From patchwork Fri Jun 27 06:53:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Clara Kowalsky X-Patchwork-Id: 4247 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 27 Jun 2025 08:54:05 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f191.google.com (mail-qt1-f191.google.com [209.85.160.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55R6rrjx015207 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 Jun 2025 08:53:53 +0200 Received: by mail-qt1-f191.google.com with SMTP id d75a77b69052e-4a71914dd25sf40012541cf.2 for ; Thu, 26 Jun 2025 23:53:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1751007227; cv=pass; d=google.com; s=arc-20240605; b=WxUdnYEkhQU5xc2iPXYT9gXDiAcATIo2/GV20ZAf8h6tdNeuQ4rqJRsmm9F6V+5b6g x7BGyUvaQ/zCFAfMPbK7BCwVokioN8CyfUC5GQYYF1h8hhQ/QXj70aOwclBz5Vygp31x +kF4vYa/3m/E2qVzESUg/OzBzJLpu11tQnGA3zK/K6vU79nr/7aDCgKorfJsHJ6jnZqM JiuqcKAvv3njINYnO3EtlNR9yQR/07Zrlnb3by81nIhPswM1ZH7eNcPGJCpePmrVVUPY L1/nnHTTM8YCevfz1muQl4WLTJQOZxVGcHRf8qOP7tCGnyjsoirsXuZZ+ZDSpS65A6qa VtIA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Mo/P3Lz8TbySBi73VkhTZHXpppyDETcxHbHGuoibtYs=; fh=go4CbrejYNd3vgDOpYbSlTGlAZPHYX90BhPeM4WMfQ8=; b=clm4qhcSMojGTAbuf4ylV4tuBwOmQbhQZ7DVKqtHvmKKbGatuNO8Vx05Pi0C0vQp+o Lg8AlggbItiy9tOMY8sLsTfkS19SMaOaCXuxdrMhjpMtVJk0rX1dHdyphtJdX647cjz5 yQu9AC+dDRZeqqI9Le/7T2nI5dOwZz+M1j1PhTmQAbJBG2ZTQynJaJFXwmywo+o68kZP a13njH1cEYvTcHG559UqlfcklvO0SsXSYAzPm7DF0Ed6gcKA/PGkRKYquJ4nV8WHVBD+ 0/X+5/hJBq1/qUChRzKjuLWvHWzO82Ho6l8p5+zMJpLZf9YM8Oy//1sHZFLo5phmEixG MGfw==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=kFsPWEL0; spf=pass (google.com: domain of fm-1047747-20250627065343abf53b45a5ff475d7f-p9aze4@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1047747-20250627065343abf53b45a5ff475d7f-P9AZE4@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1751007227; x=1751612027; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=Mo/P3Lz8TbySBi73VkhTZHXpppyDETcxHbHGuoibtYs=; b=Ovm64nnuXUTxEI6PVvFHuL+B7NzMWyhanOjMc3s9Fpw97t9w75Kna/BVHca4d1MHtM uFfkuRnrzBhrw53O7CpxyrnGdYtF8WnRpLvNZ2vrW/QiqY6ilabV2c57AK/+sX1C52GC dC+EUhc3DktBsGOAdTMcq7zzxT6vwMWBBotA7Kf09vllpHqrbKRJbVGIDL6GodsB+Cwq DtpOVS1/hIA9Y+FDlEhAESlyzpKP35kKsWk8LScwSNJSLu2+T3nUnQlVR2oSjJwyx1iS T+cQaUdMA94b347Zfu4wEmAIRRg1uJNqjLosynvkcd8uIBjmQ7OIDFYCC6li/Hw+Ev0X G/6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751007227; x=1751612027; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Mo/P3Lz8TbySBi73VkhTZHXpppyDETcxHbHGuoibtYs=; b=Ay1Y1WNnPAbzGdiCnnO66+U45GiK8yuMdSnepPljKzz/x2esTSG7WWj3ReU/Jzxy9A bO0lWVEwzdyjaH2hJ6KDJZtMJBWSK3r4ELi8ADpoD4Pc6L++Cs6n7zR15oTtczks4oLY TfArdpTGGs4wWZPu+VrTbI4NqDBIZyf+xrz5Q5UGljKEBcy6Z+2jwSNMfqKA0lNx/U1s P74QjeF11/O3quxOIiQtnoQPQIULyZyurR1FGOdlsogUk2E6EezbmJHEj1adKS37ZONJ doMU1CTursWW8oyUbtfDu/NtvwFujO8T2TQTtIe+dfoR6aMT+511c0VQjwUHl7OCyyRT 1StQ== X-Forwarded-Encrypted: i=2; AJvYcCUeg36AJ91WnyfZcO6/+mTG6b4a6RnTNkf6Enf3IIToDi0Pf9fmhp4CvW8ZB7mriYw9v8QcABI=@isar-build.org X-Gm-Message-State: AOJu0YyhDlqCq2DYMHtTwplIm8Ca6yyZNlaHjxbFPGwee6H3p6L+de+N ORn6Lky6OSejDK3HOJe5yHprygbv09JSKDwQ3Kqu69IFsXCXTB1iEz6/ X-Google-Smtp-Source: AGHT+IG07Oh2dfdW/nBI3pA65JZe5ppJ0brV8s3j2OVFM0nwdQGYgdqDZwHRJ/z3BxnovTGiCDUwfQ== X-Received: by 2002:a05:622a:4009:b0:4a7:2f49:7627 with SMTP id d75a77b69052e-4a7fc9d7db0mr42037151cf.11.1751007227354; Thu, 26 Jun 2025 23:53:47 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZdLph4c5hMO39xZ8M6a+Dfy6u1I5e41o+QOcal9MiKADw== Received: by 2002:a05:622a:45:b0:4a6:f7c2:f438 with SMTP id d75a77b69052e-4a7f30fd1b1ls28049451cf.0.-pod-prod-09-us; Thu, 26 Jun 2025 23:53:46 -0700 (PDT) X-Received: by 2002:a05:622a:5888:b0:4a4:31e2:2e77 with SMTP id d75a77b69052e-4a7fcb2ea8bmr43959781cf.50.1751007226352; Thu, 26 Jun 2025 23:53:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1751007226; cv=none; d=google.com; s=arc-20240605; b=TRMk7yIXfnhUX1gNsuDqV5o2rf7si/Sc+Q4zf02P3uOynZwMKZGwrKBoUBsdxqSisC ZVTkoPQIncaWGxbSQkbv6HtZrnFVHMDKl2MZn/n0LUgPdSqZbj6NGITxY6vgGz0wGhU3 4/v5USat6WQCIJ/zt+2zp17kRtTxZP4gjYFY5NHgvANv0YLQiEG4Az2PWbv/DgRLi5Q5 IEC6jIgtWrr6p22lKPCqJkMi/krPgMiESa9518ssToJ3Y/7FRoXQKJTcraf8Gn8qnm/Y N+aOQCA+bisLSwKpOgEXWkQHbzQfj1fTnZ+g/PqI5Kx4MY5PmaTofJQ2zFwX1EjEooVV Y1xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=LPiaAsdfwc/yS3WySQiu4Wv1tgMzaM3cvVTHiIdvtAA=; fh=nuVAnAKFXZ/c71OwrdWzSuwNyXL8JbkZbL1MQ1Fe+gs=; b=k3pMrmDYFak/0nmjRObJQjPK1S4UQhkgePqAIAfzgCJfExyM7QUWo1391w7IqDH7RM Sp+pEKFpiy70LWax9Ekp5TrSGn5kWu+ilf/c2dKbkXTpFq6ka3IT/uVIk1BS0HT33sr9 fCPmVfUbAf7s3QXH2hqMKhoSVUWbvKLG1paGPA1Pte7TAYJwR146yvda2V2W0mC7/cv8 CP0A0u/Ottz0CTLvFvEfuBvNfQ5KjcRs6MUWXoEhK8leY+hb2zUzIm7EVxelxy97SG7V D5AUAWxz5iLLTLFIex0OD1NnXAGcI/cYxe4lJHhVID7P+E7fNCHE2k1gNQroh7egG/61 fF7g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=kFsPWEL0; spf=pass (google.com: domain of fm-1047747-20250627065343abf53b45a5ff475d7f-p9aze4@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1047747-20250627065343abf53b45a5ff475d7f-P9AZE4@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net. [185.136.65.227]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-4a7fbfeb75bsi741271cf.0.2025.06.26.23.53.45 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jun 2025 23:53:46 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1047747-20250627065343abf53b45a5ff475d7f-p9aze4@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) client-ip=185.136.65.227; Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 20250627065343abf53b45a5ff475d7f for ; Fri, 27 Jun 2025 08:53:43 +0200 X-Patchwork-Original-From: "'Clara Kowalsky' via isar-users" From: Clara Kowalsky To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, Clara Kowalsky Subject: [PATCH v3 1/2] container_fetcher: Fix missing checksum warning Date: Fri, 27 Jun 2025 08:53:35 +0200 Message-ID: <20250627065336.2910069-1-clara.kowalsky@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1047747:519-21489:flowmailer X-Original-Sender: clara.kowalsky@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=kFsPWEL0; spf=pass (google.com: domain of fm-1047747-20250627065343abf53b45a5ff475d7f-p9aze4@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1047747-20250627065343abf53b45a5ff475d7f-P9AZE4@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Clara Kowalsky Reply-To: Clara Kowalsky Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= In case only a tag is specified for a container image in the SRC_URI and no digest, a warning should be issued with the recommendation to add the digest of the container image. So far, we were presenting in the warning the digest of the architecture-specific image that happened to be fetched first. However, we actually want to show the multi-arch manifest digest rather than the architecture-specific one. In addition, reading the manifest.json does not work at this point anyway, as skopeo has already packed it into a Docker archive. Signed-off-by: Clara Kowalsky Reviewed-by: Jan Kiszka --- meta/lib/container_fetcher.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/meta/lib/container_fetcher.py b/meta/lib/container_fetcher.py index 0d659154..16467abb 100644 --- a/meta/lib/container_fetcher.py +++ b/meta/lib/container_fetcher.py @@ -6,6 +6,7 @@ import oe.path import os import tempfile +import json from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import MissingChecksumEvent @@ -60,16 +61,17 @@ class Container(FetchMethod): if ud.digest: return - checksum = bb.utils.sha256_file(ud.localpath + "/manifest.json") - checksum_line = f"SRC_URI = \"{ud.url};digest=sha256:{checksum}\"" + inspect_output = runfetchcmd(f"skopeo inspect docker://{ud.container_name}:{ud.tag}", d, True) + digest = json.loads(inspect_output)["Digest"] + checksum_line = f'SRC_URI = "{ud.url};digest={digest}"' strict = d.getVar("BB_STRICT_CHECKSUM") or "0" # If strict checking enabled and neither sum defined, raise error if strict == "1": raise NoChecksumError(checksum_line) - checksum_event = {"sha256sum": checksum} + checksum_event = {"sha256sum": digest} bb.event.fire(MissingChecksumEvent(ud.url, **checksum_event), d) if strict == "ignore": @@ -77,7 +79,7 @@ class Container(FetchMethod): # Log missing digest so user can more easily add it logger.warning( - f"Missing checksum for '{ud.localpath}', consider using this " \ + f"Missing checksum for '{ud.url}', consider using this " \ f"SRC_URI in the recipe:\n{checksum_line}") def unpack(self, ud, rootdir, d):