From patchwork Wed Jun 18 13:50:37 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cedric Hombourger <cedric.hombourger@siemens.com>
X-Patchwork-Id: 4235
Return-Path: <isar-users+bncBDB6LLF7YUBRBSEIZPBAMGQEVGJBDXY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 18 Jun 2025 16:04:02 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-yb1-f192.google.com (mail-yb1-f192.google.com
 [209.85.219.192])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 55IE41ve003440
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 16:04:01 +0200
Received: by mail-yb1-f192.google.com with SMTP id
 3f1490d57ef6-e639763e43dsf9077639276.0
        for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 07:04:01 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750255435; cv=pass;
        d=google.com; s=arc-20240605;
        b=RYmPv6TvyNMETytDpo6A3ME/ZdUvapdxE2PoCp49ucIBHV6Y9o8Ui85/wldwjo9TG7
         PahvoAA0U9jQNzPDEN4gVlOAvoZy+ao//eelIaRWTQoS8yh6y4wJA0qmHRy2zWjkdX2x
         VRfd3sTHx+/ilRpMimBXR7zixxVKqPuT4IVrOYLyTsQj+gb+HTo19tbhGp4ce7tQeeFR
         xw/7v2fQ7Qgs7pewQ7ZLgpxtovg3/YimGheAhNKwwcKGElnFC75FlNxG6llDPM9rFT9/
         Vn6rWbX3BF0wf99YGrZLFjoFeiKD+ooqiBES3v0UZvs1zo/Lvy9skyhGevXhfCcPYBcc
         1odQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=+VsEysiMzKBMkFYNGvO+rJrdg+EnXZUi5nGPHSSc+fQ=;
        fh=aMDkGDDG13UAJE4zttCVN3NwefkbEyvKthbd8mrsyY4=;
        b=kk0A7mY9uzxOFAbwBAPj2ueFfn7TN9P+9dNArCM6lUd/bVLfydoIFW4Wkh/ofV6KCJ
         +KMMax1yF9185pnEPczMuzLL3SJn1bFM1sRcHVxTRB28KymsOJb5MdTSgis3M7+6Xg1G
         ENuPYjmqaF46jcd3ngUGTuCX8L8yKrsk6R/WoEhSS5TtANk/rblwIfgoaxUxkll4xotc
         ophKjkkS6k1jZxCFR0y3AT/WQdEyVtm6bV4oelhRX9S0Qj3w/4ALYPifUsA7OX+v6mLy
         uIl+TfJ2y+JjQd8JZ8+DaVnX7Fd16rdhVzfwlmrXg7ugnywAjBUtNWV9gezW9jJeX9xJ
         IiCQ==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=GA9okGAO;
       spf=pass (google.com: domain of
 fm-1212295-20250618135100d159b0e947301a89e4-_qrsou@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135100d159b0e947301a89e4-_qrSoU@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750255435; x=1750860235;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=+VsEysiMzKBMkFYNGvO+rJrdg+EnXZUi5nGPHSSc+fQ=;
        b=kmbQemSRJebYu8UM8GltmTDwU3yDKXFy9hyQ6PZNOhMvEqxz6EkyL+CfF8v13JsyLy
         mdjt9WYGazLooHEQxo0vUtxfKt+kCwlv7GtQ53lx+Re2mxVrt1Obd9jode/NUesn2hNX
         ZJIeQ8bszCtEai7/hKK26pBF2uQmKULocufskMZbJ0X+oCL+ZzgFfd5Avwexx8ZBe3PA
         ae/0iVNlyLgPu26/fvgpZbHPgdNMA8I7OMT0tUnV5RaMAKABRvQZtK8AjKEAzTChECmR
         QOeidn88mBvMobDpM7c8L7wL/D3vri9sgkICvKLKAe3OvT39kHV/om40/TY1ab2b2f0N
         wtAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750255435; x=1750860235;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=+VsEysiMzKBMkFYNGvO+rJrdg+EnXZUi5nGPHSSc+fQ=;
        b=eIQzJaNkSATUQsQEEyv954bKdPYp2Zh6V1XMFGdPZ31mfXnVWjKNj2Zhqo4C6s5O/G
         BqpL16A3qgd1miMXWM4HYULvKfGIiJ4dZOo+r0UZxnOyXPOkYyWPBk/qE8I8K9pSxJdM
         q1FsJ7XyRtiG7/mpCRNUlbv/EVp5KXN75JXuPJ/p5TLRYKQED3BwMefG9VTs43Eje122
         OhhDJ9qrC3wl17pPz4uTPtNq4STIDVxehAuasLYdDnRs73XKIhn6qow5R2Q1VCBt7NOx
         ZT5FnzJewkJ6Uf7zdRUFXkLRWj7Bzq0Dtc+of89ifswbIn+qP+W0L8xYN0SNHyB773x2
         +84w==
X-Forwarded-Encrypted: i=2;
 AJvYcCWf+LmI8aC3AKQt0v8YSNL0nEX2DQC3HQW7skkgxw69kUEkZsAZ3Iyf8yQpAmTx+CztfpzxVx4=@isar-build.org
X-Gm-Message-State: AOJu0YxFpzJMUT3cR4Oe/vdYQkdLxrpoOwQ33nnvs3H5WYWdUEZXPSG2
	As5c8QuzizVYqMUVYfrBLnC+bOVtEBAHV3Y8ejDAIpxLCUTClDGhaN9z
X-Google-Smtp-Source: 
 AGHT+IGzu56Nq+7hgJdTLo3Rhx4F8uN5LAg6wPjYne1mJQVwCsB7BUglpvxKhkscMWjG5bdIIZEqww==
X-Received: by 2002:a17:903:1b05:b0:234:c549:da13 with SMTP id
 d9443c01a7336-2366afe7d87mr233952135ad.17.1750254664594;
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
 h=AZMbMZdCjPPqoOKL1DQ+bbf9bGS55dD894fTTsAPjgQaiPoEeg==
Received: by 2002:a17:902:704c:b0:234:f1c0:68d1 with SMTP id
 d9443c01a7336-2364dccd98cls41533315ad.0.-pod-prod-02-us; Wed, 18 Jun 2025
 06:51:03 -0700 (PDT)
X-Received: by 2002:a17:902:ce85:b0:234:d679:72e3 with SMTP id
 d9443c01a7336-2366b13ae36mr240408685ad.42.1750254663082;
        Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750254663; cv=none;
        d=google.com; s=arc-20240605;
        b=fhHkAF5oX4v8qoNGtl3JFLA8gElmvxyxAJg8CNBkfQ1V1ktPD5q8fyixGprQY1QAVm
         ubRgI00P7hJEj+hUYZic7hBkHpNF5EvDwye+OOV+Not1FarhYLMEkYoDov3grXu4sQ+w
         C9tGqlyem8eo1MWOsxkQ2am70uN9WC/c7KtfqRSi9ujVHtE0ZhIj9gEPTWpEPLbNdRsV
         JzIuPL6uiTVxu4w+s82jqB4kceWHoG45ZEsGBRG/Rv2VQOUFuzyaSg6AaEz5wpq57gcu
         3mkznh0niNCVvgmq2Mk3RZGjaa4DiLi2bIwqU5biyL0lIfd+4VH2DWcDoPDZhsZck2yj
         rIVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=czJa24/GpZZPDbs1rg0Dyib0+ZINGv+BygsccGmEVzU=;
        fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=;
        b=df2bnx94PnihgHW1cgj/LD8j/2fHeuQpy67WWwRxRcCMqbIVsKbtAt9RKjupDn/j8P
         /4pnT6aCns7OzBuPKloNF+Xw8mSPHYiHvb3YvrAgXqrE+PSOcyEkb7jO+9lG8TsUa+2L
         UaiFLD2mDszxNqnxqaV1tsqL5VcNiTQqyihLQqe0bbGyiutPp+0s30AjzquEze6w9sqD
         cHsTEQGwC3Sb2UnDwSBjbhniYB0qpiwKIbHEPg+Kw0FyB7MQ/RM2Qc47ru3VtqrnmR1X
         DnPoSPgsQusoQnUHyX7fSh92Ung+58/ORQBlAfhsHbA9Ze4jaPooHGGt6E5Ve/9JINV0
         F0iQ==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=GA9okGAO;
       spf=pass (google.com: domain of
 fm-1212295-20250618135100d159b0e947301a89e4-_qrsou@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135100d159b0e947301a89e4-_qrSoU@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net
 (mta-64-225.siemens.flowmailer.net. [185.136.64.225])
        by gmr-mx.google.com with ESMTPS id
 d9443c01a7336-2365de40d74si4604155ad.8.2025.06.18.06.51.02
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1212295-20250618135100d159b0e947301a89e4-_qrsou@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
 20250618135100d159b0e947301a89e4
        for <isar-users@googlegroups.com>;
        Wed, 18 Jun 2025 15:51:00 +0200
X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users"
 <isar-users@googlegroups.com>
From: Cedric Hombourger <cedric.hombourger@siemens.com>
To: isar-users@googlegroups.com
Cc: felix.moessbauer@siemens.com,
        Cedric Hombourger <cedric.hombourger@siemens.com>
Subject: [PATCH v2 1/4] rootfs: introduce wrapper to run commands against a
 rootfs
Date: Wed, 18 Jun 2025 15:50:37 +0200
Message-Id: <20250618135040.8252-2-cedric.hombourger@siemens.com>
In-Reply-To: <20250618135040.8252-1-cedric.hombourger@siemens.com>
References: <20250519115750.3195300-1-cedric.hombourger@siemens.com>
 <20250618135040.8252-1-cedric.hombourger@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1212295:519-21489:flowmailer
X-Original-Sender: cedric.hombourger@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b=GA9okGAO;       spf=pass
 (google.com: domain of
 fm-1212295-20250618135100d159b0e947301a89e4-_qrsou@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135100d159b0e947301a89e4-_qrSoU@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Cedric Hombourger <cedric.hombourger@siemens.com>
Reply-To: Cedric Hombourger <cedric.hombourger@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
	RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

"sudo chroot" is used in several places to run commands inside rootfs
directories constructed by Isar. There are cases where a command could
be used without elevated privileges as long as special folders such as
/isar-apt are mounted (they are often referenced as /isar-apt in
configuration files found in the target rootfs). For such cases,
bubblewrap may be used to create a non-privileged namespace (either
in a bare/native environment or within a docker/podman container)
where the command will be executed as if chroot had been used. The
rootfs may also be the host root file-system: this should however
be used with care to avoid host contamination problems (note: Isar
already relies on a number of host tools).

Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
---
 RECIPE-API-CHANGELOG.md     |  7 ++++
 doc/user_manual.md          |  1 +
 meta/classes/rootfs.bbclass | 66 +++++++++++++++++++++++++++++++++++++
 3 files changed, 74 insertions(+)

diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md
index 8468717d..18b90555 100644
--- a/RECIPE-API-CHANGELOG.md
+++ b/RECIPE-API-CHANGELOG.md
@@ -727,3 +727,10 @@ Changes in next
 
 This was never documented and never had practical relevance. `oci-archive` is
 the useful OCI image format that can be imported, e.g., by podman.
+
+### Require bubblewrap to run non-privileged commands with bind-mounts
+
+Isar occasionally needs to run commands within root file-systems that it
+builds and with several bind-mounts (e.g. /isar-apt). bubblewrap may be
+used in Isar classes instead of `sudo chroot`. It is pre-installed in
+kas-container version 4.8 (or later).
diff --git a/doc/user_manual.md b/doc/user_manual.md
index ca551a0d..a4fff34a 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -75,6 +75,7 @@ Install the following packages:
 ```
 apt install \
   binfmt-support \
+  bubblewrap \
   bzip2 \
   mmdebstrap \
   arch-test \
diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass
index 5f877962..f0c172b8 100644
--- a/meta/classes/rootfs.bbclass
+++ b/meta/classes/rootfs.bbclass
@@ -34,6 +34,72 @@ export LANG = "C"
 export LANGUAGE = "C"
 export LC_ALL = "C"
 
+# Execute a command against a rootfs and with isar-apt bind-mounted.
+# Additional mounts may be specified using --bind <source> <target> and a
+# custom directory for the command to be executed with --chdir <dir>. The
+# command is assumed to follow the special "--" argument. This would replace
+# "sudo chroot" calls especially when a native command may be used instead of
+# chroot'ed command and without elevated privileges (the command will likely
+# take the rootfs as argument; e.g. apt-get -o Dir=${ROOTFSDIR}). If the
+# optional rootfs argument is omitted, the host rootfs will be used (e.g. to
+# run native commands): this should be used with care.
+#
+# Usage: rootfs_cmd [options] [rootfs] -- command
+#
+rootfs_cmd() {
+    set -- "$@"
+    bwrap_args="--bind ${REPO_ISAR_DIR}/${DISTRO} /isar-apt"
+    bwrap_rootfs=""
+
+    while [ "${#}" -gt "0" ] && [ "${1}" != "--" ]; do
+        case "${1}" in
+            --bind)
+                if [ "${#}" -lt "3" ]; then
+                    bbfatal "--bind requires two arguments"
+                fi
+                bwrap_args="${bwrap_args} --bind ${2} ${3}"
+                shift 3
+                ;;
+            --chdir)
+                if [ "${#}" -lt "2" ]; then
+                    bbfatal "${1} requires an argument"
+                fi
+                bwrap_args="${bwrap_args} ${1} ${2}"
+                shift 2
+                ;;
+            -*)
+                bbfatal "${1} is not a supported option!"
+                ;;
+            *)
+                if [ -z "${bwrap_rootfs}" ]; then
+                    bwrap_rootfs="${1}"
+                    shift
+                else
+                    bbfatal "unexpected argument '${1}'"
+                fi
+                ;;
+        esac
+    done
+
+    if [ -n "${bwrap_rootfs}" ]; then
+        bwrap_args="${bwrap_args} --bind ${bwrap_rootfs} /"
+    fi
+
+    if [ "${#}" -le "1" ] || [ "${1}" != "--" ]; then
+        bbfatal "no command specified (missing --)"
+    fi
+    shift  # remove "--", command and its arguments follows
+
+    for ro_d in bin etc lib lib64 sys usr var; do
+        [ -d ${bwrap_rootfs}/${ro_d} ] || continue
+        bwrap_args="${bwrap_args} --ro-bind ${bwrap_rootfs}/${ro_d} /${ro_d}"
+    done
+
+    bwrap --unshare-user --unshare-pid ${bwrap_args} \
+        --dev-bind /dev /dev --proc /proc --tmpfs /tmp \
+        -- "${@}"
+}
+
 rootfs_do_mounts[weight] = "3"
 rootfs_do_mounts() {
     sudo -s <<'EOSUDO'

From patchwork Wed Jun 18 13:50:38 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cedric Hombourger <cedric.hombourger@siemens.com>
X-Patchwork-Id: 4234
Return-Path: <isar-users+bncBDB6LLF7YUBRBSEIZPBAMGQEVGJBDXY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 18 Jun 2025 16:04:02 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-qt1-f192.google.com (mail-qt1-f192.google.com
 [209.85.160.192])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 55IE40lK003439
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 16:04:01 +0200
Received: by mail-qt1-f192.google.com with SMTP id
 d75a77b69052e-4a587c85a60sf145149111cf.2
        for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 07:04:01 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750255435; cv=pass;
        d=google.com; s=arc-20240605;
        b=Clw008oixXApm2OZiJmHK+5c8sw32KMW13K6PP86XWSGaMqKqVtJfgMbSUne6IZpec
         m1hmTnjPN4JfIU8smGtWhFZ6MgC8XticMDsz2CFxjgOrXvGRidTIlXr13YSU71ocQC99
         8aU42Ddc6FmWrkg71q8LJM3rOorqTZorqVTyWoBL8WwVDu0kqGo4rSMEdUPPsRmMmOE9
         SHsrwoqqveV1M01fQt9o+aW1vr/FEFwyBJnvPcJP+00zuK9JLL0j5+0MnMSEv3ZrqtXa
         6OVBAmpTXn4l6Lc52u/ISO4Yrt6WUIKoKTMugrkStdcQeWTJVHoqiuNUfe5DG2rn7UpO
         1L+w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=ZoEr9NAm7l2LXz+/DLEyA4hDoO4RkGdTpMYFtAo8D8w=;
        fh=ZkShzVbw6GXqqrCX57R3KbrfGbvCnUutZ/DrDFyGxbE=;
        b=WmP/VZhCRt/LOPYdzP+9xXnNMRpAMtiC8ioZhOKLHpcBZTeZHNYdj6gT+5lbbQCG5m
         bddpkeVeHu7F1L3RPrkyBmRpivszdUJDqsZRSw4yHsBylJhBQpv7ELEZ8lvJAXUzKVu4
         f5J1uW7kpND2uBkzORyyftPNTZzf7hKUIXYpCVdG9w52YivDvzoqCLqGcYz7WjPzvhra
         IiPsANMwCahDZYoFyQu824aX+6jcOCA8SZ8WzSh9pe3nUs1NrCY1fNk9SfCAwRJ4YnMH
         DTyF7/nHRwAUYZMIPWlvCHkT0vn8NZo7e4PsxcL+ahJsKsuvpfsKenEP910oh2xAszBy
         Ggtw==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=bDfz7K6A;
       spf=pass (google.com: domain of
 fm-1212295-20250618135101fe6c60d88081e4770d-ybgaqx@rts-flowmailer.siemens.com
 designates 185.136.65.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135101fe6c60d88081e4770d-ybgaQx@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750255435; x=1750860235;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=ZoEr9NAm7l2LXz+/DLEyA4hDoO4RkGdTpMYFtAo8D8w=;
        b=eRRpHQuKKugTVVIM1o+Mj0SMtFZGiuMtzyvaMdxpzz+aV2B7t9u+HWgAymgChyecJ2
         EQRNOc2OSPOLtlQWBFoe0lir69uyyLKqoxJW6lkEpXCiVcb4ROesFb8aISu2WnhwRtEc
         zvvHvO2dj8ft2dYtQr0rg1fARQthwJe1ZKCEpqQ2IeAaN/+U4SsUySszXm75LGJiEQZ4
         mNHHTEYqVrnsxFyXy8EAjA2wY38y6q8WfjepAcWY7vSEQRx7+0gV8AEN06JzXHX9WFUy
         ZYVhRXgI/EE/2pjwUFeHHbS9E1cNlTy2sMfEzO8cfsFMy8GXsibUuxhodkIOlZu/v7H9
         JU6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750255435; x=1750860235;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ZoEr9NAm7l2LXz+/DLEyA4hDoO4RkGdTpMYFtAo8D8w=;
        b=Wmz2UlV1J5tZ4fswMo4mIBfGYzoI/lZtCPtTqHpwIvKeykfjUsW7jZcugSszBKkQcX
         jdauJmk/yWAi4+KL7Ir0+pktnSz4zdqJWaBLw+AgAw8VLNqqEwv3FDk78GKumftbwwbP
         AMRt/7Ux9fWlOeCV1N7BzVVkEGskRXzmd9qeOCDHi9T5MOLnlLcPA7Tw8HMzJaO2MXj3
         PSUEtN5a/6RyKOlIfcKCb38T4e2rDhABm3xJgVuqSbHJR7wYYpWuW05ilMkljriB3Dg5
