From patchwork Mon Jun 15 09:24:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5159 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f58.google.com (mail-qv1-f58.google.com [209.85.219.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PdYa009690 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:40 +0200 Received: by mail-qv1-f58.google.com with SMTP id 6a1803df08f44-8cec2c6b821sf68546976d6.3 for ; Mon, 15 Jun 2026 02:25:40 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515534; cv=pass; d=google.com; s=arc-20240605; b=AlnpaLuFO2wmqvpTpy/2SOwca2FNZZtGmI8XKSz84OCu+11gjTtpeuTMJKk/OKiT5Q XYjOyDPCt7LFgQdUUmp9FzYvfAvt5HaNkdCQ1jOn1qwviheMC9j5THJl2VQd2Gk1PEXs fQxb17Npop/942zLNIzS0/k7X7xqCyUHc7qBrVdP2xwOCuLLimjVE8eFEZu3oXJdjT6S Q7A8qEBqzjYsyovWtzjiVWQO31WmdzIJmwFxMUnWyWdK8nWGQo2ovmeUimyjl9HDo+sg yftEwbHGmqIFRzNadZlKBdGAkRXC8xlPqU8eV6OMaou6JhYij0WgGc2jOn7hkz56S+EH B6OQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; fh=6oHEZ/4vkD/a/qrXhTzxEXkO4YfmL5ADVWDH4u0yUMs=; b=RQVgT6YlVWU3r6Fwtr38bNE1Y7BD7ca4DqX1BlIUqE/UaiSaCk2JqsBEXunCU3yjUp VitX38xCpLKNnBzgKwu8TtaCuuN6AD5gIsQQDRNGRKtz5U+iqnN0t6MMNlJBG+VJARvb AwLa2neV5EvCGF7MqZJ6rOvtZrlwLGi4wFS34ABzTlRCv2LxhrnXLi1Ksx8+s4sHdk5I lhwq3N4Vpv+q0TROmv18bEMXg3PBROHIxanpo5V6Zmghd41MZIN2fFeuBgWT0hLdTDB6 YWQIIL/9sfm2xfqc1lzHJiO+2VbUhjPEZ5OdDmcQafqGYLvdCQgwp7m3eNm8CRbf7uyM bmLQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515534; x=1782120334; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; b=Qc5mzrjtGB6CzIcrvt8j453ZGOY4oYvxlEazOi5aUFd9UNvvLU3UcOvfkvwer+2QPM i/HDpG+CRppKw7x5ngIwsQ9DytCPuh4WquqUM73Il7GORoPOmFKDffVqXwImdFriR7cW lbNsgvaNRtDbeLHywwIA+8EJnWpEpFuviVh0aAFGoHwUApatikbcCellvH/Og51gGgtE TQUjEk7CDRG1s58QRxp55ch1wV4BxKJ41717xqm4t6KevVSCB7v9U5Y+zUDX0jsd36/2 +6kBTzqwBlnPWOfFVnPF3/Sf1ug5itjC+/8HDI53v+IZpZgK04UBjcddLgGn+KpeblVx Ubyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515534; x=1782120334; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; b=OHSZBVukfR9mUe3lyGwn3COvp20xSquftKtNhtd8O5ubWBmu22t2TcrxhGwUca2Y3m 1jyY0jeTLQH++CifX2cloEYMg/ZgExOAwimwN+FbjS0166VO9Zp0G9A+lqh+yVPmYgZp fv6Rt0G2TqmEBrRDHIv+2PhmhZ6AZbO2eXh3ApeqOWN2zs2p9UvjTZRd017Pj5g8hBQU zSDiUoVxHdtagwrV68QDQjMo/hc7P5Ojb1bqfCQ9lOyTglB+EdfW98IQWrrxl+pGNNm+ t6Q57RhSPof4Z76DlPU+MWJU+JRlVgQam2vhWyNRj+2f2bpHfGd9a5MtVmKt68IhoNdm NeIg== X-Forwarded-Encrypted: i=3; AFNElJ8voTpqPU8emvUtMXlp4t6oY77wicSRWr2p2+vRu6/ZetaAGQgSG+/QBsZOCUHwIFRbmuppAbQ=@isar-build.org X-Gm-Message-State: AOJu0YwoXTjewHdaPu7naDNTa59uQHxIFZLaE3xhyshUC8s48PfpOOOi pCZ6d4T1wyzvoC6yUVaiJ31vZhRY35XrmWRKOLRtmex5sKdPoREWvskz X-Received: by 2002:a05:6214:5d11:b0:8ce:ba04:7bcd with SMTP id 6a1803df08f44-8d32e9d9a25mr220724936d6.38.1781515533909; Mon, 15 Jun 2026 02:25:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfBHkq4iWcF/wmARz7+mglOvrBRZIjB3FKscb1pOkHLAA==" Received: by 2002:a0c:f102:0:b0:89a:a50:7183 with SMTP id 6a1803df08f44-8d2f305509els57931666d6.1.-pod-prod-07-us; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-Received: by 2002:a05:6102:1613:b0:6c1:85f8:29b3 with SMTP id ada2fe7eead31-71e88aba610mr7317545137.6.1781515531789; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515531; cv=pass; d=google.com; s=arc-20240605; b=CG6KTs8rB+HZQ3uyR374332RjWlJTT5wl+Cr7PD8jsOJF5MSsH4fBp4HhY0ua3w4N8 lIMPl1pB9h/n/PmfOoWBN6bhikBjdls5go+pHFlC6K75zY0i+VblgmpQ34dYUty/nP2i PONFL6/7GKbkBwk+MuP9rkheKf90R5/XrPY+tu5//vxRx+NpUMCjlva/m9yhoinJJsJO REhewXDRbwyYqGQLbg8YpUmeCBFzGk6u3op++HubF97UEvFFnTXdBE5u3C6gRApqa6kt STCC1+bV3OKReTyNhhqHinzv1FG7DvBlko9NtxWEdaIFt+Sj3gf0T1cltuLPPCMPX37L 2aBA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=OuMM5joRoQ9znUDt8LQkbXz3TfhPBMFIdVJ6xhZOedQspbrU4kLUpNpo6Sz7Y+K/2o sIXJLJUg+WVr8kMGQU3IH/nWZf3lFAkjk2bzlxAAcppDiNh+HnMC14M8y3UZFqHqpPCD dZMvby2XI68n/FSyRxq6edLJvETvrsDx/Zd7SoRp9n1aJbJKD/sNVaUFWjKEGoedSEYY LWBD592SxNAHoQ3kWryWza3lb4fElraSUvNB+ai7DVIE9s83/xHXEJ53tKMzT9OoBSe1 aEYarbPAdtrSg7IrGzKDWm2wGp3IMv7N/5u2Vwd8/iann+dAYTcBj9yqQ9oxsswxTL9E rvCg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-966a05d589csi133727241.4.2026.06.15.02.25.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:31 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AAxygSpJEkZqByMmXFZhHepxxY7XKh5Lg2jRS6ZnqksE7hVgONGE075VHovNEwc3AVVtW4q6pE/sjMIM/8oQBbaA0oaFhqA6DUSpYXfGOdg/+YV4euIfe6sY2AWzyCzKX2/cKofCy+DbuCVuGgqGznMZE9yU5wYdRYpxu6yPhr15lsNVz0nqjdO5H6rOfZ6e9zXMK+7C6P/Rrfslx7Bk58NQyXGOJHmPMfcPNqof/lqYMMEr4QA2H0/NDwg/a0tHsVm+S6r78QJEKXw3j6RSkvUfbc91ZZcijOoN5Bh3ycBL12IPLCOgaOvt6vY4SWlpcbXXh9BhG6XBxXC8pUeuFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=mpk1Q4R12Bh5lA0tm4SENwEZJ8J9Mjsc2SyBjayRdBaAGbtp7vUKZ0AocuVCuyKNpgTolz6pywBKaqFvdCyhCDfEF4gh1196iNV8MJwOSbITIMgyZ4vhZ9irNWwxj8kqubsRuVJEKou21Ns2H4GBmudptibLd59MHlo3kvl2IhJf50BKDeD+nkrrXL821pq7qL+cA/t2rawMNOUubLYd8qSlm9UjmfVNYm33DKdC3womj1ZLPgc2oM02bHZmHy12JIOpKsRC7oAqLcjpiKuhC5whLoO5Y1EXdunOXq4OR1jXMxy417NzU+TGWlnMuXVkflUYaCsBMV4h/lnAfVQX6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:26 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:26 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 14/17] use copy of sbom-chroot for sbom creation Date: Mon, 15 Jun 2026 11:24:55 +0200 Message-ID: <20260615092458.259691-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 8f05e475-8bd0-4769-2634-08decac00791 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: B/kUa9vqR/5AS1aNcIP6HVhu/I7WcTHI8ILwV8ZA/C8s24+xUwmTHR+P8Xgf2CFfPJc8MoW0zLNVga8oiWhQH2Ir41522Tti8/D1Jy3ijhwc1Tpl14z35rime1cBK/6TKhe+R+8Q0KGQ/Lhnusoc+ckbkw4z58QveTcyeUIlx6UgW3d1Qmld9AK5NQ5hNgw6iDLubPBpn+wkP/WUcUGOa52kBSA1sg+Jhj+8pkbvCAWyN++zlPIXYWCAbUHxr8gpIrrD3Bvq6K3lvuglIwF7dNRH3n0nBMH5nVY5LWz8tH91nbG5eZwTXc+Drtw3KPjTH8LEDy8NMXmybFyqnyDk8dYF6pHZ4vaUs8Kj5jiIGecp1g4di610ze7sPiAF+Gvswg3VplqmFhJE4/I7vED4PhBgXOXO7bDX7LhihVRf4Dg74azb9Yxqy9eSfqLGRKgo81e0WgiKLCEQCjW7j9wxoOUeGIpitmWnJ3r9jbWYjFwDReEBLquD3K39L7LC1NSwjpAf0ZYUHcarNZ6mu67BVyBBnHEdGszwxxHWKA6k9eUBCr8KUKDuM5aIwPg7WjrjBCMpDUTcgNPfbzCiEPqQQmcOIpXJdUtc+V3sEsqEiqz7xcYHOjDBEl/U4vGSjbDtqVYCesFQ+cZTaSAoM4q6LRumlxeDjgv6UOoyEA64+ouZpgs0ajC0gjUOZ4N0MuMg X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: J75+dQxTbVt9RyXyu5jV1a4DZLC3fYZGmjig6d04RPCw47FIsC5bXktBOEbLJfka8RkdkBgHkOiJQh5pzVNt00Y5ALxD+jd5LoDcZi1qGK1IIkLL/TNhjcVuwRB8Vo5hEdPlln8/oveBT3+kYbtZsN9+YRo5g9IJCLXh0u98MLDqpu095sghofvhzsKiZiV3irj7o1XycGt9azrF8CTa/BG6YQhSFFrSY2CTVXmtOt0ASWfoK4dYRpUjtor2u/ez9c2kyCrMxKDkuMDDLTXl7Nf+i7hO6gf7IVc6J1I3E/5JCvREgoCYXOUBSIRYvYPZpKyzP5G2CxE9HhXyg3k9dlOmV0AFXkHFXy1qJMEV6LugbQFVxlp8+XZT755QUKdh9vDJUe/CNEtCgaZc2XUohbhO65ZQ+ZsmslD57EzQKctFmTpO4WH9VEfwLi21sKxmf7I8IRJETSsO8Sjhvs6HRdU+Pao70R1IFybr1IyO4O7/YgRhGUfRnhdSl0MCsIWfSFSQZAegsaeKVpmUIMYMjX4Q0F5bujqtlXLFy1eJDkuRgGUBAEsmX88KN27JSpaaLsYsE/uUIY8rU+A3Kh1y4Hv0Mzy8Jjd0c8uypplh+DZoOGgtrpZ7/iEF7VV4G2JXQu+hPti4MX1zHVeqhGuMdAqVYAbrVibkmKaP4Gn3mdbZKckPYa/ZRP6oUFZt4zysbj0NPXUV2MuCtfjcArHONPuUeYPMWLA1lDCml7mKdLJz3ClNeKdJqRKydzOoksAaNveqfrtMaHfNMa4TrijVcCgXTdhMCvXfaYV2AVbLvgpCEtVjvvVMzkZfe/hx3n7EANtFjhxciUT9JZmkZ3OZi76WYjP4x4NCFS1Lf8zdxWIitD+TmTEs3uFdzeRnlHNpMGlvY2706f7rKRtDaECCJuArEuQ5LuHigpInlZsPfw1skiuONqgIYSGSFpB+ibfjeH1BFupsBzl8U+onv67TdknZmvQ97E36Qpr8uUVm4JH+VHiRSkeVVMUpyZe+ZnJROKdiCurKUDtNqdBRvcUhNzOwcEQWxbaU4DcWnX4xGuzxvGap5SSdfaKMQ/mrLiKuOg4cxLf04nwTygc2NZI/owrlZQQxFf81ptCdNLqHVehmJXsFnSWM+rPKJEXXOhxg499IS13DC6ASFLBTr+P2AlVNqHOH0j2fgDQ7Nymw3oYVCxZvnwVJgDyQa8E/wXp++9cKpCpOICnShcxyio6YRNOdW30e169GwyP1avvh/X9e3iw88yEVAVmZZazsLsvJIUplqI8YaHmVLb/XaTjNIvW+MIRaBKydEYp/0G3ttNe+1UAZ1Ns8sDcUI1V8ei2OChX9UogFSfCFzWyYGYTOa/bGHLSRea55QFZO0xgzOCpjFkP0W46AMusAG8YXmAKzhiAfekmXLKoTCNQhTFpCp/JNEFOEZ7T2YqRrjV7uMLhYI9d2U+mWxGQOGzjiYZu7dq2B2mx7xZahvXSHJZ/PPiSRz2P4TKrh+YhghlL4uKyfTPEA4QW0u0cu+rWHHbq7wSDA9pcUvrc+oyGd00+RKCJunxHpNBDRbkn92ogQcQ/hcRgXar7aU7GRsQy9vGNTqF2fwu5eaaFgXe7kg+48d8D0oB4vM44EHt7EGeO66jbZslbuidZcV+ueWDNgMmtQORhcHaPxHdiU2bWIOaPInWRUO8qJkNmzlwu0DJxdpZYOueJT0zeEqvde8J6oGG/FQ7jICDgFhDUTITiaaaxx4772r+zczYHjy9y1GdTUTmygvIxm0uFNod6IV2TlfHNCA+lBpfJ0 X-MS-Exchange-AntiSpam-MessageData-1: 9TI5x59lsmF377vNt1iF4LVlKHsSYeTrQqw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8f05e475-8bd0-4769-2634-08decac00791 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:24.4037 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bTncdaER5uU2VFkrNfPTP9+AXjefxJqiGTppXKic/7ywzw31k4cF5vV6LaMDpnk+wGLA8BpiC3EQyXsJEStOi7QiMNvjIDEz6mkk359p9Vo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs