From patchwork Thu Jun 25 15:36:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5187 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:24 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f186.google.com (mail-qk1-f186.google.com [209.85.222.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbLDm004703 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:21 +0200 Received: by mail-qk1-f186.google.com with SMTP id af79cd13be357-9158f2c4b55sf3247685a.0 for ; Thu, 25 Jun 2026 08:37:21 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401834; cv=pass; d=google.com; s=arc-20260327; b=mQRortCNHtRo0MUWdZFVUS0q0emui770PjvDB7/qqiafbhGkbxOD7oiLwhs6e9hdVo guhR4bL7t4g8gIquZvOE+H3ePHWGyTfxCmaHNWjWQZnCE94K8JMVCIlgI982IE2dyGH5 U8fIE/tlK9x2uWNwPWp+bSfkPCn/sFDrvugE4w8HOgI029aLPMb2+xzJlsw3sdj6blJu EDyVjhRBVAeVMl7aptc9p3rBPgR4w7VIgSz8qZpoAGe7hrvkAfSJaGzUFE/NZzy74hnv GpWUIBS5l27pWWXuktIt9zRaxfSLcipFLWHxIHQBXkfcCky8XkdX8GM7SpTn97ZEHAZp /AUw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=hykUNyj7ZHWmyQ5WsuhWf5fGxuC1kLTzosOArmSrqC0=; fh=LC13eY3C9WXJMhxaFYozhOba16UJNPok0hCxGFh8vzc=; b=K4lkD4VB9Bao4scERbW2ZwoqSz7yquj+gWKEdhS+FaPo3B3n+te13TQmV8tlnEefAd uDkTl+q8py63ycfjskesZTjMe2tz2NI9JNPylmMkoj6b8rdemixoC8h40m0bBLR8ZUSY BQ6U3C8odIF5heHh9WhTCO0pecQ6animdqj4V2MWDMxnQyG0F+EHjwCUeK2uMO/B/EJQ CwzM5BPBESu1bwQl1po5tcLEajS3P23nqdYJ/WLmrpURpDO+OKL8SyR/ZJ3bCOf++q9q wYb7scyy6wfXf62hQT8e91bx9a+9WMiGHSg4/IsqsKL8jRGHWoaMoGWbdIrSjQjoPxw8 VX1Q==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SnrMMraa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401834; x=1783006634; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=hykUNyj7ZHWmyQ5WsuhWf5fGxuC1kLTzosOArmSrqC0=; b=Cc31rqlmf8HQe/aY9aVhBon0K4YqVuqGdFH4Rx25BKC9O6zVvl2x2LEW3k9jTvCw1b J2YhWtkoUVNFXAy8o4OKEpb1QLsb8Rh7LTgVyc0U+gKZ2fMLJKxSQK0roLtDdrFc4vUl 7FNuA6XJsnw9oB9e9td8G42pnVKCsBgfYgjKn+vXJQUIfALtKKEXOFmyH3mdxgaQqBti Z8hnUuYz0XEv79DvDhs9fwgRevpLWX/tfYY3igM7YxHVgznUW02devVeY+lRQJprC7HU BQc57YBfUfMvt1mZvjVc450pwnKFa2CxlZ12VRtvfYLWgViog12cwAu0gU9YgI6PH/xC w7qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401834; x=1783006634; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hykUNyj7ZHWmyQ5WsuhWf5fGxuC1kLTzosOArmSrqC0=; b=iuxH82yIyiwRVRI7tNajkXRMChIghtM3p+zlxE9Y40QpfLZAz6lhA924bgcUYtuzN3 WnF2GXglUfdBfsfGKyNAGgf1VmAfsw7MNVzcmaPb+5FYpxuUq5p5Ju68ssXNSJDoJ+WI Z9KjGgilqj40tZvqI27qaakZOsMIpnIn1fPk7s49OINg3iPIQXTPNlx5IWvvSqrLtAo4 V54ulYDoqb/2mwyucu6yjj0exyl8Fs5NNbA3HCzGGkgqui7ZlXHzG693tpjlm5Gk3uML Ag1GdTG3Hvw42FdsB0r/gXaE51pCm6CPLjOFcEeqQKlI6LmsXg+SKdvb6HFcD7m9RQui W3Pw== X-Forwarded-Encrypted: i=3; AFNElJ9E7yvB01gnAwY4qlW+n1MbfzfJhlX4K2gWJiRO2J0nTQyP5mfwCG5YhPgrWen6V2Jb4Z2EIwc=@isar-build.org X-Gm-Message-State: AOJu0YxwbdcSp7701tD8w/2iqCBs2WrI5hCGxCHsVOAavOKbzOGr7E93 DhguiT0OElYTYkcsI9BZhaz/d91bnsxYPPPzpQglcX0gnY80sSb36p7o X-Received: by 2002:a05:620a:8396:b0:915:94c7:5841 with SMTP id af79cd13be357-9293b475d13mr438373085a.12.1782401833751; Thu, 25 Jun 2026 08:37:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdyGmA7zcXpdKWHhNdx68UgRb7tpGzQ4a4ps3RzdOiGUw==" Received: by 2002:a05:622a:2c6:b0:517:8944:af5e with SMTP id d75a77b69052e-519c360f727ls167632301cf.1.-pod-prod-01-us; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) X-Received: by 2002:ac8:7e8a:0:b0:519:dfd7:70cd with SMTP id d75a77b69052e-51a72a9a483mr37055271cf.49.1782401832575; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401832; cv=pass; d=google.com; s=arc-20260327; b=bR4iMHUPizzmVIJyjVQDW654n01zQEwMeGbTO26HzGribpD6LurgjEWhmHNXeQ8veH 01389DwSe6JIo1fm61WUTo4UJV3LSZo1+slg+tYxvc4VrVbw+3MzK/9RJcCuZwxG3qLM JfOakIbIClYQoHIQW9bf8oVyU6xjWrpvp8fhsVuTMy79Jojvi7PagG/jRF2UCxPb+t7H MBSTFgnyZRgKVxF+I0cpMuHLtXqsm0xCIC9Z8CQnQRdSC6PPdYfqEfPEeuEEtnutR7pE YRLSXn8vYCUz5WSvT768JGzIoSgek1BBZO0f+3wxnHONW8/C5SNpUmpVsOFXBl2MPsMU CaUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=fBscqkak2GbT+VRHQAZcHLh0PbF57ACpyxAzCqMPbXCR57xDq2RpEgBJ8Zr1aGbjgs fKdSF9udiOe3Hprcn5KSD3oA3Q73aYKtDgN8PkD0bwuGdODTLEuUAuZGKYNCH3+sgath Qm81Vjkpy9Ss8A3OKYkQ8yZA0v0/axBOom7EezWHyHr4yad5pR5qT8QGOqO9U++YOuY9 Pu8MMPUFO7P6pOkG8qxZbKGHGOXvMmUi6D+YFgcRHAcPsW5+ms3smUz1A9sRLUR4DP84 qWNctQIOKJVFNiwUa6DmSY0vNa0brU0VTIhx59f/B403NztNdFnB3ChNsBgQtlhaShfY edYg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SnrMMraa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-51a5175bb76si3614811cf.4.2026.06.25.08.37.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:12 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pnqaVLgcQPfgXhnQMSWp0DXd789lqft0VrLe4RAvcK0elzUWDet/ClgPofFXtX/LEfAypi5xmNBV0xCrq4m35pQmE7rPkWAUz7RB9mddEloE7ZBZvxgPuAHSgrkbiXKEoJaojMIk8/f+ab2Xj78sMY7U2V4nn3kUpVWTkxfr62aJYTims6IgzNr+5pXlSFpKY7GPVJjO1D2ydlhtA/8mZicYoKQTIfkX/PMXC/ZQq9+1oY/TVJ9I29DiduWHrNReaEi4SUORNz68mKUYuUWuss+iMOfMqsz/xkPVcB0Q33qJKDyJZayZoKTf3LvxMdzwxJHM70xn6Fnfm2LjzWl+oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=DRr3M5Vj68cjXHzMP4Z/lj/9pI1Bd+q6rEUIzBDBaO5ICSLTL8JJO2AGg8eDAJxOGPwSiUlyVLydDuFsCJQNCfBtD/XlbankHskXAplSdjrapC5jd8t2TBrxykdEq1ZRNTFUVwA+XDdLAOLl78RWA8QAaf7pPub6c3V0ZGQOcdg0SLR17T1prPWmGjV5kMIjep1ZtVHNU2f2xNXNzw6QUwa0I2NJk5jYzKZY0IKbNeUrmV3eJMvuQIu74rrF40eWMTvCVR/Kg/bC0rlmspD9obvPvx/bRZMhb96xt42/OgAUrkYc+yr1qvaM5/hRCBYNFsWcc0H2rhT65blIEoa9Jw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:09 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:09 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 14/17] use copy of sbom-chroot for sbom creation Date: Thu, 25 Jun 2026 17:36:48 +0200 Message-ID: <20260625153651.762936-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 91a3294e-5264-4425-ac68-08ded2cf9e6e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|6133799003|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: q1XHkMXHaRwS5AsITD1Ooi2gqVX+ueclpyv0uTVQ5+Dr1c59dD1S6MQE6fRcTcMWbi02kOe0HXnocaM0/GQKTHZ2Xq+eUe3ZhZnQ1ZH7suVO36QlyKHdENpprnL8RIQEXU8gPrVSOcEuCsvhpyBxJ0TBDfD5gcC+hMOPtwt0ZCGzUkY7dxT/SPYURatoK4soQzGKShv74vNKHhRNdLQ9inVB4pYLtp+CBK2/vm0DrWBE2jXNZmop7uavR8Vl0RJ6qHsFMpgqj0toqgbbkt4ton0OJ9hYtsRBDE2x2jo/Mu2ySlIqozhKOvqvouc+ktaA1lhYZNvSm+xt54zogpyL9St6WaEEQpk5d9ywMR2Ruzkgd4BqMTld9Oc8NImBs88eSKFByWqLemgOVXdh5hfq6pnDl5Ufxv4TJfhs5poGI7kehH4QidTdNNr16HXZdZIEWpO7YguUgMzHSdkOdRHvFbUG+c4VkZNGpFd5IfN21AnmgEPvXUv/GwigAwrlm1sLG78Rw1xpuPWMackwKU9iiJVBA1F+9MYvXTGGPXwW5DbbBIFiEGsoFpxinx2tVbrTIJRPj/Jvcj/b9YQyMUxspJFsIhYz894i7K1Y5B8N9Gw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(6133799003)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: aoHtQiFA8SMDakrPKgixZToLBWSJXfPhA8/sS0fGE9oOTmO75BnLNkWZ2Xn7TbkDCzE8q21LRCyQJEEyaZR0/FCpPwErwHTZlBTrUAJE530O1u2KthgFZq/2Kykj8/eVBmMhVIz8ZxHsT44wL7tL54cbBKN648DXN7auObAnQvKVxi2QLDoQrWWSgX07XE5rpeZE9n604LVVJ48yL7gwdi9S7lz7nT7rtAwoDpoDFmwSzhHI36xQtXpS5SLhkykQGUBeVUdYQz0bZLFwKb5F/YX3hPCQlkvu8n/FmIkVcE1ca6FmKcC532ngDTC28wO5LpyJheIgfTIb11xpTYtrezBawDKI8TF6FZ7j3UDR8yj5/tdlnuj6vW9ZRXi7FM3uJUde10aA23UMM38933BQzS722gpEwn0G5qQLHXR3LGaJG7X3E6Okphtz5KR3LY2lUCYH16bnCW545DPo8JzLc8eeH0cvqfcKXnJDfglB8WNNTrsy5JP2woyaFLENDGXfsls7uiKIRUlyKyNxkLSjvAjx8eAnbPyDNuD9MQ1ZpYKQwd5qYUDZxw5P7FP9TOW+rpLZQFieSzVVWgFEwiU8UssVfo0FvSWbGx/3aZ95d2dGt6NoDcum/qAhauAQjgvokal5P00g7bciUMBn/VFWkR4Jagi+I1teRz2XRld7KHrC+OwF/KqrZhA9XeJLAN8odmrV5CDwu6K5+noqdvzWFlyldEOVs01gPVvVC0i3/v+UQHc/nyGxHUY4Wm7ybNY4iqTPlVww5BvVgEHSpdMsxhOXOGwgZ2vCfqedk4sfd49M6Ud8zniLLP0RHviXrs9/vTA/SYV3PyfTegW8X1WsKl9oGkXMyq9r/dTgcUakoZQscmwIapP9sw6+Wz5HBvX3RhHw/tIzJmXQuYkRyHGS74QAqzorsh7Jf4TBY+RRp9VDDeQyYkZUC/mc/bPHXUWleA4LRhv7mCo6FtU6uNaVozzNn/JYvoOoT+nKcTB5L6aYuY0vTe+IFbEIdIhFXkyFmQfbsJEnIMqLCr3n3hPdIGNj5V1T3i6ppggsRnPy0xk7qxNH+sJaU7ZIr0EU4spujdrGILiGky42mRtVqQ3upVwZWUAvZ49l08Lv0aWRlGrmdJ5tq78TfsrLzI0YZK+nKQ6suHW56vDRXaOwNu0MkKdaJh2+ciMpapaX6Fx+eZPFRw8h9+nZXdd/eakfXtfkvj+xordeXKLxpPvA7meiCe4eGKIpK9n/6uaG7esAjMWgcYQC4xhvB1ueXa1WN6MwS50TjmLhIIcjbg/ZWZXbpl0w7s2nEdSyvgBX+IigX8SzZX3ZTBTZJikOnyIfdsNKjg4YoI7taQC8kN7VZc8FKRXkQHFbay9wm9Y7R+5Mf2EcevRJTemksWtEp7H4XXtHjov+ZqdZHxB/LisDOukHO9CwySf+lExLq866ft2NpGwcz6zyAuRLZjphBNfZF6dDK24O3+qFgpoqreMxtqxenihDnqxg08ihry8nzlO5nUdgpSmJ0K68uW0x8wNfiYxhWiuzroFlTG2IzPyKyEFjOWY1Heo+UArav1YgSnAH7rTVygVGInWALFv7yObgXAaOB53DCerpV0CzdJse3rwqahNrY1OOqHAKiMaE+BCd01VMXxsKrxUjylYJpoVTv3Vc7uHHhRAHwX/BfrAsmSdBA42IX5ErWLPdSifxeB/wt2CsYKAQp5n4BKTAKD65mX6jMdqMLiqigX+Y/In1NIR64XFOSHO/TwIxpVwJJSQ622PnirnqPxfjd0YPz3TUSOpu9XAEbrN+ X-MS-Exchange-AntiSpam-MessageData-1: vFcRF8URmTmvKYPurTmwWTASmNQR+RiiWTQ= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 91a3294e-5264-4425-ac68-08ded2cf9e6e X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:09.2717 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bcxDnzCd/XYaxYPj6K3TVh99rrQsqJ1GOse4fqThd2L/yUzuqq5qF68IEPEYO63xf4NCp8If2C3gXbb4ypT4THwU+POQyOZ0W4iZ7I/wS9g= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SnrMMraa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs