From patchwork Tue Jun 9 12:33:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5133 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:27 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f59.google.com (mail-pj1-f59.google.com [209.85.216.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYNJI005842 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:24 +0200 Received: by mail-pj1-f59.google.com with SMTP id 98e67ed59e1d1-36d98b5a68fsf9739520a91.2 for ; Tue, 09 Jun 2026 05:34:24 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008458; cv=pass; d=google.com; s=arc-20240605; b=hncrug038CpVeyPKoubqOuISuFwoLVmyjQ1Ve/GyC6oTUSJFhHr17w64yyNTH61fJe BsBTFI2SWTkHBZReuHKG/8QbIxrv6NWyF+Ii9oXV7NbcW4NqY9k9DYM4OEuGbXeFMhGl sRR1GAEj+Eiiru7IcRMIixz7zDWCx96oeEBLaqLJJojo9OOQHN4lJnu0kHNUTDU1YpzJ PXjwYK7VeIFWzwKB4Tx2RYBaXH/xOF9I2NCjylllYWBdm3qMLludGntgbRaviTc6dDkq nau9aEOBwLWGZUyn3G7qg/8S/FHO0rN+uV66djHrEUeIROIcQr0EPAnWYofBBzhH+etV nM/A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; fh=D10KXZ44SPjneXFRiGxL3DFjOBNXEPzaoqy3zGZPy9w=; b=W4g22IF/V5x8qTqGi4ugiJk5McRGDu/na+1jG7etIztTAmPT4mrzB3afARvR67TBfz jzo+/BJqOGINHAsdCuwMKWkNQQvVpNGdtBMwbi5Z+N7mZXMeMicX1NdhZTQ3pAi0ME7X WYiyKy4lUyOAwp24f7qgz4bEPi0BABD4kvaPmUkJ0DfTfl3TwbAPQnVG1VoWGg5WeUfy 5u5kNSUmyn02BC90PpoV1fgmUVH4mMDgJR0QPKZyYoDCm9UkF1IlaMqliu9lTUjytQ54 zoaZ/b1v/wJpCcPwiOqbF7A6qAae+/kxt2Z1T8rcRulbx363ShBVudRmcedBn/zvI0iW wm6w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008458; x=1781613258; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; b=o2Vek0Nu6Qo3W0Lzd8te0xJ21+BatEZLWjv9ZanPeeKcK4Pe7e5keCaVmnZjr0glcT FT6ZDcGeoxKYkYRackDCDQOEKl0+9Riz51LuKtine/L122nqa3TkXMp0ULGsBxC9J/QU 1lg/7Fwswz82RX3pEKBaiNn7oAsLnwUNwZPiZD6n1UfFb8UOVR+pLqHKFRJphq7FMnQf R2/Krtmogi6G5ceXZE+syPaWMxXwANyf3XRhPgCM1eTZ7aesT/WCqS+lgEkdxxOcZAaS Vnpf8JC/deHst2rPY/GTbv2Ddu/kahadKec2quKFBd0WjK97nIS45P2xDOKN6qMau5tm DqlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008458; x=1781613258; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; b=Fwk0TvD7F46JaZ+0ZbzRSyuO55bXYCUYzKAQyR0od2lUG/49fHs9zpywojtaa7pktQ 4KoUQCLJB07rzjumjN6GskoCfYY6dSDHDpviyrOA+ebnNi4DZWb7w2AtNkAlQab709RX 3JsULxfxJtB/KPRZGj+Vw+Sig3jb++vEKziarAZcdVoGWv++NUEtDs9s/owfdtlYxtal JssDxy7qJ7xc9OWkzMSVVjzHpOPWbO2XlMzmcVKr9C5doZIzk+u5/ZFscExnL2idMiY5 KiXXbnY410YOknLzrp6ZMaQUJwUAum9Ippu2RByd2KuRiYcfqwBCftu1Oh8Tbcj7S5sK 8aLQ== X-Forwarded-Encrypted: i=3; AFNElJ8CCvOMtfcdY6b/v2IwSXZTYb+j08t2MOqao7L326gIFDLqjsoaUYUNW57x53ZQo6ap38ly57k=@isar-build.org X-Gm-Message-State: AOJu0YyCQ2O+ds/VnktAhASRQ7osWLx3jeXXZF5p2pUBP8Ar4m+zDkAI KTaM+rc9BFGxeJu/KCX4OoSRlG0Ju11XuVeoLBw7bLnauMUu8qX4vM8a X-Received: by 2002:a17:90b:57c4:b0:36b:75:6387 with SMTP id 98e67ed59e1d1-370eea202f0mr20776491a91.8.1781008457979; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfQikucPpHx7psw52kZvozEvZJMWvawihLTmk0QJpgkPQ==" Received: by 2002:a17:90b:1b42:b0:368:e574:6b68 with SMTP id 98e67ed59e1d1-36f66221805ls9046162a91.2.-pod-prod-06-us; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-Received: by 2002:a17:90b:5906:b0:36a:5d1f:7ac with SMTP id 98e67ed59e1d1-370ee344dc4mr21170819a91.3.1781008456668; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=fWiye4W9W+7OXIESWA2ZUhCYQrEKr5D6VhzFIfVS1Dhpivw96HsJRB5JUnbUwzCptA sfeE+ypKGw3KYj4JWhS1PefbnnrW4fXnTwKOemJyvChq8wnk2vpJSUZT+O/23PFQ17AS pjKdBPTVaCYf0MAFGO6DXq0EGK9Ta6AWu88qH9/84nFe7L85/QTQDGG20uXLYcawu9K8 z6zf9+hTEQk8FbNodyrz26FW7SE/5i+9avj1hiPyK6DW/U0gx9pCCZt4T+tz1hzkw5rZ FMBa8zejWYAv6RAe3n75NVtEocpQm7dlO7E9wQWKaVxVQE4ZfSxiL4OfTPwYNLCLEx4s 5stg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Ap3Uy4/8RrzzuCRoQW0zA0kEePzTd+HYYtYltuWpR7szqGIsfY3qNVM7jB8sRbXTIJ mESpgAugXnFAIl5S/Zq7lCNSUoP0SH8PzMY0pyBBijr/IemdEm8Tf26iCbXCt8MFlRfa fyEr7cD2tTQkuX96bcH3d+h9RGR3LH9gEfOfu4SUXV9rwAibHo1lD6ndSYH3qULP/5gf ep2gvsHX1E1wOGIjhy5A4As8QI4nL5cd2YughW3xX6hVxj0GHCRrLDLlhRXvkT2N9ESN 4qwwLFPu5ttbHnV8Uarjjcx8XIBELNC1G74cN71sPw4q/eOMqG5iWJyYAUT6+0SKJgol 2SIw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:16 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qBd2q7rq9Q+qczjHXE8u0N8YxDmBQvaRfmYdAymfYcxau57VmuK4PnpEt6wcCRad8uWVgefMGqbyi8rJgt3VvxswaaYZqmit4C2TWfJ3UPQJ2BQcBrMYajNyVbrzlu0aX2aYnAsWBcTgjzq3n4kyuSc9Wi7ILh6jf9FYot0JTgimBJa06gxSbQw72fcXc1t/7zAOiJR5xef5g3h8XqKO0G2WpIxOsUXFiESwTgbE4Mmfc5d59M6cMFmc0FhMU3//wXGG25IMlBPTdXrwHcJm/OvQIL38qYcAfSY9M+tuImPb4Oa9ereMmFy/F83lQHYiDAnjRqxvR2aDPBJ8Vk11Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=sZupV37qCwDmtAkw65X+F5mxADdcY66YpA5fiTe2rk7+u9ESNNj7szx6QcFyDUV32iHMwQqBQJwiRWwnLYtPhHP7z78JcRI2UkxdOUxv+A4y5H+7RQDWq2eGl7Ok0V7IGV1CrbFJEYoCklBjXBtY+XngqeQZoBC/Z0A8Y+nRb084sWUh7Nx9+4xRQpXopa12pnI3IHLjIRXlWfzQMXJ5l4sK3WDPujzWqz385QROPBxQbnT9axYTg90Mq6FLkTokvHa+ySn2/twZV3Xte6pQ3HciEOxK/tLCgh1USkJItg5XTas7xG0R+WRyfeNSkmDJGMBodmP/gzoL8/F6A22n0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:13 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:12 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 14/17] use copy of sbom-chroot for sbom creation Date: Tue, 9 Jun 2026 14:33:52 +0200 Message-ID: <20260609123355.2368573-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: d4fcee73-8b71-40de-29dd-08dec623692f X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: mikAWhWZ9/RXCWXTPiYeratDhO24/Rh9i1gxQ/vv7w2mC0viUJwJS6AC1YAJa6m5huzfH9/z7KaCi8fcKDxynwU+aKM9w68iyGbIeUHSiIrSieBbe7YNHdeF8Jz0g/DtmWArFGH2kW6GAe2wjpfceajacgKISYwKGScnQLX3Agmlcc+2aS0y1yjB6zdU+LHS2KgyA3QLgx8poPdam9lqQzXBtvNxUbGAsjPXMVXRZ+9DOZ9op3isK35Pk/a0IlxP0dlQuJVatIN2jfzS6qtSPjom2fRnb1eMdMTz36qzlXATdtlFUQOAtbBAeu1Fe1hw/OBxhhBCvZOm9UWkEO73PVo8nPAxx0Lo0z96ZYHnc9zAhTsUVap3eoH+iy7sF/h3/dGbr84u/QEwdrR2AaPZWDnPh0hkVKjWZAVcWHrQmeCjNquwGRg0/qpgsVIyS3848zy0xt2MPFGWstqFMZdIe0TQJ4hamCFCjX4zi8oTG4HLXlHr+TVV5BiG+enyp6yYoZYtmzOEmfb0iYZVV6hyMkUyHWoOPkuBcZXENIXdEpdTnpjPQGtRUJI7gd6CdHDPj3JqMKvI86Xj4nJLDam3h1/OSAKNZWXFGFlrjFmXl7JWf7wA9EFFFoPlvsQAJBiZMGxPsikYW2LYI5wM45kvK8ydjHWiFWO4H+vuO8jdG4lW7lk+j1USszErXCWAavsM X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: q8X8ZRHSM4H4FVrji6ckjdf7OlVTzocGFZ7WYHeN34iGVeY8rsHnsE1Qkae1iXY7Mk+/dF30GAis0bHThrPW7/fVVk3v/Fh7cA25dxZt1okWYN+nOnTdY3N/5OlmO95Vgln9Ybq+wvvSkPAoZKxA5XM5AYU1L5wpRIdN8PIbz9y/07ychf6jB5Hte8Hxm2sK7/ANoKjFDH0/Ps7iElmMgrt9Usr3wvjGyJVft2fVDm7ttUUgKg7uTzfjO+6FrwzG7ysmcMJ0sydghcBUwj/YGrUJScrqyOWmbZpVf6rN51yhkXJXtAZ+lKvMXNo6A3QA6JS3jkvLJR1llacnrdfZMefKmM+pWT7RtDhola3oW0aC10TzhATJ35thRo1R8OuxKjrhJt/Gs9LCvWnK4cikzsk6SqWOZ9jLe/9kcdcQ9J2yjWLY14VGH8g8YBhEhMSAm0bJTJYZgrvHIQ7FjCzfoqovtGS968ojP+qtkXeSyMF07cFzeBniYHWJSUpaRj3fQ2kd51xn9AaQ5HEYdVADNj56upng46p/wvEW4QnTc0LTdqYGWzuC7FoH8cO0QWUL3rgmzDe6qNzl+l96FgD5wPHHvmA1+ActFagd7AF+InDuNHkF5P+kTtpT8JEoK3runK02pbJ6l3Cbm4UpGxZYrpAL2v6g3+5IGHjKbdhoum6U//QLe/qoIC+7IBGQVzZvvimAvsM/IMMUv5NK4BPpEHsWzJAANtRGQpDQpqWvT2OWBT+W3MsDvkdXNaSCiftLntLHDL8FgksKQytGMmCt1QQ7dCWtwNia0Jfei5PT78/ecKelnkO0I7HYDJkfiOLKpBr4k8UMTBVJ0UL6FTNlwHVhPPE+Clm0Je9lVzMyZsdkOZ2D/hR4ME9Dl0BkfRgIS4vKr4pISw2odibVFcZ1lhFZ1faSJsXtJvOzOo2pgyGsBgp9bu1InStIboGbobqJv0shy1CCPgav1X863DxQvUvtxId8C5tCRCQNBgFE+hnW2pOdoxhr/fG21BNXglgFXGlbzqw9E9QnOAiIRs24LgvQvLsqZmdiIm9D2sxEbcnd0n3rSOT2MkoU5l0z9bORzqK1DV5ZMuNiyTjIkmDnLBzOUCqlzF2YaQyFl/HkbR3OdkUezZ27oIWtK3R5hG8AimwnxwfDml8JnI+w56YTfFinElYBoGvPyn2z1JSv5Px3PPIUBNkdwbhumUnn4mjhExbUjn58QT3nk4fXgNS+BV9KEuDCCt6Ai404u8B6ARCpQgctvt2uAjlKHkMStaPp8tVHvImsicIefE49XofK+LsfKbuLFSFgdydpn1SXkCTcM5ZdJ4YRA5qbVMgdpeWjqC1xDudNyB8RTyKNvoETVYnhQTgxn7uymgkyq36YMrJrgh83AgjBxrnaX/j0HbcgSDIINbeucjXpE4cQDfn37oWwoFmrY/+vOGyBULcq06l09P6jvzXSAq1rojjO9rQup0+oCreC9iwY1sAejuZ5v8gmfqnKPBd5WqDVrVjprSz3svDFSg77BtVDjkr9X5LOP6siccvNbOealDOkeSj94NuSm6EnylUY9N8DNXxG0hDzex++wStaJ+3uBqSKYABOl9kpOTrjsjEZ2r4epPilH00TyrcIqRDXiNjcC99xdUEVtGhx+6m+WVwh9IszZeaOhe+p/kXMVStdnl5m2SPT/AU84tdvPeAJ4DKezSyWTKVSoTSV3YJHl3rUxjD1RD5ozmTdLuHt8z7mQTYGocycFvhL1OkUqVhTWLzF2nJKWZ4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4fcee73-8b71-40de-29dd-08dec623692f X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:12.6114 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zdcs7USd8Ytmf/Mo3SI50QQwmCSKLdD+5TsemPB9xULO6zYvPhkEJBDKe2xubQK0e5nh70HLOOfpJdHeLnt9oYv8megVdGIHfhW0t0exlHU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs