From patchwork Mon Jun 1 11:35:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5104 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f64.google.com (mail-pj1-f64.google.com [209.85.216.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZaB3024902 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:37 +0200 Received: by mail-pj1-f64.google.com with SMTP id 98e67ed59e1d1-36bd4146cb2sf2940031a91.1 for ; Mon, 01 Jun 2026 04:35:37 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313731; cv=pass; d=google.com; s=arc-20240605; b=B4kG24bheED5XoRZjGDmDjk6UjbJVcDqOquGuMiDgR/H6rFd5JLJz3kIKinb4jDvvO 63tqlgWA+GooKyb92h86wIHu3vCRF6bLR8u9KnZv3COSqFLdrE7/Hk3ZxIN6J7WZGZwQ eLRMz8kT1TzWXGqMD+btDtSAjDjEmFOU3hR9B1SU9IBExCi+zPtM9owGnU8zi/Y5HXQ2 5jpd/3N0BZc1f5mQkF2wKh765Ct/Jgp92ggSb6uBSgpscujTfdKsDNoR5mybUmM7RwPA NInk9kikdIvfPzpdim9jvEeIzzufRJ68IJBnOPoOwLqViOjGyTAl67+kpwvjSvgFr9tv QyEw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; fh=jZEs24u/RSDV5cHpJRGqg2Xwq5dP/DVFEkMs15NyHXo=; b=OE40JaEpxOxJbbYg6qlaHNqsN+1QC++YK0NfOmYABM3WgfRuWHl2wU5TIqzEtMDB27 LpxMzniNp3n9HPnwaske8jp22FVrzLs1IktBRBiw+itkF+Da3nL4IsQFYChWyl69d/FA Qt2VX/yhLW2CZnxsbdNBTcUFIitbauVZnDsBLfx7WLx7+fkGt41Kqm7Q7ylyUmZmJOMW 1oEupPyi3DBsrpdpt0oYLf99izePXqVap7t8eN1ynA68ydppP0yEPYw4AMFp060L/rol 2umr90CR0wIYXzdSLuqvUCdSbP+Dt2TdyBoUHUHeQCz7bGPeC+uWw6KIoUwZgux6n9Zq tc8g==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313731; x=1780918531; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; b=Gci5SUYsP1LwCXNccQn8xmYME06Sy5kxYUquga5fqV5ODQgN7CRBNL0ShuxOJWWum5 TTP7yK/BxBSLkjRqbBbeRTwAgeGZMlixVuX9dcCsqZKJ/aADF7CNsTO6r/oZYLeya4+y DMwn5XMOHqb0/Hf71Mh81/9Z1+tJA6OP5tBg/x8XtEPGKv+vmy5aOC4f0NKFem3EKNz0 VZ+B+prU2bPFClgwuMFUFGEiGVlD7ZXnoefn2KEGH7cV5zee6okGbWebDC7auInd++Ub 5dhuFAZNPSJ0cYEHQ7SHbt5XDv7tNhNgOub2ZkPiIYtFjOJV4HczFoU3sk2KdRncVMNk SF/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313731; x=1780918531; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; b=VRp8eKhzha+wSA9H5AZNUWEvpCI9o1gpWiyhu4gRX8ycCCUQbIDyihlz0VZN+Kb5+2 10Z9/QEz/xKgQ2+PS+ahYqHNWoJeOAQ4x9ayeg7mmR0nKQ3rwKm11gNLqx0BHpXSxNR4 /CwXrSqwoPfujW2OQhvuyOltlJqv/F3GYg6lvonz3gBMBzK6I95k6eidXXiLoP0hQFfy xhwmwRBxgSANiTYbto8YNmlKFgLDnfpwGBtVuPvONqDnIA54fpkb/EeG6mbBNKewUGSS /A8wXSjmx16LgjaPiADiWMoanG/9nlxc/lymlKrrfcNLp8h8PZE08JvDeYB0cmc7Pij9 nL6Q== X-Forwarded-Encrypted: i=3; AFNElJ8pdtq/seS+4GUrfAq/7ZhK6VnvNjDBzm9jYpgsjfV3TNKoQ7tPWnbVlIgWexUsHcki0+5YStM=@isar-build.org X-Gm-Message-State: AOJu0Yx9pXgsN0pB8PSKtQ2/sSdnlV7hkFK09AK7UR9DkxdGZMfS+pqQ 85Usj8Vb1+7W5v39R5ZJHQYOZgdvv4dhRqkV7STiewCBpBRBU2w3R/Uj X-Received: by 2002:a17:90b:1d51:b0:368:3830:a8bd with SMTP id 98e67ed59e1d1-36bbe0b5b21mr11533967a91.7.1780313731323; Mon, 01 Jun 2026 04:35:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMz1ZmXkiZf1tkSlgFoup2/zhraUYnoDQQMN+HTU/ek3g==" Received: by 2002:a17:90b:2e85:b0:36d:b120:8d29 with SMTP id 98e67ed59e1d1-36db1208dc2ls769029a91.0.-pod-prod-00-us; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-Received: by 2002:a17:90b:5445:b0:36d:c138:e0a0 with SMTP id 98e67ed59e1d1-36dc138e22amr1427293a91.2.1780313729641; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313729; cv=pass; d=google.com; s=arc-20240605; b=aBCNqu3eVz8yKqa0zgfispszZ0Q2efke0I9EpcWXWmetvtjaLahw0m38mLmr2siF29 lPV6dGtYtEjUIeHwmUAdQWQT2OvBZ8Zyd2xqVfvr+HjkAlpv6DdFVOosFkOmjWwf1NuT QCxlEhNcWul8T1X54IX1TsZNiS836MZbowMCMCx+Ipdxpz1QpSMbt2XHqzVoajcmIB/B ZGil1mjJQZv/if44J2rHBwfHvKPyNO+WRtOwiREQ90Yp53+fclA935weBuqARJAcSQUj pg/D1ltyu1V8rj1SucBJnUgzBZsFawNFTrDXbijGfwBmv4unCxmKdL6dnVCqPI5q6Kha tdqA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=aY2NW5g9NAy9fouhXkKl1jM/uNfhwO7rqALJuvDh7mbTqkvmGlrxpEvH0C8JnwsybI W5M4WLihi/ME1HQT23b1/EnYtE/MZy+56lpTwf/KOtzf8O82BIcP/SvHrsnYWPGz1btl 0Kol1umYkltuGLg35bvy/NLfQOFabOKYEiyUTNO8DzeiWwyodjDyGPDiNn9DvsNXU5rR fmwJjVIxp+HVrmAmr4siWFjLgqviriwMHugn3XXIJpmT/7Px89QatikHNuROT3VGKMgm SKF0ch+FzkLAIexowWdpKehpWUZHLH1Ee43UQffl09cNM/yrAsL9fTJqcb5wfTvOuujr VIRg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36bbfc9830bsi359915a91.1.2026.06.01.04.35.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:29 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GFPxaanmKPZuO/5kDZ8WiyrsFTqUomYtWmmasUzx6c8Pom1Few5hOHeLcW3x7/SQE2RkMFCk4cchn+l5AQdDPnZBkAicG6znyE0Kw3TSQ9mNPfcbAHsv5l+KQLIcfhBclaH1IRZ4G16GEkuzjfkl9y5lO888MEn3RSFnFqlgwA0uWPONs6bn/XYOimNi9E5zeHzfCRHzIOJT1uekLVoRqAOWejLs02UnPTIPRYr9EcfvgoGOyINSM0oHhpLdxdMiK+U6jrlaf8EZvvbjbDJRr1IrwdLTJ7Z8793ddXktBodeLE2BqYgeekxsSGpd0uL4lcT/OqFCxWlC/O92+Wbazw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=xNP4y3znBJR6tTsIRlv+iHj19mp62QeZXo2z3a/7UUcBBemVums97S/6oQ6czqAgsOBUhjbab9XcvD6ZQXEUtin5Wh+uZDvIqj9V8GIt/SIIwj9Wy5fAARyPpOx3nzSX8h+p2VkPXJGuTzc0fWYf40FYUMIFne6/Z+bLlwmcFzQTbQklldMzNFS46hLdSgTd88HtTnYAX5YtDTd19/jYsyqB+R78WB8nFPKI19nS0G7Q2KEwm1Vzp10uipDO2hrdi+Gmv+GpZ2hLotlsOkhbHbl/0ZXFvosP0plc6+tpHd8AWQDZCZ8rWUxaD1IKrnXtuYjJgtHYUKrlUxOJHHyBXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:35:24 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:23 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 14/17] use copy of sbom-chroot for sbom creation Date: Mon, 1 Jun 2026 13:35:01 +0200 Message-ID: <20260601113505.2898877-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: a7a52cb5-d720-40a7-42bd-08debfd1de85 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006|6133799003; X-Microsoft-Antispam-Message-Info: P6Wpo3Q4FFPzK/wKOZaUr+Sfkt8sk4c9qn0prAIo+tmIhzcYStq4uFgXdgcnJTJo1r72R6ph6WXQhDBsEJ/RiK1rRUeU3fJ+TkJknucJn8kzPndcx2/F26HY3dlQ6edpirdGDRAWVx64ZMvWMmwvVEOT5vtPhPSmynNbzXY5gCnCLZ9Ak0Tj7bCisHE5cjtu/aIgSWor1YWbaFyOXTngN6DUHB7DE+mJ7KM4oyy7zNfqvyLpnVEdKvjkyN94wzZhFImyreac3ynL264RkjAtOK6AYYgFSpJ2pUsPTtrf12LjFpHCrbWS+SgShTSW1FA8fFIVMriUxuXi014K2VOwTF5FbYt2O+z7xRXf7tpurwCo4SZ+CRYStcZ+Ef7My8wJarZHgP2Bu7PCWfRkaG7WuSienzNRTN8d3RA0ZFfqYXR9U251gq7tZ8qA84qM/cSSqQnHDXZ8vYn7KeVIzUWvDE2NwymTZP/XYcESgINPsFNtBKviISqsCPeHtRXk4SLaUtK05YLQICgIIGhs959QAF7LRt9aHmgt3c+1PMbrRf/4PxRGxa4IlWdQQojK61XAOwnARbj7WfHqQkiSIDCE2xu9jGpVV08wW80UVkZJIebiaZ8xqbN+ag/pxD2WT1bWFYKC0ylAwzZQ5QdlsqZoLg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 5V6Jxe5hr9dPvax/TVSJ7AARP/Ya0UOs/jemOpjJmJHDpE6gSRGJYDNapAqpT2tcNOMsuMgYwuEErfoSc2iQj7VkWBtbIhnMHN+lOT48haebFps5KCOVU982uBlzI79QQZcqYZv1tm/JjhUqw5cVu+wfwY+tJAk76nhuYUs/Xy1Jk/pCfqPO8qbRtCFllFKqAWf0/eXxnUWWSMPedIYJES7Ej3crbmmqR5FUF00wNjOgXi6IBxlrwCIVYjWrE+e9Bd51d7d7R9E0SZ00DccCBD8boBOm2KH07zWbddY/4739ijDDHUHHMOEldO84A8D+Eu+9H2eQ8AXMVAx889njiTrX99BcuP32NSxk4rCiey7EiFHVqgqOfwPuP31yDI6lR6Bnp+nxHPLWJP7LqopUIJVcTbuu7w7smZ6ZurEueZqn6WI3FFF6DRz98AuQblXN73anm8ylk/VW9fXBzY2E2boYTbN4upAcbTJgz/PhboidZTmdewPUhWMo12JiTqprD6c6HZNSCFwTDHGDE3aYEQQYU2DxZE9Ylvnv4x14yMCNttZ2DFkLJiXGorwxq45k/UVJowSHaSA1c78MJFJlyg3CEx8I4fXBobs7wGDimIrUdReDS+7cRgV5sv/h2obJvoGEWQq1L+d2Uvyj/1QDZxztJHTqmly0BwR4dR54gohruPSnruy06Bp+d31yL3rTP2crOFwrXvC8is8pwJk597aDIsVSNYpR7qHT2Sycas9E+f50LN+fKIczNOj03XVwVa9EoDKRh+VpawMqdd6s8nL9E6FtFrq07q5/P5E0W6z+vE5hOHhbIgiNIjS3Cqr+Du2vZMSdNYKd5tWbyqr/83VgDR+dRK9NZctVza8Y4it1ICcWkL3PWN6NXNUjbmqTYjPhLTbNjCBUDTMXno+wO1gSEuToecYDQukjc0IDxRudeB/VDemgz8di4MOBnDWt0eHXUd6KDdnn5NR/BQMOLaCoqcJFLjIfVw2aEKFY62IY21UM6S1IIT3bjslhp/DiVWtOMxyjOrLB2MHTuhPz+9WfmHIJ4pWfo9ExgfGmJocTgKTQXWolT/7L85XCpCYb76uI7acXTdfE8c+3l1G6wgAUk52rFPbuB9liOJhvJI6rg2Ok8JWrN96C/lj/ptUou0o8tEoDO5AFPmA/CQaDUmogmqo/Gd6yjXmDgXH3LtVem+zCui0z95c80fcbE7chXNGdhorevmq0yf13ZOtBLwg7grjv8YzVuWsVXagYU4SHYW9NgwvuZ0fy8D2z2gBHwHS+1G8g+V2W1uj+UYwbO1SivWROlWcG/3m6VfaCQ3Wq8ydQSKsbYtQWE6JkSHd2rkibS6+4B8KApnPb2vBVvQlbuhYjESe9RTW0EPIDRKw7FRxQDWkxKNLGbQ9DLaLgCclkGSTSC6IULemwump5iOWf+GdjSQNzI8zGbVKXEmwEYEwhn5XNye7MYqoMhQgNBHdTIBJcwhZ6JIRfW9cegLgl7hZDBW2ykQ7tFjpoUpv3cSBNPMvr82CkE1eb1lpWr8MxfTECWLcBUZvDQ1ZTW1rasRKLYg8a8TEXWrRUn2ykw25VaWgwOKSGrLAkUfzOGWr8sXXHpSDoMaHjRWPpKepzykMFXwPmCeR0oj+jaqgUq/7dXY1QZ829/gB/M6PHQeX15Em2y2l5hOacpIc7JOpJWPyhzM47IM9eLCd/mXdYtHm/5W4TrqLpMZ5f7d8IECIaANaqfwl1CP1SQK57+9xZkfND8zrxEF2cbjQZcFaDApvOAlzYfQE7s8HR7efswNj2K76S X-MS-Exchange-AntiSpam-MessageData-1: LUt3uq+4ccQsV6HqzyA2KsQYCbRGqXisPaQ= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a7a52cb5-d720-40a7-42bd-08debfd1de85 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:23.7016 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7ZTQQGUixb7k1QnsnNpyn4QJ2N7zaesyBefmUQyEwIQ2zKX1XYEp6aOeqg8yr7/5O7kAQyELpz/CdW9YQ7WhmiZkkX1ktSmZIQ1c747XCNY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs