From patchwork Wed Jun 25 19:37:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 4241 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:39:47 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-il1-f185.google.com (mail-il1-f185.google.com [209.85.166.185]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdCxE007196 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:18 +0200 Received: by mail-il1-f185.google.com with SMTP id e9e14a558f8ab-3ddbec809acsf3090225ab.2 for ; Wed, 25 Jun 2025 12:39:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880347; cv=pass; d=google.com; s=arc-20240605; b=Qogt4Ro5HKf7M53FgSdQb0zJMGEjGw9DsVCnSB9M9JVUImKiHme/OXoZFkAfhLnkMr 7/s7FKh+f4gKpCjfWEsOFiexIt5iS0Eao2BypOrx+Tk8coj3dTlMv98ACLnXPljO493+ BvT0z0IUsWWqdIb5nTfa7CqRseEbSJkiZBTBaroVTHI0PO2BWiIgLwFdf9VbsCwcfJ5t vCl2DydZ7j9NUNBLhO905md86NwuA4pUJBlvCQ+saUJHY64MF25QLeetH5iRv3HylFWH kkWAgJb9M26kblY3Nzc58nSDNQTCokTVR7OLw9Vgcau7nZrdQTl2AABPFFs+rXLAI+I7 yzhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=S1vuFf7JlGyt5fVr1aoPd+FRJr9eXIG7kfeGCSu6Eew=; fh=jP6sSg0L+6x/rfr8S8BB19b05DmHtwCeRp0M7fy9vNk=; b=NmwrpA5/qSUFw7HSlG8WiHeGxT8PabS2oCtqJHDCOp1XF4M04B/otYQBTOPPU1zwT+ yGewxh8IM6FCTRJicTLmOdnrYLFKjbu4vMdR7+0xmmCSh4xSoZXO9nJY+J+K39963/pb x/V/tPM4RSiYVGT2m0y3FTUqBXd+BNpZkCcmBzKX3ZWASzY/kV7BPmmatVKvvacc6OS/ gG/A5MbBzg8/DOZtv6ypZaPhQu/4vYmFFq3UzV/sLJE4GfvF+52PbxCtEuvDkBJYMreO MOEqbomM2weV+iNCGBXe/RwQvwIGgMSM92CwJRe+heVhBMgzOPCSGE7n0LPESf9mQ7xB R2+A==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=doQpGrzH; spf=pass (google.com: domain of fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880347; x=1751485147; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=S1vuFf7JlGyt5fVr1aoPd+FRJr9eXIG7kfeGCSu6Eew=; b=HM6MjvkQOdRfiacSYtaJ4yqN58VgweB2oMqCSbqSBiWLJNYg7E+g4kVVOvOQaIXFPs v76q4eLrdPkVvnzergoziDwmROPAh4d5UWTvpdHQvYtgtdtunD7PPPkWc8yUPMWwJcrj rKLFZxRSmRHY602+wcjXf7WsMTbwDEpvvXnHbnjCZf+7AgYWhtEr17jJXFA3K6ey1j6H RZuKd3V3DVUnMUXUM1aTJQJKWujIDcaCrWcIO2fymtTaNeuteExYfJk9vUq1zbXie1Wr faaYmXlelj4mAcWqhStzZ29JVRLwOVtUcom23N0EJFt6V53C5YEsXmfa5oxt0aMFxUVC gHTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880347; x=1751485147; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=S1vuFf7JlGyt5fVr1aoPd+FRJr9eXIG7kfeGCSu6Eew=; b=v7NBEXCufraJWlZ/f0q4J04XLgF3zbEBZoCHdcsN4zSIrPz0fSM7djNiA/95GC9AQV 2N1Q7xX/nqUU+HpMrq1hdSzkojnWArbA2X6SwbsC61iljE5F2t0OHNq7+0XkSaT0FqGN MRciSoPKASao385N6LZSBckqQz8L+SAzcVKd4CGg6F+gxh+rxij7+OlVyxmWrCnR5aud 1LtAD1h9aEJUfzKyOQdcJNq5BhqneQclOPGudA2S8Nd9Ug8obqOoiIyQ94awSCenpRi0 +DSBdrttUgUSmUV4RKqCNYuBh+KOWJLehnrIIXrvrW9e3ozahIuzVgH4z5/OPDW0SVTy gWLw== X-Forwarded-Encrypted: i=2; AJvYcCXuf/EPOYl3SdIilY26TaKmZ6ygM5FaBE1HSKX/HsXNZTGwXHR7YlMOSig1JtBbOoLDVhELzm8=@isar-build.org X-Gm-Message-State: AOJu0YxHQYj7Nqxr3NdTPDNWVwveRRd5/welQ73LG4tAP8K6ZvdFWHPt sSvNdAUW/BsjpFpVbdI/BIvYsIBU3duAVBQf2TsZvludG+dGu+r48jNs X-Google-Smtp-Source: AGHT+IGjaJPpq017Hnt0Nw/bEOST+Og5OTskeS656L1o6FIwOrrO9f039B5TstkirTZWsRc/L9t64g== X-Received: by 2002:a05:6e02:160d:b0:3de:2102:f1d8 with SMTP id e9e14a558f8ab-3df32995f39mr65511025ab.18.1750880346841; Wed, 25 Jun 2025 12:39:06 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZeIeVx1/khP6kaTTHtMs1TKHhOpFgUIpBO7x7a+EU3ifw== Received: by 2002:a05:6e02:480d:b0:3dd:c3df:51e9 with SMTP id e9e14a558f8ab-3df3dc4bf42ls2729335ab.0.-pod-prod-04-us; Wed, 25 Jun 2025 12:39:05 -0700 (PDT) X-Received: by 2002:a05:6602:1352:b0:86d:5b7:5a42 with SMTP id ca18e2360f4ac-8766b893965mr724917839f.4.1750880345389; Wed, 25 Jun 2025 12:39:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880345; cv=none; d=google.com; s=arc-20240605; b=YIBWrcFrb00IUu7ddrjH9rDGor5ieQ+Xbvl0H/dNYrhTpBUbrYd/RdcDr7TWbUYet9 p1VMWdzCE30GSoMKlLtz6MOchIMnOZj1CZOnKaFG6zI7OsBVwpmTVXw/BCEMfwzS41h5 2M7jxpB03M1qjE6FrSHPKyywlZRZs2hFaTkmjBiJWoPOZbtajZSS9EHJw7ys8xAth6AB WsFDaXxE/suvg3Rhrqo4qMCTAM7pWzgwZlMF1DF9mJcTJS/hMFx+66ulHZcXSGRYsNva 6clSDP8w2ZNNuHd0MLi+VErZ3QvhXe5zwMhb0tthcgk3W+Afv7y5Hg1zq6ANJ/snpSow r8sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=OZOIFSZNWArrSMK80unVSgo0USFgcB5pCwlqosZzoxI=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=e4i6msMox1UULHV+u2z3Q8SR+O0VKA5RmkM/wcLjl4o9+Pwm831M71/bRLSgysLeRx 91PKx1SG2XjU6MVuUH5mnQihl1NbFXvz7k/CiuPkciYGGRuni7OUEmQfJM17lBBSZLs2 1ZrKDO4injH8mYoBUinj6SBkWGo5xfoPJ1bhlPzKRrxGrbzeaONhzNf/jOfrxIQxLgmT z1GgUTckdi32fr1vRVqdNK2NkOg4WNZIC1TJq10T7YtzKfcOYGLRD8nyRhyLQzIW8ula UnKO2tE+W2k6brZ6p36oZcIzWCSjso6jyLd/hncU/vKO3nAd2hgwI9VGsSxhV3+1E987 nPzQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=doQpGrzH; spf=pass (google.com: domain of fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id ca18e2360f4ac-8762b65da6esi50440639f.3.2025.06.25.12.39.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:05 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 20250625193902056005e860b7ac2a3e for ; Wed, 25 Jun 2025 21:39:02 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs Date: Thu, 26 Jun 2025 03:37:43 +0800 Message-Id: <20250625193748.2681-2-cedric.hombourger@siemens.com> In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=doQpGrzH; spf=pass (google.com: domain of fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250625193902056005e860b7ac2a3e-_nds3_@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,T_SPF_TEMPERROR autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= "sudo chroot" is used in several places to run commands inside rootfs directories constructed by Isar. There are cases where a command could be used without elevated privileges as long as special folders such as /isar-apt are mounted (they are often referenced as /isar-apt in configuration files found in