From patchwork Fri Feb 27 14:57:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 4942 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 27 Feb 2026 15:57:54 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f187.google.com (mail-pl1-f187.google.com [209.85.214.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61REvqRl015909 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 Feb 2026 15:57:53 +0100 Received: by mail-pl1-f187.google.com with SMTP id d9443c01a7336-2add1118c19sf13136085ad.2 for ; Fri, 27 Feb 2026 06:57:53 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1772204267; cv=pass; d=google.com; s=arc-20240605; b=F0cvCE00vuW1xZwC6oUDbRqrLohJYuKqcsYFalPamIFrNnog1wcKAFzRxbVC5MA9uh ID1O3UZk5zPdlOOCX51FlOub+VcwE3hREkKMbk6wlwezRf7bNgHKjMsxEhxANPcgZHhv /WhX7/2gd/ee3Y2Xf5oZXcAQNBUn5jPk201p49+m2g/PnrpMfv5IBLVOfQeoPPiwLGpa zURsUjo/pIN70Ubt+1LDDlRjzEIrmvUr4PryLG09nb4o2ac0aIFK9qw8um4gjhXsSlXq PE3vDMNHu3QuRQeqvEFcybK4rn7h0TeMiR2qR3yDE03/1FjPcWN77P8o7cVAtT4YHn2t R2qg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Q4D8U16YdxSml+JRrIOf7p0a40sqA6Da1J8qH3TF03c=; fh=/xGSYblIus/bR1kg4f77eQN3+MqsD07WtW97LrV03yU=; b=cc3zF3XYc4b0eUDwi8Ps8LG1p8L3H+Kcw6u8v50lhM5MHs/MELqR51+nMiBZvXGtNQ xaaBvyNy6+JWfpjKQz+cjB5hOkzBc3N+uhpnJhIB+LQUDJqRZLNOj2rAy4bjILLEBc6/ THdqXdnt1E+sZZzQgbC0hafGch1yUdx7Zh8vyaW61lVZrLj58EiYRSTWPgnlY1pL6rNt 8huYOlizgiVoLEb60DGlGwwly+boTitpqOYUUrb/hYNLAWnbbD5gOUu3Nv0+wWlZbyml BRBUMKIsg8YvQ3rClGz5dwKc02Pv63Yd9pFy35+y9hpwhKpzJd/ukb5Jz5XVd9maXBsp yG9Q==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KiS1wuv9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1772204267; x=1772809067; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Q4D8U16YdxSml+JRrIOf7p0a40sqA6Da1J8qH3TF03c=; b=fIUfU5TksFfAcj8tpedZn2DH2TOKrMAps9emKKP9eZl6vvCca8LVlRjDMVTvN/g8x5 lOeJDk1UAbNXa/50MnG35IuqbnePT/ZXfgsHju6ppNGsLjZgWGvSTil65QKeVwm20TVq KjMWH23Dr+pVgIW0MhmFAx0/+f1rf356emDcfXn22Joy5k6GvXq91oAkOpIknjh82qpF j+jZSF63pUIcyU2wXSrsNN/B6liYMpRQGjtVWqRaCfiFZIpqfjdVDrkFrB8M3v2XeZR8 N3+2Rr1t9WX/0dUzJS2AvNGK2GpEmFTQtlCJzn69ZgpH2puhN5fgt+hf06vZasynp3YB vAsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772204267; x=1772809067; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Q4D8U16YdxSml+JRrIOf7p0a40sqA6Da1J8qH3TF03c=; b=dGMPDPAjgkil2/hRJVVpGJDkV2obbOEw57zts3L7+z/r3ugKBcc3OzOQJZAyCYU1Cb phkMs4hj6P5vaOjYcgC4rFABY6sfmD+xfPiiqhj75VdR8RTKm2HjkSzHIsF90p0zyBEV puTiwhsPWHM3rnzt4EXn0Q1vbybK2Jo98twjnv2PVhbTgoBitYPfK1S3GczZfqZmr07j