From patchwork Wed Jun 25 13:54:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Clara Kowalsky X-Patchwork-Id: 4236 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 15:55:10 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f183.google.com (mail-qt1-f183.google.com [209.85.160.183]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PDt3SD005684 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 15:55:03 +0200 Received: by mail-qt1-f183.google.com with SMTP id d75a77b69052e-4a58813b591sf16898371cf.1 for ; Wed, 25 Jun 2025 06:55:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750859692; cv=pass; d=google.com; s=arc-20240605; b=HiiaiLqpQDiWFKQw8jZpUwjc6KXdxIheWwUhS6Vgyi4AQH1hloNxwSU9xhKzyEhJmD rw7GGeHwZCugg74KUHFASdjda4zXmthiNIDJXMT7kTUa56HmN83T5bRPIi2qLgiizm9m XgNkc5s1i55mHfoG36rRuVCfoID1PHSxonVSl/7a/UfyXrf++WpOXd8YfhtsDEMJupUX nRVdUsAEIiwyTd+mCtvvZZr7UCK8puufzpemPBB6cuIrTmuHvlJcZTZICsd0VCzDMaiQ /sj+QjVUInUVTNThXHxfYWVKg2XSuQoRdA1nUpOzF7p7eUUCOenh5IG0zwfrAjTRtpaA BY/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=IJi8g88oM8tJ7PE8DMO8jko/J/toMn3jOgd9p6H24IU=; fh=ZYO3+y6Z0BVMVf7US7RkEktDGS5YlN2dJJXd7puBa8M=; b=Lv5Cc7pFvXu7V+QoP7RMVA2yze10JdgDiEdLrVcXDDoLAk9nYKoON7pPL66Rbfj26/ CVqL8tZhCurhqpUwDxlE8bQlwJuWI0I0H1ED7KWe0KFX52pDfI2TF6LvU6J+9J8LP9II NCfPUuIwjtwYdVbOQE3UgbFYUpA+5NKitFvYjdRk6OL0oik5D73yS25z5JRvy4SfVLEM cCF75yRKa5E917ALoq451NcM9PObwIXNJXuO+e1SHYVG8DmaTHzlctuxvragchKTTOtQ wMQkqa1gfeh9tld7FnwodMkf7qB4SOx2Ma+dpWyHqJuBwyKXbsiCkmeduik5ec1XCih6 KJzQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=YfYGOflf; spf=pass (google.com: domain of fm-1047747-20250625135447de70a26571b1078d1d-vx98ok@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-1047747-20250625135447de70a26571b1078d1d-VX98oK@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750859692; x=1751464492; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=IJi8g88oM8tJ7PE8DMO8jko/J/toMn3jOgd9p6H24IU=; b=MtUPdfXyFvWREnBY8fuV1EMtGkH2cIiYK8S16Dr5xn50QbdEW6jYjAF40Y4f0Ul1q3 F5ALeF3d31DfhzGLdJuWS5GEacqKymozB86hfrxIvYnx4cWFHFYJugWSlRwmlY0gIQ5O TPtya+zMR2QBwLMfK7ulqQSy2jrcRqFPTfdIC5C2ROGb9aZPKW3R4n90eILXHhOxLMCI UM5lmNKYEeyj03uC05I70PuB3u5FiY2S/dhyXnWENL79XKFebEGZQ8v1kWvdy4myvQbS wW08szqDXZw7xGzo3Vnc0rgcmDdCpgFcPIh525wEQKonOgwwXhFv+LSftiHavnsG7ga+ W7rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750859692; x=1751464492; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IJi8g88oM8tJ7PE8DMO8jko/J/toMn3jOgd9p6H24IU=; b=w6SHkmu5UoAIT47+0I+haQ+J8D+s+JPbsJWhBxksJJSCixIzNjyvEoNSC/e8fzcc6g AsLzowqLla9CX9Pqy4/OPq2VcHHgDlvJdrspoOfbxduqe/dAikCFuUaCPqN1LF1CUqet 8Qje/SYkGumgbODpttLIikKs+/041c+pBb0e4StUyyga3BsvYObE9sARM2ntX9FmI1Rg UV3XHyOkqt5kDefjGObWoz6UqV/+jQPbas6kZsbUaq/lE4STS2nbRC5wD4X09kzfmuj+ FemBqQC10PcsoT9EcZU8z90zLG8pfWRLbcusUJOdq0PYhmN8I5+8hem6jm++xrNrg3Ss ktgg== X-Forwarded-Encrypted: i=2; AJvYcCUiLR9a+T8wTSjpnnRsRCaa4yrp63c1dEX7jGQMvEarTzpb8WjVpJFjIXFHyqU4lKXBsJHGW74=@isar-build.org X-Gm-Message-State: AOJu0YziabtOv7Hgv+n+FboN7SZ9XhMyVyeRoczW+eh+H3B3P2ys4ekS 2YLP+LMRXF0rPxfjnmJ2r91qIZdiA9mucycUVn2rWGYLjGYyB/QgWCIs X-Google-Smtp-Source: AGHT+IG6+3WQXESLvLfdDF4T3YvXOeyQ5xYoCSMWiKKx8o5t2Oqh9zO7IPsWSDkIf1pPCJ62dD1eFQ== X-Received: by 2002:ac8:5783:0:b0:4a7:6408:b449 with SMTP id d75a77b69052e-4a7c121b9ddmr44570271cf.2.1750859691879; Wed, 25 Jun 2025 06:54:51 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZdjpm/MTUTU0yQ2w1lPfqmil7dQcCvkutKrqMcyS7HoZw== Received: by 2002:a05:622a:58c5:b0:476:6eec:3aa5 with SMTP id d75a77b69052e-4a76f278ebdls111993471cf.0.-pod-prod-00-us; Wed, 25 Jun 2025 06:54:51 -0700 (PDT) X-Received: by 2002:a05:622a:250d:b0:494:731c:8746 with SMTP id d75a77b69052e-4a7ae9e44f4mr116061721cf.23.1750859690883; Wed, 25 Jun 2025 06:54:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750859690; cv=none; d=google.com; s=arc-20240605; b=VpoNt7r//3nF1ias6f+9mzGdx6sApjRD1zAyaLVghoYKz76FvdxjCZyPjgbxXAcrV5 ld1/xu94AQydqDQuyf4nE6wVAlnzx2c+KPAAzQV6+JtxpVROSu1uLTT+FwHTg0TyB0Ze lgA5UQ+79ew79e0Axo3PRGSqHem9ENVrFAjX7JNQempmtpOst15iROR+RV6RCsjA68vz kztKzd6GP1dL1+RoVlKW3DuKMP4yCq8JxjoZihbDiK7qrw4zVq8hEofGLuRgzofJo9cX A1gKAvfwuNWnVxXGUJ4bted3bpO7Ea161m7CdVi0vn9zGoWEZsCM9Fqv22P1l7p9Fk6g no2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=tcn7FT9mB654HNUfoYPdvg+FVqV/AGiiHo7Imi1nIio=; fh=nuVAnAKFXZ/c71OwrdWzSuwNyXL8JbkZbL1MQ1Fe+gs=; b=hoiK1SUdJmxreQvO2/L1KK89t9SGqOQpOQ/+2+JBVF0z+rmi7mPU6OYG93o+eyr4Iy tDIQbMC5BAgQ8+ON0Zj5SD0ces58JbQaCvobORn7VrpzAm4T4q6opq9Zam6QM6R73vU5 0XQeMpaUWCzmTRBW36+Ui3Gb5vsUG94pFIHQK8XD/lIkjctDBSpAKIJAwVAb2cRlajNU 0n/oy8HXi0XDFffTHIpWmtReKNFCvkpQdRax8VPiObYQlS9m4FvyrTtJ8CCX8nkSAMUg eeah9v+PwLcwdhtVkcvELeDzIPTiC4mYhUZup2Zl8y/vLR1lbAAmoKi1WdhxSh0E0WR0 L3ig==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=YfYGOflf; spf=pass (google.com: domain of fm-1047747-20250625135447de70a26571b1078d1d-vx98ok@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-1047747-20250625135447de70a26571b1078d1d-VX98oK@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-4a779cf1538si4983921cf.0.2025.06.25.06.54.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 06:54:50 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1047747-20250625135447de70a26571b1078d1d-vx98ok@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20250625135447de70a26571b1078d1d for ; Wed, 25 Jun 2025 15:54:47 +0200 X-Patchwork-Original-From: "'Clara Kowalsky' via isar-users" From: Clara Kowalsky To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, Clara Kowalsky Subject: [PATCH 1/2] container_fetcher: Fix missing checksum warning Date: Wed, 25 Jun 2025 15:54:41 +0200 Message-ID: <20250625135442.1420977-1-clara.kowalsky@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1047747:519-21489:flowmailer X-Original-Sender: clara.kowalsky@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=YfYGOflf; spf=pass (google.com: domain of fm-1047747-20250625135447de70a26571b1078d1d-vx98ok@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-1047747-20250625135447de70a26571b1078d1d-VX98oK@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Clara Kowalsky Reply-To: Clara Kowalsky Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-6.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= In case only a tag is specified for a container image in the SRC_URI and no digest, a warning should be issued with the recommendation to add the digest of the container image. So far, the number specified in the warning would be the checksum of the manifest.json, which is a metadata file. However, we want to show the registry digest, which is calculated over the complete image content. In addition, reading the manifest.json does not work at this point anyway, as skopeo has already packed it into a Docker archive. Signed-off-by: Clara Kowalsky --- meta/lib/container_fetcher.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/meta/lib/container_fetcher.py b/meta/lib/container_fetcher.py index 0d659154..16467abb 100644 --- a/meta/lib/container_fetcher.py +++ b/meta/lib/container_fetcher.py @@ -6,6 +6,7 @@ import oe.path import os import tempfile +import json from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import MissingChecksumEvent @@ -60,16 +61,17 @@ class Container(FetchMethod): if ud.digest: return - checksum = bb.utils.sha256_file(ud.localpath + "/manifest.json") - checksum_line = f"SRC_URI = \"{ud.url};digest=sha256:{checksum}\"" + inspect_output = runfetchcmd(f"skopeo inspect docker://{ud.container_name}:{ud.tag}", d, True) + digest = json.loads(inspect_output)["Digest"] + checksum_line = f'SRC_URI = "{ud.url};digest={digest}"' strict = d.getVar("BB_STRICT_CHECKSUM") or "0" # If strict checking enabled and neither sum defined, raise error if strict == "1": raise NoChecksumError(checksum_line) - checksum_event = {"sha256sum": checksum} + checksum_event = {"sha256sum": digest} bb.event.fire(MissingChecksumEvent(ud.url, **checksum_event), d) if strict == "ignore": @@ -77,7 +79,7 @@ class Container(FetchMethod): # Log missing digest so user can more easily add it logger.warning( - f"Missing checksum for '{ud.localpath}', consider using this " \ + f"Missing checksum for '{ud.url}', consider using this " \ f"SRC_URI in the recipe:\n{checksum_line}") def unpack(self, ud, rootdir, d):