the target rootfs). For such cases, bubblewrap may be used to create a non-privileged namespace (either in a bare/native environment or within a docker/podman container) where the command will be executed as if chroot had been used. The rootfs may also be the host root file-system: this should however be used with care to avoid host contamination problems (note: Isar already relies on a number of host tools). Signed-off-by: Cedric Hombourger --- RECIPE-API-CHANGELOG.md | 7 ++++ doc/user_manual.md | 1 + meta/classes/rootfs.bbclass | 67 +++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 8468717d..18b90555 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -727,3 +727,10 @@ Changes in next This was never documented and never had practical relevance. `oci-archive` is the useful OCI image format that can be imported, e.g., by podman. + +### Require bubblewrap to run non-privileged commands with bind-mounts + +Isar occasionally needs to run commands within root file-systems that it +builds and with several bind-mounts (e.g. /isar-apt). bubblewrap may be +used in Isar classes instead of `sudo chroot`. It is pre-installed in +kas-container version 4.8 (or later). diff --git a/doc/user_manual.md b/doc/user_manual.md index ca551a0d..a4fff34a 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -75,6 +75,7 @@ Install the following packages: ``` apt install \ binfmt-support \ + bubblewrap \ bzip2 \ mmdebstrap \ arch-test \ diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 5f877962..429494ae 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -34,6 +34,73 @@ export LANG = "C" export LANGUAGE = "C" export LC_ALL = "C" +# Execute a command against a rootfs and with isar-apt bind-mounted. +# Additional mounts may be specified using --bind and a +# custom directory for the command to be executed with --chdir . The +# command is assumed to follow the special "--" argument. This would replace +# "sudo chroot" calls especially when a native command may be used instead of +# chroot'ed command and without elevated privileges (the command will likely +# take the rootfs as argument; e.g. apt-get -o Dir=${ROOTFSDIR}). If the +# optional rootfs argument is omitted, the host rootfs will be used (e.g. to +# run native commands): this should be used with care. +# +# Usage: rootfs_cmd [options] [rootfs] -- command +# +rootfs_cmd() { + set -- "$@" + bwrap_args="--bind ${REPO_ISAR_DIR}/${DISTRO} /isar-apt" + bwrap_binds="" + bwrap_rootfs="" + + while [ "${#}" -gt "0" ] && [ "${1}" != "--" ]; do + case "${1}" in + --bind) + if [ "${#}" -lt "3" ]; then + bbfatal "--bind requires two arguments" + fi + bwrap_binds="${bwrap_binds} --bind ${2} ${3}" + shift 3 + ;; + --chdir) + if [ "${#}" -lt "2" ]; then + bbfatal "${1} requires an argument" + fi + bwrap_args="${bwrap_args} ${1} ${2}" + shift 2 + ;; + -*) + bbfatal "${1} is not a supported option!" + ;; + *) + if [ -z "${bwrap_rootfs}" ]; then + bwrap_rootfs="${1}" + shift + else + bbfatal "unexpected argument '${1}'" + fi + ;; + esac + done + + if [ -n "${bwrap_rootfs}" ]; then + bwrap_args="${bwrap_args} --bind ${bwrap_rootfs} /" + fi + + if [ "${#}" -le "1" ] || [ "${1}" != "--" ]; then + bbfatal "no command specified (missing --)" + fi + shift # remove "--", command and its arguments follows + + for ro_d in bin etc lib lib64 sys usr var; do + [ -d ${bwrap_rootfs}/${ro_d} ] || continue + bwrap_args="${bwrap_args} --ro-bind ${bwrap_rootfs}/${ro_d} /${ro_d}" + done + + bwrap --unshare-user --unshare-pid ${bwrap_args} \ + --dev-bind /dev /dev --proc /proc --tmpfs /tmp \ + ${bwrap_binds} -- "${@}" +} + rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { sudo -s <<'EOSUDO' From patchwork Wed Jun 25 19:37:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 4239 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:39:39 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f60.google.com (mail-oo1-f60.google.com [209.85.161.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdBD6007182 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:17 +0200 Received: by mail-oo1-f60.google.com with SMTP id 006d021491bc7-60f132ad457sf2826eaf.3 for ; Wed, 25 Jun 2025 12:39:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880346; cv=pass; d=google.com; s=arc-20240605; b=YsceAqBtE813AmIKiwrH8hgMrQUr+pv7zE6cv9xfuu5LIJih6oAvOlzpyb7WUirDEV ZTiw599DfkwEOE6F3LZoy5OXdzuEO1yeoj2x+A7wlgEL1WggtKgYUp+iP4PhHWmzTYDd EDd0ifl9iltaUoQhTWNVc1QxMtNH54MGkQM5cw2BeMlSRF9TmU7LJ4h4mcNPqCEByKOf wMZS0Cwmdi40UDHWVgPG/FlAHwlnSE5d344H4C71+0L190DhvQOPImSm/ZD9yyh5emBJ ShNFp809WiZ8465FMatf+crCTLGDFHAvPZ6I+3YoqzCAuViq9FXrGvfDzHeL3EYiptFc 4zjQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fWEhrPcG9jjLDFgXGjAcw4XIUAV2GeMTzYWUcNStluE=; fh=JvTZpVpvb4RdHT+fCeABGyX/7zqRADsHWSNamGY799E=; b=jiSzbcEYxvZyofdn+hBlDLnX0ERO2CpJEOJU+3sh63cIWz6eSq6HAtpVutUUP9/drl zEragXYs8OVDEH52Luui/kBBeYjVdn0EL4IdrrrP2BeQ86gZytt0gVuIe9ceJDqIvvAN wamqOZpHeexjnYJGgt7j2KI3dTgkwn7I/iO/34/H8lcBaHUxLak9YmoywQDwjS46Lr/R QUwta7a9rzhbz7j6JS/xMwUv4HguT4spAoe23qx00mptTKfgp/32SPWVPNvkW1K2lFGR Fuf8bQ4E9n3qfNSSK659efuSeJ4wqIfoCZuJGANQmV+DZ2uP1QDqSMRnw44oZi86mOqr LhwA==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=VYmysbnv; spf=pass (google.com: domain of fm-1212295-20250625193904d657f811301bf74e88-rn0ms2@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193904d657f811301bf74e88-rN0Ms2@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880346; x=1751485146; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=fWEhrPcG9jjLDFgXGjAcw4XIUAV2GeMTzYWUcNStluE=; b=dv747IF8gETHZCyNRU21alcdFUOfdTjrXk76PEq5Mrdr4iTfYoPCTRuiBrd6e1jPm5 skHmXI4eNo8ExzklUVUGO7HCip9lAhXLvLfmjEDiNLLJVhkPnjki/oB6VcmbHo+ALvNa pspv0exwjf9xN83bRSUzYMn+V4lX5cHY1qKG4bmbsTIT+VPOpKUmx2gDvOH6IhNPOMe7 b2y01lOevUvVME2OIIsj2cyPNULwO8d1EJg8/x6yyH78/ngEK+DyVmp2ZES5w1ghM8CS Uhe0yOYB4ZfYgx1xcNhdpP4iIHMWe9sfofglofeHPBrj8vH7ToSdno4xNeULsoS2bN1h J/Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880346; x=1751485146; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fWEhrPcG9jjLDFgXGjAcw4XIUAV2GeMTzYWUcNStluE=; b=PEdOv6wPoZIKIesn2sEvTq7c9k50NJLB+EWmWBQ90jsx8bfogIFxzTjCWi5zRNUTLm WSOy/dv+B2NwCblpDa03ZJlSMoMmj1fZPUK474aIiTEzTNsY6bPPH0GFriw1Tqcc9zWr 0UPm+v4gLzjSGR8Jm0nNa9tVCzYlNCQA733ZHMIznxtK8fU83iRgfMzfrJdBXHXiak9d ua6PxB/QFV+mVS2USNnzqCqlwwiCLNrlA0uUcuMG7TjKEv7XmAYwuadZ2ngbmIjb9ZGG 0a6FToHilgSX2jrVPFE/4rrAYJCJT7/5TXC81wXY8JEnhU2NJE1bHSlrj6Kq6pQgJwnJ 2NWw== X-Forwarded-Encrypted: i=2; AJvYcCUiUItVjJVwJRJYa6WTPwO2mzj1G9wVBOsVCKmowBXN5ov73K+knPtWLrN0FTl5UK1HAljKLKM=@isar-build.org X-Gm-Message-State: AOJu0YwvsbOCwAWL8V51TxvKeCjyiWO6rOGZmtCIL6n8mil9ea+kPkf7 c9X3Q6lim4qq6NGbHPtlkabazjZXxc6vHse5gmK9S9kC31P1hM1gce4t X-Google-Smtp-Source: AGHT+IFin+Qcbl84ySfeOzxQn0/tF1A6CRlikA0tExepOxa+grJ3rT6wmDts83MOuBthbNPoGevi3g== X-Received: by 2002:a05:6820:508e:b0:611:a243:3889 with SMTP id 006d021491bc7-611a2433b41mr525899eaf.1.1750880345947; Wed, 25 Jun 2025 12:39:05 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZd7kzGt0uKb3GTP0r3H8AqGH+NA84tXk9mmX/7AZqUqgw== Received: by 2002:a05:6820:4886:b0:611:7896:5575 with SMTP id 006d021491bc7-611ab014a7cls93641eaf.0.-pod-prod-09-us; Wed, 25 Jun 2025 12:39:05 -0700 (PDT) X-Received: by 2002:a05:6808:4f20:b0:403:3195:58cb with SMTP id 5614622812f47-40b05c15b91mr4031610b6e.28.1750880344907; Wed, 25 Jun 2025 12:39:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880344; cv=none; d=google.com; s=arc-20240605; b=gr8L0VcjqEXcYulgSmrhI+EdE4nXZcmxZvgVsDBBPr+9nN/QKdAAW6YbamUnXSvRVH ikc9iM3rvihD8J3VR+6WAq3BNZwl2iMogMD4Am1q0jTUFIsGZBeG6RNiBS/7H9lhwZhF JnkvfXihpPymGMQZlJhmc5dhUMl4N3rDElhq8K+K9pRC2wiwZt0s6SoBinFOwuela8VP I3tJrXdDZQ7m37Tti/aHb8NZdEjCwsBKzRjzdl6j3EumqMdP9RvTVWtNQ+tYUthGKhOB n+stLbWNWOL4OiGbuCb4q603kc6f4cD17couODnKbrrr7xBJ3ouzFQbPCBxV+BexPxX4 aHug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=yTHyZtp/Gm/LWcW3yXuXiRnaKYLCtILET9xhsLbpom4=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=b1hCdUe4wdGhy5h2zwTCuvNwFA63j93KRIF2ZJciSsUw9OWAOtd8xxXdLc6HC9E5Bl j/MEFt1nQslYGNVQrBYYVMKuWfWuBVEc4QqyQgZv8uOcbTNR1i84ZkMs5SDyKMDeEUAG 2uPdQ2mW48O0O7BGXHgEwrbggpF37z4Obgkrm4VYFPCFzuP7IWTa8eIpMEJzxLH96zxc 1LdHBUJxeOxwRMGaVJJP6USi11W09hjVRUVjthuJ6prH6OYTSkZ64CLewPm6Mlt2MUJj fSc3cUUVdKL7qDTvobkSb5zKFQm/39/dq/mQqlFBFRNi87vPXFi+s+W7ES1jXFbvVqhk bnSg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=VYmysbnv; spf=pass (google.com: domain of fm-1212295-20250625193904d657f811301bf74e88-rn0ms2@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193904d657f811301bf74e88-rN0Ms2@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net. [185.136.65.228]) by gmr-mx.google.com with ESMTPS id 5614622812f47-40ac6d458c8si636949b6e.5.2025.06.25.12.39.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:04 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20250625193904d657f811301bf74e88-rn0ms2@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) client-ip=185.136.65.228; Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20250625193904d657f811301bf74e88 for ; Wed, 25 Jun 2025 21:39:04 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 2/6] deb-dl-dir: optimize caching of source packages using apt natively Date: Thu, 26 Jun 2025 03:37:44 +0800 Message-Id: <20250625193748.2681-3-cedric.hombourger@siemens.com> In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=VYmysbnv; spf=pass (google.com: domain of fm-1212295-20250625193904d657f811301bf74e88-rn0ms2@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193904d657f811301bf74e88-rN0Ms2@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,T_SPF_TEMPERROR autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= source package are downloaded by entering the target rootfs and run apt there. For foreign architectures, this results in apt being executed under QEMU and leads to poor performance. By using the recently introduced rootfs_native_cmd command wrapper, apt will be executed natively against the target rootfs and without elevated privileges. For our test work-load, caching was reduced from more than 10 hours to an hour. Performance is also more consistent as it will no longer depend as to when bitbake kicks caching of source packages for foreign architecture rootfs vs rootfs for the host (in multiconfig builds). Signed-off-by: Cedric Hombourger --- meta/classes/deb-dl-dir.bbclass | 37 ++++++++------------------------- 1 file changed, 9 insertions(+), 28 deletions(-) diff --git a/meta/classes/deb-dl-dir.bbclass b/meta/classes/deb-dl-dir.bbclass index 3f560da4..7026f4f4 100644 --- a/meta/classes/deb-dl-dir.bbclass +++ b/meta/classes/deb-dl-dir.bbclass @@ -5,25 +5,6 @@ inherit repository -debsrc_do_mounts() { - sudo -s <"${DEBSRCDIR}/${rootfs_distro}.lock" - - debsrc_undo_mounts "${rootfs}" } dbg_pkgs_download() { From patchwork Wed Jun 25 19:37:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 4238 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:39:31 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f58.google.com (mail-oo1-f58.google.com [209.85.161.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdE8a007206 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:14 +0200 Received: by mail-oo1-f58.google.com with SMTP id 006d021491bc7-60bb414cc3esf331244eaf.0 for ; Wed, 25 Jun 2025 12:39:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880348; cv=pass; d=google.com; s=arc-20240605; b=j5LMYVdfD1xzvPBQ5iRB5CMyZXMHajn+zyVI+P1dv3sTRDeQNQs6l9yY73OTcjO/G3 vCj2f+kMDPwHdDWkDcJgagiXX4zQ4RvQgq/EjHeui3vvvgYAtjbTeMoiixGvQqRT7Ubs pjfDpx6aiLYKe9YjZ0FRcmOfP+iUSPPkDt9Uzk1mqDs51foOjAOMgKrF4j5yoxyPaTUx 21BglKTCjCosa8kdAaDp3K/ymwyzgxZnmYzLKMnWTXW4mEfmxhw+zTdIvPoXH8VzkdCM 2IVIAhJEkQt5U1Ga8vIGnOTFrjRR4fSlRMx+rea44MX2cuwP2iIrvQiO/d1gm+Gd0skC fDbA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OQkCnDwLjf5ZZzuZ7a8JvVFMUb8J5lmFFzOak4l3A2g=; fh=HBfRUgorAYQJ5Cb9ya9m54XRzMqLdFtq3rJ97TjoJys=; b=W+TdGmpNb0iZmosIwwJ2wmEyGdItQKjlo8AaO+WHaz/ltaJUN6u2KAhr3mBsP/zTma /UnS/9gXzvkWHuSsIIT74DezLG55mRDP2DRxQjzQ+5uQ2iuT7T6okE+2e9v6j3MuHmOl 1eefk7b7ZhxHR5tBtu+AJMyKd7k9160Fb22xA9u6VNUw+PvlWh1uxvhsSuRbrh2Bayor s4fhf/K752r87gwclXlnjY0QFzCSxAogueUcTBR3i9CNOxaajuUT/x2WnCBZnTWnBKn+ Is88DIsi4YlLfxZldNwh1AawtRcjxGzL8qruoVUlEQrpN2sePntm2ilzGqZKj2IjRjXw RjzA==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=hSSJvo8d; spf=pass (google.com: domain of fm-1212295-20250625193906f6dac9ad1c9eea624c-6wn4of@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193906f6dac9ad1c9eea624c-6wN4of@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880348; x=1751485148; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=OQkCnDwLjf5ZZzuZ7a8JvVFMUb8J5lmFFzOak4l3A2g=; b=mmecZqo7Pcsh7/7ZCdmMSwPMz916YMeW27vIcvW3g6EtLx5s3GobcRoR17Vbo8EmUP I9RULJwILJ4d4hew7XVO+L/hFlPJ7HxalPoaxDUjTWy8OxeqSlWGNqRsVFhh2A3Vi0ul LpAbaC5w9M1IJhgamwW5XDkVasFWINMUFKIg1Ocr5fc23cENrZ0BoV/nJNHUW9JwV43a pmF1UHCHfGEEmmj9j/WTLi4ocDW+e6DOIwiFhh7VCeKpR2wl5C/Q6ZTMFCOMQnoLfkS1 BupuN9TlI7YGGYgO/JHAMrBEATDiUj1nwNAGMwT7FOjNHGwpcVUgeKVf6TO4xRGu1x5w 56Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880348; x=1751485148; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=OQkCnDwLjf5ZZzuZ7a8JvVFMUb8J5lmFFzOak4l3A2g=; b=f4GUuvzMpB9mkFY8sr0BjoYaNmMxueE6+4FZ1CidSSe8c9Gvtsg133hsukKuhMWpTu CIcTH49AoEmCUUo++G3h9SdlDz+GBqWhOL1pRXIj3G+R9FbB6ZMszt8s/1BfLjioTqSW gCR9EbV2uWnT3ZMFxbB7TN1edtj2ZImkR+0R8jlSq3azYmkAYcBw+iBly8ijB4JQdL4o pPWy9SzVVQN/QHdnM4KEei/ZSUOtS2fH7aAigAVOIPYdy+7Jwma0SdAcoRragGVvvcUn 67sKdj273zQQiwPKkDbju/tI9nuNPQt9K4hmVe2eLDp+r3L/+pl0WWNiI/LGCF89yXai cixQ== X-Forwarded-Encrypted: i=2; AJvYcCWyFT2uKX90vvTpXRVi3Wi2XTBz+pwJ1g0/FTCvEkWsd7ZAjD862vWA4mvuthr0jR/lSUPmIw8=@isar-build.org X-Gm-Message-State: AOJu0YwGPZ2yk7OG1vjgeCOosJhc/pZzLKmdzHy20vUO19dE5dhmMgbQ 74ZqbVYL7rfMpe2PZ2eCCtcNmp+genC5alZO3U+COO/cz+AtQP+acCRT X-Google-Smtp-Source: AGHT+IEod0RskOzucsd8Oaa8uhbn+rBYZ5iiMtskDrlcP+gTf7R1XZPDuUFlv6VFjaE9nLNpmC89XA== X-Received: by 2002:a05:6870:1e84:b0:2c2:174b:c829 with SMTP id 586e51a60fabf-2efb21b59d6mr2841248fac.15.1750880348572; Wed, 25 Jun 2025 12:39:08 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZeadpuhT6MRMIA1R8xkScxT1xImL9zFJiDpkiRCXlmYLQ== Received: by 2002:a05:6871:d08e:b0:2c1:8546:7864 with SMTP id 586e51a60fabf-2efcf20e861ls121504fac.2.-pod-prod-07-us; Wed, 25 Jun 2025 12:39:06 -0700 (PDT) X-Received: by 2002:a05:6808:13d1:b0:40a:ab2f:618 with SMTP id 5614622812f47-40b05c69dbemr2992408b6e.38.1750880346769; Wed, 25 Jun 2025 12:39:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880346; cv=none; d=google.com; s=arc-20240605; b=CaVDkv2w1YBYCTMLaIPHbY8qXYJCG8nHWAaYVwpVyRhm6z6h2T+BliW4pNk7kskRd2 9FTnFx8bMgvQbUIUZm0Q4eTOB/nZfAhabGhBCKZprSaCyNdTpmRnFykNaxCbuU+HUHR9 NdlkHmnKoDAjGygVDb7ADeAAVwEGceI1iOrFQzDika3iyFouZ+KiLe1NPFV0Zj3F9i9g QWyzb6+UtT3srfPrrouzc7+2oGq6dR4szZzTOXP+/eMikZj98g5taavNyGIQlB/ScdRj BzxC5y3L5Jem709elIcKkfIjFhLlCpqgC3dzba41W12bTWoIxJgVONmFa4BtfKoEWSed VY6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=4hNIqM2vyvntWek21pO5SDHeWjBNW2wkEN4si36cJLw=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=axgdpHs6jUbeapCbs0LEBlNSB0ZDuWgcWMdAviQr8VAbb63/gF8uAPtIf8fK0gBE8w K6Bykao3bg0PCs3w1Ujar6OL1k1CaOrZFtNAHMHKzn0hMujaEPd42OUMVXfCc6wztTxL HxnmpUgDaVUB2dwTMfGL4ysyc6K5m9tDVQsjDHrx9nfmtSEu85eI4YG9YOk73sB9tlXp /kYkWIvltCS0InsGzKp2wkMQi7zynndvdzw/9Z/sZzXkiW8Y6mUsK828DhY3oiHX4rO/ 2hXR+ytLGuB5vfgl/mMV6GjCve3g8efleNKu6TT4Kes4OgQIiwskt1zo1b6/DklChaH+ 1Wfw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=hSSJvo8d; spf=pass (google.com: domain of fm-1212295-20250625193906f6dac9ad1c9eea624c-6wn4of@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193906f6dac9ad1c9eea624c-6wN4of@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net. [185.136.65.228]) by gmr-mx.google.com with ESMTPS id 5614622812f47-40ac6d458c8si636949b6e.5.2025.06.25.12.39.06 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:06 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20250625193906f6dac9ad1c9eea624c-6wn4of@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) client-ip=185.136.65.228; Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20250625193906f6dac9ad1c9eea624c for ; Wed, 25 Jun 2025 21:39:06 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 3/6] image-postproc-extension: refactor systemd version checks Date: Thu, 26 Jun 2025 03:37:45 +0800 Message-Id: <20250625193748.2681-4-cedric.hombourger@siemens.com> In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=hSSJvo8d; spf=pass (google.com: domain of fm-1212295-20250625193906f6dac9ad1c9eea624c-6wn4of@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193906f6dac9ad1c9eea624c-6wN4of@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Cedric Hombourger --- meta/classes/image-postproc-extension.bbclass | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass index 991bac4c..0af588d8 100644 --- a/meta/classes/image-postproc-extension.bbclass +++ b/meta/classes/image-postproc-extension.bbclass @@ -53,12 +53,17 @@ image_postprocess_mark() { --build-id "${BUILD_ID}" --variant "${DESCRIPTION}" --version "${PV}" } +# Use dpkg to find out which version of systemd is installed into the image or reports "0" +image_systemd_version() { + sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" +} + ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id" image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( image_systemd_version ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" @@ -82,10 +87,7 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_posprocess_disable_systemd_firstboot" image_posprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ - --showformat='${source:Upstream-Version}' \ - --show systemd || echo "0" ) - + SYSTEMD_VERSION=$( image_systemd_version ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ From patchwork Wed Jun 25 19:37:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 4240 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:39:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f62.google.com (mail-oo1-f62.google.com [209.85.161.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdHfA007250 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:18 +0200 Received: by mail-oo1-f62.google.com with SMTP id 006d021491bc7-60436c85f85sf270755eaf.3 for ; Wed, 25 Jun 2025 12:39:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880352; cv=pass; d=google.com; s=arc-20240605; b=MVHwvNelmZGHmIdgEsDwIBQrM7W2Lpf1PfVDWWHJSMKMeSSfj5F6eL7yFABHZtK2RW mK54DI0LAt1Atg70Mc2/xLdQ3S53Mb8t5YaGu8x1vaiuYxen11QKgbb4flD47SSkVh1p QRup34PU6LyD6W+CSVh7+ZdmJEaUJo+jvUyOh8YB21VlFBEsCV/AxxUrxPbaY7s5jfmD aruqK51z6Aby6oZaXLi+MYhIr8CzOj3dBRvUzNXm/PyboFMofcx6eW3njW/bxujA7B86 MG4lxnHSkXLScZal9Qz/5GXxJyZgVkKfFloWW5lRyqpjjTS8OP0kL/5XjNY+OGClC4BP mTmA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+hA+wtVfrMPIzgZqFs8uv4cjawUxSuwyWX562N4NGSg=; fh=9ryx+pqLFtFIL1BeRa+n/k1iuo/jG9qGv7kDYoYKflE=; b=lN7tr717IRPvt/RS0So2xr4zn9grY1949hHJa8v4TGXd8YrKz8uWvIpNJAeTSQyNkl x3fbYPVpq9NaEC36reIQITTWM7MVefX31UvHP7l55uIs13wdgrY2R/I1Cjw3g5bj3x9v bNNc9BGeEiK5TzBmj5udZeC88fyWWgoUDmUc/9c+UeV+HA2sAOauOIxeTQLEX5JeECcc MZVmg3Q1c3bE0km2vbWlZxLpeXlMDVd0sTf+goELHgwhPuyjzTjxpgi2jFxq/HR7E3rC XmDC7eUQEcHLNj07rjtb/+EgG0qbz+cGG3UmENl/iw8tYH1PsZGpjkTsuIpwX7YwI6W9 gpJQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=XSWAnCHG; spf=pass (google.com: domain of fm-1212295-202506251939089fad2363311a8d895e-67gypj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-1212295-202506251939089fad2363311a8d895e-67gYpJ@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880352; x=1751485152; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=+hA+wtVfrMPIzgZqFs8uv4cjawUxSuwyWX562N4NGSg=; b=Nnylo2kg6tm9cekZnPMBfqqEK5EVd0hfJ6v0Wbv9px4SufS/szZyiNEBrhH00/jI2i ZKRcmltLJ/czcQbkitzoeBdsn5Qf4oXfyMGftcyWmd9CBS9f0CN4Lp14BHhDvWE7o91Q XEWnRFOzu+USyEXt/XwL/QQlL0+f8RgCIofM5cvxgh1ZjLUZQW//RzOVlFDO4rCc+Bqn 0DPiyF4s2JuY+iXkqTrGrFeCXtgAvWHaj5BTMg8STHsfTH1assq8IS3ZvcXNAe8iVN3v L33t57Ilf91k5AM/XTicrjZ/4Aln0dQ12nN9lAcScYYoV+gUuktbSTAfG/pNf/J6UG/9 HkxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880352; x=1751485152; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+hA+wtVfrMPIzgZqFs8uv4cjawUxSuwyWX562N4NGSg=; b=wao2e2TwKxNQCWYn9L7gRC5YQi4p3lueiMH5HfDS/SPb0DnXawPGu8sSFW7g4AO3Fl +kN1xgQJRZnbaZOqHnU/6Kq3isrC7IE16yhDPNMEG5TAIveE85DLdC3pKBBD1MTm4J/K oR/On2HXSIbtQF9SnirAjXQYq8TlurxEYi+Rk0ZNdoGZWULsl2kXpMS/siyH2Y5f+ciE y28MlG5oTKHaFs96exUvFxLR7sDuyCV8CyiKkxuKxL/prl1JnScYxMqM+pg6D6T0W5NU 2aZCD7WW8/iytH99oaDULKEScSKQRjP0piXBsKB4SgJOQ4N3BkKy4YtHpNKWY8PMRqZd nxBw== X-Forwarded-Encrypted: i=2; AJvYcCV9tFpaXyf4TY17JH4EM1uQOv5BWWTWKIOyy2i7RNay+O1TA714KKwglCJPn2UYczcPr+k/xFs=@isar-build.org X-Gm-Message-State: AOJu0Yy1n02PU4qrZTS6oLMOp5xXIhOXw4WDh+hvBgkaiZCpMdf6258p qg/V+Xos4Rqg9e3Y48hJgQaH0dXAmWN26EeIkH/cU4q5zg8dSn7JWYaO X-Google-Smtp-Source: AGHT+IHOKbuEW4lnmdT+W1qMTn+v9Ye6sgni0Nb5tdNiDxawTUjYnSJdn/i00iIb2TWPNKZy3cA7jA== X-Received: by 2002:a05:6870:819d:b0:2e8:ed1c:ae61 with SMTP id 586e51a60fabf-2efb2436e08mr2904428fac.37.1750880351707; Wed, 25 Jun 2025 12:39:11 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZcvss0Y/o+OoHTMd0wMrcA/e5pwJd1OG8iBslh5U1K15A== Received: by 2002:a05:6870:831c:b0:29f:aff3:65c8 with SMTP id 586e51a60fabf-2efcf2480bfls246826fac.2.-pod-prod-08-us; Wed, 25 Jun 2025 12:39:10 -0700 (PDT) X-Received: by 2002:a05:6870:d108:b0:2bc:7d6f:fa85 with SMTP id 586e51a60fabf-2efb21a9673mr3315699fac.16.1750880350687; Wed, 25 Jun 2025 12:39:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880350; cv=none; d=google.com; s=arc-20240605; b=cEHDnAfybN95e/6LV/Q9AJlxtIUlQ/PEvmL8/D6LUJHtBMxi4xU3UK+BWO7xe+OEss 1KINoZFTnHKaVHrhxISrm/WLQDEt7o+i9Ve6At0Qa0yVYuCRO1YGCxpzZlhLSgRI1Ipr jvQQaskbnyRFeVNCJs7XWhMf4ilF3cI5UV9R/xnx8VmYEgaVvO7b2QAgvBrHC3uYfU0x JNGOBkfAZ/cIn83SIEkGRrT9ef1MDwJArmbw1ao+2jbJPEfF64Zg/prjP8lz+ZlLdz4Z 4KqGzJOY9WyLIutvrrWYbUqhEK6nK87mhTovDGO4tdsNYc64PNvHyPrcgdcxh/o8idvO B3Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=cZ65MmQ5tGIBLv5tDARVXap3h/1EZOdIYdZOghabFyg=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=KoICQ7q+aDA1Pn8t9EJ4Pi05h+spUGJjEdAg0WzTBvXUP8wSXZRFhlqpJx7Bs0/N58 CBHJjNAqsaEmbN4jV0R7+nzi6lWL3lE4oF9B78pRVMHduXt5bZROL4ylLs7j2cQO4GeV RJU7PvNUCzB1mCBKUOAtb9p2+q26fbgCf3lmwOc7Ck9r2MFK6bQrMyBCabwGOZSjc2ma 4qQQKuPjE+ZFZVq8ZDp0BwlCOZD4i+X0Iupq1XmdU5WzE6nFo4FS7aDyPaRKsDoehG+d p/5oAW1hbdrl2hZkDa9IUdLJbI9FEKH2Jb5rhcuBlD2EvomFHKxVAppDZHW0OAKe7tPr QtvQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=XSWAnCHG; spf=pass (google.com: domain of fm-1212295-202506251939089fad2363311a8d895e-67gypj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-1212295-202506251939089fad2363311a8d895e-67gYpJ@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net. [185.136.64.228]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-2ee58bfe510si558381fac.0.2025.06.25.12.39.10 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:10 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-202506251939089fad2363311a8d895e-67gypj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) client-ip=185.136.64.228; Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 202506251939089fad2363311a8d895e for ; Wed, 25 Jun 2025 21:39:08 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 4/6] image-postproc-extension: extract systemd's version using rootfs_cmd Date: Thu, 26 Jun 2025 03:37:46 +0800 Message-Id: <20250625193748.2681-5-cedric.hombourger@siemens.com> In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=XSWAnCHG; spf=pass (google.com: domain of fm-1212295-202506251939089fad2363311a8d895e-67gypj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-1212295-202506251939089fad2363311a8d895e-67gYpJ@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Cedric Hombourger' via isar-users Elevated privileges are not required to query the rootfs for the version of systemd: replace "sudo chroot" with "rootfs_cmd" Signed-off-by: Cedric Hombourger --- meta/classes/image-postproc-extension.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass index 0af588d8..21dcfccc 100644 --- a/meta/classes/image-postproc-extension.bbclass +++ b/meta/classes/image-postproc-extension.bbclass @@ -55,7 +55,7 @@ image_postprocess_mark() { # Use dpkg to find out which version of systemd is installed into the image or reports "0" image_systemd_version() { - sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" + rootfs_cmd ${IMAGE_ROOTFS} -- dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id" From patchwork Wed Jun 25 19:37:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 4243 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:40:03 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f64.google.com (mail-pj1-f64.google.com [209.85.216.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdKkD007353 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:21 +0200 Received: by mail-pj1-f64.google.com with SMTP id 98e67ed59e1d1-3138e64b3f1sf217321a91.3 for ; Wed, 25 Jun 2025 12:39:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880354; cv=pass; d=google.com; s=arc-20240605; b=C9L19+VZYfHIGyJccaL6EP4Gm6ZP0OYr3C1yGMgsVMBfcbFYX1NbbQA4WBvwJlt+y6 9UALTGgMs+tmAiXZySWHHFykaJTLHkMY2Z1eGUIucBBj0KfocS7YBcI02lo8Kj0svape yRzyrzlW+BfjMz+bm/Msi8xAAHLg1ND9MV4htTYODMxK9zEkex3nzhZpFaR9GIYFo9ff 0+Ifiyw14ZHl859nASi2DqEl4pmlRtcdgNpBew7ZDlA7oBFUFQBImXFYtgVtm0Q9fQPi M+O4y6Gp2b1mJOGdgsMASqDb8gfB1vZftbkZfr+nBocsNlElM/8tOCZr5wTJi+gWWGI/ 9M3g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mtPm83gL+IkYDcqIvwvKg6ktO93v07q4/vgJazVa8Vw=; fh=eXNSaMJ8it/swvSPXW1K1LC2lNXE4bYrML9AMyg6i1E=; b=J7bZTGp/dNhBzxFKFPEHoC/Uhq+TuuBKCe4kYTk0pTj+WvY7qEr2ZauN0Z8a2U0d8d NOw2+MjRR9iAZYCLA/UaHRAYji0xPitmb8BvJt+BYUgBScUjrxqGRWOWWosGOJ4goE/b 1GqOXG/b8CiNixCV2ltt9hhmz7px1Eo2BqCkQy2KO67KDiI/hvompfE9pQNSFffELMGu VtntRW6pl4AM0/BOC5/eiERt+lc11/1UYtXjXb/gibjelwhYlSnZpjoAv8tQBkqQT90U DJEjlYOIyB4i8+bEtpEOo78fR7MABTaSijZRHNz8430yWI17q6ufO2Y8kIZu93oksWN9 R73A==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=RcvLLmR+; spf=pass (google.com: domain of fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-2025062519391045f2ec8a40f31b06b8-1_HkUt@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880354; x=1751485154; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=mtPm83gL+IkYDcqIvwvKg6ktO93v07q4/vgJazVa8Vw=; b=grzPSovx490AETs9UMrvi4LecnbcOKvWcbQ9y21kNJhNM0U/czKfcevT0dIZ0u5kPH ForctgwxZFTN1cWtGhQb4AgGECaOtZPyeELo2DeuC7fwuQo6tXf6ZHGlZsxAWv9dQHOq xA5ZzFVit2OtjVuq1T8eT44PA/OPgGjNg7JWBeO0aPuIZrtFAoCUo7pK99812UsrVFe9 6s/xBoznoMT5PTnnyVmTFg2tIIM79y4YYMfjgVat9uDBRnscKpx4XToZjF7IVX9JL8o+ UZ8lHa6YTsMErWe+G6C4nWDv0hLZ5Hc/+j1PKoNe8iKkIaA8S2KvqLbDRKkGwxW+sIY8 4ofA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880354; x=1751485154; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mtPm83gL+IkYDcqIvwvKg6ktO93v07q4/vgJazVa8Vw=; b=cMQtlVL561yhR/dzQHJHtyAvgZua8Db64XLDCf1NrqEZiAvCy9dbZw18e8gI2k4iRS Ng0GUxeKpGckLWPSq25krcodTYSTdWNzxeicTGg1C2Cuw55pMQo27KpBP9PZH+LPfdAV 57E8pi/OLixyZnYmdl7Dima01w3KHg4K6gY5+6oS2+oqv9xet/WbsIlb9lzUxeY/6by5 pER8x7uqsVTdfHTv3g2XBIDl/YS6PAOvzHL0u7r66pcDvkX3USeNElMoY5c6BUd/R9nP cbLxWiYarXkpiJFtkKijlBjQMlTV3xHe/k9+Voq0BH/d9OoVTBQhSj0XdFwCD84VXzso xRsQ== X-Forwarded-Encrypted: i=2; AJvYcCUM2KD+gn/apf8nSg7HGM9mciUHt2/5wnuKhtAJ7L8WhQd70z+4BOxp3aXnrAixZYHxcT5vReU=@isar-build.org X-Gm-Message-State: AOJu0Yz/HxvgaEmiWdsqcxinZ/gBQMjZDzdOtzCkTCRVYIChjE9zEwI4 tSnRAcYSJv6vBChP3P0MGtPxR1+WGJKrR7a2vg2sgYsjK6axvbslVf2H X-Google-Smtp-Source: AGHT+IFRDoknkZ75Vldt5Lj8MwLjI5Gva6v6XaoO79HE6iR/qKqGwbzy+0L9p1YmrYs6QUJ8Z+hsqw== X-Received: by 2002:a17:90a:d888:b0:311:f2f6:44ff with SMTP id 98e67ed59e1d1-315f26965b3mr6890968a91.17.1750880353776; Wed, 25 Jun 2025 12:39:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZdsLVuufPVNiTJv+6T3v2CrAtL3rQdSmDlPB6hceQrulA== Received: by 2002:a17:90b:164e:b0:315:d222:ae43 with SMTP id 98e67ed59e1d1-3166c04c6a7ls325265a91.0.-pod-prod-08-us; Wed, 25 Jun 2025 12:39:12 -0700 (PDT) X-Received: by 2002:a17:90b:38d0:b0:314:2840:8b21 with SMTP id 98e67ed59e1d1-315f26c1e43mr5932618a91.32.1750880352357; Wed, 25 Jun 2025 12:39:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880352; cv=none; d=google.com; s=arc-20240605; b=Ggws9qqNRAG5IHg217J7SkQAryl1S/Pjy9UdcbJfuLLhIHi/rF0YhQhMwM/2Pm/8QU WoKzhyOYaLt3JOE7s1zCxUPnSF5W2YpLbn7wZwNRPU6vTGlOWhGGPBwmLSIaFM2q11Tf jFusCb56SKCHWYqiZJ7p0cK26f9H2wNvfPllKULs/Dyk/jSeN5Tywlk3g50iAmxgzJsy EejiwfRxFBuVDvddXw8XOWNWeUau/3LMJgxJ14mMFtcPGcAqWdrTqL8FUvPLs/MdNZFx xdqnaHW8cq3nKJERsvY8S1Vv3ZCyxYrJUuFkWIQkGql7msiNKTTpoP40BAletVqCH1/4 2yaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=+iBcG6XtaZZoAmge/blCrj6Y3E/aSMtJO0qFccA6EUM=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=jlvAAMRwhINIWp9YCu/eaPGudCMYaJUObDmbIUEs3lP4tev2k8WHiELJKGCGfvbiAN O/WbDAQJSsKv/ghcaIZeTMHq+NTXcf8kXVjKE2tYiFosBSd9Oj9ClIrdOGz+0rKuhOdn 8BN8PMHQLKpkpVWt2xj5Y4an9++Q1UBBipMPfojRnBbXpx/Q7ejoH0ef2w9WECYqwaA6 1hpCAkFf3PFzbIMe+vEeQOVArEdLeEfpKMA3Js1RthNEajH80vpyumMY5CyN6aAeadc9 nZVz9+5Szzs+THXxr6RRD6sW/ePUxEb/yPt6dKi6XgZeFRLYhLmVC6Fvu7ga1fTInQn8 VW8w==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=RcvLLmR+; spf=pass (google.com: domain of fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-2025062519391045f2ec8a40f31b06b8-1_HkUt@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-315e9e5acfdsi168208a91.0.2025.06.25.12.39.12 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:12 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 2025062519391045f2ec8a40f31b06b8 for ; Wed, 25 Jun 2025 21:39:10 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 5/6] bootstrap: create lock for downloads/deb without sudo Date: Thu, 26 Jun 2025 03:37:47 +0800 Message-Id: <20250625193748.2681-6-cedric.hombourger@siemens.com> In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=RcvLLmR+; spf=pass (google.com: domain of fm-1212295-2025062519391045f2ec8a40f31b06b8-1_hkut@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-2025062519391045f2ec8a40f31b06b8-1_HkUt@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The syncin/syncout commands passed to mmdebstrap will create a lock file in downloads/deb if it does not exist. As mmdebstrap is being executed as root, the lock would also be owned by root and this will cause problems for rootless commands that may be executed later (such as downloading of Debian packages). Create the lock file without sudo prior to running mmdebstrap for it to be owned by the build user rather than root. Signed-off-by: Cedric Hombourger --- meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 931f6f13..b2de61ad 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -181,6 +181,10 @@ do_bootstrap() { && sudo umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT + # Create lock file so that it is owned by the user running the build (not root) + mkdir -p ${DEBDIR} + touch ${DEB_DL_LOCK} + sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ From patchwork Wed Jun 25 19:37:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 4242 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:39:51 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f64.google.com (mail-oa1-f64.google.com [209.85.160.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdJrt007316 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:19 +0200 Received: by mail-oa1-f64.google.com with SMTP id 586e51a60fabf-2d4e42a2b2bsf299962fac.0 for ; Wed, 25 Jun 2025 12:39:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880353; cv=pass; d=google.com; s=arc-20240605; b=TNX6sPXWTV4yxHQ2ZEUiIsyWmBbXVypTWGjNKrINskcKBF/7kJ1yi8PuxHgQnzllRD v9OrdELEIDCv/bDUtI1U21Trmyg+B2v8BvK+Wp1oK3P3uYLAEGmrmufF6oTsO+zEitSl yilS4PydWXTGNANGARm+h5/ZujA5PWFIlHKbznffExOkeg3Rm3fWdBAtZikev7um0J5E T9r3tYWM90VGSGYxP9slMt3zbYi9AeRBcnbzsMHSoS4lKsG9aRNKVigKy++2WxwEhXxT yLNGLn+qphDLnsIdGi99JMIpCdrgiwU3wDO09WGYgdN5vvbsOmyEVT5PGkedHUBBg/zW JwSQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CneqdDxyBk8sGUcp1HDncRDWJiXE/o4BGkXSmc4YqZA=; fh=vsz94576ty5Hn/ty8QBNdIhAmsUwJ14trFj6OlcUAHE=; b=QvOYTJWqqR6tumlLdryde8nTqg6CLwxAoEE7BHEcq9p6Sx3qRE5LoJkKilngk4HXjl KE0ropW3lUpDTZcQQJy45tJqaxbrADc8oXf7Hkrkcv5MmbK1UrJPuMHjKuV+KDMvuP35 1Jt5Mh+YQyPgvZ8MmQoOIKNDtSYXT+dfZMPPfFNO6dKRNw3/uEDtWfpiQvczdc3wBR42 M3Q18Emj9bG3jBElhaCkksqz+IdLmzdpNydpHVt6/4mkX/nvydUoPabhQIx/3y2yo0GH 0Xcjb4rsPs7nO78MPPoN/rzo7E6S2j7IFTDw1YrozLSoCas2RcR1Sc/uR4vFcj+GWdh9 GjiA==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=Q3F0HPEL; spf=pass (google.com: domain of fm-1212295-20250625193911897dc41b5d7bdd0a3f-qwmh_q@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193911897dc41b5d7bdd0a3f-QwMh_Q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880353; x=1751485153; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=CneqdDxyBk8sGUcp1HDncRDWJiXE/o4BGkXSmc4YqZA=; b=onzeloWxz324M5VgOmEltZxfDtjx4eprsv6W4002TMyJtjhsGlCr8e7tYG15IiwhZP hWsBQI1FiGiBgRk4SdpRvj+tvx1hVvIDO9bSgIR1A87LZX3HxPfIJAA85K4tdsrHuSzz nSpDm/ArqM5/ARf8mXk1fBfTtmXI8GUIzRdP/os8cM7HOAAa6VL2hgp5lZng9YbDgbs8 m7iO+yzzhGHuBgQoybBFs49hQv8cTuG/S1tV/N0wLXxMVS/BO3vV4ncnJt5rOeHog8m8 Hn99/Vo8RIh46C5I4uz+MKYtU55mcdV3RZFHm6wmLhX6rW4v25LwDKJh7ORRfn8MpPew VEyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880353; x=1751485153; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=CneqdDxyBk8sGUcp1HDncRDWJiXE/o4BGkXSmc4YqZA=; b=pV+/BXHek0PewOBRIfeh8o25HxY4MJtTjbCO3bkUqGhgrs5hCVASRGiwi0dGvTG5uU HlNET0jzQw5NF64RSQ4SGGF1Lvhlu2b4bqrMRcXCaVDxsaoYEGtGGv8DJnQNuv5gab/F ew4A7pg/j98ov47vqCvJd/INR7xeVUoHWmR8nkoCzAUWfc+Ox5zZnRCu92EwaSVn9494 i0xoPHgsyiyITcbCrRnS2EBRD0pSPTlE55n5UVyrSE7Nn3khWl93LhLyv/bOHov/c9fR hKPmv1V4zMmFLwr4Wgs0oG8jbwjc8O/Js7kNYGw+Vi81CY8YktQnOpbFsTGZTC7Vm4Ka Pvhw== X-Forwarded-Encrypted: i=2; AJvYcCV3eWciZpvVp1vjiCZdqh7zim1anPsmvsfbhpUpeLtriNvz+v68Ke5pcS7QhzPKgcV1xGIIZlM=@isar-build.org X-Gm-Message-State: AOJu0Yww7XdLACcnbv/9wlZYVMmRMTVSPPKP65P7GOXKBHvcKat3FxCH gu1HvDHFH7FgBPea5JWVHq0XdmEfyxupvwFdfZ6+sGwe88vxTKDB/KgE X-Google-Smtp-Source: AGHT+IEKi7IyJ/EsIUU3ouZQ3q8CYTbxBP/145gPO7BmOYh0kdpXWqL/KLNOh5Fl2QBsIWGjb466mQ== X-Received: by 2002:a05:6870:14d2:b0:29e:74a0:e03f with SMTP id 586e51a60fabf-2efb28cff1amr3132342fac.24.1750880353498; Wed, 25 Jun 2025 12:39:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZen1B0Dywi/e3erzdIudia3TtPUezLHgIcl7VBNXfipFA== Received: by 2002:a05:6870:8895:b0:2ef:a100:ef09 with SMTP id 586e51a60fabf-2efcf1e218fls103610fac.1.