>
> Signed-off-by: Daniel Machon <dama@universal-robots.com>
> ---
>  meta/classes/image-container-extension.bbclass | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/classes/image-container-extension.bbclass
> b/meta/classes/image-container-extension.bbclass index
> cdec463..f4e8d41 100644 ---
> a/meta/classes/image-container-extension.bbclass +++
> b/meta/classes/image-container-extension.bbclass @@ -29,9 +29,8 @@
> containerize_rootfs() { "${oci_img_dir}_unpacked"
>  
>      # add root filesystem as the flesh of the skeleton
> -    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> -    # clean-up temporary files
> -    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1
> -delete
> +    sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/"
> +    

LGTM.

Henning

>      # pack container image
>      bbdebug 1 "pack container image"

Henning Schild April 4, 2022, 7:29 a.m. UTC | #2

I would suggest to send that again, without the "RFC".

Am Mon,  4 Apr 2022 13:54:20 +0200
schrieb martin.banov.dev@gmail.com:

> From: mabo <mabo@universal-robots.com>

Might want to use your real name here, "Martin Banov" (taken from gmail
From).
But that is up to you, just wanted to point out a potential mistake,
might not be one after all.

> 
> The patch prevents 'cp' from copying the kernel filesystems
> into the docker container.
> We had CI issues with 'cp' trying to copy /proc/<pid>/pagemap.
> 
> Signed-off-by: mabo <mabo@universal-robots.com>

same here.

Henning

> Signed-off-by: Daniel Machon <dama@universal-robots.com>
> ---
>  meta/classes/image-container-extension.bbclass | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/classes/image-container-extension.bbclass
> b/meta/classes/image-container-extension.bbclass index
> cdec463..f4e8d41 100644 ---
> a/meta/classes/image-container-extension.bbclass +++
> b/meta/classes/image-container-extension.bbclass @@ -29,9 +29,8 @@
> containerize_rootfs() { "${oci_img_dir}_unpacked"
>  
>      # add root filesystem as the flesh of the skeleton
> -    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
> -    # clean-up temporary files
> -    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1
> -delete
> +    sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/"
> +    
>  
>      # pack container image
>      bbdebug 1 "pack container image"

Baurzhan Ismagulov April 4, 2022, 7:41 a.m. UTC | #3

Thanks Martin for your submission,

On Mon, Apr 04, 2022 at 05:29:36PM +0200, Henning Schild wrote:
> > From: mabo <mabo@universal-robots.com>
> 
> Might want to use your real name here, "Martin Banov" (taken from gmail
> From).

I'd really second this, copyright issues are already complicated enough :) .

With kind regards,
Baurzhan.

diff --git a/meta/classes/image-container-extension.bbclass b/meta/classes/image-container-extension.bbclass
index cdec463..f4e8d41 100644
--- a/meta/classes/image-container-extension.bbclass
+++ b/meta/classes/image-container-extension.bbclass
@@ -29,9 +29,8 @@  containerize_rootfs() {
         "${oci_img_dir}_unpacked"
 
     # add root filesystem as the flesh of the skeleton
-    sudo cp -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/"
-    # clean-up temporary files
-    sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete
+    sudo cp -axT "${rootfs}" "${oci_img_dir}_unpacked/rootfs/"
+    
 
     # pack container image
     bbdebug 1 "pack container image"

[RFC,v1] image-container-extension: exclude proc sys dev

Commit Message

Comments

Patch