         eRUKhwsmRBOuMnMAfAa+G/Q3dgwlG1uUn+I3dAXuivRslMMgYvZUHHtUl1SDNFkYTO2P
         k5tg==
X-Forwarded-Encrypted: i=2;
 AJvYcCX7Q+GJkyPnFZLh2kABSiJcN4ztIcR/UT+U1wEYYUkVgQgGA9eJFNjMfDEIk+agqT2ft7+9DBo=@isar-build.org
X-Gm-Message-State: AOJu0YyAAO/a0dTq6II1Hf7A8jnAX49af6Vo2crVIU3Z7eZ9xApVQGjB
	37UWi4xtc0HcE0KWLnpmaSvFlv9ipDhuzPQUvGeiSM5mhj665LE1lFQM
X-Google-Smtp-Source: 
 AGHT+IEKWL/kAE/Sqy7Uxfycg3hv3wbtPCiM+5N5XoMMdbPOLQqxleHpve+UtOXmxmL4j8zlpJNrHA==
X-Received: by 2002:a17:903:1b66:b0:236:8db5:7e50 with SMTP id
 d9443c01a7336-2368db57ed5mr126675525ad.9.1750254664619;
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
 h=AZMbMZc8n3Hd1ohw7fk8YORlVtW4GdUbBp3oaYvQgaXToHdeqQ==
Received: by 2002:a17:903:1112:b0:236:6f3e:191 with SMTP id
 d9443c01a7336-2366f3e0300ls52317875ad.2.-pod-prod-03-us; Wed, 18 Jun 2025
 06:51:03 -0700 (PDT)
X-Received: by 2002:a17:902:ea0d:b0:234:8e54:2d53 with SMTP id
 d9443c01a7336-2366b3f8713mr267144165ad.45.1750254663298;
        Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750254663; cv=none;
        d=google.com; s=arc-20240605;
        b=ayJtOh3ldVumQbD0wbbQ1MfhYkfS0ry5LT5+2Dzb9Mvyc91QZg3PM0AH5ynwsJD7Yn
         SAMv34Sw2PQ7giWX1etZMIS1iDSly0+jLxKMeLW/JinLC7bCJCNLvdKYIqtegbruSd6n
         3ca6YQMR0G3w8YeO/2gRtwDVBYeULSLQXIEgHc8ZYTLJQmI/igUycVCoz21MadZjd5zG
         u2Uyoa26bvWT5mDIyMGkxNPXnYWj7tXU975yAGzEZS47iNuJSe5FBsHG0nOpS6kuZAWU
         SMRlFo4cXeM2E1yDtySvgbdWqZiOn69tok+qk/cVX0yGyPSX+VUePifwtTWG3YJ/JkW8
         Tb+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=yTHyZtp/Gm/LWcW3yXuXiRnaKYLCtILET9xhsLbpom4=;
        fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=;
        b=hGVg6tgQTyUmx8CCiJPQ6Kt3CqRUVu2c2Og8K/QSy6mJJ8DOcIHHEokE/cqgBISt7P
         5Q4dWamup7mIfKEvrDcw1ey2wVrc8KsvLYlGkNEnOl6KaNB+QtnA21mArnpFaGu8vKlF
         nSkvVnodbM7nfI8BEVu7675SdL9pxVfzD80ULdQ9xqlMCXugMeC/gPH2t6wN+62ZhiSQ
         iTNSGbP7mq0zzp7RaZ1KPTEeUzuO/mNyTIZK+h6YKzjS2Jr1CeN7MTkNeM/GZzEViAf8
         YrfbHhxqxUQin+PMcJM4SJ8vkk2AaWJfjYk2OquMgmtOupr9em6Cpwte/sRjLeEE8Bdm
         ohhA==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=bDfz7K6A;
       spf=pass (google.com: domain of
 fm-1212295-20250618135101fe6c60d88081e4770d-ybgaqx@rts-flowmailer.siemens.com
 designates 185.136.65.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135101fe6c60d88081e4770d-ybgaQx@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-65-225.siemens.flowmailer.net
 (mta-65-225.siemens.flowmailer.net. [185.136.65.225])
        by gmr-mx.google.com with ESMTPS id
 d9443c01a7336-2365dc38e44si5168215ad.7.2025.06.18.06.51.03
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1212295-20250618135101fe6c60d88081e4770d-ybgaqx@rts-flowmailer.siemens.com
 designates 185.136.65.225 as permitted sender) client-ip=185.136.65.225;
Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id
 20250618135101fe6c60d88081e4770d
        for <isar-users@googlegroups.com>;
        Wed, 18 Jun 2025 15:51:01 +0200
X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users"
 <isar-users@googlegroups.com>
From: Cedric Hombourger <cedric.hombourger@siemens.com>
To: isar-users@googlegroups.com
Cc: felix.moessbauer@siemens.com,
        Cedric Hombourger <cedric.hombourger@siemens.com>
Subject: [PATCH v2 2/4] deb-dl-dir: optimize caching of source packages using
 apt natively
Date: Wed, 18 Jun 2025 15:50:38 +0200
Message-Id: <20250618135040.8252-3-cedric.hombourger@siemens.com>
In-Reply-To: <20250618135040.8252-1-cedric.hombourger@siemens.com>
References: <20250519115750.3195300-1-cedric.hombourger@siemens.com>
 <20250618135040.8252-1-cedric.hombourger@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1212295:519-21489:flowmailer
X-Original-Sender: cedric.hombourger@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b=bDfz7K6A;       spf=pass
 (google.com: domain of
 fm-1212295-20250618135101fe6c60d88081e4770d-ybgaqx@rts-flowmailer.siemens.com
 designates 185.136.65.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135101fe6c60d88081e4770d-ybgaQx@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Cedric Hombourger <cedric.hombourger@siemens.com>
Reply-To: Cedric Hombourger <cedric.hombourger@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
	RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

source package are downloaded by entering the target rootfs and run
apt there. For foreign architectures, this results in apt being
executed under QEMU and leads to poor performance. By using the
recently introduced rootfs_native_cmd command wrapper, apt will be
executed natively against the target rootfs and without elevated
privileges. For our test work-load, caching was reduced from more
than 10 hours to an hour. Performance is also more consistent as
it will no longer depend as to when bitbake kicks caching of
source packages for foreign architecture rootfs vs rootfs for the
host (in multiconfig builds).

Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
---
 meta/classes/deb-dl-dir.bbclass | 37 ++++++++-------------------------
 1 file changed, 9 insertions(+), 28 deletions(-)

diff --git a/meta/classes/deb-dl-dir.bbclass b/meta/classes/deb-dl-dir.bbclass
index 3f560da4..7026f4f4 100644
--- a/meta/classes/deb-dl-dir.bbclass
+++ b/meta/classes/deb-dl-dir.bbclass
@@ -5,25 +5,6 @@
 
 inherit repository
 
-debsrc_do_mounts() {
-    sudo -s <<EOSUDO
-    set -e
-    mkdir -p "${1}/deb-src"
-    mountpoint -q "${1}/deb-src" || \
-    mount -o bind,private "${DEBSRCDIR}" "${1}/deb-src"
-EOSUDO
-}
-
-debsrc_undo_mounts() {
-    sudo -s <<EOSUDO
-    set -e
-    mkdir -p "${1}/deb-src"
-    mountpoint -q "${1}/deb-src" && \
-    umount "${1}/deb-src"
-    rm -rf "${1}/deb-src"
-EOSUDO
-}
-
 debsrc_source_version_filter() {
     # Filter the input to only consider Package, Version and Source lines
     #
@@ -51,11 +32,6 @@ debsrc_download() {
     export rootfs_distro="$2"
     mkdir -p "${DEBSRCDIR}"/"${rootfs_distro}"
 
-    debsrc_do_mounts "${rootfs}"
-
-    trap 'exit 1' INT HUP QUIT TERM ALRM USR1
-    trap 'debsrc_undo_mounts "${rootfs}"' EXIT
-
     ( flock 9
     set -e
     printenv | grep -q BB_VERBOSE_LOGS && set -x
@@ -89,13 +65,18 @@ debsrc_download() {
         dscname="${src}_${version#*:}.dsc"
         [ -f "${DEBSRCDIR}"/"${rootfs_distro}"/"${src}"/"${dscname}" ] || {
             # use apt-get source to download sources in DEBSRCDIR
-            sudo -E chroot --userspec=$( id -u ):$( id -g ) ${rootfs} \
-                sh -c ' mkdir -p "/deb-src/${1}/${2}" && cd "/deb-src/${1}/${2}" && apt-get -y --download-only --only-source source "$2"="$3" ' download-src "${rootfs_distro}" "${src}" "${version}"
+            mkdir -p "${DEBSRCDIR}/${rootfs_distro}"/"${src}"
+            rootfs_cmd \
+                --bind "${DEBSRCDIR}" "/deb-src" \
+                --bind "${rootfs}" "${rootfs}" \
+                --chdir "/deb-src/${rootfs_distro}/${src}" \
+                -- \
+                apt-get -o APT::Architecture=${DISTRO_ARCH} \
+                        -o Dir="${rootfs}" -y --download-only \
+                        --only-source source "${src}=${version}"
         }
     done
     ) 9>"${DEBSRCDIR}/${rootfs_distro}.lock"
-
-    debsrc_undo_mounts "${rootfs}"
 }
 
 dbg_pkgs_download() {

From patchwork Wed Jun 18 13:50:39 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cedric Hombourger <cedric.hombourger@siemens.com>
X-Patchwork-Id: 4233
Return-Path: <isar-users+bncBDB6LLF7YUBRBSUIZPBAMGQEY4KMKDA@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 18 Jun 2025 15:51:14 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-qv1-f55.google.com (mail-qv1-f55.google.com
 [209.85.219.55])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 55IDpD8m003081
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 15:51:14 +0200
Received: by mail-qv1-f55.google.com with SMTP id
 6a1803df08f44-6fb5720eb48sf13475386d6.0
        for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 06:51:14 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750254667; cv=pass;
        d=google.com; s=arc-20240605;
        b=Cw9rZSRD+lvyNfw7WO2jtYLiIPyZdLjq1AGPqtqpeMw+TZQaBlJ6oh31Y923XvYEV/
         +m0vp5ZIaDkEnam1H6ltQf/P7pseSuzMkui66Cjj/a4D667FcYrIQTJ+4w1c4+GPxrdb
         rP2N4sZEhTLup2ivuhTPYFEZovfe8JgeZdsqEtOtp70a5Q2L+w4+pxuRVQlpyu62ZNqv
         4cXfKF9EFr3KcTJStm3etT59YWmCeCxN5bYQA5XiZmrEmGJsGSJme1/f6VhEwFoHv0FJ
         fULCBlgZbDobJVhq2POB4Qsp/87W59pHaXZ+V0oXpo3wlVkDugSsiWtgyENjjrbPomqU
         NGyA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=7axKl/9ACYcCN+OgWx7KW+wbI2ClDpl2+2RUCFhvQuU=;
        fh=VhBeiqJ8gWJS4Kpy0OClLp7x2YUvAVOfcA0uudaM3AU=;
        b=dsC9x0SexNERhrA578G7quc5mOUJ2zc0qgyERQE51fDXxVHRU1K3assEUv2BzEBisS
         np11XGIDjmJefXcNcWuI169lp1aPX+c3hu5/y1mQqLogjs7Wg7ncPGTTZJyX12Sirabm
         TusJzF4YS4l0DfN6JlRNL9Ul4a5I08MsOtWSRpGShVY4GhOTsyl2lP9pPKPKbIhYpkfc
         scm8UfK+BMd+GX8Rx7fSizHQCaF2k57TVTRgMJh50uTi8L78DS4BCGYZHeN5jDWU4Djv
         sO/T+XModM4Hcc2uXlUVaBSTyHIjTSIcJUWGtKZPhBbL3Tit0RV4hVwMLb/y40TOM1WV
         sFuA==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b="GnY+vMh/";
       spf=pass (google.com: domain of
 fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750254667; x=1750859467;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=7axKl/9ACYcCN+OgWx7KW+wbI2ClDpl2+2RUCFhvQuU=;
        b=lM6ZCvuMb6k1xN+qilh5+VcQ1Rp5c7nNB4rPqbAXCcJ4S8EWZMcT/fgVmuWdmoDuwx
         N49YDcapFaV35zNlGshSrTZUouSQj6taPsJK8psH5XHuXWj/F6kodDR/o4vSuN47rrmL
         v3EQM5r0eKCEVjPJ9USkn0/SON2r0SCXo5+ZsNXQR7mcG1SAwtjh+Rf2pBMluMtNju/A
         3kvLjxVYfkBT7cQivf3HUQZ4d8jK7KWIB4et6D7oG1n5/jbL8uatWapMN6K1OSj3xo/L
         zo7xDgPTcP6uc28FvzuIqaWMzf1KQms0jqUD6xDTCf7r05SAVrC7504SRl7W6mvyqiBF
         wUvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750254667; x=1750859467;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=7axKl/9ACYcCN+OgWx7KW+wbI2ClDpl2+2RUCFhvQuU=;
        b=Bt6zZAsexQPUIa+9qHJkq8vWJSKns5oMLqH4FdP4S0JegAIVG/IoWqxvYkT94ScjPv
         8knnde9r4vYqIn0pw6xgpc7nIW48Lg6da6ymDbp8uXKHDgrrJdRXlwr/7eDRhEr/BqOB
         rYsUo5CTmSK4ar4PQfKsDfRfkC6WFV6F48PWI6/CJgFweByfUqMzli9ELUsKfR4FM4gP
         +YT6isom5yI8UG6qQmVu/22TZ5KNatbz8JOYJjiw6cqVFkhJBaLD2kQ6HzQ/MRl74eND
         zF+MJP8749MNbLkBQVHjC7XhN6J1bzyLVeMI4FAE+PVyFDXz2pOufdilrwa22UQkEBP6
         gXcg==
X-Forwarded-Encrypted: i=2;
 AJvYcCU1jyxFEAHWtwH0aYpxE00Ze2rhYUvoqPfqqWYePnBOQhhUEMyM0kT/sQAkMWhZx2YnpHSPb/A=@isar-build.org
X-Gm-Message-State: AOJu0Yw/M3pVLqXGTx1FXLFwBNKW2ar0xxKa/Jn+tzOVK5eG19DOYSAR
	9JfjH2o7ivuEpStngv3tfictU+DhB4+Qf/rGiMh9eqDdbTyrRnzqcOH3
X-Google-Smtp-Source: 
 AGHT+IFRcFctwYRUnYftDA8FBHSRbkXaUlTSbtoiZ+uWheiqM+6BC/ANjP4/llqHKKv4Visfy5N5ZQ==
X-Received: by 2002:a05:6214:19ce:b0:6e2:3761:71b0 with SMTP id
 6a1803df08f44-6fb68ae223bmr41795696d6.5.1750254666707;
        Wed, 18 Jun 2025 06:51:06 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
 h=AZMbMZcqKI4erSM+kSetfS2GvpvD8npLaG0Ji/DbI6IWCiKmXA==
Received: by 2002:a05:6214:29ef:b0:6fa:bd03:fbf2 with SMTP id
 6a1803df08f44-6fb3544e2c3ls96888376d6.0.-pod-prod-00-us; Wed, 18 Jun 2025
 06:51:05 -0700 (PDT)
X-Received: by 2002:a67:fa5a:0:b0:4e1:5132:67c9 with SMTP id
 ada2fe7eead31-4e9972a32demr1154358137.0.1750254664687;
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750254664; cv=none;
        d=google.com; s=arc-20240605;
        b=KU7qzhxcO2zCnX/cktPjQc1qlLgNKIrlwspFAFLS0E2YR3BbQ8uF6pxqt99e3d/e60
         9veY54HOgVFXDp4CtpbJP1lPOSjlhIKZaqs3GPswFII6DWB5FeyCUuOB+qC46kHBFATp
         5SGCvzbDAh97KuS8/SosWO5xWmDP/QHXOpIi3g1eNpnCFkb1PWU0CztTwXrCIbJM9Nvv
         ExIQDNcYHPLoc1rBx3jl5VFJSeLB/NYhuxsKSLtAxhmIbwiUGRry9MmRGMz1lSrLbqSF
         3b+5wwqUNqRA17md6nMeGFzsykiHRWwFcUwX+dPbS2g5h+mAMwNCXL6MQpP13/cA5t0r
         RqLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=4hNIqM2vyvntWek21pO5SDHeWjBNW2wkEN4si36cJLw=;
        fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=;
        b=SjKq7DmCHCozaFdZ3f44+RX0GTdzwZxa/FopC4yJ0RTk2Ekg2W0oP0IEattBZLdlrW
         xveJEuB+t61WZFYuJ6zpECu80N9WrjZi5J5x0D8tIi79xdUgORIK7iPPh4xY3O9p1WH4
         JCYyGUqCH2iYW+ECUAI2uKjfFvTH85j7id70Gfr/nAIlklnpTN5ds7/eMxfFkxB3JNc5
         TBNzB4+ThZzJN0y+3RJtAayY6dlyqvY+qTgRQqGAduQc2nnJtH13dgG/ZHdeIFXq4/Pl
         Fo94pB/fcFs/v79yESwzzZug2SPsQ91H8HMGYhx6YsfDPZme/WVj6iSpXersvIfG6Mao
         Up5w==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b="GnY+vMh/";
       spf=pass (google.com: domain of
 fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net
 (mta-64-225.siemens.flowmailer.net. [185.136.64.225])
        by gmr-mx.google.com with ESMTPS id
 ada2fe7eead31-4e7e666cfcasi544424137.0.2025.06.18.06.51.04
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
 20250618135101f806e905b8e07d0abf
        for <isar-users@googlegroups.com>;
        Wed, 18 Jun 2025 15:51:01 +0200
X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users"
 <isar-users@googlegroups.com>
From: Cedric Hombourger <cedric.hombourger@siemens.com>
To: isar-users@googlegroups.com
Cc: felix.moessbauer@siemens.com,
        Cedric Hombourger <cedric.hombourger@siemens.com>
Subject: [PATCH v2 3/4] image-postproc-extension: refactor systemd version
 checks
Date: Wed, 18 Jun 2025 15:50:39 +0200
Message-Id: <20250618135040.8252-4-cedric.hombourger@siemens.com>
In-Reply-To: <20250618135040.8252-1-cedric.hombourger@siemens.com>
References: <20250519115750.3195300-1-cedric.hombourger@siemens.com>
 <20250618135040.8252-1-cedric.hombourger@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1212295:519-21489:flowmailer
X-Original-Sender: cedric.hombourger@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b="GnY+vMh/";       spf=pass
 (google.com: domain of
 fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135101f806e905b8e07d0abf-j17tk9@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Cedric Hombourger <cedric.hombourger@siemens.com>
Reply-To: Cedric Hombourger <cedric.hombourger@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
	RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
---
 meta/classes/image-postproc-extension.bbclass | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass
index 991bac4c..0af588d8 100644
--- a/meta/classes/image-postproc-extension.bbclass
+++ b/meta/classes/image-postproc-extension.bbclass
@@ -53,12 +53,17 @@ image_postprocess_mark() {
         --build-id "${BUILD_ID}" --variant "${DESCRIPTION}" --version "${PV}"
 }
 
+# Use dpkg to find out which version of systemd is installed into the image or reports "0"
+image_systemd_version() {
+    sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0"
+}
+
 ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id"
 image_postprocess_machine_id() {
     # systemd(1) takes care of recreating the machine-id on first boot
     # for systemd < v247, set to empty string, else set to uninitialized
     # (required if initramfs with ro root is used)
-    SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" )
+    SYSTEMD_VERSION=$( image_systemd_version )
     MACHINE_ID="uninitialized"
     if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then
         MACHINE_ID=""
@@ -82,10 +87,7 @@ image_postprocess_sshd_key_regen() {
 
 ROOTFS_POSTPROCESS_COMMAND =+ "image_posprocess_disable_systemd_firstboot"
 image_posprocess_disable_systemd_firstboot() {
-    SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \
-        --showformat='${source:Upstream-Version}' \
-        --show systemd || echo "0" )
-
+    SYSTEMD_VERSION=$( image_systemd_version )
     if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then
         sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot
         if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \

From patchwork Wed Jun 18 13:50:40 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cedric Hombourger <cedric.hombourger@siemens.com>
X-Patchwork-Id: 4232
Return-Path: <isar-users+bncBDB6LLF7YUBRBSMIZPBAMGQED4YEBMY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 18 Jun 2025 15:51:14 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-pl1-f190.google.com (mail-pl1-f190.google.com
 [209.85.214.190])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 55IDpCVi003063
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 15:51:13 +0200
Received: by mail-pl1-f190.google.com with SMTP id
 d9443c01a7336-2358ddcb1e3sf93386305ad.3
        for <iupwgm@isar-build.org>; Wed, 18 Jun 2025 06:51:13 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750254665; cv=pass;
        d=google.com; s=arc-20240605;
        b=WdwLl2dEbss6NymKe/gZxJ+eHtZOlBidc3lWalz+ArKt0aQ5jLMHiYvBirl2z7UEJ+
         4bnK6+A1aN94n9wUcu8mhEvR9b1i81tNkctrKuwvOKdMo8DbC7QO7cJhdoW1hbcBLVYR
         n0SyV+N43Oo1AUoEKYtpbNIsL5mSFTwf4i2CsVWw4v3hVzwUnEwj+FLUwerF+0j3unUg
         icb04Y5S0K7eQUAa2qh1er27sd/pTTFn6kySz2l/t97CFLJ/zMUupzbe3EbPS6yrUEok
         /X38LQXXRNv1gdtoauTSS5W5uVHfQeF5Hin9V0mebeMEeycS+tCv3iHz/OOkIUpHcmXW
         Lgnw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=pmKYp5H1+davuAgSpWujyBiyVvvDjAN9BW3TExmalX8=;
        fh=o6e/uloIms3vLmCOJOD+1zKRUa4DiDYhQAmLTtRRwjU=;
        b=FfMZsgZVOfGrzrl+TLigPggDLKj4QrTmZwr0acSMsgV5PyIaA6MvUdyyKqPb1G0xZa
         nmjRoR9FPIScGYojrAAPCV1C9RQT/KhD87xi/8G0CsTyLxwwX76+LETwyXlR8Vk44w0w
         O3O5ZbCIBgQR2+UYI0AxULEgKryKunTHSH0HO6UXfU3c/dr0+mNEI8leFP0C6cI0RLCm
         njpkuTZHajzObsi0F3a3yWkgH3RLgkFs/WlclwijaZAbAKpNc0ZVwZD7aAJxuRQM8IME
         nkU7Nb6fBegbqqWSKOvucdsfM5Oasvh5e8HkZ/7n7MCGa4oXDJmY+3K+LEEA4eDh6hVQ
         ykZg==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=ttSrTvoF;
       spf=pass (google.com: domain of
 fm-1212295-20250618135102f8cbb76ce61e7c1a8a-m709sd@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135102f8cbb76ce61e7c1a8a-M709SD@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750254665; x=1750859465;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=pmKYp5H1+davuAgSpWujyBiyVvvDjAN9BW3TExmalX8=;
        b=YGiFFlf+/vjd0/+z52/OOdlqaPwDsbkAXz45NxHaBVZ+XNm3u3waQOGSsoaNUCo6wA
         7pC0RR5sw4x0hlYrsqsbIdkoUhJues/Hxy54p81tbwwJg1mw6doYbkHzbZ4FYandNgmA
         9yuytyGclRVENCRoZiz4xyzPVtZkJmnSAy31Dl7bu9C+BIWXdDBCxVjnYSjZZiK7wklm
         2tPM8Xsp6DmSwT3Knylnnf1sniHg0R/9MpBOV3GqO51Z2TX4gXT8MYdPMpu2UepzVFyr
         xN9FHo8BaM2ZOThOe3yIEvYOxBn/5Mprq5DB0hReN/jCPiKmCpLNuHnd8HfinOxaSPOd
         1fgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750254665; x=1750859465;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=pmKYp5H1+davuAgSpWujyBiyVvvDjAN9BW3TExmalX8=;
        b=gAtAjvHl/9WYAA+4ESOlmEjwS+9SJ8gnNRrmsvMU2jfPn9LHm5I/zBeAC3ROku1C0J
         PQHYcgkOWvLlJB3rkX98H0/XVYh0+LQybrKBrgsMJxMCnO/lnjJVG0ZXc0ux4oQlhbkI
         BhhVilHz0YMz+QkZqoh1NlHgY4+lQOO4gEKk3SgI674ZFthK1gob+6hvxYpkozEDnr1P
         E+rfZIqbZAEl/U8mW9fXmS+d8eMP07X8ruhRim5vmoWw/hsZrr1oCkSRP6mTq565pt2s
         Hjbt65O6d+7rhmcymVdYsHmZXV6/5a+75BGLABK3FzuPJiw5isbiZPE6qChZ1rkJBE8E
         bGbQ==
X-Forwarded-Encrypted: i=2;
 AJvYcCXrw0cxWEmiPUQTj4MX2COmmG573xwAJNhJS35w1UZVyPeaDjlk8ySc8tul+zXdhzndUGxPFxw=@isar-build.org
X-Gm-Message-State: AOJu0YxyErVuxsoaAXtjHme3ANI/pPWN8tFzxx0EQ4aly8BbwN1VKTjF
	RkHI6F01ieVASDYDMs+Zzx+P0HrOfxNwDfhwQOC/UjnuyD6zXHDTFCG1
X-Google-Smtp-Source: 
 AGHT+IGaY89a/N75tG4Sisys5FRuCawGZgH/q3boZZu5cyIsGgOQe5BuDroY1GtoOddM4Zk/FI/ITw==
X-Received: by 2002:a17:903:1a83:b0:235:5a9:9769 with SMTP id
 d9443c01a7336-2366b13645fmr272019575ad.25.1750254665535;
        Wed, 18 Jun 2025 06:51:05 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
 h=AZMbMZdb6RfnA1TTRWweBWf0IeNQQ95PqyD37t+v9s28eD+uMg==
Received: by 2002:a17:903:907:b0:234:bc8f:2a60 with SMTP id
 d9443c01a7336-2364de1ee90ls70529995ad.2.-pod-prod-06-us; Wed, 18 Jun 2025
 06:51:04 -0700 (PDT)
X-Received: by 2002:a17:902:e8c5:b0:235:eefe:68f4 with SMTP id
 d9443c01a7336-2366b136479mr214014185ad.29.1750254664160;
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750254664; cv=none;
        d=google.com; s=arc-20240605;
        b=YJhDVqxdb0Lw0RVifnGoHkrRi4L+D6dI1C6C700bS6te6uoO0W5wKderzPY41tPhoa
         GasVZzD8r3+m48RRIOGpxosCCj8j6YikITD0+q0nTYQcJD/5aBazGif2HTDWe0s93IhG
         YHdfPbjEqZOe73pOgL8Z5Qwd4RO57M4XO+IhGGo2g8ppjMNeJQNG+Ui4DlqkLxY+iGnR
         MIT5eGrJV8QQSQHqZIso0U94byeuSsUnwDHSa7kQTfzASIkoId/nKzuF/HNzBPgi8vCU
         KaV7kwIncchgfQll9ZE4jnvdFOnFJJZEgjWeUSWkC8iFHWyL0jJWMlnPiZ4Nabv7E77S
         0ODQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=KApA2UjJbAH/6BeAl0NyQErfyQf06/muodYX3dDztAw=;
        fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=;
        b=IuxWQXa7c5UqCuj4X/7FmS+ImAeapFEp435VF20qaC9YwsCqJ0zTZEC5MSnJhMRi8c
         z+03CaDhMYsDn6dzD2Jarni/r7q7dvFcyPSkYxN3uYbMl7AEccEzicDc7enTMtCsBi9l
         PGdV+EiCPA0GCR5A1KYFjxD1EPeGXQ921oDmrfAFYi3DZCSgnx6jHUaOwFTXB3bM+M2V
         e9CUMPyib6RW9Ki7+f4KoiZ238M/rkYhWxaIkubIuhKTVFnJZ93xDerbBI01CNEVVoS9
         3VaiGK/qdT8+FjiuWLs839FB3cBS/uzBppVEsHhAP7rEpaURKU39Hbhmex6YpdYMQtjz
         +6hw==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=ttSrTvoF;
       spf=pass (google.com: domain of
 fm-1212295-20250618135102f8cbb76ce61e7c1a8a-m709sd@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135102f8cbb76ce61e7c1a8a-M709SD@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-65-226.siemens.flowmailer.net
 (mta-65-226.siemens.flowmailer.net. [185.136.65.226])
        by gmr-mx.google.com with ESMTPS id
 d9443c01a7336-2365de60406si5210975ad.10.2025.06.18.06.51.03
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1212295-20250618135102f8cbb76ce61e7c1a8a-m709sd@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226;
Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id
 20250618135102f8cbb76ce61e7c1a8a
        for <isar-users@googlegroups.com>;
        Wed, 18 Jun 2025 15:51:02 +0200
X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users"
 <isar-users@googlegroups.com>
From: Cedric Hombourger <cedric.hombourger@siemens.com>
To: isar-users@googlegroups.com
Cc: felix.moessbauer@siemens.com,
        Cedric Hombourger <cedric.hombourger@siemens.com>
Subject: [PATCH v2 4/4] image-postproc-extension: extract systemd's version
 using rootfs_cmd
Date: Wed, 18 Jun 2025 15:50:40 +0200
Message-Id: <20250618135040.8252-5-cedric.hombourger@siemens.com>
In-Reply-To: <20250618135040.8252-1-cedric.hombourger@siemens.com>
References: <20250519115750.3195300-1-cedric.hombourger@siemens.com>
 <20250618135040.8252-1-cedric.hombourger@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1212295:519-21489:flowmailer
X-Original-Sender: cedric.hombourger@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b=ttSrTvoF;       spf=pass
 (google.com: domain of
 fm-1212295-20250618135102f8cbb76ce61e7c1a8a-m709sd@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender)
 smtp.mailfrom=fm-1212295-20250618135102f8cbb76ce61e7c1a8a-M709SD@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Cedric Hombourger <cedric.hombourger@siemens.com>
Reply-To: Cedric Hombourger <cedric.hombourger@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

Elevated privileges are not required to query the rootfs for the version
of systemd: replace "sudo chroot" with "rootfs_cmd"

Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
---
 meta/classes/image-postproc-extension.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass
index 0af588d8..21dcfccc 100644
--- a/meta/classes/image-postproc-extension.bbclass
+++ b/meta/classes/image-postproc-extension.bbclass
@@ -55,7 +55,7 @@ image_postprocess_mark() {
 
 # Use dpkg to find out which version of systemd is installed into the image or reports "0"
 image_systemd_version() {
-    sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0"
+    rootfs_cmd ${IMAGE_ROOTFS} -- dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0"
 }
 
 ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id"