-pod-prod-05-us; Wed, 25 Jun 2025 12:39:12 -0700 (PDT) X-Received: by 2002:a05:6870:523:b0:2c2:489d:887 with SMTP id 586e51a60fabf-2efb2785ed8mr2772898fac.17.1750880352470; Wed, 25 Jun 2025 12:39:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880352; cv=none; d=google.com; s=arc-20240605; b=OzpwfLig9p6l0WPvUKt4Guoc6b+MZR1o+j5suSjwzFSNZKXAPaa4tzV1m3IXSYVu1B 5VRRTwFpEEOvaKnx1RMpnk+MBVWcZ+JL8B7I15FcuoP0bE3eeGlCfavYMJaOrZIXxd+D n0nPh6WUl15RFYukUUkuTP1O6IHkFVROa9TVhgQHutSITVn0lbT8/04Zkv8DNJ7LEpEv vCiSpk+I+1DMdw+X7cv324O/4ExVUGaRFLmmIaYZBrxdMllDdwOoi1Hz18i3sDb3LC7x ghrd01hgsb1hEU77M0LMTAgcoJvt/3x5u616hoJ6uxCy3FmMrBfsR/AXeCWq6BfzE9wx cSmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=mvTyPKqF/HhvlcQg1J4QaDOEhGPsC7k77eftIndRXTg=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=Nkz0ZXPLn7A0nF6KQPiJP7oXqI2kkXqmGmhDlk+MjuH4vHtsMgy+aoLmScuyD68Hou LlIeCyluCh4Gt1ujO5TtEdMd63GbObSYpYGxc5z7i9+EvwU8Pkb81j9iaVWLPVSttCiE sZHWacHcHT5TkRX6/vR1TD0IMVx78V87mcpXRYMkdM+ToBHreCT71H9qZ/3Xm0yfRF+f hmva9Nii5w+UEaHWrNQDl5jud0RDXVUKNqnONrkb+0F5s9QKJdPXBUwxA9XwvAgsUF9q NAoePRjo8bGmMdBDg9mis5VuEKt4z0vHIvjzR5dIdl5xHtNkmkyye7ojkE+SNKSUiWnI bf0A==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=Q3F0HPEL; spf=pass (google.com: domain of fm-1212295-20250625193911897dc41b5d7bdd0a3f-qwmh_q@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193911897dc41b5d7bdd0a3f-QwMh_Q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net. [185.136.64.228]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-2ee58bfe510si558381fac.0.2025.06.25.12.39.12 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:12 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20250625193911897dc41b5d7bdd0a3f-qwmh_q@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) client-ip=185.136.64.228; Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20250625193911897dc41b5d7bdd0a3f for ; Wed, 25 Jun 2025 21:39:12 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 6/6] rootfs: do not get elevated privileges when downloading packages Date: Thu, 26 Jun 2025 03:37:48 +0800 Message-Id: <20250625193748.2681-7-cedric.hombourger@siemens.com> In-Reply-To: <20250625193748.2681-1-cedric.hombourger@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=Q3F0HPEL; spf=pass (google.com: domain of fm-1212295-20250625193911897dc41b5d7bdd0a3f-qwmh_q@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-1212295-20250625193911897dc41b5d7bdd0a3f-QwMh_Q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Use rootfs_cmd() to run "apt-get install --download-only" without sudo. This requires /var/cache/apt/archives/ to be writable by the build user: change ownership while populating that folder with previously downloaded packages (those in downloads/deb/). Signed-off-by: Cedric Hombourger --- meta/classes/deb-dl-dir.bbclass | 21 ++++++++++++++++++--- meta/classes/rootfs.bbclass | 16 +++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/meta/classes/deb-dl-dir.bbclass b/meta/classes/deb-dl-dir.bbclass index 7026f4f4..7fe052ef 100644 --- a/meta/classes/deb-dl-dir.bbclass +++ b/meta/classes/deb-dl-dir.bbclass @@ -100,9 +100,24 @@ dbg_pkgs_download() { deb_dl_dir_import() { export pc="${DEBDIR}/${2}" export rootfs="${1}" - sudo mkdir -p "${rootfs}"/var/cache/apt/archives/ + export uid=$(id -u) + export gid=$(id -g) + + # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ + sudo -Es << ' EOSUDO' + mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ + touch "${rootfs}"/var/cache/apt/archives/lock + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + EOSUDO + + # nothing to copy if download directory does not exist just yet [ ! -d "${pc}" ] && return 0 - flock -s "${pc}".lock sudo -Es << 'EOSUDO' + + # attempt to create hard-links for .deb files from downloads/ into + # /var/cache/apt/archives/ so apt will only download packages we + # have not yet downloaded. perform a regular copy whenever hard-links + # cannot be created + ( flock 9 set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -111,7 +126,7 @@ deb_dl_dir_import() { ln -Pf -t "${rootfs}"/var/cache/apt/archives/ "$p" 2>/dev/null || cp -n --no-preserve=owner -t "${rootfs}"/var/cache/apt/archives/ "$p" done -EOSUDO + ) 9>"${pc}".lock } deb_dl_dir_export() { diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 429494ae..977bbec8 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -277,10 +277,20 @@ ROOTFS_INSTALL_COMMAND += "rootfs_install_pkgs_download" rootfs_install_pkgs_download[weight] = "600" rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadProgressHandler" rootfs_install_pkgs_download[isar-apt-lock] = "release-after" -rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" +rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + mkdir -p "${WORKDIR}/dpkg" + + # Use our own dpkg lock files rather than those in the rootfs since we are not root + # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) + touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" + + # download packages using apt in a non-privileged namespace + rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ + --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ + --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ + ${ROOTFSDIR} \ + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= ""