ggCK/BmAiy3wsmyMSvTVXwuRPDnp98hv89Gxm6axO9J3gORgspiihGFV2g47uJEgkHiA 2LHuFoaFseCgG95cM+Yuuea6ZVIiMSHrn/LLwpI8+/Pm7Ozp6+pQA6y2/jgUGxp87mit COnQ== X-Forwarded-Encrypted: i=3; AJvYcCXKmdWNijbwx6QNvhAQRAUnaDysDouIUu+wZ5tIbUUzdYhW4tDRvLaYO7S0/stjGrebcND8vPI=@isar-build.org X-Gm-Message-State: AOJu0Yw/SQnhat8iEwGQyIoo9K0JnupHyHvJZm9ayp2/zSOKuPTlCjp4 3vybBr5Tt5O07QevbfN55sCMGmsLPe+gvGYoSW0M5NfnIH+SUj4ASW4i X-Received: by 2002:a17:903:1a6b:b0:2a1:3ee7:cc75 with SMTP id d9443c01a7336-2ae2e3f047fmr25799885ad.19.1772204266903; Fri, 27 Feb 2026 06:57:46 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+F7wMw3au19LpyMo/8AgHuaJtTM8u9tnLMj2xYdJ9VoGA==" Received: by 2002:a17:902:e805:b0:2a9:2fc5:d06e with SMTP id d9443c01a7336-2add73f29d9ls26935265ad.1.-pod-prod-02-us; Fri, 27 Feb 2026 06:57:45 -0800 (PST) X-Received: by 2002:a17:902:f693:b0:2ad:e975:4736 with SMTP id d9443c01a7336-2ae2e3d5cd7mr34258565ad.12.1772204265227; Fri, 27 Feb 2026 06:57:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1772204265; cv=pass; d=google.com; s=arc-20240605; b=anln4nwmfUYCEV8K5+/I263pJdqKBnac3Q9umIVmVhFsLQ23gO+L/wlUgAYuMF/yhf K8lXXVX2HIDBxsW++viRzBa0GQChy4jjZ/13To8CjIa4prv7qMFiihOHi6Z7ySQRzf9r in4vOT6xskFq5rQuZ60IcviWJvCIr0mHOi1keI44cCbj3JWChRvPye8hSficypjRp//w +hi0A7vCoOpqIRheD/1QPeomOhcatge8e84q7eGiqNGWXFNAXzWw8pFXsrlbPzbqPNUQ TU/dECBfGAJhB8hBpqMwdc8kffhfmYpmFl7l3ZlH4eEXu/9CLkfMftOiN8GCAdsTxKmD crEw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Dw2RN0D0ziMOY7aeC34ixEpenP+TUcaEs2QEz4g6AW0=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=h7kxgVPhtLDPa/07tSUWHu0oHJhXb3whbpOY3IQPrbabQxfJ4fUw1Rxk/Xp69IknfJ nesydesNYiN+Rhwuh2bP3S+Tb1eTe8X/DJakkDN1LiR3LFQ30meO9aFi6T2M5ARMZjej 1lcWA0Q+X/f8I0qHWVxhdXxRgLcSGQxEe6fojXNLa5ntzkHltySAp08IfcaU/o85FC3h CYErCJp2KEQW1QkKU9iDtvPhrH6MFMUhWL2wKIGjfCdnNVBO0SUwImjr+xHjacyxlXJg uHPGSs804d0K+wwIFRFcUMBXP5wvdOtR0S+tvsnsW4ATQHWTB/hcUR7bRP84ii6ACksj pf5A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KiS1wuv9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id d9443c01a7336-2adfb65d3b8si1703605ad.9.2026.02.27.06.57.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Feb 2026 06:57:45 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rzbnhDn53dZxv5PShF5FPPv+sfBICyYyCn7vrOOaenRgs4DKx/Avf6SbxuV9P/KxFlPdng58yrFY/+uUnYKuKUIuN4eivHWLEfqYpPOErLZCpGvTrqJeeReRgkKUXM8FMTolRloyCQlz8H4MagrUu+LnriX8btywRHUHC5OIMWi4ZyJuGzbVL50QdjA95ZhZKmWG8aXRcYR7W8zM51OhC55rzEiPRM1rRntzXM7a2Oqykpqy6xesAmqrpy0if/vGv5PIufn34nseEWkyh9tJWb22QIc5tQBjrB7XZiz3OBg4A5pJNh5MhLob6tBZjTyGuji+7uaReXzlAASSh6t0sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dw2RN0D0ziMOY7aeC34ixEpenP+TUcaEs2QEz4g6AW0=; b=uoiK5Rc8FeO+4egnvBM2JW5ET7STZcPBFiOm4XgXPGIM0UOYrSnnlal5B3p2Kx21UUYlaI8eVMzyHP7z5lg34uRgqQQyBEgKTMbL9ssOT3KXwcig17K0q6bWSbIqtjF6uvAjEbR715bGRgUI7/mi1s8o5bP7T2elWy84cTTp5SsSjsADI0CToNV+eLUTKoUo0VnyFG/38stLSjR6x0xzJTFApecmIOb87Y7G+Zb4+O7U4rxKvRTGm4UuSlErhKke4M4/q0mWHAz5O+ROFupCLKuYFMmJhCHrPfIoMbES79OWvX0GevJ4TV0/i/d1jpEtmjYtmTPRrpAefAqyi5XvJQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by GV1PR10MB8006.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:5d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9654.14; Fri, 27 Feb 2026 14:57:40 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9654.014; Fri, 27 Feb 2026 14:57:39 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v2 14/16] use copy of sbom-chroot for sbom creation Date: Fri, 27 Feb 2026 15:57:14 +0100 Message-ID: <20260227145716.3794146-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260227145716.3794146-1-felix.moessbauer@siemens.com> References: <20260227145716.3794146-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0274.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e6::18) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|GV1PR10MB8006:EE_ X-MS-Office365-Filtering-Correlation-Id: 27248f6e-eacd-4616-2206-08de76108d66 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: pQFmjah8O8Zcnj9KqiKvb8+aqg3MN2xd/QUQPH5Tr3gZVfFzA26XLKg3LTA2YdeZ4E03GYAnqLrie0NDjdEB863hgmf9TXwLnSnFRsmCxiFdC0QJC/KnmltUoArk6INxDmpBpCgzEB+a1nCs84PIbEqfVJdE3dEib/1IPoxPOTaxd98NDaODflMZ/sOuAGNZ4fs96THgLEj809vOv71s5xzDkrhiyJyd+7Pn0Lpg5nuDiNid1g1o5w0P1PhUStTVVZPOm28HpFxaRWMpxTjWb0EeTw+uG8dRuKJe3tqHF+Rgq4YMdDUtJynx/rTS0RvGzxgaNqOJc076tUlZSgx8vVnSxfGKdUvoLklIGlZX5T5o+J1jh4GMht4c/RFQtqsdptYbT6nOGNEktmNC79TPW2+/HCoOlCQYQKoz111cRLXeHEdWklJASNOMMa2flm9FzrkmnZzB1L3286oVQM9iAfdWTDjYXM95vUe4VaHnIBYnd40xkMzmYV+kaWBVLOrT9v15aoNUfYibZNKcHQ4IHq0J2HfYCwdMjmZkw8F6Tp5lrbH11CEwmuAXJxxUkNTBpaoSJCGH9u+kXgtfkQAXG/O6HdsbunvNmdGK6jmV9LDjYPFv5a2oPx6UONsmzc0iBYMG1OjffevUBzGUHvvZcThQ5aP2Iqc3XeBW/pFetL0HD7BMCGQl8IKE8224xule X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: QWFq9FKdEoAyXMiLD9m0kaQY0c9l2qTVwtOTe0pXLZmheSCkFFIzCs381po5OA+n4zR7pjzNpfTqqxtFDhmVa6+QDbqXN7h4N/MMmqkg3E3rH7VjabM+ALZvN6/RW0kPSqc+xyH/2EyIQUk3HrVx8cKPNMqFZ/AWJrKTQPsVuQ+jI6mHV0S+2/c3/giaGgp2qZ/b+DKPNUN3ZsVEPoqD8bk/rnC/+MpHyQ5YKjoc6VhDWIPEBEyyFgaiUA38f4Sj24dsYKpUkK+bVcyK140NCbHr611ggF5eMZGuQWoZHcmu2iwcg/Wj7GzKzN4l0HxziW3EzI8vbR1qSZsvMYOvegfN9h4IYTEDwSNPeXwn8VV76WVVKaJZ5UyOyyOZwrMBHeKXSnaCO7MElgyEqrnybbl1AaYTHyOnbuBqS4v0u7DZ67OABNffQzIDSAXqrLvp4u07pc1wFlxmiQXTW+jvukc6r6h/y0CG/QbNpX3P8IYIreZ/HTdXsAD3Q1CwsJWrUqoPaJ0iV2bi0s8a8eLauDYMrpbZqchBragQEiG5OiHhmRpYXGu5doXAKuUDNbfeRU80Rn4iILOScLpaGINLVId+12LiCYct6MdFaKekUKYjmytq5Pnx8Fig6DE1nAUDziqke1MwV3epsvKmxhrsnOIxWbUG4gbKzw4V2EF9UNBu7xnHLSDzTYd8bMLnkGcaAHDWn60u/5i9yMbCayDpEY1fmgfKYFBifmwt5n0nkbl6wBwF/8DdQiER3Ruik36f4kL4U0r4YIyf6DPwGn28kmSG8aoOVBuFAeFsj4y7X/XmGThyTD+rvTReOFmInFQsuSMk2dmpBlSQL6AM5EEIseiPxRLGQtyhcnEjJ//S+P3p4dC4yvG7ENVIkQ8zcIOL2iyqh0hrZ24f8JNj6yQ7ocg2iJZma1ujpmjpmI4sx8Kd/hZoh/P8MF8fMVIrreqLZJfT0cVN+WLZeqV959sCwOAJuZCSfiLUgzCaW1y5ZZmidxT7EguLvTMROoPzmu7FtWsmNSbuRJTL+sM910sNxvJHvfLBbAudRAdFaTK64KNmRcCHwlhyAeHv8HeMQ+MaALPor7QRubisuX7NZFwCsQykE1uUL1IZ6ZL82QkEzu5MwPt2LA5gjZEsd/NXuHSkHRUxlBRVD5dhPjdXengltXmKONvrqGGSkSwObdd+HN/CyOUTm1E6B+mTgi/cQEmcawGktFAtu65cVv+ZxZXihTn+01uPQ1dq8EveidR/+gPAbxswXDLqDy3N7Owx8TeXDwc7K7HUAl3GK5hAzYmaFjuLWc89ssdg3/LvI7gvjLmX6X+JNozoA9PuXIaUng3XnUKGPEX8PWEOyjLsvwNV3Wh2snv1JpmyaY/k14hbDqIgKJ5K70cviUWwVJtfmuLTwr00579clfIec8VT9iK7IuyhqBYY85jv32v4e6PASB3WGiefvOyPkXfaJGRbPTRBIbq2ctP+KtSeIszXk/KZqhSRHm9/zuhkSLkWnnoERVRR3G+jvFEa/y8GELEsCTpjCLTE1bblazjojOI1D3H7M+lJDHYop8V6HHl0s2GmeC8j+DayBM4kYbmwaEc04Mm+sdAy/9sMIaF5+VMixkYB0XSu8y3BXvqXvdbuMRz5Bdja9VBGzuoVpSN9cHvXmqIc4C5877eoXMPhXaRMa8J59MBhY3z7HcDzUZNUG3VZRHjSTNef2kwA5UPqGGMF87hHCyjomWdgN8+pOQPC/O/bTbpjJJlrHnAQpf8sPnDKxZcLNF5wH6RlHsCH7sVOCjM9J+9Tu3EU X-MS-Exchange-AntiSpam-MessageData-1: /qrd8GoDvCQJctJa1FnFhB8S80EgPu985zM= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 27248f6e-eacd-4616-2206-08de76108d66 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2026 14:57:39.8999 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MuERVmbRskQ78hK8qzXYeTCBL0CkG79psfAKu/4vbrhh8Lyk+gyRmvTtNqQK6PMwBjTZeztaLAoBkIbcdsFtoQEL7SV47sBOWYQR0aGWGkw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR10MB8006 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KiS1wuv9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 9f1e3de4..20afc615 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -222,7 +224,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index e3d0e702..d45ae54d 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index bf6d6683..fec1f502 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs