From patchwork Tue Apr 7 14:23:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5021 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:44 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f59.google.com (mail-oa1-f59.google.com [209.85.160.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENfhV015612 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:42 +0200 Received: by mail-oa1-f59.google.com with SMTP id 586e51a60fabf-415e1e9aa5dsf10122952fac.0 for ; Tue, 07 Apr 2026 07:23:42 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571816; cv=pass; d=google.com; s=arc-20240605; b=XVRkaWTMNq8cSEnJ/MgeA9KjT1pENS8kObmB93hSB3is15ViXAxF1gyiE9YpBN54SP YZdpBxA1ghaZTgHfUAlrgm0t9+t7FaP3mKQLCJxZBNQaItejrCPQQiwWK+2K34OrzIoB FWeU6Yg00cfjqA6OeMPw2EIcM21oCa0B/6foWtXyT7Inb3O2bYxA92355iAvjX2q2fDE Zjpq+rvEvpBv+aYnIAOyXCI23MfHdcIC5Pa6xkw+r92MwYfVwqZEm6ODga0rKk3WRH+l EkXI5Vd867TXHPr56uYd6G4B4hCeUyrasGkN3+yzu4T+t0+KowdAHj9zezQChUZRQRSe tq5g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; fh=u8WBQyXW2V7R8XpzxRyPdpiKSj+6tncDprnmP1fgnpo=; b=bL5YfNb4HHGk/cMQpwNEEqHPTEnGUdabxoB3dt9cpEPrh+1UwBqTOJOU9DX2JJY45z oO9cjh9aGrHyLX271qw/svWLhgCsYMnTMNO0bmbbc84wz8dNFwZAwMBbZlSsaaerbXdk bZkzSkBEdQSP/Ovr4D2zT+hAZlQ0OMRPfwRUnAuJebKCjL0X48zdPTW/fraHxGkWPFtB 3pAo1flkUdsw/fiMTxHsu1DFAq5S2e1huc83nWIYFWfVjVVfWIsl/6LDw6YqQLxBCI/c 8Kw8JkvyrYeskax8PCbh67NXB7Tbt/GU3GpfgfIBr8mZjYcZ0DcIZTCYOsp/J5dMr0nN jWUA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571816; x=1776176616; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; b=noYFgGWfhtIu/PSPCDlm3bYrByQfkXZJqVk/+wA+5h4L1VwQtICUPhlVF/clHxkdbP LpcvP/eiBF3RBMsV/tmsLNY7QOUMCLPdYLHBe4sThZglFwhgw0ItN4rv3FZ0Yvx0Zdf4 HlKcJrWntC46NwCFZQoNJvKqiDnnxgVcj4q7DbQ5pJk/llg6FbE0RlpqRoQTfKRYCNsw QuVMSYbpYkiPrCjOZ/+9wqIJUoqfUC09c1EviUJRX5q6SX4T0CTIoOqD9I0wn4jF66GT 7yefH6NHfi0FLuJX4bWvaeJPsWNagQljyPVjZVigAs85yIivRxoeTmJP7Mb7u6SSpK1k Iu/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571816; x=1776176616; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; b=PwR1ervPwAIGvpGqUK7jmTgYbpegBBKkDxuuIh6H3cdQG+8Dyqco0xZD26DMuPgiaJ Ke6FhZYXwtNoP0LFsuhULpsv9dsyIaFRuZzbTHsqq4qFeJuBWiDqaDHNOM8uHPTHghFJ M8M63Edc9RMiXEkSiS5Pgp3KYkPpb58XMd3ur5PO8QKHNv0l5ygoonWJxqrOqlZKc5C3 MQ0J8bVU0MlBWVTxfG+IWGxjYNVYm341Uda2sYMdjbXCvogCR6b6buWo1LnSrNpwU33b HjReuAahXWPO0usO1MMTEGicM/8kTcJp8FpCmkBdET3/veZzzlQjLLWzuTx2EyLh1y2q YPxw== X-Forwarded-Encrypted: i=3; AJvYcCU6biXsw8G3vonUtGhjEldvwKFL+oT/9uABeDEk3DJGR043dMUONfbySxZj9kxHk2kH1hWsMgI=@isar-build.org X-Gm-Message-State: AOJu0YxZG2sRsSCQ4CsaeUa/Xh8wJ4zOYwT2meS89th6S/ZgdJiua9Xj Gp9yTuZ77rwhw0aUVtlgNUxi47QTuCqUZKSw/gV0gTIeY9BMv8RA0OHB X-Received: by 2002:a05:6870:bb0d:b0:40e:dcc9:c3a9 with SMTP id 586e51a60fabf-4230fc10eadmr8665201fac.3.1775571816199; Tue, 07 Apr 2026 07:23:36 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiLCK3FVJwhmsmTlfoLhMwYz3NJ9dvxHi7uUkgFo79TqcA==" Received: by 2002:a05:6871:c91f:b0:409:4c04:fab5 with SMTP id 586e51a60fabf-422ee61aaa7ls2936972fac.2.-pod-prod-05-us; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) X-Received: by 2002:a05:6808:3185:b0:469:fc59:b128 with SMTP id 5614622812f47-46efadbb119mr9280777b6e.25.1775571815108; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571815; cv=pass; d=google.com; s=arc-20240605; b=idqTQHbiqLeaXpQ3kfJFlWr1CFKzChlIyMfdWK2dSDN7zkvc+bp98VNZ7dql9rwO5b ShMNzCPZGTkMJ3PlSkdU5p/Ij3p3BUqKQL5X5xovpipXs24jhjcbGBy0Q+vKaAo07iZn TIPGeLLVyuuBL/avEwI+SKb245Lh0K88f4OD8cWhidBVAVjQQGlxhtDc/CStnJhx4qat KFPU8Vda4O/fIvQ27AGH1SFt17VK/aGnh0HZPHNABD8lLEovqifh/QjqgZSMKMwPIjLM jZVGfyLuzCSdJViaQXaIEbV/8FUpaFanMGTHp9QPrFeICoiF0DLfcqSF469Oh0Xvt89S AS5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=JiGTJ01jF3C3O/p61b8QVBnkgiSSE/iszvBpcPBUjjrrw9l8GrHP1hLiiVPs4V+SWb CTMkO6kOnJvf+fZupn5CenTFLpeqqX9gBrmsqmM6flk5bHLmlqKGI1LyX6yqiGOIspDt +GspFz5v7FskTtTsHjPNjAVufYgaqEVE10saIXv4VzI9GKUQU7pNtlYGfK86BUJjK9Rr XIcWREjbKB6hpgy+EK01wnvk/lbzX2t1a1njswEx25+M4toT0AuT1Kiwv0+UmkdsDRqK +PAUNkRFoyAYBDk54pKM35fz5yrvPnTgYuK6CGNKG9OyMhrKtmNRRYNRe+PyanE4MDiv FrzQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id 5614622812f47-472a0d2c4f5si241333b6e.2.2026.04.07.07.23.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:35 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mJeoY6xqiTY3b7mcOn446tSoSPIx15+Qn8GMMROZ1kbkZ+rPtXmK6YaotuMkAS9yYPHJWftkh9johAcqz55Y4QcQy30d+SILh3xXgkbPTMzx8m0rjJV5sp9eGQJPYvbyUXWUvVyPOwFd4WVvmxZWP39TKTq/3ibh4zsAg2D0WYfCvT284CoXyYP/w6VrzKD0zxufFFIF/DBHEjkR16i67TqO3ceP+ntVJtFHQ+Q+9/GWSF9OKvgXmir27zrA0gJOIhTBojOnzfMSU2eNZEcMrmVvsJMSNRQ+m7j9cGttuj0f5gkvx44M36QdUMy/Uga0a8lAWs4Ci7HXwLtbM8Lm1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=MyTcI8nhv7deZ/oesLvwoK0JCYOxZNagRgLMSYo/vGygo5EtLdxN1IfqCJJm3AKMEt/h7Xs3j3h9TFAn2FsM7XGFbXyfXN92NSGcu4BNE/sur2eaV45qLT/j+DHBrcwEOTTaAq8IRnquRtf2oiox5xjENiYA0Bf5l8I5pc+3lKKTsMTXHLfY22PkHEZso8jOO2kyFU48y/09JfSlQvN3ibYOuPpK7UCxsqwXCNb0bhDOI0yy6QOuT/b6K1hn5AoEc4PoCmEtLhWoIobjbPYyiia7cJ7Dbd2MlsBFBvZn//BXkPtjlXuTApcIVLBCgpdv+YSs9MA9UEoSkkXJcx7mFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:30 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:29 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 14/16] use copy of sbom-chroot for sbom creation Date: Tue, 7 Apr 2026 16:23:08 +0200 Message-ID: <20260407142310.2327696-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: e2c7cf3b-44f6-4bff-0b3b-08de94b13c5e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: ZNhT6pPxmo9BuxTEclfFG2CCPfqvi6PkZqwnH24u5HMLuLYw7xYON1pOLFYPK1pfgzwZmHGaK46jgrbA9Fp9c9b8shIzvmzh9bNH+s/H8q+i5T/79Koftrma6+jjI3SDSDEHqvbL52qxQ2EouqY4l+yrYflkXdLBXuAlIQOrP2muKKvbB7OoBkU9UtL8VHC2uw4EN3JpFWjahvvlEAPntepDK+aGJntMoq8jFuRovSJf10oz0H5mKXv5tMsPqOCX4XvVcNG4BlDcNFg2tp3RXlvuXZsuu3aWp4kcqzGimVrE+6nRD0p5dUoZctIFVcdKOvnfZfcZ/+7DRsBPh2h+GOsPgs76/l20n2oHn2b0BIQz4jIq+QJ1XjjdAzh1YdCHwuD7wi3w/DAGHFvIUOtjA98byxBc+otDppF6RLgshesWoA79cFKNIjR/pywEEEzZWYQAheMg+LXquJ4Ntn/wIBIbZIwU7HR7iqyYMES3XXtMhwqYBeo9hKQ3nIVed+chJolYAdXvSboO7IibA7laZBa3aWyfohG0Rl/YQ1OTHSjqTQW0Mvp76S7ZTs9fyMai58OzRX/+hPtxRMdRTk27xbEK7B9y06yH4EuZVz3FF6F5iM/HR9cNBnwlvZWHFoDTxRzMhow+FOfG6PTE1qlhQqFZBj3tlxSI+AwpH0ajHuQW4OVe7Z9PhIM/ZvIq/JUw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Wcg6ARCt9zQeyZm8P0sE30DrhqwU6etqBR3nA+eNCviaB/sWsIdu5sda/02QB2/VzBWrPcwNFyd8NxxsjQxe3vP4nFWWgt+L87e4LVLlXfNsko8bvV7JqmPQUJ0fzJ/PySEeEvwEWeWluROPeCOArs6tCief8rCCm7dqznvSyfwKORVeP3irR/jzkqJDEqMSX/dRIjq+oRXbkgIvIPc08RAVK1lXvAW3GSPrXAWnV5l984h0eik7JdDEisHZLnBhsureNFzCmUk2QxzTSeqSNIFHqolMHeD6y0//cjUTcFXYn6jEmNYtBmNsidotDV1G6mlJkEIkS3y1pTq0QXTAnIyDHP2EE/Ru42Yol1eiAoJkw2k/0hw86m8mhXBKnVO8TqDN2GTHNBdwxLJPP8pZNZXhsNsGA5xUDAxScc/usHOgBFi3dy7ZTMC1FHZnu72hi9Yl3VKrwZKXRgZL0WY72CuzXZjCLpjoSoVKU2G4cpWml0M27qYQBo6nM22UV6iMXX1uSaFcX5plpAmQdopuoFlqi4cRgZRIs3NqW14IDvAFgWBuMJGaIwzfWQKKe+/6Z5XjjFxZFK91gJCtKUlK0hI6cKnLo9hsodEARiiiJvbsF8WkKTaLqwHldiPxmbXIqjz2MvxK+wT10ht92SDzB8J6n4IVcnh9OCycTM6wSySKqYmkkghlGZajSyTKQkeW5SWAwsgf7UmHTwx7eDBpv8Zr59ZqgaPmmbrTj7O7q6bGA3aePVHgMpdZF6GYRCLtnIHtACZWhu8Ac+DxIjClTyahm5CfuLXdc1lgiYBO2YOP/g6NOn9t/giLIHgOvtuYZeMIX+FbC44Fneyq0z+0dssoIIb65HPI4/oCDm1KWQFV+jTJgqBJsmVlIthxgZ35YDNGr0P5gXzFNPK/vQ0K6uncloaA8avmhast74h/elY+Q24gk4VmlFyEGKGNhtX3qYDclPBUJv/Mxmp5rP3Do3X5XnjBISBYgMcHjYCr4K2j2NP4CUDLD9g8zyOBmVMLwEJOrQpNrv1zBQuGdJ8GOyI49xEJ6pipx11rkQKVZ0MoBGaF4ndbi4ayy3wMMUWbgQdqIn5l/w7RzniMBx4yYi0UlKrFZIB0wuD71jqcSAq/NNYMcaiUuNjSBgU9Pba3Pta5Ojq5OIbZoPaujkE1MJ/ml+3QI8SyqY+ljd4OGmHyFBrz2aMnC5EKWqypurJ3CYJeaH+dXEiyKYn/1Mf5RH+7b+jwFcVXkPZn2TEO560bcfpJy/qWxLu8erq5Tw/Yo1VfK2ZEG2jrq3XF+sBrLvfG/KWhy97VU4vVfd5fhbl92JawffaUanA4dqQ38DkZLcueNG7cqSC+1xSG3ZKGTn3t8Et1cZVFZz6DXqdyCqR+x+bp3yg+d6n/iZW0BEBqqgcxMOfB7EwzzxnldWNd6lVu52120JXS1vcbNO5c1eJpI9yIcbfVJVciRW9CFgtjKhgbDipkS9dteNQz4eXUdO+IkdqFp2rNKaeFiK+AOsCI3Jmq+xuH9Vt8cxb5a/8Bgq+QtHE5rsc5o3+wDx5R1Y3rfTUo41yURgQBXdiS1v0kLELoAbdpaK3N07Zm+r9YPFB9p76NXtZrJwsPStvU/P4g1JAJCm/weRoTd4+Ym4ot8y951p/mN+zXzyQsTXDMUCvqPDBW9FE+Z/iuW6z5aYMZLSiLxk489wS6IGSYFX1qzhgV1MYL0qDSGCYFPNSckobGBcD4f1ZhWW/v7aPsZwAGYX3hCA5iPLYOXv8XQMU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2c7cf3b-44f6-4bff-0b3b-08de94b13c5e X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:27.7970 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Xru3U90XvDeD0FqhKfgugq6cxxeurd+KIN0U6+8bZusApcd+Xes5Prw35qDWYLX71HZC6ds4BYXKFcb5ZpBVIEp2MWkKSV+T4o1ym5PFLLs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs