From patchwork Wed Feb 18 11:58:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4864 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:58:53 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f62.google.com (mail-oa1-f62.google.com [209.85.160.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBwpBN023066 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:58:52 +0100 Received: by mail-oa1-f62.google.com with SMTP id 586e51a60fabf-40948b7e832sf61390228fac.0 for ; Wed, 18 Feb 2026 03:58:52 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415925; cv=pass; d=google.com; s=arc-20240605; b=F+djEtqKKb+31e5pAYHMGZUuiDd+snK3Ako3nDxXguvzLIXNj5wC4ZzEZQY8iqlWgT +qqUH01ttdE+KC3njtiikLa7P4LI4NQtEU8DwRl6ZJC8ZLjIa0bfx4f9e4b5XUWyKXxQ O3z3+ZpZnGoEbF47cVrUVqgdcV5DPamaiwI/Q69dHv5JIfE1JC3QnG4wxfsD4nirD0j9 7TdpJ4iFRB/M0TcLPy51saf0PNggwiCxnKpyPQneOzzh8PzNDWeZzBqX7GuMqz9QC6i0 P++45criZSZtXhvAQHq4kZ7QdaH1GByVHbIBexopLwT1sl1CgQZAJMOUFYnDKgr4htsV wXhQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=vYT3RLYhJDtPf97Lc12R58RtZBSjb9m3XWUHdhTcv+0=; fh=vsH7WHx9J+4CkEazoICayZqBkqcPQY8jS5W75hc5aeY=; b=L+uv6bWZfsw46pRkeakKzv4ZU92SimmdyIuLz0pCk43v/pvl4MSl/JXMTLwfKvOXNG xJy8WdWUHc3X6Wpq8tXZcSw4lDL4hwP6RqUpdebUlHnrx0VxZcuEfDU5uCA1nun6/W6q CxG3ldVLQc6wJPdoVKF2f1ylYjhPgJsh/XthFVbNUr8xCqfYIKoyYrx8Zp+rx1fH4hi+ TYG1AzOsaFLeIQ2fvBe+7yGePKj7KxEFlvh+MODP7+xguJzJAyYrenRZXe8KhbmZ6WYy WYEUAPr4zo2k72oEcTOD6+ATTUGHRELUVROWicb+OcU+3DTIu9gdXU++JnaAEO/kSAfu Mkzg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=QLmRwHO2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415925; x=1772020725; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=vYT3RLYhJDtPf97Lc12R58RtZBSjb9m3XWUHdhTcv+0=; b=XhI99/lM4lbXrTe6A59XCvlsqfjPUonylqJSFjpLKtbh4ee4ji0FZTYrWe7AbhYtNA 1KkBgfl5EHTCD/NqK7XxZkkK9grZ9CrKuCSawEGhWLMl9hTRpN0KFxkVV73/Mz0vf6/g FIpv4kq1z06XuHLKGAAl6FJXIjc8JKtWW9zEXmVWKJbsdq/mvVlYf0elr4ulQhcOBz8T wCvtSBkDDTUdC6x0VNTMG5d2+LDy/lJ4rzG8L9e0oo68/zP1zfEv0uM2KAHU8U2D2e1/ xm8bkJ51xCmnqO74tiulP6yxA7SI8YifaVUSoTCCHSJDBMBlnA1oxAK5oB9lyo0/wtBj ISmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415925; x=1772020725; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vYT3RLYhJDtPf97Lc12R58RtZBSjb9m3XWUHdhTcv+0=; b=cgVGE+GV2LPvincajRXPirWJDoKsGpXqkscFu8Ov0N74kWZ6XzgALz4+t/+pfMA44r R9GWXSCSx9rtmGn75qpqLqfewWL5y3TGsCef8GjDa5CMl4bvjqRwmOrtIo1xoltfsJrY OOUfu7QLxhfsLqsm05Jb9dg9YBKH4g+/ee+L+Y68hdFEOO8Py39p0LzLwELTSvf/acPp Qs/yfsk408AfSVoQetq1w94Xoy5RKKhmJ+y96ODyRsyIkndDOX0g/0USvBohu599I87h UyrX1bN0nlWk4JESDesvaiwALs1FmBOLHfPHGT/HTnGIDkwYwDrXLIOLOlcOCC1Zu0eP 4jFQ== X-Forwarded-Encrypted: i=3; AJvYcCVltGn4jGpj6ZU+A46NSLEqd1iVoP1HqWcfUwIGvLIfpcuQmSr3aiNqtEAPJGwNPJegZtuUQlo=@isar-build.org X-Gm-Message-State: AOJu0YxUzKamFgraNMJ2ai/IjO91JOwLx8VsDTvUYJ6WkhdbDAQcjyQ4 yKdaY2eb6srBphd6V3m3gZie1lT4FyrWfdvOMJ7y/8cvDO4wCBVnUXQ1 X-Received: by 2002:a05:6870:f2a9:b0:3ea:d0d1:bb06 with SMTP id 586e51a60fabf-4152912da12mr869003fac.34.1771415925250; Wed, 18 Feb 2026 03:58:45 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+HQ11iPORAcHAVOKHdS+neDZVgDe4aDyKA9iQHQrJWWlA==" Received: by 2002:a05:6870:174d:b0:3d5:92b8:657b with SMTP id 586e51a60fabf-40eca3344d2ls4662750fac.0.-pod-prod-09-us; Wed, 18 Feb 2026 03:58:44 -0800 (PST) X-Received: by 2002:a05:6871:80c:b0:3e8:8e56:6717 with SMTP id 586e51a60fabf-415291d968amr802847fac.55.1771415924379; Wed, 18 Feb 2026 03:58:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415924; cv=pass; d=google.com; s=arc-20240605; b=VjEG1PDVhyzRVRC7gHgDT2wcMvUCQ1H9/5yeVCHbdMcRLuOKegFojBMHQJM8T4Evxq YfW1urL5EtNrXVV1PtwsBtuaZ5KdQ2zYer8tYb/1KzfoT/ZDVdD965kbt+yg5vav2sOj Yh4Xa3/xkvnAf1uaLmpia0nYg3dEGZLNOI02+YQnBKC5ZDJwKOuMWmSQ3M4fVzllAI0E b5n7kUOH2vRX7y0uT6ZPkGH5x2ZhEJTv6BK4wA5sdKuon+LfdEn2pWDSpPiO21NeItPN +G8kCFWTIqjZlM/G97rqW4B9wgZNwbjZY5EqkVfgZ41A0fyRGDWlWC82vTLCoCeCnxX5 BTXg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=gs1TYjA0sLOIzBL+Qb51efk00elL4suvrBXkX9ZNWkU=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=BLIXmummM/Bt0keEQJbi2C2lORuvC55miC/tO5yZcgMHGzdLm4o9ot49GIwuKeBbMU Cy50XzTeWTDXZHYCYb4JYcqIkGF+ll/RCdCSOzdnEeboQBNLnFeyPtcRbPSreAZ7FuvO GV9Ia8NQa/Q8sK4NjeFKN22IS3Jn2vQpYZDPE5g7QzFjB0HyqxZktRR7sTiisc1uw1uE nZ5bXhCtZyFFF0Yxhr2j4eggdKB0Xz7ILsjeFCW68z0DAW4QjG4GaKocTlI9JkFC5FNc 7ym3X4o5C3mP0LrMqjsMhphE4OZvz9zqm1pbTA3yP1IV2l0cq+kqeY7JN6jK2C1EZvRE SkYA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=QLmRwHO2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-40eebc3d778si667213fac.2.2026.02.18.03.58.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:44 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qu87jo4KNQms9uWlHy3Ctxbr2U9el9TnQbMj6Qj7R6VBWuZ5FtNl6nVorqh7w3gALJX3cUXDoN6OALfms8rnwzi56V0t6a+OvxmhLSzOM9Dd2qmM8M6r9t8nUtJOeRyPnWCiDKumY39mCWJaJ1lQMFteyFQC2/FaudWR5M0hiQkAd2AVG6hWDrxfL61jWPLft0WHm4vF+Xb4jvn/pad9EGTtY5Bzx6o7EBARYScUt8Y+Q7yEX33qhPJzsnZXXDjSv/N0VxL9fQMpqC/rlUB9r8ZbeJfDcLaDSg3zwtHZthtzowr15W9EYWQLaD7oR/6Heu18e57dOckQBUl3OJAyZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gs1TYjA0sLOIzBL+Qb51efk00elL4suvrBXkX9ZNWkU=; b=q785QXmIZBfNEFkExtTwtnNZJ1DfxX6MHyZtX8Ax9AUfKcdRKMGsdTVqpl5Q+h/NStUSRLoAnvdGRI4IaMH/QT2nRU/hnzZ5qaoDRgJmEKT2Get2tpIYELxfeH1NVeU4leNcvtTtlrOViDBZWVaxuDk1XbysSrNSx6kCg3pgR9GDgXMLdUdibgUGNulGvL8Z53xkup/IaeypQWYxho6BFkAc3+URFG5Q+ggSCRFBsDBmm3SbAwLpR3/NUtFmTZ5Moqoj8LtyntKA0o+NaHqOk9BzxOhTeTwLmsuTY9CDU5GQPharEU1H7pzSRKROIaR2bmZxJ6wl1RoywO2bP7umyA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:41 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:41 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 01/12] refactor bootstrap: store rootfs tar with user permissions Date: Wed, 18 Feb 2026 12:58:16 +0100 Message-ID: <20260218115827.3947145-2-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: bfc770aa-0cc4-4a51-ad2a-08de6ee50f00 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: /pLoT1XbOTWi2BoehQ2Ol4kvHiJIe7o2TUmG91YrK02A7UrKBORCMpqpm3482QveAc+TPMp3AOSDAIVOjE6hXqu3BeYN/IVdmjSlWGKqA8iSnJ8IfI7tUZhPB5hPeEOCl8b5Wuduyo/rUGTfUcarD7cKGgIynkJYGe5RviX/x9sEYlaGAbT01qwYopJqRxx3yrToLyEuUsKoUNsBzAGB6cnSggmaZieS8zmVXUnDHpIXI+KFuY+SOPiqzzb4F3d5n6/FYa0c1vwYq9GnI9Oyu+E5Z6NG/asT+ZP7LrZtxTZ374PPwbLTJ6su3OxKsKPTERnH+s14Oo3/unoC8iJ1XpG4vF24n2aJyEOapDTtRuwgiAQ4x+vRPskcQnroqacGx23qx5NUptSzvX0cmeh37ZG7vkavgYB68Sk0woM5R1pWkow9pJnWRWP7IZQlkwWUt/o3MjOutaHBsQy13HHgmuMvM1m+gTI2R6nts17hP1SBNfGWxWbe2ADTZYx95gYErxaQc9PQz4HpodipKM/A6LBBHekWXneYDkabcWcITv/MQ6qvkCkFMv9sVWG4rOrwq9iijE/ts0U8+nFCdKiVPasuFZQSsQy3UDuxXJw0F9pTfRsGPLzDC7i5odIIC0YiHOqZZdSfugrX/trURivZaC0sh5C0wI2KVYikI392GoVm2ewgWZ16yz1uz18Dv/nIHohMp8OYo//XGV3FHnP8eIQXTAQEDelMyyvtleqffxHZ+a2JdrXLSKSi7aS2rzvB3I+MC1Xdnxm5bMZAAQ7dzaeDBeZPey2hdAiKkeSRXADPlEKhT9U/Mwg3o+uBEQrzTR0OKeluR2J7vNi4Lgr4KuhkpvXuMZKQh+ePOt/T31kdROfYUguVmShTOWoUDnF89w8v6z2I1D5cBl7moLioprp65vR738htOLMKA1DWatv87ZM0d14O3djV4I1aQhNhUOkH+2B/d2mW9mMOyMavWobUVOjkhY0wANJzUXghtYKwrgmQwF8w/rQr1EY7ktwcwKNisMKquU5T7O/cibRMoEM/UTDWKJlRsUNQAkpCm2/G9PPgtQPALdp4p32hjaO9mFF7dSznOHeLXzDJet+kDK5FhXMvUjhmHmDFtCJwv8pxO0X4Z8kqa07fVOdSU0HriNlOwqt5Bhf3mgBdtA34yy3NGAkFz7cu8F6lelM05dm6ktl1v4VokZYWZMVHND4aYddUrFEEDv+BnCnwhQyhSTbQ7fmzPaz920KAos8awpGTp6zDBVvPAKcd3t+oxamiXb+Tk6VMm5vJzgs1+ifr3F7CbEkSdWs57DWKJ/r1ytxi1c9zY4fDtUKjsSJ+YxDPaW4S+TKiHJfDQpkekAFsZy2MB1/IT9a3nunEgRY5cwHFEmcEfr7lsxnZ7CUnMYWbgjU6dPYEmq0COf0jC3stFfpNLtnOnehIORgJBTlVR7uYU20d0Y+zc1FJA+VrhbbZG5VKT55r5nkFwuhBaQuorDIPY4Kg6z/g7pRdCpuObNVzFMhEsKclnQWk3yLWdQZK4X8kDpZi9PfplZ2CyHzD+FCHIVaWGcL+E/fl0wm7jt0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Lj8ZVbpd2SG+ARvHtsS2ONTnPjd1l/jBoOE8pxMSR6ifk57Lpeh9hCtW3XzzJ3EyW66TwWKnkWA0Vs/GvWfa+GaKur69zJGS6soevWhzXGN89RxtsNtFxn1CTduiianSd0TvVEDmasaSxci4ccV+EhrZ0ET4x2z74J6zg/+26PplvG07VRp4WGKI9hLAEgcQoC15EWKZm/74Fs7fmWtabgCVBsscfYvWXdQymhIP+D3ECOnd3Zx/2FuFiIVaY0ZZhnu0fcdcafNTn5RSm4Nb4MRYKoTIyYA0cBs0siEvVA0gpy2Yi2JGhdX0NBuGQ7RF2IC2rNShEwGToNRwhl7yGKln6dCHqU1cPjIoaXBEoKYf/AGx4n2IBR2lGcnpotgutQ/VPG886tWexCQ4KJZnNmihEMIPgJVUvRFanIb4Z5gXIj7UTJe9gRkmw30qMtkQ0Gp0f7nGYYf46LsLHWet0gVklhQqMVVQFeunMTj6oDHcpYlSLC2ccTSudTTPtB7xy85bq98z7c8xEkxbH9ifLNxWPOJ1NZcSCol1N5tL1UoCi4rQXqdqPpT2tv1bBIf5V0k5AdYPU1i/HGvdc9dYrX+BLL9qSHzVG5kyRrQ4jjw3xtwLTelPCFqy987/jGaZVsBZJkZkhoISxrdBL9Ypi9wYSptAvnSRSP6FVilQ33awOxglBhhv8jpJ80l1gmq1Ua9ZVJUdL9LxdvOf3VsIzztaZOH2i1QYfxf1EkkyVoNvnpFjtezria+XVokVgYGKAsBSV48RaaCMU7o1JIary9IYF3SXpq4/g59grqWZVZtzhLsbwixFa8TIMO/TYFSmanda5suhbRTwxTo59XszGSpSPDHqDu1Bj6msWjPCS12uAgnbizsrg0jkmEOXl9UhAs/zSsUcv1iQLpN438oqjXKNnzMfM+/NQXfrMAQ7YRsHTXFfeWBHoiE4bez/40dhiJYFXlSkp6wQIDrU+Oy8qIRTyMEaIB456PEb0DfjCQ8xbPIStxJz/ixbFclmOgrXDKXKl1wHOnmeKvRODfg7rZIluiHuCOHR6J7HtGBQFHTnfKQz82EdJPTfemi1K//JRXa+uoTv9qSuYp5xj4OjQPHqjQFnAJZEazCGjM6Nn8la6N0lJQvLTchm9nsC/Rnt2zdj6gF9a8whGNnv6iAAKKIRxa0PmBSpKGFzOITpIVDBBdSMMxTbNS7Keqki2EtSNS6Rr4nDT/wpUr90U3VfJgCYgMl095iYXrQ4PjLFJu1MUt7G9onAj1g1jOFOmfU1jYBVZ9gxQ294be6EpOGYmeY5vjcJhQmfQmuUZpxHns/PXT+++NQ1KnH9aCvAtKZ7EzDPnbx76iEq3wjg8stEeMSNotDeHQ9ITMuded+A/yiY7XrV4rNmEy/rnfLXIA6zLW/4CRg06rGPu0jWovZHuDh3ZzaAYCLDshhy/E/FhF8KfyDDAWjA2wrsSg4B3Nispv6CTFDGX9E/j4v1FoVSbyf9Ala7t3XPVUNBD/3AhjeGIZ81f+sjVqH5POUVDNW5WWTCnzPuZB7XUJkLfI4/wND9Ky/h+FvwZ3ChZ3pfuwXt1SGHGi/xXU2IA2gfBwLyw1aZLU6Vx3OdLF1xlgynQ6DZ7ghiKzkUHtZK6WHMsDf/fsSfYCEiPP54QDk/FR0kbz45cHgxrP3eSeYPgX4w3tP4vhLfmsiGivr/LJxdbppURvx+aqcOoE2poTvpKpIrbv4iu2ZkqXc3XpUBC+giUvglQrXaEeYjTmA3cVeF6fA= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: bfc770aa-0cc4-4a51-ad2a-08de6ee50f00 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:41.3809 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5NrY4c+cnCsX5nQGbCJiHQzuelSuJ/dq9GCbn2xxbVbOTOqtMRhB9Fcbn0cDhS6+9VHzzgGF0AhosIT+fP87fI0hAG64S/m7kROVkUCfBEo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=QLmRwHO2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As the mmdebstrap itself is executed as root, the generated rootfs will also be owned by root when stored as file. To avoid this, we let mmdebstrap emit the rootfs on stdout and write it to a file outside of the sudo call. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 73fe9434..d5bbae70 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -240,11 +240,11 @@ do_bootstrap() { ${@get_apt_opts(d, '--aptopt')} \ ${@get_distro_components_argument(d)} \ "${@get_distro_suite(d)}" \ - "${WORKDIR}/rootfs.tar.zst" \ - "$bootstrap_list" + - \ + "$bootstrap_list" > ${WORKDIR}/rootfs.tar.zst # Finalize bootstrap by setting the link in deploy - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" @@ -259,8 +259,7 @@ SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize" bootstrap_sstate_prepare() { # this runs in SSTATE_BUILDDIR, which will be deleted automatically - sudo cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst - sudo chown $(id -u):$(id -g) bootstrap.tar.zst + cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst } bootstrap_sstate_finalize() { @@ -268,8 +267,8 @@ bootstrap_sstate_finalize() { # we should restore symlinks after using tar if [ -f bootstrap.tar.zst ]; then mv bootstrap.tar.zst "${WORKDIR}/rootfs.tar.zst" - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ - "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ + "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" fi } From patchwork Wed Feb 18 11:58:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4865 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:58:54 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f58.google.com (mail-oa1-f58.google.com [209.85.160.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBwqta023079 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:58:53 +0100 Received: by mail-oa1-f58.google.com with SMTP id 586e51a60fabf-40ef793e45esf13720185fac.3 for ; Wed, 18 Feb 2026 03:58:53 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415926; cv=pass; d=google.com; s=arc-20240605; b=hTKNSQz6N6+E4vP3pxAdqqqC4786U0tZa9Ki3a7mnU2gCQLBPxxSwIqm7qUDDNUw7L RphLQAQoOC4NpNKfEvxnWH2jI16AS3FWA1Yl4LmSLaU9Ty2kGy/tebXrSXPIu+5Yvb2u jl0s/KENCf4UT+/vXLCSHsnGpDpnLUZWFTJEDWd0SgclYpjm2OBIEfJvGBTS7CRtNKEf XRlKK0P6jiLpQufwrD5S2DxtRlo8pMmCW5cO8Mdwo7/qhrCwqaXhSucaJ5Nlh3ijEkr5 5RlNW3ZJoQIv+i+LTltkrHdzCgLo/AxJZ+Ffgulf5f89lmSk0gWoPsLnOab/LzMlzDOB 3YpQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=TVRkC3vWJHJ28oN82L0fgrid/hAoSH+jo3f6BJMQNh0=; fh=Ur5gQQpgpN3tgWry9Ey/oMesgFRqVFwsbPZxrzgbTNQ=; b=N7ZbdvyvIkbG+vy7/l+VyMhblYVhkGMMbWlXfzLEXoliSVWJ10yszjVO/uTi7BufPt ut2TFvCvF+PBpOx+BcJ4IMg2BKtAUvpyLtx15KAy/S5UzQTRQtA8+0K2t9A9R7KWQjiw R01VhpSfdFs0CsXuWwZoKqD3ZRwcsTjLcuhwlK8bLkQ8VLX5e0HDubX7/l2bGlJz6LY2 mzOzm5UvST73fqhQzOgNrdqyM622Zfhiv5SI13KdD7kfqzaGGJpvqmdnYcydhDrCWZ5e tpw2aYI6ILBMh+YR21X2ObYk8QFarJiT9a7Qn8nLSj7R/JwDPg663r/RSzVXDQyRHIYP F28w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=b3EYqVN2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415926; x=1772020726; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=TVRkC3vWJHJ28oN82L0fgrid/hAoSH+jo3f6BJMQNh0=; b=BpmwBhdilrjH1wgZB6PzL3p5bAEPHHvtkfJxIkHdq5f8CfcqMtI2g28P7x36RRbcxQ r7NUfA6wuNdch9c6DmHZqNuyMtzAizLQO6jzx8Ch+ns3fvFSkJnZcCIu4JcK3KE+IT1C Lo7vrN9/w3/EIs4xhOhUyD+yGKNzk0kwFrybWHt/+n1LM+7PpOAGnslT7zRIQnJZOapT Nme5E7tH0ZncTGVb+JBlZlFtTZ8M7t9vXFWXmCmrzg+1vfCy1Ppb9vDq57U1upa//B+q n4juZT+EYbh1xhHtoKvu7GLFGNIjxefV03ZH+dGRzFsaG9vbgI9WhiwVX/0+mKXVJPiH u9+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415926; x=1772020726; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TVRkC3vWJHJ28oN82L0fgrid/hAoSH+jo3f6BJMQNh0=; b=svfSbpDRZHI8H+xaRZOpcPnUoyYGCaadjtztQdAZ5tK4RpcXVDg00AkfNx3VUIabJU 9nFhLaOo8y2xmarwOdtCtsA7/V7moxdTppKUVU0dCs93UhRkvjVIglN3MT7nfBFICp83 VpwQUa1cxdCoDcBZ44cPgw49ArjP7lkBIPYvs4ewyIpjJrXR6LF8uEUm9Zz6DFYcaSt6 mWPm598J6aZtSKMauTut1evfFde3Ng3wQQpAg42Lnwn7PZwccjBbS/qliGnqDrtrtaH1 pH+JnDKpnMmF8zLMjjYDahYMNhLuuyYIrH7QAUDavq3gQ+KhJZrkHVErG6ktG3Bs9fXE b5Fw== X-Forwarded-Encrypted: i=3; AJvYcCU4CELQdEKXHBYL3cPf9t1ibLXh1LJtpiT1bjL2M18SfXCvMAFxzsBUEYWnr2gjAwqLFRH8iyg=@isar-build.org X-Gm-Message-State: AOJu0YxtVYDqtxQ8wAqcEIHOhJWcPmiMrlnr335+vA/tKsppyFtPzDub P5pDMfny/JW2leZUqedEzZooDPuTq6EbTHZXrkgS5X21Epk+Q3AmCPfX X-Received: by 2002:a05:6871:c942:b0:332:8989:4ef8 with SMTP id 586e51a60fabf-40ef3ece627mr8284397fac.31.1771415925831; Wed, 18 Feb 2026 03:58:45 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+E/yIhDKyGAMEPpvqq7seb9Md2cl8PCjcgZmcvHXgKY8Q==" Received: by 2002:a05:6870:32cb:b0:40e:b5a8:d871 with SMTP id 586e51a60fabf-40eca72f768ls3847473fac.2.-pod-prod-02-us; Wed, 18 Feb 2026 03:58:44 -0800 (PST) X-Received: by 2002:a05:6808:f93:b0:45e:8495:21f3 with SMTP id 5614622812f47-4639f1be199mr7721804b6e.40.1771415924836; Wed, 18 Feb 2026 03:58:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415924; cv=pass; d=google.com; s=arc-20240605; b=RMjrrK4axbyZ9t9GdwWZCSFs8aHO28dQPAEjgye5phXjYQqMmP9Tn4GQOPV96ZZXJq rLPbVkRbTzjopKTONRnU9uTGdU9/esv4qD35Fyvttb/gBS/BmlQUxP6gBmt5hdW4TZXY f/Og+BOcvaIWbgAmCyQW377W/OLPJCxx50txUlABw+Dj42bgFc+qu2OB+xDOe8H7z/oc M3JHSKzBt8Lz71cLFYjwCutSX7Ud8Qnl1+57YqflgC+FCD/oCTaVhbXTEpE138hrFXQZ dfLckN9Wz4rvVNwhvHiHkJxYAt7pjYWDMfpPYxDoSvmA4AryfboCNeyYK+NdQznju7T4 NxuQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=+EM26EnPCs5Roie9oKdlwLvjh5KOD+Lp700ADYNBCxg=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=jJgsAu9BwxpqPUim48eTrG+opGJ54E4u1DeFXuJ3HEj9xCocqKItVSElxTJge0A5On CzYtl2j90vmpkBRo0ABF+sb5hNUFzmyvOaXw0RVtOGf6fKFLNBmiyCbnwDzpx1v5lyzj IBCyq/KCb6vOATq0Saq9MX7SLK6GuhXQFI7H4ojDpip+5+s1D+zCvMcGR3GzUypVfWj/ GSakPTftjyt+Nw1wAl5DzZjHlr5HL7Qrah86LJ3CqHHuoRtYpn1o4var5tcxNShUqPrl 3I0FDv8PR2gBu9hYYw0B41a9KSe4M31KuCRn90ZxHddBP9z++vzAQk03NJ4oIwgxs8he ejCA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=b3EYqVN2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-40eebc3d778si667213fac.2.2026.02.18.03.58.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:44 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hkBzE1TRhKGXtIVtQTgbu1hOw4Ep7/4GBzuNh+6FqiiFgPQvFxQ7yXA9mylVslBj517NItsW7zWduDJd5FFpywMbxnRtvYAeOK0RJROKuIeWahq3COU/aPgBfU7bB4z+JX9vpfHzYx8zYXGQURrhTWiVSfXzn4+Kjd9ThkkLkRL4KMyzx/THivfe370gXgBWX/B2ahvvAnchplas0Y1syuKUcnTqredqterDci1tMcQc32/oEUuwZksqRRbeSsbP2493vpvQvoXkCQoF3d+dZa8RRZMKK1yiyux1oSIr2mb2xVAI4ZW/IXCCSGvzlsVc+zfNz0ZH4CfhO28xkkkk4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+EM26EnPCs5Roie9oKdlwLvjh5KOD+Lp700ADYNBCxg=; b=shSYbXTAOFptJGh4efvFTlvVa8onxSeOL3hE67uwBt/6/siE8q2a0kvuz5SHrk2q+GxYMft9z2IlIiLfCU4WiWN75RnTNqF5EAN9xbtmPrDPXYrsa/WQcIn+spb7X0yN4BJZLQ8FNcTK1hoBFvOZZH33E9UBbTZ7qDSZ9iB/NJxDrh6gAb9eCMnOLc0EYfy/WbZCPX6DdFI25IejekWGEM2sbp7Q5O3//iVgANzChRQE0ol59AXfPiBvdMtHVSlm6THZ07uRmj+HPoqSIjXmZwG3G0jSQLNk9Sza7wu3aZrQ1fFBOjuXose3IsUxmZsoGKJw2uGhfUNzeutWrucCMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:43 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:43 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 02/12] deb-dl-dir: export without root privileges Date: Wed, 18 Feb 2026 12:58:17 +0100 Message-ID: <20260218115827.3947145-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 78fe91b9-a9a8-45cf-cabe-08de6ee50ff9 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: hZy8niohGpZYUAiwgSt9nPyDiMn7MTpxR3YMh8zv1L9FPnZuzIUC3zAwnaeSPPaj5DzktlOHq6jTRz4/CMFhTny9key0cUotivwE+zJTrU02wH2bJHPhAcCenwVuIYd51PuNk3+dF7/v6N287YBMyqq/uGfDXgDy/xmvnMwuNTkoVhBZU5V9gm/tEdQnwV7pgWo41we07ZrlxrCybKyVpWflVBGTvcSu8lFe3HIYqu7F2SxmnTmUNMNzjdFGHxssRURBgg0/3K5mrNY2njArWDjCdlp0SmUGSe8tI2LEin2lHk0x/EBgqgNb8oAmwOfhtvBJvdWYFSrrsH+1FI4H+iFK6teNyFaYtJGmd5gHwQUvG6ZQv+GFDHF/7Zjop9UR11CMqhbpD67PzKjsmQ4c3tuNDAa/o9wFRL6hd6XYh5ePFq30VAazoGBEmXOfszxwSnStIOg+IlZfnrySQGNeiPQIQPfRMcWHiXkIIRhMU4m69pw+vj9fccBx1FQHVu0/5BvgTw7C/USXD+VVlkjNgywJEVX/18aPFj1UzhTIatNFCS7SjkwGVf5hz1d4+1pwD77RqBMUuCFikfEhbg+zUDvs3HkiMzTRpCGK2wxUWDxGS0SfDs5o9ReXdabSO0UtaoelwEZu/3H9sbXufm1qjTFXRRoFoxJkflCg97ArU0e8JOZVzrLVaMl3J6XPaipIL4UpjTP0u+SdjyteTjmt3sMh+kmYF78klQYgz+gGylK5qy2FdHuvZZAKa4mbZNFqQmZdrdInXE2ZZycI3fmMf+qgAXA8XVe4ZggMbMHQDhxw35J3SV0pwnv16ZPPaVCV8+cbvelfsmXPJJpMZw/nv/ZpII0yOSkw8VXZ3X/yF75bzen+jYAnw/dQsWSVlpV1ec9szQEDOOC/Fmi1PBTkBIIf4keYDswMVQgk2RwVhVx77f1PJSUHXPASnwdKWVFT7r7pSNRW9/5TOHgt25mdV6w1dF3xUXeXJaH43ICmrXaZkwrZI3GpZxdr/q2Igizc4CjnBq6srZ5PCzLMyOkapQG7ZnKFfsdLIXTwfQgWRIVCJtkxvV6iac2zCK+5vHggXkYVNA2ILadxrPXZ4H90X5NGkdBzflyP3bJ5W7U/tZLJIW0JgOElGz3h8f5e7ZpvTIZnf/x/21ilnLTD4UKbNGyzDoXA9ALU7YG5QBK2/s7CexatAI2eYzMcRcmwufcZfUv67Sz48edpip6qzAxjPXEf3Qm6cBKgCXP4DiDapc/yQxwplhe9U11MXtxum2e+GkYyFdxTHrANcj5Eiq98IqcBWrjJaE2bwnj138gYIK+/xhQmOeLDHACplCzaInu5p1hTZIXlcrdmsh8Rb9A8PNSwhheRP/BnL8JHFqVvJi3Rh/H8J/tmfna4Pk+r8qAlHF5qO/gZPPN86uNgRaDwOnHy4gMSv3Bk0lkS4UWUgeTIin+WyVvv0isPb2ZWh8Pf0vLXEK3P4hwur1aF72SATDEoUfHUtW4lhU0rluDWCEUaIj+PrIpW1tAdP0x6kARKh6N5QU7u7xwNix0BBTgRpx5DPs+tnkF19MSXlJDcSh8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: yU7ObCe+RhqfudcWi5LxaQpo/0Mdl1CYf0lOZWHuWXgZZ626rA5DdIduPu2YOrp9rVKGOLNtUbKqlz3EFimzu/5CFoGMnLHv1Rcj3jBuUCtY/1R5z/SlcIU9lukX/noJ2VzD39MjqkXB+Nq33S2D30z4WLRsFknf9PdrUpqtVU0OA50u+CnwixUwbCt7sUM4CxbkMaYd9NUXQWQXKj780dslrKptSBdA4wefVL1q9WbiLJ+SHz7ej1MryPy2UlwT+wyYwgvNqRq3XvY7tVTEOf/Ia7tfqMqUuPIb0XN8Ztz+a6ngXC0tw7eatsSTPtoM4X8RV8sju00BbqsSNlGpJIQgJPUfaNj39R0OvJC9gD5jvW85XNMSv/BH35ruyDpJQtb7BGxrFaCXRFtvMbTRhbKgLbfgXRwC8Kq4uGq7hqXs6nlpn3VqXJsyaWsNI+d+sSJfTg9QtjkV+kiaJDR0cUdQRIn27nCgjG/BJUxazfG8V89csTE66ZBqDk8KMeMdYVmSzhfjoO+jcormKeZbzI4evMFtNC4gbz+OCeVdqOJTH2xTATyOAzEMhjjGh579+nXqSI2haGff5oifWtSLjooRrPgxu3YMZRJG7rAcW2pQ8D2kVM+UKYmqK4GRXBXatYqgkLFaZf4wIcbgNuBbdArh8fVG6Qqt91NRtayNTBusVzSEB1FoNQ3whLqUPo/y/c+74tSWlJ47n45lRQKyc0MtNtVGV67WFcoXywDtdPt4111Dn7GoRn5wgnAr6oyp8AHDmh5tGie/t8S0daFtIZd4bQyYXe5cj//RLSIqU0a2En/xEbjKWfPfRIB3XZSrXHbLWiZOT6Wa01NjJCtZTPTqhMQrNAP+u/CxsZKd4pjZeEGzPlf76n5Lzj2pFJFyGJo+8R19vNkrVk52QsVRMBez6yTLeJR2psxP/G+e6FIFZ0uMoZjfChC/zg13jBCUp2R7EJaDIFeRrmZC+7wMXZoUW3TaPa+4a2qj8DHC7WnMLwQOdcGrKGKI6nB9HPayCydJibs+0QM+sOE75fRQY7K09hyQsuVnR5bznlCBhwDrHiz0EmGdRS3bZ87mrikV4quNWS5bmH29amMxxJyxrXCGgg3bUr8b4FhGiKmj9AiC4ZjWlqh147X4m7SuwLjVL0bXnm2pdqqHW16GDU0AXOLDSCeebuKpQzBuUjn4/qNdnv4Stb3O16lzkf0X9YylnVY5S0cewYfEKjcRz/AqOHx6I4SNI9LpjoJxqlBpyZf0/LVq+68kAWEjkMonaYqbYmQAgMIBbKpwr0Cz2UJ//iHb94o2KVBKetabxh9ZV/45RHojq9/5Ouzfub9G4Dzgw0QselgOYWAWt9HSRZ5tbFl37C1CkjHt8TOVayxPoMTgOKTvwkIqLfPkePCMBYnG3VpWRw2v63FjpOQRevob+Mc+LM81Gy38NSlVOFXWidDE/Q4rcIXWBlT2J/UXx3b7lvz5SlyzkflLYwLk2R6ztO2FhVuHwHvj/11vQTScC42K0nTa5aZ1ofKXbf8qiLHzgJ7diymiXw63XOh29ZFkeX2GXJsmjj/5P4RsafJXPO0xv3f7mNPpwniNbH0z+3TRXcf3cpbUTSd56gQ+Zp94SDGMI52hPcG1qrWOll62NsLE2YTR1GKTAf795z/7zCGErZ+Y0QZNJjfICA0NCoFuQRXtiVwddNyNd+ouuWTbAkn2zaZff0KDVjlZAk7Vq9QY0dx4ZR9MXTUEJgNW6DeCWf0kgBkM7uDu2K9aJ4XAmxs= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 78fe91b9-a9a8-45cf-cabe-08de6ee50ff9 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:43.0657 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PxhhKiLxFncFPinNaPQrnZVPZqpeY8y1kmG4LwtVvRjY43rsX3QUIWcsMHdjhbolhWbOp4kDiZQJmRtRYgbtQp9M+LfnXT/a6woAqTOA9n0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=b3EYqVN2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 7ebc3526..76c2435f 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -153,7 +153,7 @@ deb_dl_dir_export() { isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -170,6 +170,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF } From patchwork Wed Feb 18 11:58:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4866 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:58:56 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-yx1-f62.google.com (mail-yx1-f62.google.com [74.125.224.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBwrEs023093 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:58:54 +0100 Received: by mail-yx1-f62.google.com with SMTP id 956f58d0204a3-64adee81de7sf8741850d50.3 for ; Wed, 18 Feb 2026 03:58:54 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415928; cv=pass; d=google.com; s=arc-20240605; b=Nnnt31GxeY1KYo5FBeHfJ62SXwnrcvej5TKr13RJC+rQC7DQc/B+I0mfcveCgzpsLH fwvNQwsWgILZ4e3SfBYZ0eR6HyeFhr9ydODBKhzV5J5qW/SQUXQ/qiRtQWjwnr06moap wR9l2mjKhZeDZeeb0l8AMtMDVQfWOpzTL+/zGzQGtCcAdKgv43J4OxpyCadIewVec3Xa FnCNJmJ88JkOfAfKhsryXMK/s/SRd9CwPMcbuk7hJIq87FxB4am3mpxrGVvQz1I26QeM Ng/vfjxqJbF0xf48bL3g6Z8Ly4iiquq0Z/1j5L7fzoiK6vRMJXGlFSkf0BTpwxRUOW41 Vsmg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=5R1bn4En79BQtHg47IXvSYPZFgTVli5R4Pyludur/ww=; fh=UGzS/bAH8nZCB8HAU2E07gWTa8sRId0FhbDjbx5Uinc=; b=jOrUeX87w+5qjFR1mR2afOGDcaiPUAfYvEtDDcHF0/bCxL2kMuTXArrGUWeiN5WiC7 SHXztoh3XFhv4SQoK4lLqdY+wO/9x2eUbmjD/lTxZfqJ+wMIUlFPBDPJuaPr+2OOIWvC OCCsEAcOorV2z4CJMpE7B9V/pwNkj7Ti36/yCp49j1IHvrBlCf7E3sxy72vczjyZu66a 7mn6yHrDqhRv+Ci1e476ZnO9P3NlUcj7wWVyEvTF6GIC0iHfKpKc2bdB7BUr46PQU2V7 vjmPOb0Y+1VTt7Tg/56V2AZlqYy30XZhHiCzINPc5jr1cT5+Ln6MLB1j7AeApejdIdM5 WU6w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=uMZ6d4Yg; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415928; x=1772020728; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=5R1bn4En79BQtHg47IXvSYPZFgTVli5R4Pyludur/ww=; b=jN6u/tZe5rDwQFkxC9c4iTiud2XRTI2DSLzgtrSxbvql+IyehsCer83ZgIz3ObOHW5 JHduSmkTda9wh43qB0/TnrrwHn2hh3uwLB+EBZYci2wHo1eAMHsYiK6+BphL0ztD+LXg 3Yz62qBfeHMPcmBKqxBxQGrHym4B/DWO36BDi4uosFnOpgFvMhifBHj2I1GFZInTmvZA jpP7YsSGkabgbfajWengG+7+2bXQqaaO8k2iINzk6laKAMqnpsNSBOpi2+E0dImVFPNO ukiWQfxEMb/MFtEnvuXJnzIRyssT8Q4CUoUaPVpU7MaCiLYCII92NG1nfX8etZXA+kft dXQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415928; x=1772020728; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5R1bn4En79BQtHg47IXvSYPZFgTVli5R4Pyludur/ww=; b=bMjH3WjfBXWGpz+4kGQzJwLapkQa9MFvuwZWtVjqzzeGSGOw1Sg4YQfm72N2OBaLeN qw1uA9WnS265mdywknl3Vp9pm7V5KTElSpriR+G55b5uCbw+HOGMEV2iGEFDCYZ8gWFJ fuffuTr+oV5EnrQTq1/2htSD39CKWQI+LbqKyOpXzSWLEMzWWGsdOIziBxkA9hDFN+UI hzLly58bkij8URrUWS5Tar+vK7SG+2OVDJ7eyj40d0DJqOWk5nueOGi+mxBcSYm0PFPd kqyAWN+xXobIudm6EQtAz2sxEMzwrxCJ2h5KMqSG1g2F1vfLvyeDyWT5vGxKzYIed0lS c+4A== X-Forwarded-Encrypted: i=3; AJvYcCW6H1GkhHkpdCJDV1Pv26C7I8er+1QJXfbH28LEaDTq9yHtpaVZPVH28ffZA+fYOW5hmrPPVXg=@isar-build.org X-Gm-Message-State: AOJu0YwK4SBGsLrvFY/Cw0am4mZoa95Z4j7CAGT3fFpxtBTa5v5FLnhw T2uzwIY1q8gnOtP8EBGRblYtl0cJchveFVdFI43YVtDld4YgyUgYPHCc X-Received: by 2002:a05:690e:400e:b0:64a:db3a:f83f with SMTP id 956f58d0204a3-64c21a4434bmr10705029d50.16.1771415927889; Wed, 18 Feb 2026 03:58:47 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+H7kpZr86gxIMAFLq8gAkPqPSZAt+lUkEBYJEm2NqVr0g==" Received: by 2002:a53:acd2:0:20b0:64a:d210:f4d3 with SMTP id 956f58d0204a3-64c082254f4ls3869590d50.0.-pod-prod-06-us; Wed, 18 Feb 2026 03:58:46 -0800 (PST) X-Received: by 2002:a05:690c:660e:b0:796:31ce:601e with SMTP id 00721157ae682-797ac51c7c7mr106945267b3.17.1771415926698; Wed, 18 Feb 2026 03:58:46 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415926; cv=pass; d=google.com; s=arc-20240605; b=f9bqW3aKqPavEdlff/qNIHmtMn62W5m4+IMLrPqagtclF8dCd2Gp1zLRdG7J28S95P g0yKgciXrb4cAfYx91iCzrA8LBOLQ9YeDntbrOufsFdA9wc7xvjgGDeBQU6Orc6olPvg 6yRJBrEJVtHy7laOGFhlm/blcf+yjKWcgUViTwE/HdrB0LRug5d6y3MYcoRrgOcHdOF4 JOzXPS9E6yS6eIL+pabii3NOeghl8Re3xN/EGfK82B6fklgQzLDbbFFeJDFraGkIRvNh GvcR4FvJIIU0182imC3V9KimuzCniFscpDBHsST+p7yE72CoYFTnV3U0S8XtUqPSZTkk OuVg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=eEhh0bG1gGkZZii8FVSOv9fYRw1oD18b9FcF9Pku96g=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=inri76lBUmEtrUdNx1oWaEiXrQauac+eovX0QnqAY2O1+QII61ImeqYfViG+wNzoxP FQsSkmldw6Ky/PBOY6HJ+B6gdORIVkOlK3d+MuxpL61Zx/Gdtc/AHdcDgXa7puTHTOiK 8sy+XzG8NeY5be2UsGjp/B1j7j5mc7CJgN8emdH07ovusmCi55RzRAZQJv4wMY1xSn96 zMgjkyCmzloRFHiYY+vozxYKPEVUoWp8lZmq4ZyElAdDiFYk3njP2fjFaptUOmGymstB RihMoUnUOoUQ8zCc3WjStuCBD6afc4AE1hGWEZmqfxPg45VwLyLqPCLUwNmuPWNQ5iW9 Rd8g==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=uMZ6d4Yg; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 00721157ae682-7966c25cfdasi8859267b3.7.2026.02.18.03.58.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:46 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=p7mW8x3YzsZRT6sPraSlxSWDzoW/kPoAducAPZM4eMO+pCSE+1X29C57YT1j5HfjPWqRSiRmgXE1wkHUgm7W1A9wnq2MnNHHLprGKxWFktaKWKaC4xRKFRsS14WtibZzcW5v9l5UY4Iz4NYYimyeWLunauMIK61kjquuHl0zWtmwFDYd9sdm8DG/30VXiN2MBwJZDw7R86ihib+MGnyeCMhcu22nF2IONzQP3eyW/fZV5omQiBk9a4+DQv+qHBnGKMXCbILIopq6Ebp6NhsXaTd6/klkxgwFp/TGxnax6GT5Gl99k4ZBS17ag2uYOcwl/BYqPf0eMeHGMXcz0dVhuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eEhh0bG1gGkZZii8FVSOv9fYRw1oD18b9FcF9Pku96g=; b=VjmrFgu71LXahDgqhfcVaTF41PfrQBtGzyiLmFSl6R6WgEWJ1HLw4KP+LMEFayiSk95GjIepiYogtVUFtm4I5GWmAjvO3j8TKW+IEzzzLtRaaUcX1iLT1wXoVE7Vgt+qhbT0ZFUCAbwrU5QX2Vi7T+WhC3NFbXj+dQ0p1eXf1CxrajHkdov4Zg06yjIxMLZDskcejKqBFCNN1TaZuTuQJ1k06/24xeTII+ywSF8tfoa4wq2bKJE2VMw59guYrLtx2ijiNR25v0PmCGLgpHAuhUM1YSaMLMf60fSQWn7Z3od+irxWJj2tv7YOCAG4qkWrCoyhBwIsk2FDX5pwLN0Bcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:44 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:44 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 03/12] download debs without locking Date: Wed, 18 Feb 2026 12:58:18 +0100 Message-ID: <20260218115827.3947145-4-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 64c72b2b-9ebf-4b47-9460-08de6ee510fe X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: aaKZ3TFeXE3wrBWitFXWjzEOcuOcDFoAxoruvbUmecY+4ai1I0CL/Z3vjwdXjUnZh1SCxKzUf1S+NxZRYx/wHx2KHgouBP4clKVU1pwpSTv5gsSYdzkMP75+232E538ON4sxzCSSrivyOSFpY1UX2dDE80bxMco3eOTAlYgZ71K9gYKtC0t0cz5CrsKcyh6+PO1y76fSjkfw6iYz/iBySjGV0mTRW5w2vyk3SDbDmnVFCNXXQAy7ha/N9FvNHP4GS3RKJn5/+6BeUfKc0geRmZglvK8S027vcg9x9alWCliJKT2npQjARLGTIYe38QHDDSb5P2ACdHzom8K4w05xEfb7YyjJMcOB/oJPH7J3G101Y88pd27rqt4/FM7guMAWiS7mQRBIo8B8ZWoEl4JU/zSLb0bbuU0sQRxF3Oi/bRgBgAWoRgnQGefabC8VyscqAiZmNFWFkKBdoWxqN9QjkpUBNxUpssBJ+iWA6rmoar6Te4EIhieGhaWD8d+Gwde5GPMCBcz/xV64MNku4KDgiqXNRG2NPePFusreCqeuFqrnabWxtxclaAiKrRAGGGlHdnhrRC4D/SxgBZI0mmvyZpmVWxR+51/D/v9O6c17duimMHSqECPdXt6+9/ZNzGQQk4i1BQvIgtkaC6ypholNellFliYcoiYKu8ppRD2NnyFdofq648zFGxkPIF+mMFjm9ip1AgKAXi/GFxpC3BRE0P5mZXT0LVPiOk3+JH7Ci3HfWN6L8AoXDXscwY3FUvSWX+7HlFRBaI/xuhXzIo8IO47sSdsWTJAkyrFCX9UVCc3hwTyfOPibA5f/N6c6elnefMXOm/Gh0de5Am8DLVt1vcO4PQlM7uDpl2f31bfc1EKvQs2V27IEsqOEmXhZkWqz4JVTD13dpPrponstd4N5DLRSjai4YkvZ/V6RfRWotn7gpqeovw9Jd3b9LTdKN3kVGWpOUjfeW7LrCZ+RbGfju3ik/aJIXLrEQao8943u3O9a2sZPj2bZ/WwbtxZhkK+kRnJpYduobi3GlMHfzgmYvtcP5orHzC41nl1ZlVlNDkLcwjfT8qlsImDlCluVqMynWJD0C411hUVA9nSWG8R7nHGvHbokv7vLRzUaMe2DLiYiexyPub9ne0zBWZ7sZbVl81tqCwsHTQfQTqBeJia7Yu70ozDxQWU42ukLSxv2H3o0sE6jVnN9attcQW5unPKvYV4aw1mc5AYCs5fEAwM0BqdzaHhZCNKVorbk8wNYtrW766FLMTgHDfDjyj8yB85RLQIvB3LUUsRYwtQ+W7grbgNJDqX9cCALhnszCYg1bUa0yerkj2ES/Q275CLI9RmTCpTCToH+BqzGzQUVTVVe/ZZaC6GrW8NzqcntEBrRDsTisHpM/Cr61shkTzkOtwd+gCGMPD7NanJgYSR4y/Zh+zFWjJxnIQXTw+dKKD/x5oHlwMrOI+bojOcdCOSFwpEH/45jGve2m/um2xkO5xK3oAelrHNdoy2OnApZPoCULs3C9A0d1f7LNUdoI9DUClBJGVNje02NQSVej/HAw98QOlbmhsbxTxHtVabPBjSkYc8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: NJuJEZ7RmhEEzjXCdfWK//hAHdJEV1RByihPCKye7ggA039xDMJWdkaoeF+g65P8m/Iu1NJnU7cCnfQstpLkA3o0EcZzvvK9ilQSxftKfF3oeo179OcZ5v+whLUw69aWrTrcv4BckB2MX38qDI6oS+9hmo+6J+abj6yqcRBTVmY/0WcjVJmbDKly2dIu70fOCcuQmE719xvnuRPCwjr/eaJpUVILEhdUkS6/umzj4Zin/R/F3jey5UXr5PvVJ53zkKLb/cuFuik6y+HBNiZmMmnf/ltIn41N6crXhBLwZscnXEnnRgSiWUAejy2jVFdksbRwSzJ1fNFimYa5zXgPxJu7pS6advRDx0Zi2UshtPeQViGqMJEPzP6mzLW8zPb+Xi9uyO+MikfD/6p92Qu3LYhNGvOLkIarY75ZCUeNrptqEKlEocD1HgWa9uB0c4EPUE1c0yK3ikSQeZa+QV7DbDVDxd9PvcdWoXQiDlWYeQkeoEkD6KTsTdfmF3o6MgSC0MeXPHBSHP4aMzEgS3FPKnCCWIFSIMNGobhYboyrBlgQif6t/SnApPqXJRDDnMVRPzeCwSn12kBVVRBNdNnQtSIGZapKxSgYTyD4KYurQYWNn1CbPHEMmuXjM1Q/ljqxu3rf0EZVCL46iLAAV76LvBUhv+gbqlK6KLKzV45oKCXqLYfVEkzRhUXiao35i4oNbY+XszjOXu9uZ4gWQ6Bm4ffVfSKYdvBley0q2PMsaV/Hj8BIIRAOVW4IWOoowkuuIU3DH9V1wVAtk+XAdV0wVg+kEhfr25taEWDutzaEJlTVhG7KUIG8DTMz+FEJoMMH2qyzmsq/K5WZxZeYDZOL6QGdd5NP8DawtHPxFZEu3dKVWMQoUiB7W2HF9F4APSJv/JSlhU62xPIyjdiCALHrQalyp0GjKUrE0uedPdXhz0QwoekElqrB8uah7gX2wdRI/Yf2hTBovt1PGgHoIOxB2mNjEQ62WIYfkUKPyX+x31iocUZoebj47QDipDKHZUGpzPhEjlu+4YKpn40NccSiMIZZCyHsXAxsbadxCVKpJoZTXTdG6A/9vi7u3ri4mgJQbwNX4RUBOJraoxo2Sn4R5KiIYAlmSgnORGmb6KkxlXS7e0EFjE062xm2gYgJoyXO7qST8cR2o3juDHffFfvaq1/9are7oIO19OvOVIJQz2by2csvwFrgLm0tZpRd8WA9LngLzBkY97eOzKErRdM7seefXWLY2yfUq3CW3uTuSWMCGCvRgoMr7+/qryKZ8O1euPktxZAR/j3Kb6B3iq/6Ld7l/V4E5E6SPdCJEJ7C3/ahQ99+WeP19ZU/XFtjiy5L4zs7e0TL/IUDkI0Bc0j0r1lp25q5aYT28wbUZ0hwUoYpxSbfDvBoKjNiygLRXst//D1AxFSjsLEVoYbK/hAcV1sNbNsMw2PjEr4CeyRC7UNHurFArg/dcXEW6S5epamDxqvCvrTVybwLos6r9+nFCfTsMJxkPYYshzlPww/jWugfGtzolX4sRsAEFMjp5IueF7DsQX3azrFsGIgxC8VE52KHawXZaauHKy5W/btvzgiknoGN1b63xEQvEyzMTlJADujyPu32ynldll9Q6xTVAgM/DM47kqTv28BTQ/4wyHjCPoFi/T6dY7CfVZLlQPdA/I1nKkZjk2dnHvtJg04dmkiiJaXiWDRoIDDC1E8/mFqNrYs3rQpcj/nyONjDQJanmSHwQzycYDVqbkIe8hjHHhe+H6V3JahWIL22SXR/a60= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 64c72b2b-9ebf-4b47-9460-08de6ee510fe X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:44.7145 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: g2vi+E/9FHKVJUl2Ug6vXXnd1Jy5lNnnwGDFK8hsUNpxojTgkNHK7makwgIlzfjPNmgZZrh7cyDL1Dcg2IPz0c+Fpp9czXB3jsaZbVKQcck= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=uMZ6d4Yg; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As we are only downloading and we are the only one acting on the rootfs, it is safe to not lock the apt cache. By that, we can avoid complex file ownerships in the tree. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 2 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/image-locales-extension.bbclass | 2 +- meta/classes-recipe/image-tools-extension.bbclass | 3 ++- meta/classes-recipe/rootfs.bbclass | 10 +--------- meta/lib/aptsrc_fetcher.py | 2 +- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 76c2435f..6675d48d 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -80,6 +80,7 @@ debsrc_download() { --chdir "/deb-src/${rootfs_distro}/${src}" \ -- \ apt-get -o APT::Architecture=${DISTRO_ARCH} \ + -oDebug::NoLocking=1 \ -o Dir="${rootfs}" -y --download-only \ --only-source source "${src}=${version}" \ || echo "${src} ${version}" >> ${missing} @@ -121,7 +122,6 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ sudo -Es << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - touch "${rootfs}"/var/cache/apt/archives/lock chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index 1227da36..d0809477 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -77,7 +77,7 @@ do_fetch_common_source() { schroot -r -c ${session_id} -d / -- \ sh -c ' cd /work - apt-get -y --download-only --only-source -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' + apt-get -y --download-only --only-source -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' schroot -e -c ${session_id} remove_mounts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index b6b07dba..9bff36ff 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -30,7 +30,7 @@ image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index b0f25a69..e88557f6 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -54,7 +54,8 @@ imager_run() { apt-get update \ -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ -o Dir::Etc::SourceParts='-' \ - -o APT::Get::List-Cleanup='0' + -o APT::Get::List-Cleanup='0' \ + -o Debug::NoLocking=1 apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ --allow-unauthenticated --allow-downgrades --download-only install \ ${local_install}" diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 8485b32f..629dc666 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -340,18 +340,10 @@ rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadPro rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - mkdir -p "${WORKDIR}/dpkg" - - # Use our own dpkg lock files rather than those in the rootfs since we are not root - # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) - touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" - # download packages using apt in a non-privileged namespace rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ - --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 041f5445..dfa784a9 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -41,7 +41,7 @@ class AptSrc(FetchMethod): set -e mkdir -p /downloads/{ud.localfile} cd /downloads/{ud.localfile} - apt-get -y --download-only --only-source source {ud.src_package} + apt-get -y -oDebug::NoLocking=1 --download-only --only-source source {ud.src_package} ' ''', d) except (OSError, FetchError): From patchwork Wed Feb 18 11:58:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4868 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:02 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pf1-f191.google.com (mail-pf1-f191.google.com [209.85.210.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBwvHs023170 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:58:59 +0100 Received: by mail-pf1-f191.google.com with SMTP id d2e1a72fcca58-8230d6d54a5sf825730b3a.1 for ; Wed, 18 Feb 2026 03:58:59 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415932; cv=pass; d=google.com; s=arc-20240605; b=Q8mNKKsIR3XkjsLAlg/mddAmGoenJmOl1SJRcq83hMApfNDditjonbCAXRHfiykPx6 iDbvGTqb6ze1AYlilRWkWMVz9zhjmIyAGbnDj3C2bvmd16U2pcotZgQTAUVTiHz2rrlI FeUisxiUujQH5kfLGwU8rMuYUlmrLWWwp6CLQLNBGbY84+10Gsk+MM3bRKsV7ieYGdqX dDIK4oClw5RH7X/6W36EZGduCzc2x/2JVnjRcvmZLhaxNtg9+QEWflPIYTvT5WzbW8fX oxP/COzhHRujPNsEb4QYRihzPbgoqN4Fzb5V8E9u2ILbXiUakD0Nhh5GIVBXoitmE327 84nw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=w8r1+I7wxfvfhG63p5do5B+8WTGVCKFvDYdtnu/JrMU=; fh=GmygOquHy3oMH4MQ+HtNMR25kgLoUFNQsvsYMtS8O1M=; b=DXWLa6cV16qjlyB8KIms8Y7pUJcyma1PGRmKoFSkTHjWCmr1uovajuTwer2BOf4+Fp k+69UXjRW5DuuOJO47VeA/0Khy82FxyTzdZ2kWSeRWm0DYHwh95OMSSbUCmERXC1N7rM ZjQv03qF8BetMRYpSxf7r/quAo6jIm3ranaC5+wPEEwrEDhtr70c4OJZ7cAg/9z3Enim ShNkplxsDr4lWSaP/9jTKXz/7jCWyg5sRks84ZZuylGXbQQw9fTqxJy0Ub87Pjk35w7z nA2cQePVsmmKHnc1VHvhT1qB9JHwlLpim3X2raAORNXbDKUizRleAg7jBmYdUgcCFn0h j3jg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=OiKrH+gd; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415932; x=1772020732; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=w8r1+I7wxfvfhG63p5do5B+8WTGVCKFvDYdtnu/JrMU=; b=F5bcNPBKkmLgjHkg0lrDtr26ut89xxja0Y5kWg4MZwd6JQB4Fu9h+zMCrvy/7QF1sx xnpWfYpEzaoknANLZqkz5tN0JRTnO8olX6GxBIkB2WiDxTAFg1QPEj/ipXwk0A+u87S+ 627PF/ikRmQ7tJirgjBltc0KmTi79wbYCGU0kmEShxUE88BSUa4oq5Cc5gC0nccGJtOi 0S3J2F/rPVBsDUOTXhzWAnu+KtqNQL1etQQnSGdwaGgn9LSIttx/aF9S43lN6zGeomKm KSgOUYmoCh/lsPcb4dH4AYKiRMYIVdb+nj+6zNItr0YVW1MM3mB0L3dC+zKMdcbZTg7I em8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415932; x=1772020732; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w8r1+I7wxfvfhG63p5do5B+8WTGVCKFvDYdtnu/JrMU=; b=GU/3ki0vlAurkBmc+XtNMj+U9LZK7ihe8ITSGiPx+inq8E7ttn/Y2GDPcBHyiNISfy c4eE8D1O2BWsOolWiUzsOz76ueukMPV8Nc35jlXLJeyzYCehHp+4uzX+YwpegYsf9gut OO/1q1Fq5OhqOOMUVb2W9CD0s/aUo3C76Tjo8x0PhRsOmz/FCgxrHQQFjRbsTVZltSoS WkPGAJFIROrm3Nu0ceu3tkqERtXN6V6zGTFBs9xghvLtcKCICuD7yC39UlqBrGbWD4CD kFKWIwvvWoZnMa0dnTc1Ud+2c4L9O33h2/XIH4J5b19swnlwcWmLRHTjdwpkFVHqKj5u ZVig== X-Forwarded-Encrypted: i=3; AJvYcCWBK49SEuo3kAZ6jQRHfyo9c0xDncKTsild2LlgnOO5Pkta+ASBKZhTQX4aDK3G/Vug1uGnBlg=@isar-build.org X-Gm-Message-State: AOJu0YxRVY+R4rGWWsyUf1tSRE4vWzHhQlM39FjweCe4AG7fHl3Dzp3M J2cWKg9ug69xBn/Kx2ZglnHFwLVVGw+iKkFAZY+lBhpXnTTyMYrnUbgn X-Received: by 2002:a05:6a00:bc8c:b0:824:ad25:6477 with SMTP id d2e1a72fcca58-82527ff95abmr1506229b3a.30.1771415931869; Wed, 18 Feb 2026 03:58:51 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+HB7ta9fEfvWjC6hpVuedn7ayrzDQEmG0jdDvRBUKpw4g==" Received: by 2002:a05:6a00:28cc:b0:7a9:e390:16f5 with SMTP id d2e1a72fcca58-825244b2079ls446969b3a.2.-pod-prod-00-us; Wed, 18 Feb 2026 03:58:50 -0800 (PST) X-Received: by 2002:a05:6a00:a244:b0:823:5729:a125 with SMTP id d2e1a72fcca58-82527fb494fmr1530842b3a.30.1771415930064; Wed, 18 Feb 2026 03:58:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415930; cv=pass; d=google.com; s=arc-20240605; b=Hnk0J67KmniXhg6zKyhJLnSmo/Ykhm5Q0Pz3FUSj2IqwYG3BtsWQ9lo++H+EW+Rco9 z4DfYeY+2u3DcGfOgEmE+xQIpuwH0bIxWcnf7gTzXFYN/dlTar4Py3pqv234vQ+QId7I iGfOk9e5UuUAaMc5bmu5eMVbVoF443+w4+C2zTsbZqJeQuJLaeMsr/zo4JSlAHG29gef 5Ty0iVvw4cSyOXOGKzFxTFOKLBJUdcnWTSBAtkD8UcLdG0ZIAadOMs2+pFBrxpwX7SBp KvT8Sj5n28SX6XvlPAnK2brOCSsEx9HPkT9L8K40vI4P6NW/Fb8k1+KTa3vHIztl7aUq AYog== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=nNJQiZnq5Lc3tKmlT4ZRRkx43HhWp9DN4aPAR7uSGqU=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=XM0bxbzLpDSVTfOjj6G5lo2ci05Bb3VQ+ncftzsyvLwZe945plr3zmPFbK8CtyiRDE 5NS8H4AFf0CWzM8hsMvLEm5/ipiLM6zplonBbCZA2v1db5ew/1ALFesrRw+0+VKwiuE8 9XKLiqLmpvCM8niYFh/Bcy0u7bqDaTtZF6x9KnzXyxgCcUtfjHvN/EvOUAe042ujTs3e K9zSRC5FDaubWskXSjaVIIc5Hwha+DIuU21Xf65SXa+OePxV8V0P8PhGTjNKVW7suYAe K6G0SL0xTPgabDW8pP57te2l35wIfC2cZFYUeZzwtgvcrGmDP+b5RchJ9RfCPypsiF9s oDpQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=OiKrH+gd; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-824c6b0b623si654995b3a.3.2026.02.18.03.58.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:50 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vPO8aVH7VZBGkpwwJY0GcvPNCuFHk8yQU1Pq80DRebd7aJM18dX+eSkfkES2oOpH69iE0scj0lwMgwa+ZaQy6PJ6wRFAM4f5Suv5ImZDoSSnvgdEl2DvReKL943lg9V4SDGwy2zGcZmSp2BIJP8SX37aq3GArz4s6O88nB2+Z4/NVxgxhM62SIYcwPcyQo1S2N5zb3BjgeVXcs1cloXrd9pGSe6mhvE755LQknLORq+P2+csuPulAUYcRUC21KOkJeTk1j+uaO6TkFwhx7wjXqmB4Ifivp9Negl7dQH6FEEoAQufZhP0fxI/BAVqG1kRAjKRv6pUfIdzOilEDpPGGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nNJQiZnq5Lc3tKmlT4ZRRkx43HhWp9DN4aPAR7uSGqU=; b=gU671jnmTZAc59Yr97W2WO4+FmOVs3TOrwOxLZ0F971yYWDDYKhdPH83+5mvCxQ75cHqRqy1XR7j7/kOO8WyrfV+drsRZ/WgH+I/XauLpU1PKTeZu8vr52Of4KUCzqe1ojI9+AwOKUzvmiyk3P3IQpSM3Ay2fwsyEjGxP5OFo9xnq9XQO3D9ajHAY+HiQ9ActvcfrjQK5srJLAQ0MwfqgYXoTJxvg/Mn3nJRxF84uKSuKhFcoXLrL3vHycSkS1o1W65wtzK8dA2bimls37BZ0IvzymqQ9ioqyZCTsAEzWIX3sUd9gzhESPgvZWzGGXOcacXlzzXL07OsR/Iil0pOew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:46 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:46 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 04/12] introduce wrappers for privileged execution Date: Wed, 18 Feb 2026 12:58:19 +0100 Message-ID: <20260218115827.3947145-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 02178a20-7c11-4f53-c8e4-08de6ee511f0 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: Kqn9Gep993KX+OWiU0Tz3rlID2C91ZoZA4fgAfo96iXbftf7p/ilFaRKXj7Zy9aSYH8GEqC5Z2ihYziIBtRfccwLWMHm5x6/fwnpp59lBql5ISrdZGWrmcvj4UKihnIBFmKv6jUGy+Mp5uaiGns/nmZZoGWgKmBwtZQ5aAhvAofHuy3R66GxqwuyUuO4VQMw1nvcOZrzrZu0rLIvVlZl3mljgTDfZdz6xp8qzeDkHFBOOLrIQaFk/HQwybk2de1GlL0+q3Lx26i5nhS7eHathn8uSBnT9e5C1Y9TsSD9qWs/dQxc8x946UsdPbnbWZDrbtI/hdCC6uvtH209pE7XtnFkaLctEIfP4qt/LKQOLoQNVW6AsOD2jR/hodpQMhIqHdYc9IbIwmcltrDaNmCPeGH3g7cMfPmWZDKjhjqEGjSjOE9ec0ZMgvXLsf8Dd3htGDAIdTt0oxr7tnYFhdUnQMzyqFdMHzs4qENGJdZjUo7OurChaBDNvgyMT9ggX70HYVgYeZ41dnqxElP03Z8SWRQhvrNFJ6D0mc3LF8hZkeRmV4bjaBdm8ni4F+et+OryJV//qRbOrVzniUvQ7vdb3bvkm0cQWOs0Fx6rG9cq23CwOcRYDTU+5bjpmPo1RO9q/5/xZ+QlLUwGVRQRVPAcauPRP4Ht7mCTj7u0V/2uzAjs4X5bsqgkUYGJFDNkMFU5wP6bVmUQFibkR/Cc4hB4JRWw0LfVs7tOyvzZZr4btWyyY1oWA/Jn9b8roq6EfOLWtHCO5FmVYIqvUcu3joei2Dfl+Y8qpnPsy+pi+2LAu+bsneqQ/UICmLfr4wvGzdYt46suM3dYTU0noL9J550ttRMw3bpp8+It4Wz8xMlh/KkCykRjn77zrjIXlfCRLxjdtg1nDvQU0VxYzkqHSaKl07IUCp+TRKOjZnXzXrT8uM9q3wa2j7qTvtHy/2b5GPDiSqxaG59HG+8hOMl2H5myZkYO6UoAGVcn3KjXzpyL0B0qeZ1mVclcYo3am1UmFZoayIaBv2mbqn8ix+DeaNlPDwNnxXeDsUF0hHPWV4yAxF1GrMFcODmalJJ0ccOHdZ3VDyoA6ssig0jMDbXtVGjjvHPe5oB8RdeVFS1PVmSO2Adf0Cq+N9+7pTo/PlATgQo3aZMS4sEXlgIdC+dz7+r73v5UcaLPRG4C1SeANZThGblHTFeao2sfgXakloXOZ4wQRGPkstmQRtpmjYs22a/CoBUFV3XjWSrD7PZH9rAe2IBzP0AOSLOH8y2M4GfksBQko7u3MnLTyNXXTKr4322wn8oDuz2NWdS5fW96An78RiGoAjb7u8uis8ME9A6UREwYOQyKEcs+krJkcog2A/Umyeepp3DlIJ6aNoDdCxAsYi9QVIspIEHqlmxdPQp71otOvlNLsXVQbEiGlxGTRtR8tSLRGEaRQFg1j8StNG1DY5GYuXE18oDJYqQ62HUL+f1lqjedtniSE8griHrDhlQ6ceB0YT1kuNZLhBh6Fr6jP+k3IQtX+/h2SkeY6bmZi/+H+5Jxb7nFd+LaI6keHAidGAcqLO+OxfYoRNYn7MG3+OY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +wVkz5vmuaCCZQhYW8xd+PhiM4oGxgqwrZz5uADmPtsidbRFhR8XFaJY8p0GBPaAoJuZEhnHSYFdZxzydqSQ8wUl16gAspJa4ZB3jrpGGxpPjAzNDLmv36BZbPNZYvkLYLdOjcF4osYcMs2fiB4WiEqBlnSMEfRj/6xXo/+uiCJ3kT58aM/xYA2E5dHT3sHiRoeYGvfXIzrixHyQETjkAusDbhQsHhR1BGhJGAoI391Yn1oitVJ4SwOVGKB5qMW2JavHpNmNJugpBFhM87SqiWkYLH+Vg4CdX7GwTe98sTJqnx+22MWtr9+2mwjut6LADR5Y090XNlfhoi18bqUrBvaowLCl6j7BwRLd/foURhcOxp8Z070d0EAiSzv5PQy1H4DQy8dk7veNoG7SHfOq1fgzgqfU1KWNrHWZoVenfCyFNMGMNP3B6xIbQsYLvgxIPTiSslm3cowMfzKXgWUGIZx635FfMpMs5VO7FJwq7nRCDVF8ufQ3TSipxleasxoV1l8ZPPDtFCo/sdUnoOe1FbCsl/XZJMh2osxo+jfKxIRLVS1HrfJL+cQh95Mn3KrbAmBXLcj4utoHWQfgoySDybjw6FbSCfPyotbqfFZzlAAdNF5QW4/DBafvC6SGKw4imiRfIDO+5b8aOzA7bTThdCvfWhuFjrKGIOSu99UhX1ChRxg+ql1njzX+OYSqK8MD3/yGeNdc/+fQb6j6cLmpN6rI8FtAevxYKXDUcxAelGH5EgnQ+pl7AAKBpL0AsS++QVxMNrxHCh0bZJLZVcNzIGox8uO+uHRP3/Ynm7yY+TUxX3jwiYoqdan+VU68dDKB4cuBplqmnXZ/t86WzdWIn4KpjSNv7x1811XPnxq0R+Z8DDtht4ngZbUgcg6A5s2njr/A28gTbzVqWlmgxlBxJTV3uFTBmKgpWovBjgmr5Ofw8uI+GqqCk9qjMjYkdP582LzGvIBrxKPDPBaJyh64FiyuLhuNZXjpZhyDtzEu+eeFvnAh6M8X0RcPI9RUdJ0VQvfhNwjzcVS/sUGbsXBiNLf8jv2voO/oVm77Qm0ry2FD6VqIXvD6G+T5RkejOtAz2UNzwaogDgHLKXqpgdoxss9mrMvm+yWy8ioItxplIH5nACFeV+0IuJbc7eR4UZ6iO9CzYKQ0wP3jIfi4GRUzdoliX9shFdiDPakSHVvVHU+tMnSoP/+WiWmt6FRVPq1//uT9GaPfsyKufcbD15wai7tObpdLEyk1Vy7vdB3J1r7uqmYUeH2aALYKrIPJ9fsPV/7RjSlvPAoVEWngIME393Ofl4E4H3MFuyPSccuvKtmamws9V2quH6Uv+hZShL/ZdiP257nPMtLkN8phjr0QcYsefu7O/5e8j1HQkYS3eF53KaQxfsgvQEmZhAmjugj4tHPEhANFVrnPuBJ7HEXfW079eD7q3WDVdfO11sqXyhW7z9gl6D9yjc2hEGokViybwne4oCHD6MIM8dZcijRMVo2q1e1VP6o/alh6iB8r4ikGsogD+jonhBZ35bOaVlV+ozRtUn2rbqf9O6Dk+nDgEJ+1lFjDh+IDxLZBXsSw3ibDl8KU5d3sPBrUwWWe0ljZC+V6re+yCKLRoYsCHVmt52Nkw8ngPKV+s6AqBZYo3Iv+LLTlKZaEGVcFlw0ksY97paNy/Yu3g5SSdsI9ta3Xj+OoMGo/zWUewcjwoMZaa44aDbXrDgLdtSY+BeS0IBgH4rU3svTOvoSf4XlGEfzye1TZ8AkpuGIfbxvPZJoTgA4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 02178a20-7c11-4f53-c8e4-08de6ee511f0 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:46.6043 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wEkDIFEg4SWt+KH62bbAflcD/MQ3jPlWSFt9d9g8GMgw8fxbo84vtI3VBKcQET/S31U2xSn962Yn/g1kUkT6M+pdqTqVZp6sDP+l/XB+3mQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=OiKrH+gd; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As a preparation to enable rootless builds, we introduce wrappers for common cases of privileged command execution. The wrappers are defined in the base class where later on the executor dispatching will be implemented as well. The wrappers are introduced throughout the whole codebase and downstream layers are also encouraged to use them to increase compatibility with upcoming API changes. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 16 ++++ meta/classes-global/base.bbclass | 30 +++++++ meta/classes-recipe/deb-dl-dir.bbclass | 4 +- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 2 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 4 +- .../image-postproc-extension.bbclass | 30 +++---- meta/classes-recipe/image.bbclass | 14 +-- .../imagetypes_container.bbclass | 26 +++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 +- meta/classes-recipe/rootfs.bbclass | 88 +++++++++---------- meta/classes-recipe/sbuild.bbclass | 10 +-- meta/classes-recipe/sdk.bbclass | 14 +-- meta/classes/sbom.bbclass | 2 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 +-- .../unittests/test_image_account_extension.py | 9 +- 17 files changed, 157 insertions(+), 114 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 0bad8a44..bc40a403 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -962,3 +962,19 @@ INSTALLER_UNATTENDED_ABORT_ENABLE = "1" # Optional: set countdown timeout in seconds (default 5) INSTALLER_UNATTENDED_ABORT_TIMEOUT = "5" ``` + +### Execution of privileged commands + +When operations require higher privileges than those available to the build user, +the following helper functions shall be used: + +**run_privileged**: Run a command as root while preserving the environment. + +**run_privileged_here**: Execute commands provided via stdin in a root shell. + +**run_in_chroot**: Run a command within a chroot environment. The first argument +specifies the rootfs path. + +Using these helpers instead of direct `sudo` invocations centralizes platform-specific +privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged +in downstream layers. diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 6c788adb..16939f64 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -384,3 +384,33 @@ python deprecation_checking() { deprecation_checking[vardepsexclude] += "MACHINE" do_unpack[prefuncs] += "deprecation_checking" + +# Helpers for privileged execution. Only the non-underscore functions +# shall be used outside of this class. + +def run_privileged_cmd(d): + cmd = 'sudo -E' + bb.debug(1, "privileged cmd: %s" % cmd) + return cmd + +RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" + +run_privileged() { + ${RUN_PRIVILEGED_CMD} "$@" +} + +run_privileged_here() { + ${RUN_PRIVILEGED_CMD} /bin/bash -s "$@" +} + +# create a directory that is suitable to be the +# parent of a rootfs +create_chroot_parent_dir() { + mkdir -p "$@" +} + +run_in_chroot() { + rootfs="$1" + shift + ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" +} diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 6675d48d..fc0cd915 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -110,7 +110,7 @@ dbg_pkgs_download() { | grep "${DISTRO_ARCH}" \ | awk '!/Binary:/ {print $1}' \ | sort -u - done | xargs -r sudo -E chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- + done | xargs -r run_in_chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- } deb_dl_dir_import() { @@ -120,7 +120,7 @@ deb_dl_dir_import() { export gid=$(id -g) # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ - sudo -Es << ' EOSUDO' + run_privileged_here << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index d8287e8d..df3dd1fd 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -161,7 +161,7 @@ def isar_export_build_settings(d): dpkg_schroot_create_configs() { schroot_create_configs - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' sbuild_fstab="${SBUILD_CONF_DIR}/fstab" fstab_isarapt="${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO} /isar-apt none rw,bind 0 0" grep -qxF "${fstab_isarapt}" ${sbuild_fstab} || echo "${fstab_isarapt}" >> ${sbuild_fstab} diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index 8bb5adeb..8d7ff092 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -129,5 +129,5 @@ dpkg_runbuild() { deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts - sudo rm -rf ${WORKDIR}/rootfs + run_privileged rm -rf ${WORKDIR}/rootfs } diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index a8a3c7ff..bd721130 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -34,7 +34,7 @@ def image_create_groups(d: "DataSmart") -> None: """ entries = (d.getVar("GROUPS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] @@ -72,7 +72,7 @@ def image_create_users(d: "DataSmart") -> None: entries = (d.getVar("USERS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 9bff36ff..f4eb3718 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,7 +29,7 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } @@ -60,7 +60,7 @@ ${@get_nopurge(d)} __EOF__ # Install configuration into image: - sudo -E -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 diff --git a/meta/classes-recipe/image-postproc-extension.bbclass b/meta/classes-recipe/image-postproc-extension.bbclass index 1aba2ec5..86db0f7b 100644 --- a/meta/classes-recipe/image-postproc-extension.bbclass +++ b/meta/classes-recipe/image-postproc-extension.bbclass @@ -17,19 +17,19 @@ update_etc_os_release() { done if [ -n "${OS_RELEASE_BUILD_ID}" ]; then - sudo sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "BUILD_ID=\"${OS_RELEASE_BUILD_ID}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT}" ]; then - sudo sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT=\"${OS_RELEASE_VARIANT}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT_VERSION}" ]; then - sudo sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT_VERSION=\"${OS_RELEASE_VARIANT_VERSION}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi } @@ -37,11 +37,11 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_configure" image_postprocess_configure() { # Configure root filesystem if [ -n "${DISTRO_CONFIG_SCRIPT}" ]; then - sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" + run_privileged install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" TARGET_DISTRO_CONFIG_SCRIPT="$(basename ${DISTRO_CONFIG_SCRIPT})" - sudo chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ + run_in_chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ "${MACHINE_SERIAL}" "${BAUDRATE_TTY}" - sudo rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" + run_privileged rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" fi } @@ -58,13 +58,13 @@ image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( run_in_chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" fi - echo "$MACHINE_ID" | sudo chroot ${IMAGE_ROOTFS} tee /etc/machine-id - sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' + echo "$MACHINE_ID" | run_in_chroot ${IMAGE_ROOTFS} tee /etc/machine-id + run_privileged rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen" @@ -82,13 +82,13 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_disable_systemd_firstboot" image_postprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_VERSION=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${source:Upstream-Version}' \ --show systemd || echo "0" ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then - sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot - if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ + run_in_chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot + if ! cmd_output=$(run_in_chroot '${ROOTFSDIR}' systemd-firstboot \ --prompt --welcome=false /dev/null); then bbwarn "Your image is not configured completely according to systemd-firstboot." bbwarn "It prompted: \"${cmd_output}\"" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index afe6906e..ca449ec5 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -363,7 +363,7 @@ get_build_id() { ROOTFS_CONFIGURE_COMMAND += "image_configure_fstab" image_configure_fstab[weight] = "2" image_configure_fstab() { - sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF + run_privileged tee '${IMAGE_ROOTFS}/etc/fstab' << EOF # Begin /etc/fstab proc /proc proc nosuid,noexec,nodev 0 0 sysfs /sys sysfs nosuid,noexec,nodev 0 0 @@ -391,7 +391,7 @@ do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - sudo cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" + run_privileged cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" fi for file in ${DTB_FILES}; do @@ -447,7 +447,7 @@ def apt_list_files(d): IMAGE_LISTS = "${@ ' '.join(apt_list_files(d)) }" do_rootfs_finalize() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e if [ -e "${ROOTFSDIR}/chroot-setup.sh" ]; then @@ -473,14 +473,14 @@ EOSUDO # Sometimes qemu-user-static generates coredumps in chroot, move them # to work temporary directory and inform user about it. - for f in $(sudo find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do - sudo mv "${f}" "${WORKDIR}/temp/" + for f in $(run_privileged find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do + run_privileged mv "${f}" "${WORKDIR}/temp/" bbwarn "found core dump in rootfs, check it in ${WORKDIR}/temp/${f##*/}" done # Set same time-stamps to the newly generated file/folders in the # rootfs image for the purpose of reproducible builds. - sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + run_privileged find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' } do_rootfs_finalize[network] = "${TASK_USE_SUDO}" @@ -517,7 +517,7 @@ do_rootfs_quality_check() { ;; esac done - found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) + found=$( run_privileged find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) if [ -n "$found" ]; then bbwarn "Files changed after package install. The following files seem" bbwarn "to have changed where they probably should not have." diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index ea15decf..b6cc4a14 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -37,38 +37,38 @@ do_containerize() { # prepare OCI container image skeleton bbdebug 1 "prepare OCI container image skeleton" - sudo rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" - sudo umoci init --layout "${oci_img_dir}" - sudo umoci new --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" + run_privileged umoci init --layout "${oci_img_dir}" + run_privileged umoci new --image "${oci_img_dir}:${empty_tag}" if [ -n "${cmd}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.cmd="${cmd}" fi if [ -n "${entrypoint}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.entrypoint="${entrypoint}" fi if [ -n "${path}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.env="PATH=${path}" fi - sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci unpack --image "${oci_img_dir}:${empty_tag}" \ "${oci_img_dir}_unpacked" # add root filesystem as the flesh of the skeleton - sudo cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + run_privileged cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" # clean-up temporary files - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + run_privileged find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete # pack container image bbdebug 1 "pack container image" - sudo umoci repack --image "${oci_img_dir}:${tag}" \ + run_privileged umoci repack --image "${oci_img_dir}:${tag}" \ "${oci_img_dir}_unpacked" - sudo umoci remove --image "${oci_img_dir}:${empty_tag}" - sudo rm -rf "${oci_img_dir}_unpacked" + run_privileged umoci remove --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 6b82add3..63974a3e 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,8 @@ generate_wic_image() { fi EOIMAGER - sudo chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - sudo chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 629dc666..b64a5bde 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -136,7 +136,7 @@ rootfs_cmd() { rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ ( mount -o bind,private /dev '${ROOTFSDIR}/dev' && @@ -182,7 +182,7 @@ EOSUDO } rootfs_do_umounts() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e if mountpoint -q '${ROOTFSDIR}/isar-apt'; then umount '${ROOTFSDIR}/isar-apt' @@ -225,7 +225,7 @@ rootfs_do_qemu() { if [ '${@repr(d.getVar('ROOTFS_ARCH') == d.getVar('HOST_ARCH'))}' = 'False' ] then test -e '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' || \ - sudo cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' + run_privileged cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' fi } @@ -240,16 +240,16 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - sudo tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" # setup chroot - sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" + run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" } ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_isar_apt" rootfs_configure_isar_apt[weight] = "2" rootfs_configure_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/sources.list.d' @@ -270,7 +270,7 @@ EOSUDO ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_apt" rootfs_configure_apt[weight] = "2" rootfs_configure_apt() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' @@ -293,7 +293,7 @@ ROOTFS_CONFIGURE_COMMAND += "rootfs_disable_initrd_generation" rootfs_disable_initrd_generation[weight] = "1" rootfs_disable_initrd_generation() { # fully disable initrd generation - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e mkdir -p "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -310,7 +310,7 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ -o Dir::Etc::SourceParts="-" \ -o APT::Get::List-Cleanup="0" @@ -322,9 +322,9 @@ rootfs_install_resolvconf() { if [ "${@repr(bb.utils.to_boolean(d.getVar('BB_NO_NETWORK')))}" != "True" ] then if [ -L "${ROOTFSDIR}/etc/resolv.conf" ]; then - sudo unlink "${ROOTFSDIR}/etc/resolv.conf" + run_privileged unlink "${ROOTFSDIR}/etc/resolv.conf" fi - sudo cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + run_privileged cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' fi } @@ -358,7 +358,7 @@ rootfs_export_package_cache() { ROOTFS_INSTALL_COMMAND += "${@ 'rootfs_install_clean_files' if (d.getVar('ROOTFS_CLEAN_FILES') or '').strip() else ''}" rootfs_install_clean_files[weight] = "2" rootfs_install_clean_files() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' for clean_file in ${ROOTFS_CLEAN_FILES}; do rm -f "${ROOTFSDIR}/$clean_file" done @@ -370,14 +370,14 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - sudo -E chroot "${ROOTFSDIR}" \ + run_in_chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" rootfs_restore_initrd_tooling[weight] = "1" rootfs_restore_initrd_tooling() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar-stubs" rm -rf "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -386,8 +386,8 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-initrd', '', 'rootfs_clear_initrd_symlinks', d)}" rootfs_clear_initrd_symlinks() { - sudo rm -f ${ROOTFSDIR}/initrd.img - sudo rm -f ${ROOTFSDIR}/initrd.img.old + run_privileged rm -f ${ROOTFSDIR}/initrd.img + run_privileged rm -f ${ROOTFSDIR}/initrd.img.old } do_rootfs_install[root_cleandirs] = "${ROOTFSDIR}" @@ -437,21 +437,21 @@ do_cache_deb_src[network] = "${TASK_USE_SUDO}" do_cache_deb_src() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: ISAR updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} debsrc_download ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -459,21 +459,21 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('BASE_REPO_FEATURES', 'cache cache_dbg_pkgs() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: ISAR updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} dbg_pkgs_download ${ROOTFSDIR} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -482,17 +482,17 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get clean - sudo rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* + run_privileged rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* # remove apt-cache folder itself (required in case rootfs is provided by sstate cache) - sudo rm -rf "${ROOTFSDIR}/var/cache/apt/archives" + run_privileged rm -rf "${ROOTFSDIR}/var/cache/apt/archives" } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-log-files', 'rootfs_postprocess_clean_log_files', '', d)}" rootfs_postprocess_clean_log_files() { # Delete log files that are not owned by packages - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/find /var/log/ -type f \ -exec sh -c '! dpkg -S {} > /dev/null 2>&1' ';' \ -exec rm -f {} ';' @@ -501,32 +501,32 @@ rootfs_postprocess_clean_log_files() { ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-debconf-cache', 'rootfs_postprocess_clean_debconf_cache', '', d)}" rootfs_postprocess_clean_debconf_cache() { # Delete debconf cache files - sudo rm -rf "${ROOTFSDIR}/var/cache/debconf/"* + run_privileged rm -rf "${ROOTFSDIR}/var/cache/debconf/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-pycache', 'rootfs_postprocess_clean_pycache', '', d)}" rootfs_postprocess_clean_pycache() { - sudo find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print - sudo find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_ldconfig_cache" rootfs_postprocess_clean_ldconfig_cache() { # the ldconfig aux-cache is not portable and breaks reproducability # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034#49 - sudo rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache + run_privileged rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_tmp" rootfs_postprocess_clean_tmp() { # /tmp is by definition non persistent across boots - sudo rm -rf "${ROOTFSDIR}/tmp/"* + run_privileged rm -rf "${ROOTFSDIR}/tmp/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" rootfs_generate_manifest () { mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} - sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ dpkg-query -W -f \ '${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' > \ '${ROOTFS_MANIFEST_DEPLOY_DIR}'/'${ROOTFS_PACKAGE_SUFFIX}'.manifest @@ -542,7 +542,7 @@ rootfs_export_dpkg_status() { ROOTFS_POSTPROCESS_COMMAND += "rootfs_cleanup_isar_apt" rootfs_cleanup_isar_apt[weight] = "2" rootfs_cleanup_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/isar-apt.list" rm -f "${ROOTFSDIR}/etc/apt/preferences.d/isar-apt" @@ -553,7 +553,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@'rootfs_cleanup_base_apt' if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else ''}" rootfs_cleanup_base_apt[weight] = "2" rootfs_cleanup_base_apt() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/"*base-apt.list EOSUDO @@ -561,12 +561,12 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'populate-systemd-preset', 'image_postprocess_populate_systemd_preset', '', d)}" image_postprocess_populate_systemd_preset() { - SYSTEMD_INSTALLED=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_INSTALLED=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${db:Status-Status}' \ --show systemd || echo "" ) if (test "$SYSTEMD_INSTALLED" = "installed"); then - sudo chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" + run_in_chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" fi } @@ -626,7 +626,7 @@ rootfs_generate_initramfs() { mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - sudo -E chroot "${ROOTFSDIR}" sh -ec ' \ + run_in_chroot "${ROOTFSDIR}" sh -ec ' \ ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ ' @@ -663,11 +663,11 @@ rootfs_install_sstate_prepare() { # tar --one-file-system will cross bind-mounts to the same filesystem, # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs - sudo mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro + run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro lopts="--one-file-system --exclude=var/cache/apt/archives" - sudo tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - sudo umount ${WORKDIR}/mnt/rootfs - sudo chown $(id -u):$(id -g) rootfs.tar + run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs + run_privileged umount ${WORKDIR}/mnt/rootfs + run_privileged chown $(id -u):$(id -g) rootfs.tar } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -676,7 +676,7 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - sudo tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index 1ab72aad..f0757891 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -20,7 +20,7 @@ SCHROOT_LOCKFILE = "/tmp/schroot.lock" schroot_create_configs() { mkdir -p "${TMPDIR}/schroot-overlay" echo "Creating ${SCHROOT_CONF_FILE}" - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e cat << EOF > "${SCHROOT_CONF_FILE}" @@ -59,7 +59,7 @@ EOSUDO schroot_delete_configs() { (flock -x 9 set -e - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e if [ -d "${SBUILD_CONF_DIR}" ]; then echo "Removing ${SBUILD_CONF_DIR}" @@ -101,7 +101,7 @@ sbuild_export() { } insert_mounts() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -112,7 +112,7 @@ EOSUDO } remove_mounts() { - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -123,7 +123,7 @@ EOSUDO schroot_configure_ccache() { mkdir -p "${CCACHE_DIR}" - sudo -s <<'EOSUDO' + run_privileged_here <<'EOSUDO' set -e sbuild_fstab="${SBUILD_CONF_DIR}/fstab" diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 17b56bcf..074f5ef8 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -69,12 +69,12 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "${@'rootfs_cleanup_isar_apt' if bb.utils.to ROOTFS_CONFIGURE_COMMAND:append:class-sdk = " ${@'rootfs_configure_isar_apt_dir' if bb.utils.to_boolean(d.getVar('SDK_INCLUDE_ISAR_APT')) else ''}" rootfs_configure_isar_apt_dir() { # Copy isar-apt instead of mounting: - sudo cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt + run_privileged cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt } ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - sudo chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" @@ -83,7 +83,7 @@ sdkchroot_finalize() { rootfs_do_umounts # Remove setup scripts - sudo rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh + run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh # Make all links relative for link in $(find ${ROOTFSDIR}/ -type l); do @@ -95,16 +95,16 @@ sdkchroot_finalize() { new_target=$(realpath --no-symlinks -m --relative-to=$basedir ${ROOTFSDIR}${target}) # remove first to allow rewriting directory links - sudo rm $link - sudo ln -s $new_target $link + run_privileged rm $link + run_privileged ln -s $new_target $link fi done # Set up sysroot wrapper for tool_pattern in "gcc-[0-9]*" "g++-[0-9]*" "cpp-[0-9]*" "ld.bfd" "ld.gold"; do for tool in $(find ${ROOTFSDIR}/usr/bin -type f -name "*-linux-gnu*-${tool_pattern}"); do - sudo mv "${tool}" "${tool}.bin" - sudo ln -sf gcc-sysroot-wrapper.sh ${tool} + run_privileged mv "${tool}" "${tool}.bin" + run_privileged ln -sf gcc-sysroot-wrapper.sh ${tool} done done } diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index a16f6ea0..e3d0e702 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -41,7 +41,7 @@ def sbom_doc_uuid(d): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) generate_sbom() { - sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index d5bbae70..f420c3c1 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -204,19 +204,19 @@ do_bootstrap() { trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ && rm "${WORKDIR}/mmtmpdir"; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && sudo umount $tmpdir/$base_apt_tmp; \ + && run_privileged umount $tmpdir/$base_apt_tmp; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && sudo umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && sudo rm -rf --one-file-system $tmpdir; \ + && run_privileged umount $tmpdir/base-apt; \ + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && sudo umount $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -248,7 +248,7 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - sudo rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/testsuite/unittests/test_image_account_extension.py b/testsuite/unittests/test_image_account_extension.py index 97d221fd..e2ff4a5a 100644 --- a/testsuite/unittests/test_image_account_extension.py +++ b/testsuite/unittests/test_image_account_extension.py @@ -54,9 +54,8 @@ class TestImageAccountExtensionImageCreateUsers( image_create_users(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/useradd', @@ -136,9 +135,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupadd', @@ -164,9 +162,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupmod', From patchwork Wed Feb 18 11:58:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4867 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:01 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f57.google.com (mail-pj1-f57.google.com [209.85.216.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBww27023231 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:58:59 +0100 Received: by mail-pj1-f57.google.com with SMTP id 98e67ed59e1d1-35842aa350fsf17918267a91.0 for ; Wed, 18 Feb 2026 03:58:59 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415932; cv=pass; d=google.com; s=arc-20240605; b=hTzK5pF5kUXJbpduSgkf89sRH1o/asxmbM07c6Mpjh4FIVdDiJqayKDgCPPqCSRCDI WPhfAf3hiz4ljkQbpwbDuwKAtnmboAl5jqyu+vSH08/l4ig3I6q9IH+PJs1MELsFm1t5 Ouk2uRP9dwDLru3ckMb5GnVbTX/Nj37yWaY1tfSF7//0sDjKRdcLJRXeg+TOCM0Feiso SQgd67GOVyfk09kgHqGGL4WtD/KmUEujxwn7HNKg9f1RTOz6InhXwqELS0OHcbkfpyYy DfajjhNR9RZUmkVP9y43rGmlAzcKJb6vX84Qdzo89uIt4gpyl4c5ll0HWCGmYEKfcnn7 voag== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=5y3MVuUashS7b9ecUJ9X44Igss+Rk8F9LEosKJQ9WlY=; fh=08pOFLOVz0/HXdJMY4KlB03Lsatnh5JOmgVuRDiEzSs=; b=YHESrso0yBpzCumzCXnxegT6YgoWV/6T61u2BXO4hp03l892nhxhMVYlhj0Sg5darp bhICiFp0i9ozUS5cqrvHqhovMJQsn8lTY2KAQRShVSkaPtZSAt6ICHB0NI0SQam70F7U hY/YuQwHnSwJ8NItTNjpNpYd01ofNm0s/PrP9oIxwYgw1w2sRTHMlg74Am7+johjRHMM y6FEpK3e4j1v4T5mMgiczOQhoBx7WjvWT3fOry1rgasHqTJFUPKeLExPDpZwGcK8l0bU sVW3oGHyKVmRYHRcckBhaCxikzED4PCTL7vSSQ9jLia4ljXyOntEmnugcqx9B7YK1iBv j/Bw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=V0eN3EUs; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415932; x=1772020732; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=5y3MVuUashS7b9ecUJ9X44Igss+Rk8F9LEosKJQ9WlY=; b=ONtLHZM4t+Fhndo1pf9Z4wUnOBx2MU2EjlrgIC60tr5vriUMj5rUqvdO2AwLC0PM5V cR/3GIvmP+NtwMCTcX46tXWOojIq6QEprTLN+4iwhqRjB8wSt6cb06NwvYy8gwsgqbaX WvJonEMpneBEXVtd29b4063r6IxZCsKxU/LilctNGqLtWV6YxZsONpAhNs6vJf31JbmG BvU/tFGXZ3lNadiguRshxRl+QIZLweOtuTHzFmC/R5HE8NQrNph/dT8uUtQqkri1wwEj EVl82TAg3kIJx0Go81P5/zE2dnKsGzTM2gquFkA4mzPY35Fe5/D4Pbfq3H7fHoJ6UOt5 LQhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415932; x=1772020732; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5y3MVuUashS7b9ecUJ9X44Igss+Rk8F9LEosKJQ9WlY=; b=wykCX6QoHurpfyRWg6ChaIvEQTe1U/uGxMT8Hna/RFO8KE+Y/eKbKsYOlLL3dHaSB7 sNgw9zyM3Xslx4JOp1ABy9vS8anpvW2BidO5rneLnDatZMs2A5nYnbxiOMqauN3GBh9U Rt18o8bAHcuaDdGtiG43fCO1owCDbL2006XFlbX8/zW1gYFWukI3XQIcNTkMty1YzPFT mokO5qPAXJW8jkAol9AHCoIuklE46VFNFkItZHpr9Ju/M/GPbOXXM2wFiUSPY6L7F54A OnwI59RG9q587okg2+QQZc2tsCLei+IZ5hXxVbsxY6R+0YPMIutXTmVniUGyr/tv7LgS 7Ngg== X-Forwarded-Encrypted: i=3; AJvYcCUTOOmw5oxH5MDUKCQ30g/xj0R8zcuXa5t2ZbxANvohio+cN/O5ksQ4UZKGQTdjGWGWttient0=@isar-build.org X-Gm-Message-State: AOJu0Yyv65nFfGaLyncJpTG/jUIngfd1IZbYPE76UCZt/HVxGqyh63la j/RI70Qj0TtwxLNdklaO2/uXrxSToVJUnq+g4vTrxQm5WkfRUtDFv2P1 X-Received: by 2002:a17:90b:1c92:b0:354:9b26:cdf7 with SMTP id 98e67ed59e1d1-356a7899d54mr16089758a91.14.1771415932272; Wed, 18 Feb 2026 03:58:52 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+FAbYWE05jDg4Jc9zfq/tYEkZ3LlcuIF51/SA8ltldVfQ==" Received: by 2002:a17:90a:d192:b0:356:27ac:43e0 with SMTP id 98e67ed59e1d1-35693b55a99ls5799621a91.2.-pod-prod-03-us; Wed, 18 Feb 2026 03:58:51 -0800 (PST) X-Received: by 2002:a05:6a21:339f:b0:394:61f3:df44 with SMTP id adf61e73a8af0-394672cad98mr18737559637.46.1771415930746; Wed, 18 Feb 2026 03:58:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415930; cv=pass; d=google.com; s=arc-20240605; b=Qj1kex/TCUnlTQk1TrZxXoSVOOqYjtft5HmRmXpAumlwyb8anvrgO9yOFQ4wWfhqsX 4jR4fF2g2cOPES/rw7tmYDkhc/OpRzZOgrcYTCsI8gue5LP6IhgJdzjuRSMogtDH8FtP LXG8E1z9SbzMLuIo1VYcyhOdtkqa/zWJ407JefMI2Pth6ZEyoWvYvxujRhh8bBMlnzKG kRi+bjBPtl08F/IaVwzozPulBUXSAUnOsLt+X7vKw04WPBRfOIveWopAM3t3Af0muut5 Fhc+lbDAfOjKgmTpSSzPq6w7yRFHgUMbiJr38HaP+mAsPkPA8tOASPef2xVl2SJgZZHC 914A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=p8zkt9gfK47xY42Xq0CGZRT3R2alKaA4hRK5mwLRalo=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=DgczqbkYPsvXtk55g+lX1jvFUFLagAMWng8YG84go9Jv7kXYjECfJDK2dwG6ELkZpw jT/Wqlrr1R9eWELf7LC2cxoO1rq1qtNWKEuF7bPsz0wBtgqN/r91wkmOV5eIVc6gRq4A Xj8oEj29+IFFrlk/AA5CYdnxVgdk80AUMlDxyHyK7zgS5PdA0HFtdpNP2ulGXW3kkJpu Pj9qbTsyzvm44vpVcNhlYQ5pv3kfhd4031huOMBj3KaJlk1tlkklneRdSFNTX0xprwGi +kjgCgDgzExjTzQLzM5HAcZ5ZGBGMpjgTMpoZCP/EVDrHAT4qGBZATBlBxEo3BlWjDfV saHw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=V0eN3EUs; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-824c6b0b623si654995b3a.3.2026.02.18.03.58.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:50 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MQGci2famFx7Jf0xZudw8qoM6YU9m8dbriFZvjoc4NikOrIMbyRsmCggMSGmRMOMAE0Mcdt7fMj863HEhO4k7cDP5cV0Ft2Wg3IJUBXeuI47/tXRyLWI78j3iDBlbEdjN1GSSL2ToSrrqAW1onH8mqlfxPALbkf/nnqRMJYRVpBRg0+s6AFWeQY2o59/cRlQplHNQx+8YkfiE2L5OJgWfR0O7ZbIAxIwVPfetAPraVEHVU/5dPLOPgS/ydCgnAx7e5aSltd+KTScSWtzhxuk+EzCn2Ka1ApoUXdn1HgzTdbl+q2IXsoANH2CJpkIHeudDfEIxPUlc1aHWXuMY7EEaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p8zkt9gfK47xY42Xq0CGZRT3R2alKaA4hRK5mwLRalo=; b=SMBn6wWM7cIPOFE9U0yZs8PXOwC8L9nEHU08GZAzBIJ6sOdtNh0ozYo/hnu1PkOZaKWRHAcG+5assHhjmwybUOCiuXL/WIoj/vAlryc5qmXEixahB0qwUfaco8wpFwzRBv5fI+sV/RnQSINIF6+K0XbJDklKWDOU0XfYfmPPVQDZRGWm+5T8wSqzsaFP+cCeT2D/BQ5BoTSjLD7s1brwuRPKZnt2gwdw/i2oxKthOIzfqH4w1cSHMQ9gzzGiIQhIXLkCjUerpmRkC/S0qCYffLd6s1q7Jko/2cX6DNh50tHJRiK0VuChTvzhBBnf99s1aFOs4F4loQsQjsZhmYkOPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:48 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:48 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 05/12] bootstrap: move cleanup trap to function Date: Wed, 18 Feb 2026 12:58:20 +0100 Message-ID: <20260218115827.3947145-6-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 5ea0fd89-915e-4e53-b5ab-08de6ee51314 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: cWE9fxH0ArNmPzeCdHTFdx1F8jTZs05D8n5EBnJW2b5LqeQaaVYuLv9AF33pZAskAocSQl0JFGVee02013Enx1G9AWYOrYvBTcOnlIZPLayKyfF8wmQ3cA7qcbagcAMHcFP9gXAPTfWyjHeKkLR4092Y3JarZLuxktYszYSHp3x40DabamvykGnOxRRVxJnanul7T18O832Jnp/ji7hu0mNyb/x9HAumCHbpoM/6YSxq3OR3g+E4CNazgmjR6sJf+DH0cFZClLjdfoW4qzxGJl8nBK1iK0U4217LnwOhqrWJ2KGO2+qB76VOc1PybU5mXiuc6H/MNg6VdUiBEuLCXktEzuM7Nf6y4g9eaJWMEvE5O9lxEHb0UeNT4lmrzC9veLznSxLEcAiTkS4R8tGefU64tKgGY/vqqdYP+a0sg4ZpYGPgjCDY2g5XzGzG1XcFukfkImLdbiNoK8D1kyEBvAZoLYnYkXp/GQa0B4YcMLSuQBLmI4r6hHLcYuXg5QSoQFvrSqRhBUED1K34l0SW3/kQVOlE46b8a/iWFgKDytIwn/0A2Qsl4HM/gVgCBi5yIdcRnLCgBHosFm7Qb/hlCrEi7eE13PzL5lCs0dlte//4ahAlQFyFXppkXVk/PojV1LDoGo8hAlbBz/hoCfpx4uN8CJ2YbOYqgVQXBAkTSUT9rER87yYZPgTu7HjJl9kogQjQPtT89L2m+v+sft57k7w5ZKd/owfGKmYvlAbukJGsiqxnCoVyDPw+FemISTiSKLfRSzwnjbb8lLAfH6KohcihoIXqSjfFwptcHtNFIcks2eOFpkSb4d2DXYvrY1zZ1yOCFwuJrqoYnDaTn+FDQX9DSpf3DZN3QHjnOOstNM/dTU7UWUxh/+TSZuj1h1HOMnyqQfwYJ378in+dkoqh7wtuodyELsWL/ELK4lvmV30OzPwRjoPeZa50z2pkI6qI5tph+CqvNjo28SwMVzFRJ2KV2djx/Hs4KF3FC7DYw/JmOrCi6dHrYAdv2k7tWvF/qFubanD6eEJSAUAmbiVDSwnmKPqJ3RC/csZWuKhqGPquij+PE6kjswdoXWZHRchHAr5lxYJl4LRpufJncCHTHH7kEXPj9uLPLPDs7nZYROp1ylVzd+ZS9tjl7S/i8z/hlcY4zxgFr4whwdJKD6T8+5XesIbC24E8WlNi4ZoMfaFv8uD56J7NuTLEcwGVH3Q9/D7OXe3V7z2VtinfJJie0lkUmW9PW0hXfBGpFYGVQt81RAWDDdeScamd5nXCbYTjQoFFft+uiOw7nhqJVFPz4pmJ2h0QmMEEOa2DM1bW5InrhrF8c+2AIlPikmmqjVC/+OJQpodmI6qtLw1IRV6ChbJt9zDs79hczDUtX6gZMgZ8ev3HQs9Odk/AGAC9iJlS3e6U0gB0QBT57LnX6yohFvAwwh7YgvoxP60DoDXuSNKioivyPf1pMrSvwsSZX4tIWWLI4Zfr7pOoLedqzVWqbQ9xkhwnRn0R0nwnRRNZlb2PSWj8594qohf/QqSXvZadQYH2BVAKaBjM2uS9ms/Rbt+2wPuDwhbgFkT2Mo4E0rQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: aBA7i/FLsG2BvZJ0Ng5hxQfZhvbrza11hcQzmfzGnSc0NlfSbkZuRfBBhf/8vrhYhejrC4JdcPpcgcgGDUBHSjFOzlgX1w1PNGJhn9vswC/ykVnYRYLyVVdczhomEja5ntLr2CPnrd8PF19tzv8gp4FicWfQu17BiJ5jkMlsZjkdX6Jff0YlPPeoIGdxOpZ7n8YmqHQwn60U9lJNLXriVCzuHdypsAKrRqEiovxRnKcxga+6ccHNYMrdXrO3rpHg7If3974fmfoRL5HGJZIqNEWRyhP/JGDCD3dHaz0EHrtuCU/RT6L9+bvmYSMloWdbPU4zhmkI7fbicnP+QIBp5tn87lqusmOSdEnIF01ybZg7yGapZjuaYGH3xLPeEHNroItiHqPzk5D+yMNx9IJV/anVsiIth3OeQHcgDhm57zjsxP4TkkLOpqEPa/N7zDKSWFnXrIK1fgHtZJR1l1crVRoSucBXoAP1g6VqNu/tlT4j0IEMgmubr9K+SoT6u+hu8qrUOwGG41EY3HkZOrrt8B+gPxbE5427w0b5hsDDPOb4KXzUXLI7Lz38q7qS3X+/7V2FNSHMNHmkyciCS4vcAzDdLtUHZsW7oej5KBY8H4JYK8n+yCoyU1nFL7tYlz8EkKCs8c4pow3HfNpYEDPnJVMpnkUpDZ6Yg82hThmhORtiBZ8aehVKCwFOQX0TNC6sGrkoHrffSL+eKW6ratz2fmh7/0viTX7sEvF5IPdcqzfTqCZmQ5TZElDnsQAo20PWv9i8p/Cov2sLfDwx9y/IuHYX7spAJwcccIB9tqxrryKzXp5436AhK2XdxmvRjZljtL0kLoI4Gn3TGzqxb1CvoOJSdk299Ib3BH4mdSbR4WmZ2XXo0iUUHFS2r+uF0XIwqfJOpoXgZDTVjQYbmQvUKFjKWbG7kfVSXdy148b0dkiJoUfm3dUrfe9BLYgqfCRyEHtJ5qLqCcfg34eJdMkj3CZtqbilJ1xxjhtX38osLN29ye3diJWmCQtpowN6x8PxPk1VW36UZoluDD1H55N0rPBUcqn6+aTCjzg49xhsTHSujovkPQbkkWAeAcaqUTVEUpnbjLI/Uj1MCb3wrWSftWBHAMkwr0BIQrz0zjzBGgPyXA9I3x+y965XhnXkymsXgVYnDzuzqAqwFV4IHn/Zw9qGI5ke54M3/smI2E6NShxnuEvbgn5JT7t0wDz2eq6RsLpN0CRvWv/clUVMnIury1DWCkxhrD0DBaQiiSov6zBwaiUh8DpD4q5pdRfQBnLQcVc9lImRgucPZeYVGzbWX0v6pi6+CUF7wUUxzirIhsgwNXnc65jcY9T1WlW6tK5/RDl2enpMh+SpXTsdEJy4iHCTG1DbvfE6Z7p2kbHC8tt4lvzdTv/Zut0vM9ipRRyLx4kDTNC342zvwEVizi/mm9I/2o/j8q/l9c1OzClUqRT3PxZNlc/p54V+FXHjBvgq9sWq6gwY7cLhrRBVNDZpiQHNL7oANr2wZyj08zpnc++dQkCbcw42clihuEZJotOTfcV8K5BAeL8PT29268ISmqVI1vAMYItMaiIfriMwiumbVKNMzjRuKn+KDpo9MzeSLGraKWREeE7shDlKHFE91iqDysj8DEl6S+xi1yLF8e+8Z4BUb/nzy2too+ceJ6Pj6OZKQG6LiF9Z7cL+gd7B1BQor8xxmMgLna3p1IKUpXi9aNEoDs2hHCrSne2DsXJP899i7gVKn6qe6kyWFq0fnCcWoF7RRThv7DKJRgU6azo= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5ea0fd89-915e-4e53-b5ab-08de6ee51314 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:48.2437 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tAFkgTkLczD/UHN1eyeZmSsUTDusJcBhe5BKCgQrusXY4F1SFi2XK874/Gyl/LJ0txi6Hdfm2a5/OCM+KlUbceurIplNjySQb6ESoeW66S4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=V0eN3EUs; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By that, we can make the trap more easily conditional. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index f420c3c1..8ca295b7 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -105,6 +105,19 @@ def get_apt_auth_opts(d): f"--setup-hook='upload \"{workdir}/apt-auth\" /etc/apt/auth.conf.d/isar.conf'" return '' +bootstrap_cleanup() { + [ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ + && rm "${WORKDIR}/mmtmpdir" + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ + && run_privileged umount $tmpdir/$base_apt_tmp + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ + && run_privileged umount $tmpdir/base-apt + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir + [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ + && rm -rf --one-file-system $base_apt_tmp +} + do_bootstrap[vardeps] += " \ DISTRO_APT_PREMIRRORS \ ISAR_ENABLE_COMPAT_ARCH \ @@ -201,16 +214,7 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ - && rm "${WORKDIR}/mmtmpdir"; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && run_privileged umount $tmpdir/$base_apt_tmp; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && run_privileged umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ - [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && run_privileged umount $base_apt_tmp \ - && rm -rf --one-file-system $base_apt_tmp' EXIT + trap 'bootstrap_cleanup' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} From patchwork Wed Feb 18 11:58:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4869 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:02 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f58.google.com (mail-oo1-f58.google.com [209.85.161.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBwxqs023286 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:00 +0100 Received: by mail-oo1-f58.google.com with SMTP id 006d021491bc7-6798921eff4sf34761684eaf.1 for ; Wed, 18 Feb 2026 03:59:00 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415934; cv=pass; d=google.com; s=arc-20240605; b=K2WE1gOC3lW9ua6/EsTD1/tC0X6aIL/XM1jQ9pjHYvCBQQM4fEquXTIjWIo1IdDro9 KoL91H/nQuDeG/BrGtKORAf9h5tY1U7ZAYubAdl1g/3bQpiQVQS3oMjADrjJhEplG0FX vFYgCtvVv2Yt/IwrplhlxbSm4M3oEvbgpOC1X4dN1aLUBbi5eQyWcomSw28eJ5qy9B79 mtJhVkS10boWdo8wFu3B+0HZWDn0liTZ5DqEVIYNNfYDmihRDJpS1sajF0NtOz/AjW/q Y82XKQXY1res+8OkaYLd1iyWBkfwhkCe+woFTKiPFgZtEKkw3IXVum3aqXtjqsu0Bluq if8Q== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=1CpxPF1GIoVwv2DnFdjEd9YbEQkto8J9rVOg1LJqN/I=; fh=oSdBlfCvDFAeS2Y5A1AOZTzZO4roPFWf36cFrSKS0uU=; b=i9rWV5HpdfgZvYW9VzFfi5DgIAdbx3AUeqzeTPT634bJWoh2uNP8OoF9sLwHHqQHeI XxO9XKEh15FCPERK/p72mmTGJfg0QXgvQQGqdmyUWktvXphvGlOGx1abXBxlTWXiHiHe jRxXndJ7ZUQ9gB5CH3MUGM6p7/q6lGgkBzjLDplwgLOGL5CK0N7AExQIS9Ufl0Ewsnwa 59mPFeo7uVC+4osA/4V9HbiMHcGrLZoZUKWuNG2atadd+mEdtWgK6Cx5JKEL/gtG9kT7 DTY7HlPC0xTt4vPypUvfvfzlFz3/ymXCweed1II/Z86+KRe6Da0x8jgExNw1ZD5AY5rn rn+A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="s/hYzEKB"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415934; x=1772020734; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=1CpxPF1GIoVwv2DnFdjEd9YbEQkto8J9rVOg1LJqN/I=; b=UIAPXxWtv/K85c7sHTM6iC+lVX4u4bJW2DV5baNs6fMUueh303h6RTtP9t2R8coc7a q5t5kQ0N9gsBKMoDMhi0EUYGpKYKBOyjaNcA0LAR/hoGNGIg57YJtJ0hITXFG+DpWZA0 7i1GOCjpxJ/w9zFBfGxEDHSZYceZUDSVPVG/gbuFwtLyWKPqH0QjMCoU/gOxaX6sslQT WF1wznf26lvdKm2z1LA9mOU9R/l7PZ5rSF5hKOR6Mj/cc7QzTRCH7JavpZmgUmRTGk1a 7QwcVa4FeR6cs8VfIYscCPLIh9DpA5L02pTfE0Nb3+WtXT+yiabPEHdzEKaJynp57cBR jeXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415934; x=1772020734; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1CpxPF1GIoVwv2DnFdjEd9YbEQkto8J9rVOg1LJqN/I=; b=hKfU2z1nZnXKL/Ym3W10s/agbCFnJF4PiDqKYhJfhwfWtC+w+Az0m0XR9Sh4TIcixp N04+i9HqL09NENpyRXVD7ksTtLBZymLijfOqnNY34QfpqD0cw6UA90aMGasjTA6K88m6 tzgJBeQ5z1iNSS/+7KVqaNCTLcUu+/2ypCqaFFw4My6Sm6t6i+aFKRa7JTMSBCB5jgEU wNDM0CosgMC0zM17IYp5EzGgK2sK4TE0OPIcHlJDV7Kb3q1PRBC03keV5ExzXG2qwt8v 3890uqnuoUtwoyvjYgB5lb3FJqThalsjjcMPUzGwdzaDEbIJOK7b3/r7QXyfBJnWP9du GLWQ== X-Forwarded-Encrypted: i=3; AJvYcCUzH6MMu/ijeGyj8sdTTiJrXsBVge+joEUW6mRSgXnN87qsFa8ATOFBXHB+ijn9yZmzlVLSjaM=@isar-build.org X-Gm-Message-State: AOJu0YwXbni+ywfTUvNKZEl/HaQtj7esxy//ZMWwGP47suW2Yx2a+bDF SlHt5pKLLDBQhtDaQzKDKYHTv3sDgPt4SBXd/m/Mx1YgsfXq7dmwotJK X-Received: by 2002:a05:6820:80c9:b0:662:c263:c9b4 with SMTP id 006d021491bc7-67858fea633mr6468692eaf.9.1771415933746; Wed, 18 Feb 2026 03:58:53 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+ENHpEdI4qWyAYh3K6gbe6FjYNkWSO0uAdxTdR5gRXDQg==" Received: by 2002:a05:6820:22a7:b0:679:9366:92ef with SMTP id 006d021491bc7-6799366940bls1732210eaf.0.-pod-prod-05-us; Wed, 18 Feb 2026 03:58:52 -0800 (PST) X-Received: by 2002:a05:6830:82de:b0:7cf:d0f4:125c with SMTP id 46e09a7af769-7d4d0a993bemr9962516a34.8.1771415932491; Wed, 18 Feb 2026 03:58:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415932; cv=pass; d=google.com; s=arc-20240605; b=X6cx+aArIHmPbNimuNXeLJAZBmqj1W8dRGTr27Z1okxoZBQF2SbYe04NC2NYQtdheK dej9/5gDDqhcj1b5TyDhJ4xn/YL/pnR/+UqET71/LQd87+2xPvntWnAUopCtDI1AT1I1 nyodqQdBXHlRPFJ3tRXE6ZOi0xeQR+3QLbJzgyDVM7zB6/KrA4zoN/3vuOHmpzVIelJQ FDhyuzvjijAhyfJTdSpmyGZqvyXwciTGCdxk5ELoEQZvbrS2GjQy5r3mBZyTYrnXmBRr ichptaMPT+zCpj7NPr/zVbTFl/U189FnCUl2zCCAPxWKVtHU9HfxcYm1R+ZM0mTtWmNV AJ/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=H5qUiGp25Mtb8mJhACcd0DFaVB5KhJ7qXtEX/EouTzI=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=hcJjHtW0H0XE1elTa5WIsYJCGEfE6kUmbdbgdFHyMm3biaq06U7XsuN2IZ0nRVe7cq tS2QyYRAewRAJ3lj84sZQXDq19vWKiBK//PECcBl2fH5CzhSZWdyP2UcZrJFyu8G4lZr c3ar/a3xPc0EDwTs2rAX2XKuy1jTga9vEwApWu1XShLlz/Tzu7+Cru2A4PtflrPTsTK6 SWSF9gMhiOEi0rzf72R03hVY6W19HtHxVb3FSm1HfQXGTKaPplACya4eMwmsO7NZebuc tYSyuENNGlTW3GSH0izxBEF5RNcFr+on1zHdyys/IkNmnfPiK2V4dZeJvKkFD9yNh1ja 7kKw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="s/hYzEKB"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7d4c530ffa0si522649a34.4.2026.02.18.03.58.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:52 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BUKxjdnISfmlbyECifQlMdF+o1pU92WCt1tEXfX462VOKvp1suB3O2zRarmXaK6S49dIv1+F3fjlZdVxxj9+na+XBWAnROw20spgK0TNwS9oXIj50oO8FCG0uP+eZOe0G8n8bVPbyVv3qSaUxwM2qb4BMv9pdMItkFW10Mx+YqwjiatB4NETr+di95YTGzIx5GnJxnEWaMrViIWBir6UCAMEHqvRR8rE63DqtPR37H4gxAIprGyWJbUsByDPzKjm4Lz7kvZnjk53wg3xOMpMcKUm1SviH5KJ+7sYUuQZhD3nTpDNyjqgvy6jbDm3xr1gDhje/40IOV4uEW1HwfXnaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H5qUiGp25Mtb8mJhACcd0DFaVB5KhJ7qXtEX/EouTzI=; b=viycI7jI48965GDW+xs9GTr2Bl7KXXZrDzmbvtVCPdQQICIlKug9P/43w5ztRDbfJwWWyvHvccdPKLSE88WF9vVewL3Gb1kLJ1Ap2SDGTvfjW7BxhZ7+q4xdrfdX9IgBHe2HZ75IrGo1lB5SnMlEJbxW8xWqVDDC/zfZSi0li39QQPivbm+GGU+s8O9fjqerR+diBlAKIhRaiRLJNDKe0cog9gd5I7iW060uIbHoYQmsQAYUvVZi/K0S/rHuH7btFfgbXNtmwsctcdBn0kqsflZqnHl1D9FvLUBcVlgMufiDbVWh5Rc14kWvZN8QK/sMzEjChUQjuHDQKE7TAZyZZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:50 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:50 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 06/12] rootfs: rework sstate caching of rootfs artifact Date: Wed, 18 Feb 2026 12:58:21 +0100 Message-ID: <20260218115827.3947145-7-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 85bcd71b-e1f6-4e4e-9803-08de6ee5140a X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: 9RkB0tKE9p+mC8eoKKPhORnbfeLpNIvLo9MKYYq7tBJ5cbExg1DZboCeLAw/q9w/LU/H3jDsXiXLjS/TJFlWEwgdPBMLlexK3+Ah6+tjRYkAJYFcLKBSEbqOjBie5TZbAhbnscQnCFW3ARWmpHmz6rdIxugsQ/8UzqQvecfxg7CwupZOGvrgVzv4yT9ebFWoTLjU/11Sbucsl91Vqqdlqi0M20Cge0WE3JlNVJNuOA+lES9Gw2BGZ5OT92gdKYoHcks8ZbRIhCsBnuwSxGq3ywx53g6FTRaPYURGeV5XQ+uCTDcBgsfPKyK0en4N3C7kHmeQiUBt465bkWoABtw/yJqBYSwn9d8MDJM50nAXb/TGE5C3qV1+fVC6RNa2/KapPjZzut22S1JQWam2uIo8C1bxjlSiJm2+bydQOIJ7cFiu2jrmwYFvuOg2SimsCcTbnpLDtcrfYaT2dw07v2gYuZmT+0s7sMcL5Pgn1aoFlFkMs0hPbSC9B/kSvL3sQPn+B9uBMP6O2GnACrBhhv8uOzvxKwEbraD2YaGjGoDNpK6uPwex4o9oDP/GvAPsdWvBq+UagfutwH2PSPWasb4jSYcFszuX9UwNKsn/FVbc+2+D2pRfmkU3AbGNVmjGKFxRkyedNxtTxtT8YhB5xrA8WvKnrC5CkzowwTSbnAj8deFmyXCED6vE6X0wzEStZmRg5NBufjZYP9g9UI0WWZyxLiS6wxRpDXoe92jrqcPAKEKm89i+iwmsAPgN4wW2hIF+tGI4UH9GxpWZdiHLik1CJ/wyzbBra1ktKkjo9jqH9nfGaFo8NKxQRYWXPoR8VFCWewF+lSETNtNlhG0LPubLRV2dYm9OkFpnNhkvxFAPePA46rJsjqp6s++DYmglKi9HqubJeDhGO1fRoH7VUj6OvQkrRdqkp8eKTrodsktq8Jzq+rG+xUeIzjGtTVcezM48zYmZuSUdf/2X7EnPWMckcXeg2J/1CUcs7tYR9al/LErIxmv7FSq/WvW6n8yWWCy7u5/9CIPNCLDDS6JaBENsky4U5rUv5k3IGQf3YJGaXGnd5vvB7HN6orvPNaudLUEnN2MC9HIixWwOwMCJnPbgizJ2S1wruLaHtdQFRT5bwYlDZiBrc7zQdMhbsBl00pi+XPL2XDh3mGKkyqYdYaPMmn1IpRf+H9ffaQyl4xK+YWSzmEnipX4K/z77eZkgvnAOLaoT271h6k3OkYOTfYGXJaqmKBqyhGw9qq/RgewRyajn08we29xCLEePR7KhRBuEjEdGsuEq8Y+z8ifS/AA7mxTKI110MXASRNAngRHWnjy2kWAxiVEt4o2NYujoZ8jP/0kbx0HeqSBBtY75KfAIlOVW1pX4RSX8wWFAlB+d22soUYxdMbP9Ia7nJokSckrNHjpSEMu3CzfjdAA9TKGBY1it4rqHxPjmtpstrYjzVJkoRIZbvfHSFw3F1LXon0Mv5Ixxe2PrbBUhGIePZ5NFOasja+jGhveMeBQICL/1Zl2RK2eoFQpGTLWYqXm3J3mfwlHkKtpz10F7Sqj2WGlIhQe3wHgJmNOaWhic8BFZfbI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: f6oPg2LkklkBYKdjdcWNPkPNPMidIbJb63kXf3rmi3mrHg7qyshQC9HTjbGul9/Z1yqYPm7ma2kyCJs5++dDln9oAsxZq00Y3nlZYKPYtZjIqXVn7FlS1fJw5ycHOSWDjIvH7qur+lcWCyuSG7TvQcTiIwlP9+4I3sWQJinZ/zXPDEGjy8CPcKWjT6lyMQw4v/pk9sObuoXoEdnuMPFL5f4AeEzNJNXXSozbPeRh1Ce7/R7fsxv4d7Tn5kA5M13MX7o06b8U/p1nsbgQhP/uBcbHsCgr3KrflMCdw8LQW+++3jfa56OdIvUmbfPMvlj7654z/pwdpQMi+dInzYKyPB+IV9iN2ULgm4vFvYofWoqDz8ngIP4+L3teUuktP4AiZ3me+1QMIU/Zso0nCwjeAIi0jeHgPyl+vCYRRjkdXOCo+212P6ogEHSzLvJzCNrtKaP6fD59yjHgDhMV7Biaa8f3hk4/Sxu36XC7ME63nbt8HH+M9vehj18is4bXpD0+H9YrQHnvJAkW8lTf3FarscHcp4cl0jDk3olwtzbdchk6/3m+778orm0j1/RCKZl0TXzZ8MbKgnoK54H3xthf2hzpNdmZCSg0bmfUIkS91mBqb/kbyUm7ns+PT/qvXW/F0odfaqIKgUqdHMWGCNawg6dndT4qbV3V3TlxxqX6BesnpZ9vxqVSuX73+XjlYw9BfJSwTxOA9ZJmS1Cqtdl7RFH9wdt4ObKDEN7UdnESEoi/6Q+BExkLYnMNB8OelLxqun07O8Fuu1Gn7+Sh5B4IjDpf+FJx1bygnNN2R8MDRp8e+e6NlITm8v8JUfaZ+4f3JUL6TEc6WJZyY38yRa4umQgkg1eLRqa/yduMtJJncpRV07LEahJHRQDoWHN8rxi8kBvvtPp97aWhZdVR1h6IP1OL3IITAH+SWB0/Jwi4zQ6G57iRK36RxqAVcjgTZbqqonXBNlW/eRU1FiLp0dL9y7nlLRxsLoGuoMqhzif36SeAxNFsYh3hRxEUlFtpzNZgcCRvLMcYQwB1DFOdSHIwlyEBU0SBb89PWrJQ7xP/nuPC9CeVyEawO7dqZm88FilgI47CgsdAi+vyAG1J9tQ8VpGyIqNbYNnarOwple2C72/2Mwx6IijrVUZjY4GiQeYDHdH0Demgw+FgGNYqOVAXRehES7DmmMAP0JiZpGfMNiltxtv37ZfLJ+16MDUn0S542dWW8SN88E65OHLjHtSXFIQxHpoELVXrH5ihFP6tXinRLzySEj5y3jBZdAcLzJTQ1u2OAAxwnbIbFRUQuuToc+XWnZwRa1a6LfQUydqBHXDZnctQpTrDpsqXgTR7XGsX5KtPMGSf5fZZbbPa4GQGkta5ABn6kdlgrQ3aBAolHWjIAhnnPe+ZWtOC23oG7gH8xFVhOxvsrzVHRe5qnCExwOH05rKIBEJ6TUmybjnyu0sAvzNYM04uQjEKJqHWMYXfSXarTb+Op3+z5RzHQbk9aQWvy4bO9fSD2X8HD88vzvuKBr2Nkg0i+xUrHAe0yvOLLma2JHUd1vHPpMpUTtICBxwOrfS05h6M601vUURJeu2H00RbisAt6Z+DtcBuT540nkAE2WuVr6Za/cvJEhBA4vJLJIkS6bxOfy+Qr9RQgbR0ltScdnafNfYi5NnLGaz8jA5B2HqWQBP13OI4GxSODpd+Zq87HtRX33a+REDGbE/Lx1XqkabMUeznt7fVC62+9PPTJVmbRtWZwvuKdcnhnvA8REa0nLr9TgtR2DRne4A= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85bcd71b-e1f6-4e4e-9803-08de6ee5140a X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:49.9557 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oUGsQ+X5k6OniwDVFrdsUlBwdPtiyQ2y10UR9YKn2KrtWUW6Od9zZ7/ceTZLoppkHpHP3s9jT8XrHKzxqh13YgQdzdjN2cozqrrQPUB7Mrc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="s/hYzEKB"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We ensure that the sstate artifact is always generated for the correct rootfs directory by using the ROOTFSDIR variable instead of the assumption that it is in "rootfs". Further, we avoid file permission cleanup by using stdout to pass the artifact from the privileged space to the caller. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index b64a5bde..c9b0a6d1 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -663,11 +663,12 @@ rootfs_install_sstate_prepare() { # tar --one-file-system will cross bind-mounts to the same filesystem, # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs - run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro - lopts="--one-file-system --exclude=var/cache/apt/archives" - run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - run_privileged umount ${WORKDIR}/mnt/rootfs - run_privileged chown $(id -u):$(id -g) rootfs.tar + run_privileged_here <<'EOF' 3> rootfs.tar + mount -o bind,private '${ROOTFSDIR}' '${WORKDIR}/mnt/rootfs' -o ro + lopts="--one-file-system --exclude=var/cache/apt/archives" + tar -C ${WORKDIR}/mnt/rootfs -cpS $lopts ${SSTATE_TAR_ATTR_FLAGS} . >&3 + umount -q ${WORKDIR}/mnt/rootfs +EOF } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -676,7 +677,8 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + mkdir -p ${ROOTFSDIR} + run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar rm rootfs.tar fi } From patchwork Wed Feb 18 11:58:22 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4870 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:03 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f59.google.com (mail-oa1-f59.google.com [209.85.160.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx0EI023342 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:02 +0100 Received: by mail-oa1-f59.google.com with SMTP id 586e51a60fabf-40aee511210sf48436573fac.2 for ; Wed, 18 Feb 2026 03:59:02 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415935; cv=pass; d=google.com; s=arc-20240605; b=C09peW8yGhgcNJsOPS+tOUPS2ySfZrAmIAbBWWUBkmYXu/vhJUG+2ZSa6tOVN1o3pE 89b9LlI0VreYRVSH2jkv1cHgBHob+GSK86cQWcaCtpdg/57xJ2tvcwdquiWLz8mIuO1X GyBhw0laQJodxj2OffdZvUDAi4LHTNG4TF6dWxLpf1EdvSHv6GdIwSh/dLk/WOjCxnyt +PwkLe1QkCUFd+wMMu/V187rXvTlyZTSWktyMTTje0YYiJcjM3Aq5K+GYHbuv9fMHY99 ul0efVCPiw45IN7shSe2XWHT6i2JkIOSnLzcwQHduswe1Y9RBCEvpyqx52lhyWM8OHo3 xQzg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=TbEy8QlAgy07P4Ok6opEfJDizihTDwAW1lo/oAqogLc=; fh=bVZzqKcRrjW8mqlPIPRLl/2dJrcsPt23eq+oMO22LKg=; b=QuWR8PtdOFtvlNG/66XiQgjfz8HNLs+SKhDGaQPwCFWe5Owzq5N6KOihOdN8Fi7qrb djJKSiN0yG6amEnThe2WLewnbDNW2wLn3fE0u5YRFUOOrKw/U2ysvCwQnJujWDLLFTGm waRdbQY8SyB/CiD0J+ZUKfXj1WuLugKVw1jHpAmM9phKshOog2sY8J07d4UCID/6yvU/ /f0rhxPfQ0imX+lrf/YmBF1nyYh4encQAe5EFtoEiV6oESZ9Nd5h9b8pvb/8LnpZ9GNS DzYp9YFL7VOe0lmHlwX+TEOGZR/R4nwPHNKH1M+BxeXsqsYJ5sVWlCjQRTfcy/kkLdjK wxPQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zUONzPpr; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415935; x=1772020735; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=TbEy8QlAgy07P4Ok6opEfJDizihTDwAW1lo/oAqogLc=; b=XEvfqG8JfV8/sta/O004HHHSmR4SL4y5OmMMAfCI9BVtAIKUqnK0dMLpgLJAR+2QoH 9ETkP8d564AHUU743fNB3Z+aDCp6nPfeyCzDv4UZYimA+s9dvUg2bpPES4wTd6wWTz5J 8N9W3eZ56p+MwKPCIRFOYNnLFEM1E1bhuo7LDNHhgRlYGJEjJWLeu1oRdztmjX+krvJt fD/ppVXl4jevcSN92VoAACtjPUhxNV0Yq8eujS72jl0itrEy/fsasr9wp6gsVtUNJ4i/ xUeWFp+guCrA5Cu5dgwYPoosCTMRHCz7KSCl0Z294WqmhvrKRA2PYlV9NjZrDNvopeKN 5uIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415935; x=1772020735; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TbEy8QlAgy07P4Ok6opEfJDizihTDwAW1lo/oAqogLc=; b=jZ7cJoEvnjox3A2HWNLvU8fzco7wcGUjeeq6xisaT0HQnE1XXtYawRP3IKT3hUMW+9 GIY/5PazwENtZhkPe3OvZp0GuCoxxKjCRuxkNCM8K9CjGDW+GEzHIL7r5s2YBtEyfbB0 6AEc7ZMTmqm11AQNJeX6cnOa1zWudbmGLWHFDbyMu9Zro29XPXtUmloYP7sRYcqbJqeZ sgSM2BAD6YFwIEnPudTCQjO1aj/Jy/zD6nTKsgXsL2nEHTOk+/8qsLiB3J2iaejWzHlW cJu35/taIRTm84Fn9SFcN6eyzpCeSxTYV2ETeL6cWz0zyd8JhZkzMkEpoWX5W9J4oyZq MG0w== X-Forwarded-Encrypted: i=3; AJvYcCWKlY7vcc0Fl3tR49eGc2nVMM4HsWAAFwo7V65RU+bxxdL0kaYCKNQochJXJWfAw0X2nKHsN3Y=@isar-build.org X-Gm-Message-State: AOJu0YyAdH74kq3Q/xt9iaxmBasHKjBvXP+mAoMdNYh1pxrJrp7EPIlF Yi1IN2ODRFafG4ikh/wmvMiKLZnuAECEp1cM2MEKyyTTz7HJ3jfCEzxe X-Received: by 2002:a05:6870:390f:b0:404:2e96:8132 with SMTP id 586e51a60fabf-41528f8dcb1mr773385fac.5.1771415935083; Wed, 18 Feb 2026 03:58:55 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+G5orbRL/5l058wU3bI+LpPkDnaPYOVDNaj1CmGKE0bUg==" Received: by 2002:a05:6871:7bc6:b0:409:6e30:2d79 with SMTP id 586e51a60fabf-40eca34a61cls5031164fac.0.-pod-prod-07-us; Wed, 18 Feb 2026 03:58:54 -0800 (PST) X-Received: by 2002:a05:6808:c196:b0:455:f0e4:4f89 with SMTP id 5614622812f47-46410b852acmr687312b6e.3.1771415934173; Wed, 18 Feb 2026 03:58:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415934; cv=pass; d=google.com; s=arc-20240605; b=ltENoIRxIqEgXSMv4n4/TxdQRMNE1TO48uhkZRGY1zX2hVKXt4O4JTD/KjvfmkdPoh lCu/NLZ6m8G5GepoV4eMnaOqsz5xDcHf1RzLJQJ8mZyQHU+lexc8h98vaWRuRwU1MZ9x bJLgl3cD8BaCB7R2Gp9sa1eeFcifYHkKF20szFGUFVMwyGPdIgVernV0j0sJV+3OyAxn 1mLc2SZMYU74356XOXlnj4IqhyPa/25beFdnY9YIanvlpyY+ODWOWoyMFA8dUAiVnDrW a6RzwKzvqNAaVmeR9V6DalKCJatykyutZ6m92ahTjmZ/KlCB0egFgnQLjGCgPrxERiS4 cO+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=eNFRLsTBfmfJv3N5Vs0V4iS0TZ2cjs2Q6YtRb8adZ8k=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=W01Zzx2lQAudWXB10xK7iSWN4Mg6FDeXa2Qcw+szV1s67oRUHn0BxwqApz2Ja/MauV I2vJ4EbbQd0vc6AWBKIV0rjmBoLixJOVVloj0Zy0Q6Qz69nifaOsFaETSXwvKVibF2tv zrmioUWAhTcxC43iYo7ObdjgqErqSEOvFnojGVjjyE2mklINhV2Tgf3gN9cVyN4uP7aa tq4lvfW7AXjw9VP/Aufvzd5P8pRGRdmzSBmu8zqdyraFwF+139cLlJ+hrSli2Ro/whsi /QMCoJ+GZwkVup/m+TmSfculWNTC45LC4AmsX/IQdQ8AwSPnW069UuMNLhH1T32tC+WE OTvQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zUONzPpr; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 5614622812f47-4636ae55f7bsi868008b6e.2.2026.02.18.03.58.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:53 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vnlfhnzUyvO1G3uj7gKAZwWg4axWDaGMPzgGU8z40VQO3iULVfRyxt7+giGdzGdHboteeuYkyNOIaqpo3GVOmjXQZtpPnK1mBY4mx76+puODVcQEnIcPQJ+xBKZxPS5UTrFrxYB60/Mj4UNXdCXnnDD+PcAoFtjNuD4+Y/77YbPCt8coR6N19aQuIFyNrU/JDaLaPWjs59bTtp3ZbQ9W+LVsE/usgVMB3f1OBHGe+f7Jub0aw1jHZT3L6fkV2nnmTwHNXYJ9aUTljrxUOe6KTMGwar+CUMAQVoOCl3m7SvsD9CE7OHiy/pZ2mR6e/6PtyB/Y5Am4ILWgLVxiekACnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eNFRLsTBfmfJv3N5Vs0V4iS0TZ2cjs2Q6YtRb8adZ8k=; b=m+o7ubfxYE5mTBoCpNtdLMToYpcMNLyznosHvQHquHLZiOXWeJ3KhT8VHTXLQXeJeq7lenKU/u0TT8BTvQEc5pMjqQFiegGkLmkNaChTICQkTZpo2QSWXBFBCeKs6daXUJDxqC9RvTiBIYk/k0zUAAfoR6z5dH1Z1sVNrfw/rx1lg5JKhklxpI1ZCeSj2x1/H82qTyXiIz7BjQ3Y0glmTLVxgHXW1V53MpmBhhxT5Kwv/pXcW3GJ+O1Z+ZFzkETcw/M6CyPdsS4ITE3lII07AVrGgOupJWHO8CfeMf72IUoq/jWD1FIAomfeHE8jEwjSnuaayKfjtvXGx0SwSTcrug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:51 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:51 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 07/12] rootfs_generate_initramfs: rework deployment to avoid chowning Date: Wed, 18 Feb 2026 12:58:22 +0100 Message-ID: <20260218115827.3947145-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 23214806-6aa9-464f-b8f2-08de6ee5151a X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: KZbunN5ZBWdyRXTSTE/y7Cis+Q2cDXV3pY6O0Ku6w+kEhEZmnitQ98rvQIFpX1Mn5Fk3UCdtB28ssNgZHS15jnjeo9mUI3Mz/AlFyfrN//JPfLunpeACheSPCteFCcvtJXzuXjQ+vDuL9sMpsPpzFZV7PCBwmXnPIHJXNbq4x8AEYblQvOLW4MWs0S8BOOAyz7f8SjfrawQ1/CXZyWaB6Gl2i4Ezawj3cd2E/sNpyHqjTVQUbv/EBzyZjlKz4/SqG+YSRo1yJJ9GOy8Dead4dd4EKEOVPG5Yl5IrlwIs2ziBPUhWZgdFpUEL6GlNyDCdFmOZhNwfv1sUm+hb60LoXvdEcNLIH5Q92sYXr8WFFUCJyJ9HhK3awfkdp6BWTBw5DuQ6PokodaXQd3di13CYEZmi0rddzIPOlqQdQNwYjftHH2YuugFOG2x1z2pkCicr3xts6SDTAvpOULaObgCTZxQyLCmdXCUtZfBzpmefIF1jAoSQvqaY/Ersja5mw09Y329wUY+2P2d4T7EP0WFQV8RJAzv4TLPIRt7+muEJvBNabjOY3nRBiXqj2VmnhA1boEn+EI/3ek9Pl3uuKDzibB603dHfMz52drucWczDtcwdxPxba+uYz4gh5aUdm0cCf4PNEOJPhLDthF42/FLLgC19ZcBOkuWlIf5iDUeJKnmX/Ll1o3q/OyRECqH935JZwdWw+b7XiXLjk+6153GEv5os/8GM593Frk4npV/G0HHTZSRIWp/HaaNitT/YfHPdgpNZZUd3Zd/srytxm1vsJHXcYMpI2pEJyDYeS+0SCMprwqLsBX1HtWz0kUd81AHywp1XXwtsUl/tq486n17rEQxz3BGqsH2YTSwS6xJ3Fz4pUhe+jtT1kWv7KdQFpmA9DvB+pgkl5TuUgQjJDFBo6702bG0WFz1aUHUyn8ApHJXb0VJVbMgT5gAqQFgAjXcL5WTohAOziqdiae8ojdzmvjgf3WQm4GV92VAlxdAYAy/itU0DDYsDdPmxIwg9Ey08+SI0Ol5363QSzJwx4FiF4jZhHFgx7ZQBtqBBVVovUu1+lUSFTyvbZmGGnQAzRTNWF4jY4Owpb1LTNPA31mSt3HNkWHFPbfLnclLIQsRH1p3kNC8dm8TPiKeCwlmhOKECQ/91FooMre2WmSjbCvMshrounBoEagPzISucCjblZWTwiQ9KuJ/hAKY489Ttk5R5RhbWo3Aq4O/SJ0p+jNOU65JYQDjrf5aoArsBH+LKgLqik+gc1/XwRG0ONhKnfCUy7TlgXp194Nm5uC9d03m5DbDwrmhyJzJmPeFI08ZvsBr/Jaot4T06xFYTrRe8NI+JEKNUrwXBbIi0b71hEbiFf+Z8QcMMZqwMyxxLr1bOmYsVGZrHRzIRKCBKDP6WW9zLp/KS7Jlka6F7rOz3sOcdOs4zbCFh1kxNtmmiBPyqnNx1g+T1W1q+LquhZQdN3gseduhGmrIrr3L9aPc7p2oW/XwJVqMm24rrhYy+7grZxpbiYfUO30X9HH1df745SxZOMLLP6NuguETKMjYJNl5BuYNkZ668m+YPQhoEuN0HkZw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cl9DXwX2DJfpDzRCn8QPA1atQURFpnZ2XCzJuMOy4EpNBljxLyMdislTq2sVS3w0iyMVTwCPXoI6jgEbdg5pZ/0hfVX3aMu68jGjMhfrFfgtjQMwhZUY6zmgghBrhNJbIC0p1Sw4KvvqZK/a2qeDmDRVXU1GMfbQR/rFgIEWF/0w1dgF+q/mPrK2UDhp0T6jELp2keVjUJqR3z/lXUZMfnZsGv7sdsFD8ax54ophDoirCujbkQBKfTDHmEM7GYHsdj7m/vc5oUifPXhW4wU84HKw9ibQHsn/RXbeUEDhr/3xZETg2mlANy341HK4A644UmmUDkkl3nu/8ZXRcW0TtnJeQftDzNOipSba8/TBhIiTaySxvj4IQH/gJtPa97yHuvup8dPjepkBFp3WHFyGXL71QteaMaJnuX507t9VssOkOPDh1CTj9IB5ci0OHEJIrij6ybI+9uOCifyxJ3lv6BLd+pSB/wC/39Qx7oC2Y1Y1D3zh/BLCJSmD3TX3y8pGiZ7bQQo4PK6FPF/bJaCtA/WKY+Dk2iwpsJsevkF2iAnhpMeRs4ZnIdMh9DdnbzdriISWos/EvYg5i9wrCmioP7F3KJ2t0GqG8vPapBI1RRLbPlrNc8MUl+fcT8vf9nrzW0h3t8fBN0CBwclX2OhUCwypHPA0Vj0InUycKI8s6rqullXoM7LoR73hJA22KMOp0aQo7MxHW2mrJ2bGXHUy4ths/+dK21/Y4LfZr8LDvkmjLVEJ0898KBly+hTZ+mJZ5n+EAbMwyEQR3hmZvqxwQ2Mb4aYVWj4x4qgKoGez9jeiD69R+n1vaipBd4CMUIBUTCRR+s5sU6Hw4cjWSqWlFgj75BGePrVXz+URnV1Ggw1fNueV+wInfaTrEsK6DivfZc5WBxeAPfGYNneIJcsUFz1vk0riODlcB/Oj5QE0qEBSg9gg2re+aoORmG6EBe4Lhw+W+9dEKVJTWSxeXZ1ie9WmSKFfQJdmLwSzyg+m+CM7eu6m0b9SZsji4nAnFqlt9ghCyGuFazafqaEQB7c2ZYnNU5DFHnFyJD4662UbevrDYF/n0AE9NZff3CTkYmIyGxf8CcZh1BlxOoUlkai3fAMK4AM90PMNO6CBZQLkoJ/rjf54mOOEwGYy4KxS7Mjbo4g2JiocDxNpr8U7Y/f49wepVVV0OpUXQS9TKtIKVNtcnh2Nm7jHVnH31OTnFk5Ev3sqdaqzO3UwqyCWjpOt+IXs+8Tr9wgmlNA93NbxcsP3FWh/bxsgn8hQp+UElZl46yN2UrdzYx4AveuS0OS37M6huYEBrU/6JWuy1OorvVuPDCL3X7R9LoDeNRJ0BbTdTxrX9HpFEzyzGtHEn1WW3nq5rIKgF9KtNIDdu8FMF8fhzwbF1r2BaDmQK1HlqBQaMmb30ZU/K++JmHdsXga7arOV1WPdshvU69Qz1OW4uYTtLobhhzFBz3N4mKun02XAcDZF6cAa/KGlWL8xYi2Bn59oXb+PRpwQbWgdLJYVKUyXztZGzI7L2uRUTNnaT8Hq/xCD/t/pVbvcfsHfUvUB15iJZ6Zu61TQ394xLkvINPIAgilte1Ajfq4kmhaaDlShEJfjkeEUeXREMa1bdn1KwoRmQKtoqtNUznjIu71/5lESHhAkhso9MnNZn2VcgbI53cG9XqeDgfm4Ji/QtRHQqmBNh+GuMVKWhWNj1uPi2xzleC6X5J332b4nSEf9Ll89YJ4n44p1hJLh7MmyI/aGUyb+n5ZryHdGolBl6WuDo0Y= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 23214806-6aa9-464f-b8f2-08de6ee5151a X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:51.6228 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zXHvEcrsOuItUMk23mFDHsmKXE9kUCEjhF/i2ZBqICMxuQdn/22ya9mPhEVwuW5+nOkRZAa26i+COaFagYvA9xHpWBfmThFHcNSYVpK2shU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zUONzPpr; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Previously the initrd was deployed as root and later chowned in the deploy dir. This involves privileged operations which will no longer be possible when running rootless. To prepare for that, we deploy via a stdout and create the target file by the correct user. While doing this, we also remove a useless sudo invocation when listing the ROOTFS/boot dir, as this can be listed by all users. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index c9b0a6d1..3bf4190f 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -620,18 +620,16 @@ python do_generate_initramfs_setscene () { rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler" rootfs_generate_initramfs() { - if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then + if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do export kernel_version=$(basename $kernel | cut -d'-' -f2-) mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - run_in_chroot "${ROOTFSDIR}" sh -ec ' \ - ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ - find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ - ' + run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}' + find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \ + > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} done - install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} else echo "no kernel in this rootfs, do not generate initrd" fi From patchwork Wed Feb 18 11:58:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4871 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:06 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f59.google.com (mail-pj1-f59.google.com [209.85.216.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx33D023386 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:05 +0100 Received: by mail-pj1-f59.google.com with SMTP id 98e67ed59e1d1-3545dbb7ee6sf4015346a91.3 for ; Wed, 18 Feb 2026 03:59:05 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415938; cv=pass; d=google.com; s=arc-20240605; b=YIQJp8VG53QforO894uGrJ2zmSSEg4/WAOSykiR05K69EZOLjU721ASV30UPDZpsAX A9H15XmBRzOfovUdOuyTyca+9hCcFnlCY26lavE6jSRdrtu6JpbyN7DYN/x/LS/6s2pb vodg3kEovtAqz9+I5IHw4zO7yKHdIY+RJkPfvW1Yo5wpoHrd7YLG0QsIY7EWJYXisrnm Hpm1VX2lWpV61nBzud7SYD2QXYAaBMAcNnf0Po+/4WyGij88EjzHgiBeQlHW6SoPTSSk ASqw5cY4je8HQ1caqAwEVjpVAcoFe5GwaT/sRU1ppIuAfUBqYuzZKp/s9XOnkuXdH6zZ Mftg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=3QRyzhHRsSI5GqJyQ4rsG6LiJjMiQfzfLKBG1mW+GW4=; fh=IcL9tQmqXJxXUVGIJKsI2nMtA1JWeqU0DysuMBoyyww=; b=bkKisPx3/nLx0TkgNwGMs1HpJdBxCp/W9PBBGhg4nGfHHhzfgKbeR9DFx2I6UuNSpn O9BwKMJXhRoc/0pYdky5lCuC/sFJaeq7AMuk1DzBfxyRkun8+zyucjxDFrFlVrJDklt4 lNiKuobsn4n2Vlnn1DR+fDhEzpwnzEgpkl9j63LnUzL145Sp1nHuvlYWL7pjvmK4niq9 ZaFYtyeblWMWAiEBbs2Wh9y1+XkgvfOnDYuL0Nz7tVKDI/LpcygaP408BfWxDFR17ywJ +tJBr7kL/I+JsupPRDTbpI2ie5AXP5s/PN85AyQHtsKuzulvMiA7MDHNHcRMSu4Xc0jZ Ww1w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odwMnbCM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415938; x=1772020738; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=3QRyzhHRsSI5GqJyQ4rsG6LiJjMiQfzfLKBG1mW+GW4=; b=XRhN8SFlJIrLiHepF9YYN1chXRD3b9y+BfekaVug5L8pdIPckr93IimvhNKzIppAqU vaqWCjp9m4na0Srb/2yk2pQBhHVuqhQ1wPOvGh9gmbhnb7T/oS8IOikNosm5sxI6Qly1 Ke3o8V8XgNlBQrBMhGOPJNjMjdcYiyyQH1dOFJWvLt5hDfwClD/0TXr9o8CZ8E5qqwNR oBlWQ8Es0It4EQ5oXRyyBhncXaX1LdYSwgFwNzo/kdtVNtWR/SFzWPGKvtl59bY7eaub Vc+rMeMg22VipYz8abAc+qr7hZSfNZHIK+1WEbQIUGEqxkx2aZQJy6/JNSbl3oV/lFg8 hbPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415938; x=1772020738; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3QRyzhHRsSI5GqJyQ4rsG6LiJjMiQfzfLKBG1mW+GW4=; b=VB8auyOmFXkKXzc2Nr4rqSS8pQpEUndnN8Dfgm3G1DO6yTAxsoQUI180VnHdT+Rnqw EesT0GYUbL5x1oL6+cPrUODDktr+IhfglTjRyVUuh6fmqRNLe2nTHu1rbBPyjHPeLpHs X/1ob5fzeMsxqd0gFYGk3UZ7dbz9t4bVAKZzJS+vzUaxChpwZKsF7Ky2K3wMXjD6ttn+ 2hKVYtB02W1/vmTV0gvx/v5l193UBHT4UdoaXVKEyoRtMoccOzFYoj5LfWCpLgcHIF9u o1e06HRfWxgBaKowGNPwNmbcokzayidufnb/e5zLlT9PN2DEWg1zXSin4v5GyZR2lpLK RuDg== X-Forwarded-Encrypted: i=3; AJvYcCVHnv43EdGDLrb2tKbeuq3j7MPh8B8U8SV+wa21M7WW3nteS0+QkUiqHiNAozBooM/Rf8vDnJc=@isar-build.org X-Gm-Message-State: AOJu0YzvG0IqejROWj5F2PhQnmNmIaXisILuVuMAFMe9peZUpqycgCuO cI2s3MoL6A3pZxtV/VfgL93R9U6CYrVspY18LCJDqewMlNFb7wwVW6ws X-Received: by 2002:a17:902:ebca:b0:2a0:ccef:a5d3 with SMTP id d9443c01a7336-2ad50e73893mr14666645ad.3.1771415937781; Wed, 18 Feb 2026 03:58:57 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+GsS/M/YlF0ojave9SKEi9k5saCzf5Ju14Um4rnVve6mQ==" Received: by 2002:a17:902:ea11:b0:298:e5:d986 with SMTP id d9443c01a7336-2ab3c3f9143ls72586555ad.1.-pod-prod-09-us; Wed, 18 Feb 2026 03:58:56 -0800 (PST) X-Received: by 2002:a05:6a20:939a:b0:38e:9e4c:ed5c with SMTP id adf61e73a8af0-394fc31b47bmr1623665637.52.1771415936224; Wed, 18 Feb 2026 03:58:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415936; cv=pass; d=google.com; s=arc-20240605; b=KfdM1LeMc3YJ7vcuIzYWQjDIH4n37KN44FqVvcugcAFWt8ndKnHLWtyqEiZDxYsLkG RJwUrwdL2U+KgmdBv1rGMI1s+W/JRqL/0SLDeax2xbxaOKP0QEfwSWTw9ln3x86wPD8I y7WVLpJHwgCHjtJ1RJN9Ohm71PONl+ONSKZQbwKKB6joyNnKTf2v91C9uDYaolFr3R17 EzB43gg5od5ZicK0EOKaL01A6HCSn7zrwqyRQJeP/hz4cv65asNNz5v1bTp3so/5CPXr Wo2zJILDOjj/zRqwrGnKNVdRYpyPauUHpw3VBpfNboH7SAxLf8IsUDp86lZFAj9DRGr7 KkLg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=2XG2eCUOtCOrzbKfNpEnjSFGtVrEIHbyuUjORFK5tOg=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=O51riz4tBivWQnBXVc1ieVxK0uiqlsWPgqFLSJIk+Gym/A5q3hAS/Ntt9WsXJyEPzK 1uTuZnz/a3mQOqRzNQ95TGOugXa3mOgXnLjS4mtXxH/dvbBqL+LDmwAh7WC3BjRb7K7z N82fkaatopPVJc1UI74nJ0Eh2GrD0nBzHm+qjjYEp+DzhDQjffClrmIpcsJIMKoole0A 9VD28LfTq6IBFgG/Bp8LYF5boJ2QhI3Lvsh4Zm7XDZnQf1tf2hDwKClFuNyGY1GROZ2O wc2jvOKfW3GeUFVRcsJO8lIOy890PsrYjVYxyLURdW7vwpgCDdldJ+ZbdiNCiVWM64Rn Wreg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odwMnbCM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 41be03b00d2f7-c6e52fcefacsi385310a12.1.2026.02.18.03.58.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:56 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=klazA5gTHmiUyyfkxPt3CHUkrgzbnrq0QEN5qIw5gS/8alYTUcvVipvhd1fTWUZwtUVsuKAhnEtfPSk9wloAI8d1Dko3EOfDTWlNa3N2rw7JI1zP0IJ6Aceb2GEmU3bCiy5Zz2yetTCHUhR5y7NYJK9HOkMSOIBMY7Umlk+Ft2wfWhMX28XA1lCctmVvsbb5gT0aYp15yAfOyn8QlmbVoOL1YUJQLZB+Eg3YrMxjNpV7Z56zLxILCE+ut5FPYQIE2bjiBCNzw37gGvNfMR5fbqMQWGAv2xT0ImMXyMe9agloKCckKVH3nNUvBrmGI2bofEn6o3QhV/cvS+HjRZmtcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2XG2eCUOtCOrzbKfNpEnjSFGtVrEIHbyuUjORFK5tOg=; b=b1fzZVix2iOEs5WOOGoDXtMg29mru/usndop7qDT5+k7d5azIJsAloVm81mwro1UZd4BFEQmYRm7h6RR1idom2nozCmwcncaCFEf0KHzZnPQ5koQt5YkuClY0ufuk4w8xKCDsDxwySPFkpBWpgFOl5zof1drgIntCM0iHpLMJdWsoFx2zNLPDmxFE40lSxVfqsZLgg8RvNdoLHyPKjRH4pr6cFe4zccMndg4SL0XyqlXwuZhorz0Ddox+12GjpHtTK0cN9HaSSfMBklL7Y/MygWQ7x4nS4SJyK+cWKe74ddwO/cu/Y0kDJi8uMJzCXdQGjJVSq05CFDWyVJreWTMeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:53 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:53 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 08/12] wic: rework image deploy logic to deploy under correct user Date: Wed, 18 Feb 2026 12:58:23 +0100 Message-ID: <20260218115827.3947145-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d097a88-723f-4d2f-4597-08de6ee51612 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: /1ctVyqSl9/ltmm5ljd4CGfJ1UNY7pQ84JkrW+YgnNnaUP3myeLqjntRDUMkRgolOEzvZbykbuEWNZsEFiV/qxl/cxxGn80qEKyToYTP/txSQ/+DZouF+xiWpSXwxpBd+j4ZaErE3ExMuJnK/mz46TMiBWovOBID7qK6EQ/+rDkIcdWQZHN5120hApddqKjXaMBgcL5zaXVu/KW5YuSCfvZT9nGM9sVc3QwpK+3lmbcamUpdz2XIBZBRjsE1ijb8rkp/AZnJGPUL7xfNZ6dgg4/tWINbs/K9SV5jYXLes+yF6eB/espKjEtiOOj76jbtE4bQ5/oyySmQ+JEs5q5rKIBMrzR6p4MNQqMwr/C9hmfkEYzp/mABDZ87hAJ/5xXwRo7vVwp89MO+geaspfb+6e2GnsmB6A6pcrnBqQ0KOsfy27asIG+OAA3ZGK0/v/jGIwUIHhvkcBWdJyeA5w9tXFaFFHhrGwihmHcll2tfvMmSG8cvqjNViUKulkLSBEql/HaMzasaBDssLpymWamrObnzPNyiMzUnBkZCnSPbNpA/ygxLxOsD5lZ+V9Qtev361AMDHedYM+nLAVS1tlD/ZbihCeITMqKZoWFiJ8q1YrkBIoXx9795jxdvocavqK3TLTdKDwGlUAaaSyjd6XcMSpEOwaVxYWIo6tZ+8M3ES1Q4mPmURAI9XVYQcIEhPn2bes8W198qmhErphYnWpqsGww1YZ8ivnrFA+IgEJ7tNjLRbVtR/koOew4WNCkv2H7XKqrtn8q4YtFUAnvqh7rK1w3QsjUV5bE/rC3PdomZ02chfDqi7IaTJEiJgjq910HfgajkusF/8+4mJ0cCqKt39o35L9cbcbSlu8SlCIW5b6bjjOqibDsTkIvAGpYA39ey9EwGWN/0uNl1ay8vW06U+6HE7zGB+Oqx/tT8L4qsWsxHpwy/2U3yXQhnYcjdaY9TbUnO9hQbroQjjJUnbfvmyjHG2nhNeMrOGY9328YaQKrFHjxKvp1oOWQHCPxKKoASMLUA/iGWELbVYKbGSGtrJ08BxbrrH2TIXTZbPRRh5nfj5ygUhNaJxTwcz85/QwA6OefRKpw6W7n5uFumX6uIOQQ3poW791Yj+Lh+qQFoKr7tk91gSCnWZBehYss7OLO7/Eicnn4iz7fMbVSj1muUaScfVsE+eiUWoLela6dvKJWvwdrG8PwmzzMaQnX0U2g10Dg6V5HAKq497YJKajal/4y2/lkJb7o9NA4MpX9Qd12dqKmUKOWWrhLfgVsLZG9yXmp96dQDHdz2NPckPquHyQ30MboJldJ5BCg/++b435+pNnhhvKMdg36SZXCBFXyv5bt8WbJ8Xk6AgBeiI990pmJ9X+iLpYg20Us6xkefhm6pecUIZ3rzOd3k5NTy8f1MB9d59BgjwXXNq1yBd2scpTCi0cNWxi6MUyjellsT7XtInNIC9Z83zd5ARiAJ7OEczxbvIU0fP5gCsSq6EXQIe4XiXYBJ/YXpwfKvTZLbCOrUAyrJprQKkvaotkGGylzXFOg+G3FwcQrQyePpYhriAV72Y2ZBTy3VC6TuM8uc+zM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8E7JTpxMCAElK50/jhSgQA4LnrvXij0DMQgYwxqg+9YCBpAIyi1a0fHAjtnB7HlytopoFLryi9LPSVCLg0a8teBiRlU2gEsuRVpH968Bxss+GzBozNnHxK9RuXK0rFsKTBlwJwBmL7jdfipJ/b69kV0SVmqop+uaHdvz4v16Gd8H+wpDg04zzSSL+rvshOrMDLWa4FPxVa2o/KQbMyKngB8rQcEyxa7V68lPdWJSRAhvoxdj3KhsXhULm7xsUEterSQsAo28vB0iI1UuN3uumIBuD+9gDlgfYPV/qN0swE98HTvNGC/A30gtAOcFHcJUnzmUP5FjX0N4cbeRL6Y9XNwnr637yNVURTZEcOH5+dSdz+ZS1jhoiwdFk4OupJ34bzXioZh0Qf6JfLegykOcn2xiYsdi4SKsIG2aeI98/WOIeLzC6Vc24pjhUH9ZLXhvFfVBj9bAJ9MeXtE0ISZ8yRjAirgf7ndd8O/tgNnY2aLyEx1zvw+ko8MfLIHa9usC21uNHIbX97+pGUjArMRXOVz3qW+DTV3+N1gV42tBDixP3ynShFWwkBltr8RGFWy4+cClAxeBi/0PSnguPgjNkXACIqDjTwHECRyBZV+dFt+vAJbSlwq5nACRwc+A6wgDKoURiKXj5/CkxhK7FAvX901ZhYWGlRNYxZKdqcMWrXwgLQbHic48KGRQIM3LnfLrjGVaRuD6w3wlUEUDNMFO5EWQeuZ+8hLwNYlocMjzF/HabVLmW1VXU/whVhZDc7d9/mhqB5HJfxXBFQc2FKVHLDj6Ck7H61b3dKzgR3m0NNIJ0aesHvLgRIfugWOXmAQpjzok3CuGPbMbUTB8p/RpYPIpfs7ocFOuaVzs/la2Q81GVyY9KS8TnxNbSfV0EgVf4E8zuF/yWIumx5N7Jsmeb17eWOUGSm5QUutE17D3EfZrjdthWwjjqRuWbgzq57CjcJy9yc+LG3w7JHmdMV+SVduoS78n3O0xdp2V9T/COBz59O5AWB+IP0b7n82BOeaJ6R6DehXYLyoBFRLxOMrbDuQQH7Hvz8NkOfgAnKFU8gRm/WpV3rabcYrXPnwhXRhW4fLlE+ptwQ7lz+gbzSmBt694VAhJvy6B98aCHYLJtizZrsRFr3/Mf5FaZzBc2FSzLB+RdC4pO1RUMpU1FseuA3LxqX/+B4ofb/X7Ntsixfe76rnakXVmAllRJ3j8p5ah4x01H7zcL3eJ3Fm6rK3jvaez2hnghNPfBX8BAyQKYo/qCrNP4cERMnprnej9+w5vDz6SoDn8pcIWJ5gAo8XsNTro933+suk0YNDx6vaTfMgXt9GEYq7Hnkob9aIMQwxjOdrivZjMmXjVHAy3evm4eSs0pn1hjNY1reN8oZRTCjwYzDxwDwohdP8n91U/xTJ26RW0PvHwfRqGvJ/NG0Pd7MTHqH1Z+6c/MSNbwlbFTsjZLMT9A2iAm24ufKmMvwEKd+IOZYyS0NbIyW3egTBL6tYuIldyXUEiGjcfClJTKotf2VojpbJWVctdG5EBPtWFOzjSjBJOnQJdLXFIUfIhxQdhOKbhoRzQfjIBjZ+aK98zZWVQTCNVQgDniGcka61127pgwuWJaVRLnG6xWLVGeiIfl80lg04prkshmPpIiBMoLpvkL7WO6MTfmRsyC92BpqgMs8mSE6O8aG4iKKGUOPFcbNKJzUeIRzMopQHVToMYgswIa389svqEle52E6xKa4xhYZjRh4rHWVp9LFMRstlORHttfmHsW72t5gA3JsU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d097a88-723f-4d2f-4597-08de6ee51612 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:53.2534 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uLNgURIKbBOLHCF0zX0pcxEfndKl+5+fLq255XliMS4V6Aa61I93qPy+uLGSKqva72CRrTh1LozvDzKEW5IWyGP21DzcoJXoFbb8eyHuojI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odwMnbCM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously deployed the image file as root and then chowned the deployed files to the calling user. Hereby the chown command itself requires to be run under root, which is not possible on rootless. As a preparation for rootless, we rework the deploy logic to deploy the files under the calling user. For that, we deploy to a temporary directory within workdir that is writeable from inside the chroot and then copy out under the calling user. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 12 +++++ .../image-tools-extension.bbclass | 11 +++++ meta/classes-recipe/image.bbclass | 10 +++- meta/classes-recipe/imagetypes.bbclass | 47 +++++++++++-------- meta/classes-recipe/imagetypes_wic.bbclass | 10 ++-- meta/classes-recipe/squashfs.bbclass | 2 +- 6 files changed, 66 insertions(+), 26 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index bc40a403..f80630a0 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -978,3 +978,15 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Changes to image types + +The way different image types are handled has changed to be be compatible with +rootless builds. For that, the deployment of images happens in two steps: + +1. generate the image in the `${IMAGE_STAGE_CHROOT}` +2. the `imager_run` or `${SUDO_CHROOT}` command takes care of deploying the image + into the `${DEPLOY_DIR_IMAGE}` + +Conversion commands need to follow this strategy as well, but can read the image +(prior to conversion) from `${IMAGE_FILE_CHROOT}`. diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index e88557f6..2eac3619 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -17,6 +17,17 @@ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DI SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" imager_run() { + IMAGE_STAGE_DIR=$(dirname $IMAGE_STAGE_HOST) + create_chroot_parent_dir $IMAGE_STAGE_DIR + imager_run_${ISAR_CHROOT_MODE} "$@" + + # copy locally deployed files with correct permissions to deploy dir + find $IMAGE_STAGE_DIR -type f -exec cp {} ${DEPLOY_DIR_IMAGE} \; + # on error keep the files for investigation + run_privileged rm -rf $IMAGE_STAGE_DIR +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index ca449ec5..e0e19adf 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -180,8 +180,14 @@ IMGCLASSES += "${IMAGE_CLASSES}" inherit ${IMGCLASSES} # convenience variables to be used by CMDs +# Note, that the variables are only valid within the type specific task itself +# but not in transitively called shell functions IMAGE_FILE_HOST = "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.${type}" +# view (only for reading) the image in the deploy dir (useful for conversion commands) IMAGE_FILE_CHROOT = "${PP_DEPLOY}/${IMAGE_FULLNAME}.${type}" +# staging location for copy-out (should only be written to from chroot) +IMAGE_STAGE_HOST = "${WORKDIR}/deploy-image-${type}/${IMAGE_FULLNAME}.${type}" +IMAGE_STAGE_CHROOT = "${PP_WORK}/deploy-image-${type}/${IMAGE_FULLNAME}.${type}" SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" # hook up IMAGE_CMD_* @@ -262,8 +268,8 @@ python() { image_cmd = localdata.getVar('IMAGE_CMD:' + bt_clean) if image_cmd: localdata.setVar('type', bt) + cmds.append(localdata.expand('\tIMAGE_STAGE_HOST="${IMAGE_STAGE_HOST}"')) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -292,8 +298,8 @@ python() { localdata.setVar('type', t) cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: + cmds.append(localdata.expand('\tIMAGE_STAGE_HOST="${IMAGE_STAGE_HOST}"')) cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes.bbclass b/meta/classes-recipe/imagetypes.bbclass index f802c11c..78b89393 100644 --- a/meta/classes-recipe/imagetypes.bbclass +++ b/meta/classes-recipe/imagetypes.bbclass @@ -9,7 +9,7 @@ TAR_TRANSFORM = "--transform='s|rootfs|.|'" TAR_OPTIONS:append = " ${TAR_TRANSFORM}" IMAGE_CMD:tar() { ${SUDO_CHROOT} tar ${TAR_OPTIONS} -cvSf \ - ${IMAGE_FILE_CHROOT} --one-file-system -C ${PP} rootfs + ${IMAGE_STAGE_CHROOT} --one-file-system -C ${PP} rootfs } # image type: ext4 @@ -38,10 +38,11 @@ do_image_ext4[prefuncs] = "set_mke2fs_args" IMAGE_CMD:ext4() { export E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" - truncate -s ${ROOTFS_SIZE}K '${IMAGE_FILE_HOST}' - - ${SUDO_CHROOT} /sbin/mke2fs ${MKE2FS_ARGS} \ - -F -d '${PP_ROOTFS}' '${IMAGE_FILE_CHROOT}' + ${SUDO_CHROOT} /bin/bash -s <<'EOF' + set -e + truncate -s ${ROOTFS_SIZE}K '${IMAGE_STAGE_CHROOT}' + /sbin/mke2fs ${MKE2FS_ARGS} -F -d '${PP_ROOTFS}' '${IMAGE_STAGE_CHROOT}' +EOF } # image type: cpio @@ -49,10 +50,12 @@ IMAGER_INSTALL:cpio += "cpio" CPIO_IMAGE_FORMAT ?= "newc" IMAGE_CMD:cpio() { - ${SUDO_CHROOT} \ - sh -c "cd ${PP_ROOTFS}; /usr/bin/find . | \ - /usr/bin/cpio -H ${CPIO_IMAGE_FORMAT} -o > \ - ${IMAGE_FILE_CHROOT}" + imager_run -p -d ${PP_WORK} -u root <<'EOIMAGER' + set -e + cd '${PP_ROOTFS}'; /usr/bin/find . | \ + /usr/bin/cpio -H ${CPIO_IMAGE_FORMAT} -o > \ + '${IMAGE_STAGE_CHROOT}' +EOIMAGER } # image type: fit @@ -72,8 +75,9 @@ IMAGE_CMD:fit() { die "FIT_IMAGE_SOURCE does not contain fitimage source file" fi - ${SUDO_CHROOT} /usr/bin/mkimage ${MKIMAGE_ARGS} \ - -f '${PP_WORK}/${FIT_IMAGE_SOURCE}' '${IMAGE_FILE_CHROOT}' + ${SUDO_CHROOT} /usr/bin/mkimage \ + ${MKIMAGE_ARGS} -f '${PP_WORK}/${FIT_IMAGE_SOURCE}' \ + '${IMAGE_STAGE_CHROOT}' } IMAGE_CMD:fit[depends] = "${PN}:do_transform_template" @@ -90,8 +94,9 @@ THIS_ISAR_CROSS_COMPILE := "${ISAR_CROSS_COMPILE}" ISAR_CROSS_COMPILE:armhf = "${@bb.utils.contains('IMAGE_BASETYPES', 'ubifs', '1', '${THIS_ISAR_CROSS_COMPILE}', d)}" IMAGE_CMD:ubifs() { - ${SUDO_CHROOT} /usr/sbin/mkfs.ubifs ${MKUBIFS_ARGS} \ - -r '${PP_ROOTFS}' '${IMAGE_FILE_CHROOT}' + ${SUDO_CHROOT} /usr/sbin/mkfs.ubifs \ + ${MKUBIFS_ARGS} -r '${PP_ROOTFS}' \ + '${IMAGE_FILE_CHROOT}' } # image type: ubi @@ -108,22 +113,26 @@ IMAGE_CMD:ubi() { die "UBINIZE_CFG does not contain ubinize config file." fi - ${SUDO_CHROOT} /usr/sbin/ubinize ${UBINIZE_ARGS} \ - -o '${IMAGE_FILE_CHROOT}' '${PP_WORK}/${UBINIZE_CFG}' + ${SUDO_CHROOT} /usr/sbin/ubinize \ + ${UBINIZE_ARGS} -o '${IMAGE_STAGE_CHROOT}' \ + '${PP_WORK}/${UBINIZE_CFG}' } IMAGE_CMD:ubi[depends] = "${PN}:do_transform_template" # image conversions IMAGE_CONVERSIONS = "gz xz zst zck" -CONVERSION_CMD:gz = "${SUDO_CHROOT} sh -c 'gzip -f -9 -n -c --rsyncable ${IMAGE_FILE_CHROOT} > ${IMAGE_FILE_CHROOT}.gz'" +# image conversions +IMAGE_CONVERSIONS = "gz xz zst zck" + +CONVERSION_CMD:gz = "${SUDO_CHROOT} sh -c 'gzip -f -9 -n -c --rsyncable ${IMAGE_FILE_CHROOT} > ${IMAGE_STAGE_CHROOT}.gz'" CONVERSION_DEPS:gz = "gzip" -CONVERSION_CMD:xz = "${SUDO_CHROOT} sh -c 'xz -c ${XZ_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_FILE_CHROOT}.xz'" +CONVERSION_CMD:xz = "${SUDO_CHROOT} sh -c 'xz -c ${XZ_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_STAGE_CHROOT}.xz'" CONVERSION_DEPS:xz = "xz-utils" -CONVERSION_CMD:zst = "${SUDO_CHROOT} sh -c 'zstd -c --sparse ${ZSTD_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_FILE_CHROOT}.zst'" +CONVERSION_CMD:zst = "${SUDO_CHROOT} sh -c 'zstd -c --sparse ${ZSTD_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_STAGE_CHROOT}.zst'" CONVERSION_DEPS:zst = "zstd" -CONVERSION_CMD:zck = "${SUDO_CHROOT} sh -c 'cd $(dirname ${IMAGE_FILE_CHROOT}); zck ${ZCK_DEFAULTS} ${IMAGE_FILE_CHROOT}'" +CONVERSION_CMD:zck = "${SUDO_CHROOT} sh -c 'cd $(dirname ${IMAGE_FILE_CHROOT}); zck ${ZCK_DEFAULTS} ${IMAGE_STAGE_CHROOT}'" CONVERSION_DEPS:zck = "zchunk" diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 63974a3e..ebf3ce8e 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -145,6 +145,9 @@ check_for_wic_warnings() { do_image_wic[file-checksums] += "${WKS_FILE_CHECKSUM}" IMAGE_CMD:wic() { + # variable is type specific, hence capture here and + # forward to functions via export + export IMAGE_STAGE_CHROOT="${IMAGE_STAGE_CHROOT}" generate_wic_image check_for_wic_warnings } @@ -181,20 +184,19 @@ generate_wic_image() { -e "${IMAGE_BASENAME}" ${WIC_CREATE_EXTRA_ARGS} WIC_DIRECT=$(ls -t -1 /tmp/${IMAGE_FULLNAME}.wic/*.direct | head -1) - mv -f ${WIC_DIRECT} ${PP_DEPLOY}/${IMAGE_FULLNAME}.wic - mv -f ${WIC_DIRECT}.bmap ${PP_DEPLOY}/${IMAGE_FULLNAME}.wic.bmap + mv -f ${WIC_DIRECT} $IMAGE_STAGE_CHROOT + mv -f ${WIC_DIRECT}.bmap $IMAGE_STAGE_CHROOT.bmap # deploy partition files if requested (ending with .p) if [ "${WIC_DEPLOY_PARTITIONS}" -eq "1" ]; then # locate *.direct.p partition files find "/tmp/${IMAGE_FULLNAME}.wic/" -type f -regextype sed -regex ".*\.direct.*\.p[0-9]\{1,\}" | while read f; do suffix=$(basename $f | sed 's/.*\.direct\(.*\)/\1/') - mv -f ${f} ${PP_DEPLOY}/${IMAGE_FULLNAME}.wic${suffix} + mv -f ${f} $IMAGE_STAGE_CHROOT${suffix} done fi EOIMAGER run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/squashfs.bbclass b/meta/classes-recipe/squashfs.bbclass index 9cd7ed3d..8330ffb5 100644 --- a/meta/classes-recipe/squashfs.bbclass +++ b/meta/classes-recipe/squashfs.bbclass @@ -42,6 +42,6 @@ IMAGE_CMD:squashfs[depends] = "${PN}:do_transform_template" IMAGE_CMD:squashfs[vardepsexclude] += "SQUASHFS_CREATION_LIMITS" IMAGE_CMD:squashfs() { ${SUDO_CHROOT} /bin/mksquashfs \ - '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \ + '${SQUASHFS_CONTENT}' '${IMAGE_STAGE_CHROOT}' \ -noappend ${SQUASHFS_CREATION_LIMITS} ${SQUASHFS_CREATION_ARGS} } From patchwork Wed Feb 18 11:58:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4872 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:08 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f185.google.com (mail-qt1-f185.google.com [209.85.160.185]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx7lP023517 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:08 +0100 Received: by mail-qt1-f185.google.com with SMTP id d75a77b69052e-5033c483b76sf427213441cf.1 for ; Wed, 18 Feb 2026 03:59:08 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415941; cv=pass; d=google.com; s=arc-20240605; b=kfYh2Rdf7MXvSSaBcfpZEeF171Uhu6bcX1lDV7b8yqH6rvJePGNaIHx9pNqpfAeOT2 xvFmAw3ShZHo4b8JoaB8BK9eaTdcCyOcJnsXKkTq8MvT+dFg+euNrryPvg2Ol3FqaANr iqt8aQdL60uthp6ectkhcYV3PTzaxmVWVaZN2t46wQ0ow7h6lYUrgbg2h7Th7gdP7Ex5 tFsj5tH+5pukD08xNQBAsZAcde5fKTMpzzmFq2GVpaT1mAhwyBtNlA8/jV7tfo73I+uk LuDo7n4MRkn2mrJY6XBI/F4uS/6eY8vLdvDhqX7rwlxKQYzikP7Az2A7LfHqh1tL2Ffc PIKg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=zCNz/1apLNpRIUNfqPrB388/iiXvJzYTpxU8knneumw=; fh=E74WeP0TTGNEFNxIteF8LcEJLjgCfl4baUIITjfeBHI=; b=Pe0AmkC3Vo5/jGrdWKwNm9o2QWdNz8YyIfy7xbO1bCiJWEgXOn5kKuEl1f8hbKP/Gn 0/7Pl1PVcfC0VCIg9QCxpf3dScFF9O9O/Yrx06IzIKF8hGAngXui5BW4A9epCbz10y/w ZtIHd8FgrxlKGY7uPXfdZpZ6n8GcH69/06C7+2vuF2UW3H2G4Ghj42tkgvC5GF247gZi x2aZcC8oVozQXhxZCuxhKoNX0DpBfcCnKPlS9ETas2RMVq394AM0mM7ZHrVuZvPiKGMd ZdmQNWYoy5eLUhNCPwCsBREkK6RRqYvtywt8IPTq0RIRlQpgFwNgRIkYXcWVoZpMsSc1 mbuQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PvVqOkHv; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415941; x=1772020741; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=zCNz/1apLNpRIUNfqPrB388/iiXvJzYTpxU8knneumw=; b=osiA/zhPsYJGaa2suYjRXbKk9dtBKMnyOlkogPQ9lCrnos0cXi+ptstdrLdsbGvE7v 4tR9EoGDApmxf036ZksFXuRPfJLcmuR19G8/xF9jBo/B60fL8r6E86FlPSV+2FZ0hy7Q Nsyo5RDl+6M3wusvvLAEYKf3HX8Z+RmcjMFl9gtv+BfNAxOGkDaWsZ+3iqvak12BSWMW aTc2sot+5anuhJ96fSUqBg6MoaqIQDkpjBRgBg+a6PCVgO1fT3/gLZcPmHAaviW2Xmzm MQjJ1ocKcVifrT0qhq01DNqlIne9jhVdg6S7ovM0Bbv3qCxjsBR+OAbROQfUAOr4y4Xz yrZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415941; x=1772020741; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zCNz/1apLNpRIUNfqPrB388/iiXvJzYTpxU8knneumw=; b=Qg0bEddws6doVXAc+sQqbgjC4IJMXG46XJkHAuQERMumCN3E2Ad2Q06b0+RNY61vNT IuIHrboB6YJbfiW6/FpZRqZ7uPZabUM8vUGVgfwCFa4ZNpzgmApeXv76zpigfcJhcF6u oJAqPmz4/65OvnoLKYw8u2mkatIlYR74PeCAbCfiTApmEwZTun0nXbKnYK+auEKzIslv 1AhPjtCGIdl0DG911AfKyoy7qZDkUwYprlfeuUtdBaZhddHNByQTIgCZSjDgVCEVYKwT AEE0YkLCUDQWkF6XjcANAYHd1OmHArJ7Syas4V4gV7RumYlt7qAYzqFEdQPlXob08XMl N6Eg== X-Forwarded-Encrypted: i=3; AJvYcCVDwC1N0HrYgA+uPkZttVfjbx48vBjXH5EAALjTmd+HlSWoK1Asileh/eVPMiIGwUqh6xNL2gE=@isar-build.org X-Gm-Message-State: AOJu0YyOEJhGru4d6b1c+OnkjvKysKbE9e850QWRXg8hx2iDBjzUDKGg yZVT8Lv4PK1//EIMPqyFM0s0M8VcP5JTZ29MxxZaOsAKqLjjLbJOuUa8 X-Received: by 2002:a05:622a:254:b0:4ee:191e:ade2 with SMTP id d75a77b69052e-506a6b40013mr216324271cf.67.1771415941170; Wed, 18 Feb 2026 03:59:01 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+GAAAeEstW48EcHe4/oVZ7ISZXwFaMRI/EkMjw9SgRF7w==" Received: by 2002:ac8:5a83:0:b0:506:b5c1:faca with SMTP id d75a77b69052e-506b5c1fe97ls80604511cf.2.-pod-prod-03-us; Wed, 18 Feb 2026 03:59:00 -0800 (PST) X-Received: by 2002:a05:622a:1108:b0:4f1:b714:5864 with SMTP id d75a77b69052e-506a667919bmr208393601cf.0.1771415940258; Wed, 18 Feb 2026 03:59:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415940; cv=pass; d=google.com; s=arc-20240605; b=hb7P80rkfQQUTz+CWmrMyoepiob/XRSbg/awTyNJUimJXXOZtH5xEWGc4++bIBo1AU sUQkhiiLGsx6GhZOIEkkINEbvf7mPn0Zd4lyJRK4lEbtpSB1gzM+o6N2/6HA7YHQyqn5 V9aUIJvT+dYW6tOybE3bnwm34PkkfPLMXh8zCnQwF/TN4G4H487omesF//JKE1A2c6Ue fRkhNW/+2K6BBYoGOUqUgO/0XodraRmnpHmLGpoOwMyL/Nc1e+zYsYrkPnQbTiB1I0q0 MrVjlIlNhUk2+dRdUftmndUTnRxFXW/M94iakWdg40Q64bnmR6php9qVOMlvSuTuklez otMA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=GPJaxm0TOgGSW4f6XM7rp46DwsRJZsqvRWoOCvqKnk4=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=Il9CuLm139NKx1AjC19MI6dB1+2zQdBW1Vgii1CJRNRpHvPUmO+rPZC49EuEEV70yd XU4Jlpy9MlFlVPyvhllftnZNhIC48WkngwVyQyplbUUomM21xwNYgo4Lmf5TMEtb6GND CNRT73kmJS0S7/BPy8UiEzHNGSkiychgu1k/DZmEsdtm9OXalWGMJlmdkEeuOJrPvfTD wcbl5UjrfZQVC97PcrEDgWv9VJvQSfyH7y59OEWBegV3PZsQeU37p7p4Z4CuKR1UGvlQ kRL5vuPBZWnmGHUWiGCgH6dPtFqLM0jGqdzrzS6Q2saVlMZcs8VQhe/fyixUd1ryAn9q GBVQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PvVqOkHv; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-506846aa643si7938151cf.0.2026.02.18.03.58.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:59:00 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=h7fQBFSIWwxCxIpXl8h5DeioIMBH3BrbVq/doX3ArqWmUULLRJIJEq6VGzzNnzfqoBboR2PIpS4yaucHlzpcyeVky583qCTzH7dXvvfXKw+K8WE+vctuFIAv8AoewLS4ZjO27EQMyDmx2tnAQM6YaPzBRbu3fDhzEi2vwpM38EITJIndGh+iNjEQxVCYSkeywwq2UMYKeOGK9YtyiOekZWApBfzsdbSp9zJMkIiKWOour6uW1dlzazVPQ/zPRT9Rn74cdCNU/CR+aG1OtpvH551/UfHvtniLuU6L8lV8iVbfvYDjZY59rVfo9a9MuRWnSaBsCGIDsEUMBgqzHX3aGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GPJaxm0TOgGSW4f6XM7rp46DwsRJZsqvRWoOCvqKnk4=; b=NiocusOo9qqtyuYI9/2wWl1X6DWlgK3I0H50UTCcZOcUFuwdUySzU5ng9oGKVGebtT7rvSMHNno6RRKaB+/DxxOKlfEz6KFre9iV42Na0ntZIz1+0NQLb9gRijtfZtTJdeTpRi/LmyfSMrKjN6lq92JC9rTzF0BiU9iTHW67XuUgArVVyUVcn2akDytzNuc9607b6FIDmXPn61Z1lSolF1ZIINjEgUI3PF7WTg690MqQt4HaPQ7ovbwytbB7zpCoJPG2pmgcxGl1TUZ40MxiQ176pT/M8MpzO1xYAGX9zANQs1/1tnLOkKa2LvgpTkE0nyDV5h8ovyNHM96GW3XhOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:55 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:54 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 09/12] use bitbake function to generate mounting scripts Date: Wed, 18 Feb 2026 12:58:24 +0100 Message-ID: <20260218115827.3947145-10-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: b437ad2d-bb23-4e38-e7b5-08de6ee51707 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: zA4SCFFTLL1uHc7Irliq8gwh36o3tYglR/1U41nN+pHjoLPNR5nduIxfpaC33leZ+oDVHBjpYI0YNppb8rPWmfzG1XC8XyfkB2lZvVrFY19nZ7y2VCwtGkWEIjvYGbwOLHNTgH7hu5U+kXtjom0jSCR4aNw2ci0SqW5OGmOXz1nTNdq4SUSEVa7kAf6hObev02or2nMX8YmNJQqF1tjbBf38MvLkKjcg7ezA4w/08eqedW95pZhprXt56yetH/YWlbKCtj1sbEDykyG1ci+Hqsa9oodBI96QydFy0ofWm9j26mkUy25luYtf/51+//2aYEf5zVTXQcySEWPnO/Xduk++jqjjLvB3vo1OzS392EvK5o+8lgKHKzJ9aYqYUSuq9+6dkrfWEqNoukNXHYlyotld1UxILPzy+jBghg45j0k7QGEVUedv83trV3CNWL2OQUOmmJNWxBmUaQRU7zPTJCDh0uOpm1pcjISvF+PWge4LTN9w+U9iMcwduhVD5V1dVoiVXF/OZloHoME99YGEtFK6TCWBbd51464JnmChfzUw+cKOGHLY/h1xy/kO5XU6Zb6HRDfDj9ec0heltpYW2OxWSVHTFLGtpaX4/yFgVskWjFHnR7UYzgzDPf20YxkkvFla85FkImYg7tyC7xAYY63FW33pGnXkxGdpH0ZKCq9fCrRmrjIC4wlC8Mbr9ATLiAvQ7tyed+vGrlQ0YAhQdlY69OpIqTEv87j5qFeEsh1JRD+paxt+Po73SzHWfCmuQnqGGm0WyAkKmqEgV08QeNeXBRFabVScjko3Zvu0MUCowjxp/9FHNWuhnHUwPsIV8rYmXpQyjd7X5ZWodsALkbwgkKVzX5OGU9oieV24N+4rfofH4KmnjS2IkqArd+F8V8OFmNM2NAAF7It+FjfqTpZjRutfiifM1MAvfejmNkm9bAlnypt9DYDmASjlj37G1ij8dIJLsOmuhOU73e44WkVSJ8qrCcEuzD2vS14rEz8Dngo6WKb0UyJ+vEdqvoCdWhDgD+LIBOwUEoPw1QPdWc+XemKjRLhMrFrdwV58FNbEuu3M6843ByU00ePQLelEjVTJInrF4lfAVW+6B5yR05HI7W2znsWzLFvNPcwZJl1t+cjbmkBX9sFVYvlC39zc0nNgMCfmQK+Z77Q5sjHfHxnxRdva70yLvGvjCG6Ki/J/Dojttm8LmZgbIa3PfTCjTelWgPIJ1GNzvVKHRmoXH9dN8izlHRknB0Pc6i/BUqx8j+hEScVdDX1m2rds1Nh7+LpsjoQjO0Y9ZDn8h1dng61hkmEyyuYIsjHw/tRSKl1t4toLNcgMBghbkIfnijfu+GMNoLA/rY4EbnF9XgsDDOfJNTcCnmREX9/IGCmdHKnzKpyyTiGJ1ZgLeiSdLTOmgKj/TFFXfGI+lmOyj9drqi8aqNBNnnYd4Ymv7soqg55ulwTTy49Uh7UIOq5G8KMj07UeDu8Sw4rh/y6kQzB/R++GlpWaoh2JPr+ECFHfyl7QYLt4BUlNmo0ZnRiOMtWtKov0lHVLe53WR8S5IlUX3yNsBlRKOP1ooc8JKFB6MZ8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: AOEYiRAyChb9NNTTE3Dm6fgoaTg5R3XKyxqxXFGxj3QVy8qpJUdhgdW0v/8E2A5rpdOkZUL/e3ewiKe379B1+1TRsPdAa5ScfhI9Pl0ZWz96ax4mIUdJ5fG0pIdEW71WcHgIbJbruCVIzGwhtLnIh9IIktcPr4h4Vs0i01QL2soPTCSv++lTP75AeWRbDH1FG/kkO4al74FBE8IJ6FTi2zprLaaQ7TP8qSaka6NfvsNIq+a0ynpl/bRj3n3IqBvvA/lzysmxHTq7dwioTuTssIx4ei03RXPJuehtdEogoQvOplBFPBIo8W9ZFYTWOsV+qtxPs2ANyzBNoLuOK3I1F6WsKftFKQ460N0WvG+gPeYsRGuURsTvkHX+cMpgvV9jXxp9ns7hTAJA5OhGq3czqt0g7u6RjfhG9rMoO8IcAVw7c/bIiz9986wWsX9TfORzmsr/8njkdRhxWQ7utvQixa55gmLryjKTPb2SC6yXi/cMep9I61vkYpStjahhTWySJFVcZaUVLoEXTfsb2iZZ8uDi/Irc8ND6dM93Zta0u9+Ph27Kod3ADJEDjkyvzqQIJEmc7mW0rv/7wwMgXWaYTZXl6pbEwy1p1IwoKfqoZozj9SMFhCl8vQMGqZ/WloAaJwABDLKPNkmpikr7k89F/vsrX38V4Y99JOse8+/Kwr+aULUhQSjzDECcg/Jy50vk7VKJIduaDezDbEsmsGZeDOVIWT2IlvpSgBA49p71+LEnmLvmnZ3SMpaZEjH+vuHEO5+G2L3MSDhoGjqfB4kOLpblZW3dfDuILJYux8UAdP2UWGPjanjA1C35Af0vbZpKuMGMpXUgNQ3T7m+Nv+0CzUIwKxB4+TKwJswHjhdq55ShDi606+Tgep5WRPIWhxjJbenX9Tewah98pkwH1pP2dCsZZ+zGA4eRGxZxF1sRQElAY2mEByHKtQhI5bcztgDHHrtn03hU7vUv56+U7H808Yesj78+WM6yFadlKHVlg3fR5j2bcBI4soJvXYrmUXdlk/HxyLQZE2KUKpX/iQQRDC2RnvakMaA0hAeUN2aVSnfkVfheRNU/WadV5j7NQBSsF6cozky0E6+QIll+CLMcOwjUQ4M+eJq8FHuiF6x/B9PfHPHzR9W97TEqV3kMl/mknOkDGwxYfZoaLQKGZe7qEpPg37milEZykkqxfwjWfAeKGHKNIN7dyAOyrHS2E/nqnd0hoMTqq6CNUFT275nI9KyAB+qcMgR+wJo0FDVdLTQkoOXRYfr3oJHWvHl1pkwQMxQpueQh9fFvMprHDHfN/PK9SJjZR8tdmGsJsWxgKpQ7TZJmcdnWkGUnwQNtaMFBb+6FP7L0WBnlmiqIE01HHeKSkbXBIwSD9fSunJ4Z76bZzSt40NuunvQ165WlcWVZ4WW8l8uur+msQRMoCJc67QWf9NIICwwYuiMgeYFiLImTxYYynjVAc3fQpCsCetz748JDV36y3ZGgmdGg6o4ZU9FKoPkQwrpvXQ6aIeFiA2R2Ugm2Oi/hXewvy4Cns01+Wj2w1pmavXp32RXOzh6KH7dtSL7XIK7id5cXAkLNKdwZ6Df3iCvaMHQ36IkNYqJSia3UC7MSFZh8dxmPv0VfBFXnqJI1IJ02NJsSyz/TYQWiTr737BzQB1rEfImyx/e2VdCZs9h+U+BWl2t5W4f4I9v9XOenLK6uJKDqnvXjCiCvRQM/zgJi+LAisiQfW9xQa8hGug7vIbTt/9i0fumZWsICmNxfem4KYCnmkICSiHw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: b437ad2d-bb23-4e38-e7b5-08de6ee51707 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:54.8791 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /9xEIx2a3i9HhyWy2BYJDfzNCOSBLedr8rXC98F8TwCbEAFuNBemxYXeXQX9EMDk9lHGduoDBH3uCMY2rakpZKy2kCbMcFxn1q1DYVTA3Ow= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PvVqOkHv; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By introducing a bitbake python function (a code generator) to generate the mount shell code, we make it reusable within here documents where external shell functions cannot be called. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 68 ++++++++++++++---------------- 1 file changed, 31 insertions(+), 37 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 3bf4190f..5a7c2a93 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -49,6 +49,16 @@ ROOTFS_PACKAGE_SUFFIX ?= "${PN}-${DISTRO}-${DISTRO_ARCH}" # path to deploy stubbed versions of initrd update scripts during do_rootfs_install ROOTFS_STUBS_DIR = "/usr/local/isar-sbin" +# list of : or mount entries +ROOTFS_MOUNTS ??= "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt ${WORKDIR}:/isar-work" + +python () { + mounts = d.getVar('ROOTFS_MOUNTS', False) + if d.getVar('ISAR_USE_CACHED_BASE_REPO') and not '/base-apt' in mounts: + base_apt = '{}/base-apt:/base-apt'.format(d.getVar('REPO_BASE_DIR')) + mounts.append(' {}'.format(base_apt)) +} + # helper to compute the rootfs distro also under cross building def get_rootfs_distro(d): host_arch = d.getVar('HOST_ARCH') @@ -58,6 +68,25 @@ def get_rootfs_distro(d): else: return d.getVar('HOST_DISTRO') +def insert_isar_mounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + inner_full = os.path.join(rootfs, inner[1:]) + lines.append('mkdir -p {}'.format(inner_full)) + lines.append('mount -o bind,private {} {}'.format(host, inner_full)) + return '\n'.join(lines) + +def insert_isar_umounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + lines.append('if mountpoint -q {}/{}; then'.format(rootfs, inner)) + lines.append(' umount {}/{}'.format(rootfs, inner)) + lines.append(' rmdir --ignore-fail-on-non-empty {}/{}'.format(rootfs, inner)) + lines.append('fi') + return '\n'.join(lines) + # Useful environment variables: export E = "${@ isar_export_proxies(d)}" export DEBIAN_FRONTEND = "noninteractive" @@ -154,50 +183,15 @@ rootfs_do_mounts() { mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' fi - # Mount isar-apt if the directory does not exist or if it is empty - # This prevents overwriting something that was copied there - if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ - [ "$(find '${ROOTFSDIR}/isar-apt' -maxdepth 1 -mindepth 1 | wc -l)" = "0" ] - then - mkdir -p '${ROOTFSDIR}/isar-apt' - mountpoint -q '${ROOTFSDIR}/isar-apt' || \ - mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' - fi - - if [ ! -e '$ROOTFSDIR'/isar-work ]; then - mkdir -p '${ROOTFSDIR}/isar-work' - mountpoint -q '${ROOTFSDIR}/isar-work' || \ - mount -o bind,private '${WORKDIR}' '${ROOTFSDIR}/isar-work' - fi - - # Mount base-apt if 'ISAR_USE_CACHED_BASE_REPO' is set - if [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')))}" = 'True' ] - then - mkdir -p '${ROOTFSDIR}/base-apt' - mountpoint -q '${ROOTFSDIR}/base-apt' || \ - mount -o bind,private '${REPO_BASE_DIR}' '${ROOTFSDIR}/base-apt' - fi - + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} EOSUDO } rootfs_do_umounts() { run_privileged_here <<'EOSUDO' set -e - if mountpoint -q '${ROOTFSDIR}/isar-apt'; then - umount '${ROOTFSDIR}/isar-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-apt - fi - if mountpoint -q '${ROOTFSDIR}/base-apt'; then - umount '${ROOTFSDIR}/base-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt - fi - - if mountpoint -q '${ROOTFSDIR}/isar-work'; then - umount '${ROOTFSDIR}/isar-work' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-work - fi + ${@insert_isar_umounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} if mountpoint -q '${ROOTFSDIR}/dev/pts'; then umount '${ROOTFSDIR}/dev/pts' From patchwork Wed Feb 18 11:58:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4873 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:09 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f186.google.com (mail-qt1-f186.google.com [209.85.160.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx756023577 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:08 +0100 Received: by mail-qt1-f186.google.com with SMTP id d75a77b69052e-506a9bf9b3asf64520791cf.2 for ; Wed, 18 Feb 2026 03:59:08 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415942; cv=pass; d=google.com; s=arc-20240605; b=JA89fyYXqyfkyeTDdTDkNg+Bfidl3d6NLPuInnPC4y0HLL8fX4IuURaVbMJXzRlhNI MaOltosBnGOl/N7TJ4qhNdphoV02HqTIk14ZGh2n7wwqP4t8jYnvEuGBgM3y2EXqZHXP 6ChWPt8AsGsPI1Tv7lrVPio3wc7k252u6NpopVrNHRx1CqMpeERS9d7Tvx2qsCX6JL2F MTq1FfqDMsQ0W3oKsEQv5C+jalxDI/Ivlp0apxFf//eKP5CHQdx9bRQB4hCjxNbm6JlZ 8hA9jxi8pBL+bRKc+EqcX3hSO7CSY6mg9Bnt+wXEkd5sD39dYYm8smHCCr+RqdK/SMIW ppYA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=O8Yly/JAOAzutp6N2/soY4YvgtSU5MWUjCPZNcgffTw=; fh=sbrThh5gvAbJ1YMER6H4Wq99w2ZRWawZOmNNPH0G2BI=; b=cnJTQRRcW5viQtBR5UQGeJTB5SlQTR4bTu+mhyxueFWvbEWZpoN6O8g3zp4J9sY2fG 6fqoo35Ngu8sXd6LAjQTqyYo+8tl/GffLTn09ehQbZXdjxQdd//g9FI7bZSJCprKOdmG tY9iQU/8aHzX6/45EdOa1Gy44Wvl6uu88ETXthTBuePaLkicZCmLPCsw4euy5/wYsWKd DWfnENFTQupD7flVk6hd7wOQXTdlCBKaDVPibr1oIhSw69oOAAo11SmmTzsjORCR+Usd cYNqnC2KW+pAHH/TtM6PLIHBm63H/igJobsLDFRGWJqrx+lrPhO9BrpZGlbzksIXZ/Wg ouAg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="cwVwz/h+"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415942; x=1772020742; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=O8Yly/JAOAzutp6N2/soY4YvgtSU5MWUjCPZNcgffTw=; b=OgVuqSmMnyyX8IGGCg+4RP2Z7yCLQ71bLZLqAQJ2N310+jyPJye2qJuRgEIUwVwyuT vq5oDrE8JAWkVRnQxmBcwShoTa7MERFp74TPblJZ43ZNha62b2qwmGSd6D67iypADSpz 6AXlABAX6bDwNdFzE88Gq3dt87s5WOafSGVqNzN6dHa4CTnCIkdbxWcOnF7sHrLwUG3R 9fO6zinP7CIOO8gvMuv7WMrr+YoVVEY280k7oztEsastWZkcACx9lJujIYPiq4unJtvi Cn1kUGeWlGlMrhbr7ZTbnY4jWD+xc7gKxeP+5sr1Zf9bgooIRuoVLMQVCL9WoTHFRMVg wTQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415942; x=1772020742; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O8Yly/JAOAzutp6N2/soY4YvgtSU5MWUjCPZNcgffTw=; b=h6NheklkkmwKcP/RdWc6aVWiNW4aBwG7eyJb8zpPlGOjHPA+kHyWnPuhxxtrf0EMKa yu8jvbDPNmHoic2BpKbIBRFX4rhfO/Lec5Okz4S4tSwCUd0UCmSK0dxg363kOmTrdH/i 9y1v54uMjvrmv9yGHbvn5D8PyYDvYMq0rFLXK6oRrGWkVpcgFCo7VauRaJh0CoHv/S2y y7bXRtkSelTXZJlHrCKomei+9IXewCZGrjak1znwcbUPCsZ0UaMgRal1UvsM49lkbrpy Sb4OQmLjRrbA2eojKkTTSuRR6WnYXodPgicdZVJstC5+/Jj0FlDLSHrHYl9wh1LjQDIM b5rg== X-Forwarded-Encrypted: i=3; AJvYcCV79Zq2mDf3fvdjutQ0fxeeCH8uryzfMIeS4zLIEQElX4XA4shpOuxvc0r2R/a6uIl/HU1R9IQ=@isar-build.org X-Gm-Message-State: AOJu0YwTQ/yar+rwyjAGMGr1QhoVoaTaMlYkaIS5Ndk0KaBtvPyNd1MV C86BlAgmP53KshIkz04S37rg9JNpECJVkZF4v8KIEr4i7wx2WZ4AarrD X-Received: by 2002:ac8:5852:0:b0:4d8:531e:f896 with SMTP id d75a77b69052e-506e9177261mr16842231cf.27.1771415942088; Wed, 18 Feb 2026 03:59:02 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+G0kk8lrQmt1FqMmmiWzU7Q145alkOefd/Vi+euyg+XIg==" Received: by 2002:ac8:584b:0:b0:4e4:600f:d8d4 with SMTP id d75a77b69052e-506947c9e93ls108016371cf.1.-pod-prod-08-us; Wed, 18 Feb 2026 03:59:01 -0800 (PST) X-Received: by 2002:ac8:7f96:0:b0:4f1:bbaf:c5d3 with SMTP id d75a77b69052e-506e92324femr14389511cf.59.1771415940963; Wed, 18 Feb 2026 03:59:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415940; cv=pass; d=google.com; s=arc-20240605; b=apzPiUfySFbEz6g4ifVMcwIDMOpCPeXEI10nKYqVVt9DbdmIb++GyGSrppUKg9x94u 5CqKX1PkKvGyCWv6VdSwVOdWr56ISpKgOrrKZj9TPYplzxCfbBP81PWWf2Dk/ytElhPF d4GGO6DaLPgP2ksUsOAiinpMg7vvX11hfgdKoVOISBvkk2XyB7ayTpg4VE1E86SZMXKL n9XNUv3QqUj4IAfAALACdNQjkYEsEOVx1IMvNkFNU7vwJi1LVe+wS+pKF9MrF7NO2Kvt 05VHYjdU+zz1Xx3ZU0VlWZwuog9XKhU9QCsXmev2vWFyI8pC4bi6vwy+WL3oMWArQQQA 7S7Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=ulvg5vL5aZZ5fIyb32J303PsWUp13gszCjgY2GT1I+g=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=huquodozvLOQK2E69MCmwK8E4N9s5peXSE/qPaJNeLcdklSwoxuW/j3KRJ8uoWXkbH yeOc+ixf4BwT5NHgDlJCoM0lbhZyzp9piRZBQm2BLYCSJov6+mxD+xAEFGRfsT8ANp3A CDoJbH+RtFAY6fk7XceoJjQC8cPnUabCl/55areQpO3ZXv5oQBQngaxKCWU6qHdXjFVX 5SV396y/aEu9mc4P1jzcEzmduptNtpK1tTkRGlDMoXhl5zH2wSCHvdD4aX8eoHeZwXVe fjdCj5InkViUQgj/hNBnXhFYTnONBPMgeXc3Mgx7MLQH64OaJNBYcVPgGPnu6CmXyMey VWOw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="cwVwz/h+"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-506846aa643si7938151cf.0.2026.02.18.03.59.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:59:00 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IPbtFZqY/pgbQn855aL8GotWDM7vp+HBr33dsgBHtKGtssTq+K0cWP6nTMQwULGcLzmP/YynHnrkS+0c9JBMW2G1Fkg1c+WfHWGxeVEAN8OsRqsIiUrYK2C9YDyiB5kO8saq4OlZAp2D2hg5YOWvJsaZ7euwMgheFkwvWBCGp5eJ+NOsleyne7ZX36zGbjx7ecB4yfVfIUPgcNHe7gT31XP/HPYkNPyS1ZV6rRLUyzQVwkCwwJnQOX+wVAPUtqv0GzqkaNh3pJORWXafJzHqQI38/MglxVpZnkISdmogOxUK8LuIgBFgKeR3N3+vUBQxuxrEVfk6OkaUm18vf+DtvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ulvg5vL5aZZ5fIyb32J303PsWUp13gszCjgY2GT1I+g=; b=KuPvauGBJM1xtEr91cagvyUlqZpGPl6OuXTG+JbSRfIrqouzOZc/qZAn4R5/6PPPOCgo1UBh2Bj9uiKCyWiwHdIPiamcagNRs+tJgUNuvZIZ0/SdtvHNIW7k6GvXfCThuUXq5dmW9uW0r2ggQHhcGCGkYuhOI8h6i008IcMf+1+oXSXC9nXiXrhHaZrt10ppWIdRtEBjaCQAOSA/jFZtWl85K3VSHlIYHlbtRKzk8GscZf8D85lK4DYmSc8dRNYlvnBmgYZmBWhzM42TWWISb8vHcZgAGirgDrJMN1Qgzsw8zgMmCV+Dtq2xqaGIRXL35nPqospnrcwXniooJFCG+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:58 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:56 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 10/12] apt-fetcher: prepare for chroot specific fetching Date: Wed, 18 Feb 2026 12:58:25 +0100 Message-ID: <20260218115827.3947145-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: a13cf486-1531-4f9d-d869-08de6ee51801 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: e9zbD0X7HEe7a6g28sxdkS1HLuUN/kvFWEoi+KdfkhhpWt2Movp+Ye5ns0ueQjtFbusa+uqFbXGKDrItoZJl+bV6MRYuqsNJZGlkk1/PQ7oNYmoyXnx2CIIh1IeT+8xFmKwt1SrtI/pLBXtZwx6ZyC7bNRU4UddMG7I6Rw/x6nVfw0Sib7T/jzDbk/P5y1dyuPdWkjTH856aB3ahBI+gSTcaW3vRF+VepUadQDJSxNq/yHVZWn3GoxpztPKSeeq21yCbZkDmrh3iPF0pqz1oiJ3a8isuUEIHIwn1Ogd+/HdSWn2jZxx6+evBgMkN6ZXYQa10zcrZ8xeiIVQprD77ekh0JDHAKp/CYgfBOhguGWDtKWDp4PK73lnFlMu+BCd0OnpNJeGpXQjt+L+uyoRV0jzoMafmLu83QkuLmjVzakxgmVJxUeLgO9rIfM7vdONuKtbHWIqvpusNeiAoWGA5SEFJ/n3/4GGHvY6E9Ou4ElJRu8f/TgaIQ9rbff9YNFE7sLClFyURZUZbcZ0Dx09uqij91Mcq47z+Xc+gBHNiJuE259T+r7fEDeOE4CnWmegpWn+OlAiV9f5TeXRiL+1nLLXMLtnoJMYiT4Vo8lt8f5D2DQjPg9C6nkagU+fUV/Wi4qP5aqNyio5iiTWzOJWkB8CfECJIsveI4C6Gw6hfV+yzjWkcmlWYtI2x6PnTXL7YlG1imr1Fgmu78FskXUYSYplDPgCRyw9MRgZdmHq1kMaZyc/7FCMNpfFOChH1vXwHzuCVEqdXngC9uJIVyTRH6UuJw/WKGPdmMkf8mVbScvOvhOh4oy7q3qDKSJXx4ilN+CnNtUv1hyE0Ys1Zm6yKSYyTMZx+zDqWe9mXyVx7tzmQAjEIB4/XLGBYU3flBZxjbA1uYPjD9ru+yd3Bo8JzSKHCq12aiueAHGVIwVN4C68VJRBVeKoI5QbimGo4i8bAUnlzBGUZyjvljtmmORN0t3w7U9QKFGjwl//SxjRXUCB3d8mJtLsyNeuhUczlDOFXczV3qPrSL1hCkIJJ7snOYOsEK19UDXjVPGD9Zb0I2yhpRcl5Eal/1FocOY2UJ3p9kWO7RS9ASFoDAomlddf+xK2VWMMpl/9t9fJ9cteA2bQ07rcc2J2Q09ki1N1pUIEMeLBclJsqbIdHXxXJm3hHZFw9qdeOS1U78pFmZnfwJLjZtPRnk8wdIWvdMuW5+gASgCBucIFMYqwJRAnG5HEf0XtZsUMVnKUQA6vWEF36CTtcCNe4cq48xkzALbSWIIEvpjY0a9aAtoUUPF/L4Ry9IhVf+m1HKK96AYxgQa14C4ER3DsrFKCMlS3yAG1DNhG4HGDVT7OUigAQ4STEfKUbz5ee24zINcaTczMQOXS3IVglO85V/UVTek49GrNZ5JrCFUCUoF6ENyATDxWq6vUTgszwborsIiXjeSYjhQWMb7mGhJrkXRwac49Lgd+yahDOaM518mUAroYVQENpHNYYk8mT5KQs57ZR2hsHFcGuG2Rq/Ow38b4ts+Rcjv//rlKG8ty9trEqwvbbl5fmfVRZYrBki9PblngMn47UNil+l44= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: s7ZSi7yCgJTITGVwaJfBdyTAq/kJkknS81wLQwu26Yvca+uf75vq0MLyKgWEPIwDgCBywqr8GZ0dUfRXGMJnzj1Q6pTUlYoWdLF+EpnykvRwIR4Bt6IEtVGvnT410jl2ZM1T23wkaPtawqL/bxE4xXNGGGQnH782ts0zVYTXLkLRK4ZbYbT3hRF2Qs3gAkQhBCIp8udLcaZDlR03rb+UZr4YiquTgH0rtd+mysRyrkONhWDCLK2uF2qSssXUKIpk32fgmmiSXiV0sN2eqddU1Z+JbatZaFA2FH4963xxhEA51G79S5aswferutvKcSmEliDZt4+zXTc6lnj7b+YwK+ryedSJ5dxjJSDVCSvM/V5q4tg/tAWWY4Dgku847XgnQTXm5ZF3bVp6m2cD1XA4uzp3HwiErfIjb8DAyPhx/e4+fUD6MIiYEsDFVGRig0Kg+Niw5X+hWu2Tyj8VGSMKRCilwg8VId9wSGue11Z9pokG7Q1Y0NVoHfN6wfK2Debw+i61jUiiZsMckR2/wgPAc49CEjSNguAfGYOaXkmbaHuYU2SB9VxzFEu2w2GO58BSietbGeju4gyluS/G4U2ziY3sjKvAYRU1AFr02DrUiIOVR2BtTZaPVVV9Di0MzEpBK2+Sj3pknsFN1PkY8I988wFIRxm+7M+z5qJRUNYea0VdmrmtGXger6nsZ7EuibRPUubE4suYdsybY5XLlPI0B6IX7tRXUFEhmOs38QaB7El6+FJHQXp2hhc7gZ3OX1H9qqqig4Vt7E48QLQQ1cR8Phj/lgprUnAgKEgVQtxH6t4uV07itcw9PYw6q9LpyyVkhny9+8bZUi+iGcwCuxvVhLuCjIrQGBHmCSP9PwNRXYn2RN7PJrm9tiwOi5g5pGr5/rhkkS94FN0rtMLr1SUOYTFbyXUZNlq1350vZSn/aNqHKdoeGowVGx6+otFjojYVqSaeTbCtSsNZ1YdaDNxSibKfYknLR1+9L5wNXbL00cVhkqF/IzY+tOZEDNjg1lADX57TWi4+rckcVr1MSfTmpWhhjyMs28kV2FpnD737hcpgSTTq8xYiocRwqE7mbYgOb7VUtvHeCpOhLoxGx1DwttJ/+4t9wyQFT0Wt1AjgV9wBlTUzcKjIT7WlgV6IBc4dpsjEgzYKcnoVaypIdEHj4pcbh4FWbyzUDYzpBkbV+1YOzHDh4UEsb1vFd0K+21NilCboXN2KdmaRpNQUrOpkRniggO82n7mAQEjjFHRiZjNtTSeyrFu2UKNcRsZkMUfug2ZZjW+wdtLILyid9LANx1CkXtWPDctNRRAJKM9Ovna3WO4SykLSz8ooKyDc7mGPVyA4BCgF/jzKABrZZn5ZGyoKU4V82biUMZaTW/dgu4gotKV5SXRJV8tPnA75Z0SfHh5Nr2eMH5qyrL6QiEfQkmGHaZRA8RRgMNpB6nmUh+iOlLSOgPrwwnXzg/IcinaiEfmO7J7WWA6SR3h1gxJqcUQ3tLhQL4H4Hl/7e8+XEkqhXz4oeg85XUAtXFT6tz3xK3qiI7XYp0uepNM2vKpf8c/KndTDvbOr0QuYYmsbnY7OkSE8DmXfn6fIJ+D4lpvPIB8079WI6JwAR/itILzcFA5GiNSskNrd3Cf1ngNwWX+FIr5crcHlDZJlIA1f44OGp+yD+tD4Vu4Amp/Op96kasnN8Sy9cAdKfQ81IGGKLIxhIh6UjVqerj5tT5GGMNln3jQM7OYDoSpqKii7LMER5h9KQyHeHLegQu/kgoHIfCg= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a13cf486-1531-4f9d-d869-08de6ee51801 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:56.5145 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8g3ZuaRBFt3kaSgPLLPvLe6J/P11ywbltzFZXoFBlgmjESp3O3S/gAK6jtB96OLtFDtQNnkt1yR6pXDfz8rJpAcFiT0qAIBu0FwDuKu/Jao= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="cwVwz/h+"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The implementation of the fetching depends on the chroot mode (e.g. schroot or unshare). As a preparation for the unshare mode, we hide the concrete fetcher implementation behind a factory, so that we will be able to dispatch based on the mode. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/lib/aptsrc_fetcher.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index df3dd1fd..5841d6ee 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -84,7 +84,7 @@ python() { # apt-src fetcher import aptsrc_fetcher - methods.append(aptsrc_fetcher.AptSrc()) + methods.append(aptsrc_fetcher.AptSrc.create(d)) src_uri = (d.getVar('SRC_URI', False) or "").split() for u in src_uri: diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index dfa784a9..37c84fa7 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -9,6 +9,10 @@ from bb.fetch2 import logger from bb.fetch2 import runfetchcmd class AptSrc(FetchMethod): + @classmethod + def create(cls, d): + return AptSrcSchroot() + def supports(self, ud, d): return ud.type in ['apt'] @@ -20,6 +24,11 @@ class AptSrc(FetchMethod): codename = d.getVar('BASE_DISTRO_CODENAME') ud.localfile='deb-src/' + base_distro + '-' + codename + '/' + ud.host + def clean(self, ud, d): + bb.utils.remove(ud.localpath, recurse=True) + + +class AptSrcSchroot(AptSrc): def download(self, ud, d): bb.utils.exec_flat_python_func('isar_export_proxies', d) bb.build.exec_func('schroot_create_configs', d) @@ -83,6 +92,3 @@ class AptSrc(FetchMethod): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) - - def clean(self, ud, d): - bb.utils.remove(ud.localpath, recurse=True) From patchwork Wed Feb 18 11:58:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4874 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:11 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f192.google.com (mail-qt1-f192.google.com [209.85.160.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx8Kp023639 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:09 +0100 Received: by mail-qt1-f192.google.com with SMTP id d75a77b69052e-5033b62efa7sf430535341cf.1 for ; Wed, 18 Feb 2026 03:59:09 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415943; cv=pass; d=google.com; s=arc-20240605; b=l23PLOnNGcWR+lvDnAccjZ7376XiFip9G7xzzgBRFG4QJOCUBeKLwEmBQxybXeTinB +9yzCkshG1X/JH6mGjztkhhQEjvoIJDtIfNCkfXtAs1gYKAs+bPJp6A5CnneNcCHRhCh G527Attq42uvA/XRNJLtVitgpEpe3BMEFlNZ/SIhQRI4XE1oohmRXP/RJRWldnNqLDM/ M4id0XaO3XUybOJnN+WIRH5td7TjD8IM77rtPu/4du5UY/kFiz+peIaEZcUzBMiNf4jF J91O4rBciKot7F+kEVw3OBREbW99lkX7AB+0q9J/dVnJ+iFrp6QxndOzRtSbrqgnH5R6 0vcQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=dp9FdXT7IHhAUm/rbvZJbjYi7cuSd9kz2Fz6h9aXviY=; fh=M6/KJDB392Vj1sbjF6LnPx9QJfT1NtP7KmDX1b3ni4A=; b=le/j+eQupadN7EW09OOuSYh+6D44hcamwTQiHPNPo77IoL/W0uEgkJASkknDTEsJwF +ic8cyg/UPlxZ3zQwEVpGSTyreO/QpNL3aTvW85Jsmd1JOISsB2T4pKSSZpZYm468vRk AEtYRi0Wfdgx2nYeyNWi4LWYVDeh6PT6iX08wRUsZH4nkKvnxFnk2bYta59vZHSc/nSz Pyn5fKQB++qgUNZ/zPlzndlVgYCOTNlrVUxD6yvf/qYyLQqx8fTGdh0onlEB/p/VobNf ev7RLnutPAOUTGxnyj6QWjdyU6P1N0NAlpigS02UX1T81fXUn3+7AECWmycdawvnnQJ4 +07g==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=fXmtyDn1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415943; x=1772020743; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=dp9FdXT7IHhAUm/rbvZJbjYi7cuSd9kz2Fz6h9aXviY=; b=qgSAg2u4qoYnjus9dkAG+9vlhv3wiwtIHwWCQ+dEswHMOnem64moVrFN3sRL5w9qvB doYI9F4VRbpq+XpSBTrJS2Hi+vQEM6gy87i8HlK7YUHqA+siUHHzp3qOG89swz+A4Faa WjSbXSAPcvjyBq4xSj8amVNV7ZcFVpqYZHOvY36RO6B2ZjUq/as/DyaGMFDGk9iJ16Ry AOCfAlCPutNGAzkGm5lI3Y4DvekRX+ok0fHObYwtS2GGYfcFE+1i+DwEZlEdiR4hL2ih B20ZJblZBnI25Nwn418rG9clB91NLD5KmHxkQhY6diVdKkxAWCMNMjtDQO+i+DirozEi gFAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415943; x=1772020743; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dp9FdXT7IHhAUm/rbvZJbjYi7cuSd9kz2Fz6h9aXviY=; b=Jibk61P5ai8wwl2YriDnDy+0ggBKpfa9d4sFs0cOwJdK6nw7Tb9yABv9c/lh94LBrU CRdWa7fTeeYMjl2YOFcSWTZy6KgAv2NvbKVvgeXbNOP6UHeiE6mdz8dqCCJnoMewug5e MHqrnOH6hy2NLfxA1UYEpAdNDPNqpXRIlAs5oCJxPZ63I80P23EjjoZuPDZaKW9jKS5v pp5UKX4UpLiiIVSTa/ziQsOgX57CoJ3ljHIHVRv2dxV6GzrYMRZ7a5o6C3ntTWN3Vphp IcPA8U0PKRwm/maxLwx14M3s/G1HGgtO+GsMCYlR3OICvc92GvTunpGgRWq2pzm7xfKV 8rUA== X-Forwarded-Encrypted: i=3; AJvYcCWOxZLOOUc8dt+k8Mgs1ECiIFEr+HWgxKMMN7sLKQwlGo5I0NUNdZZx6Tghlv6+28FfCvCYBbA=@isar-build.org X-Gm-Message-State: AOJu0YzsVAqsZla/susNWTh9z8Prl4Nd1A7fje+MWFSSwqs9eNH6ZmG4 prAXjr6xzRdlkTpfPWACZjUHjwgdneFu4R8sv3B1V+bC91o/XF6edtiT X-Received: by 2002:ac8:7f96:0:b0:501:48e9:68f with SMTP id d75a77b69052e-506e9232d8amr16989881cf.62.1771415942861; Wed, 18 Feb 2026 03:59:02 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+HjFtzqgapWRSZxTKjqxrylwVHfVsYFk+GeVdSqK1fLgA==" Received: by 2002:ac8:5f11:0:b0:4ed:9424:fa31 with SMTP id d75a77b69052e-506a8ef303els89422841cf.2.-pod-prod-01-us; Wed, 18 Feb 2026 03:59:01 -0800 (PST) X-Received: by 2002:a05:622a:1308:b0:503:2f41:aba6 with SMTP id d75a77b69052e-506e9216b26mr18671021cf.47.1771415941713; Wed, 18 Feb 2026 03:59:01 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415941; cv=pass; d=google.com; s=arc-20240605; b=dHEAGUum/qZA81hBQxkBWPU09w6580TqsU4p1KHXv5jOhaH4UCRMT4FXiBmsTwYYJW 4P0PfOLloAx8j2upjms4/6/iDX+K0vrV6ddG3hvGrlXZ+5GC/U0CNCBOWYAhJQoJzJPx IIh2d3LdqvKwsLxFKw82k9T0AyIBHowJqEYrZ3U1bz7UZp9xM3X/N4PLrlwlqfbunYsz 6Jo7jfpT2XxyjBwmtxz3uHRCmGXzCbpUkQ6tdB5fSKTL1ARu/enAYarQMm0UrR1HSSVF OEUvVTDg2LfFdjmlAyuV5jPyBxIXM8eWh1OZS94fKjJQDp4L6j8tLQPRHqqiEiy+aIN1 LCDQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=7teM9JjGUjIbvdx+WuxN5tdgbfhg5WD287cemnqlF4c=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=NJZDzUa/r+UPQXFqB5mRBuD/rWIH2Dz13f/roUVuRsWjkpRAkhfeK2hEIOiAIlFh2D UVHnmOW5HKdGYIW+2LpzxqJS72n/8QVHAIGO3p2pA6StcFIoarlMvzETZBz6cMY4cByu 5vAXaR4gexVFxhlIw0Aq4kCQBWQeg1RMu0BVRScMlMBskRrPb71SCtZEFZsrpY1hgkMo AsYgWZx11sCtCkAmLupBf+43XA5SFzkIlI/90WNLtCMWj9cXbtciq21Har1aFCQuatya 7a55hB/3E/cBDfijy5A9rTlkXsqs83pOyfiwOiiuK63/X7Dii6ukC476mjV/eglDkVrC WHqw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=fXmtyDn1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-506846aa643si7938151cf.0.2026.02.18.03.59.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:59:01 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PP/6BDrQ1/rPo0iIKkFwmPphGvl5hg2EauQmBzyf2+0Gdmt+3uWRGWOETCuI3rqREdu06P32xdCgdvGV4DwcWib6dg4QZxD7B/sEVvWYs8oKHanzTTii7oS1D7cqOXSiLmPoUZzEsaiLl4ZhorvhUNx7EwDFKNgo23RWvak17HkjP0gFNoYIT9YKVv8FQ553pX8AcvHW6Bn8Ws23ToYwkJ+pxHjzMwH6PmNJUDWbCdypr4UdiKLrXYkzP029wFL3hPpEEwQmn6i+KQ63j6LlUPcVBd4jP0+bsy1LhdkWXtkufQZ2yEFTgZkE+QBAM4g+bp+I2yZBQI8mrANvt+eGbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7teM9JjGUjIbvdx+WuxN5tdgbfhg5WD287cemnqlF4c=; b=IuM23+mvZKbSVtta9vbEb17GdgRLHu7ZayRCq5c2JBEnAYh2+Z2eH/irpkyGhOh+bQOvjYsd3UKc9KHY5a2Lq18Ox+PKhK/mZl5zcLnwe8unfWMhXZ3IOBts1L7XqO6jwmVU3j+QzM4aBdo/bYoC0Q9THltKR6DjiqjSMIQY4CRm3Y8ZRbEEx3+SrouwSbZWZC1/3NvWaQIFt7Cf7Ja1l369GpeYDDxsQTtI4P07LK6m8R1hzN+C4z/Xw3nazOXq/K6afVhwHa3QhmrFN2ZCOBK2Of0v980K3o7Ota+em7mT95/x5uGZsq/a7Id/vJPmoyH6ZXmKkjg0Q3CT7we8GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:58 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:58 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 11/12] add support for fully rootless builds Date: Wed, 18 Feb 2026 12:58:26 +0100 Message-ID: <20260218115827.3947145-12-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 0b1e5a70-b47a-42d8-829c-08de6ee518fa X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: rJezne4cTh0GmWyzg6oa48B5NLv7Br90vj/0okiW9q9r3fTadH14tV/9rRc0HumBzTellIEoJH16le9y6NX3008pRkvKf77ukWZTUK7weXAWb4LC1oeuEjC7iyN4P06nkAoS+dsKxxlEEgiMCX27VEeL+7QU81Exr2mC0WQAVDRh0PUHsOxgIGVWjEO7E4AQHT+sYsdTQc3MnEnD9lp9JCLC8M+3bWbAKi+sjLHSrWgbbN0WGx/o92wMfNIqP5QU9ndsvkmJU2x2KPo2JxlOVxwd3aipVnFnwnntknrwJXDPZwjL8lWm7eWusi7WMybVEt6wSztuR4Qr0iKIXxRo1dQ4MeMAydtk7NscodQGtfyOwdJxhrubxF9Mdp4OoqRNBWajL0LlzDffu1wF9rtyFll1CgDj4yqqh9YB4p9X81W3tuoM6AMK/1j2/LrpFVcSLpyu66vTsGxqxwGrDbWrW9wMXALxBE132zE29ZE3jwi6R52txTJ2i78DZ/y6z4S0Dzq0fadbC7CKQfdZT9TvMamBbqJB263GmDPlvqi8I0k4xxEl1UXHFKrZbC4GlUP+h3U6uiFEOYxTg8GUDRFtYWqHXgppJvBwlN0FzggTAt9w/SSJ4vx0vWgtdHES7OdP5HnfMm+WkcBpApxfIYxOlcZkcLwcF6cJeCaeemRJAjxRzhJ3A74/5zL+2Mi5xpkjZGURlnRD6XS/opQYqNVFcZtaWwR0GnXPzntj7jmnPE5UI0wdAza7t3M9pJsgkNF+xjOZyfwqFnPDcQ4B800DQvzBSqeRg3OA+vaGMUXkQo1tryAmSMw9dSaxS3CoKmRifeUV67OmSVzpl9gui5xc+ZNqkraWM+2t6hFitq8ACLhDBi5QlhdTowQ6JDd29HEbxbsFZ7fGmuBBfzuTbFXHvE7hnQSeZfCHMv/TV+3WMq5FgAuNsqxhog/0IoDsV/07myv9ayS5p5ra0d21065PtfscsZNi50c+NNahMSSFigl+V8vJOzTht16J6CtJtaqBCGipg+KH9SOc2766s9oKO/NP3lWrwUQfKYXuFwinQv7R06tWalWYEiIkF/Smurfk8+GMcdp2gQ+vA9BA60Y1OT0xsVEVLM7FQcbgO5YpWoUBWh7d5cSl4jH7zOuZBGrxoWRsgjmXXDCCMerSkS+1pjPo5NIw6mIYvdjyC4QtQ7BZfiolNLWTN9h/dyd8YUWi6f0fo6E+oWHkhG7xMrh47Pe34bHjfXZiTEDsM9VvT5IUbxcViGVOwkgBfQJDXrBCyCkGHBdOQBSy/+IR0hlyILdNQfWaVfo+1Zzx/QyzYabkjV05UocG9vPYZ9YDSG8C1QM6sVBTXmZfVCJk7y0S4jKJKPAw/qfN6G24+nlaJh3IpMDd9ssfIkw/E6ORhzHRzrP+etVc5lw+Qxb8PrhpHAV8YJUcHGC+/REjy+I57C7nOUtfdGoIC5JpggRy4EQ2vfmiKk2OyDz75f0zAQjR37HcxKo0kWrGECeS6nfS2WdM+h8u7THRXijSora4bapiRNVCReo3gwZ1ElSEdmHZk837po4li0o2XZ/pzfEWsBI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 3jskAA6+AF1Jy2W4zj6NSoj1m2yVwH5LPTLL160yKHLL10kF8AwZhYeuhfuqN33mknfnNB39gGG2VPN2AJDXKKvR6xCHYo13WRXxJVZuZJQ1t+FeBQ4SxTfJkmaFZGDIFyF+FB4Px0VBWNoC5+308HoYSc5hZkT2UQgCsMh5LF7yH0qgRsxocEZDXHtAsM/vTtKlLriHOz9W2PhbSrrbuwiJXkByK+1WhWNpPTaEjZMicHm+c1368YVNOFfMggXCQfeauO2jiAYTL0dZGRyEuEMOJZTvSLTzOfTNfN+DaajvHEvBvlMIbjjv3j5/BAmMJ4IPyjXPLXb6de09BFpA3/m1We8nSdCZGOPIfeGfTLV3U9+vnWQsvocIkB5aDZ8nll0bCXPzgRwZU/ULH3qw91rTIVCztbQGRMEgaEBgkgEWpDbcsZxgco+/MoFNl45yrmpthG97mHW/i2K46OIMEaxDtXH7s6wJ2q7552dTnQ7B2Cc/uK3GppjirRROXPH0AWY54UhUmVDtW+2ahYh02upS0aotgp87zt7X0IXkQ6XA2SPSDAvS540bW7lfCsFAB0p361ADxZFlgtdh6kNoDNPcnu/0FYIGtBBgcmQat/bZMFPcPbwdghNfLOOfkpeVxttxjjYkWGvhecQNIscvuE6yKRAincJz8H7tL3cH9C1aBk/jHkQ/4liFbQfvY18Nb0hK4NcQHvzDmU8yPDGjsQbSYRuJEI9I+1ywgZvJeM1keOcur4KjPAm4F0oG8PDobZa1KGgS8uix8wSQ2mecHfe13eRym+B40zgMpU9Lev47sHNcwPq1Rdwt1l8yeNNLGPfx5+M9YxleH4o7vBI/N0fZLGCIG3g5ZWZbDc1sXM1vhAA+I9rOqi87DUm5x+o5DF6TlNmKexu+GgHxyrrseO4ELQkxNLyE0DDtA8me6CN3AAls87LBbz3dqgmX0xrX5vfqgbdWrPXQkc+Y3U0Jl6ep2+ZrseTYPmwWfLI+quZ8Wyoo9upsoNl+eZqXkjja+99bq/Lok7A/Ncz4KpJUh7f2rR1JFNyWCETh8zXNPJL7jB/+zPWtH+SR0veOc3IQmBUW4JK2hs6teSpy5jL0cPpWJqD+qadQVJ/RYQ5YGtMNnVITIu19BLePkp689JEm9LUlwUAPRjXmtheaN6/KnaPUXnxfjhlgcN7JjKv9RW0B2yUIev2H+Z03Rt7NPGuIawnsMjFJ39QnENB/Wnc7OVNMQaQKxH9zBRgxpZJbWfb0vYSG8/FO92xJB6oBGfdXEjXxu0oIhpqpFFEzFf8aJlo6E6sD6+VQgA0DMAB8nPQNENeZO7mdH7ZOVatULjvxy91nihyEqbmktgXy4MtSdpfYAYf8UdN0Oons770F/0uctYuM6+EciDjlLiZg9/5aBFWirKK3NzMBENvAS6V9HB0jmwXtDdN8Ml40KMuLnbtDNoaR0+I8n0kCttKNdJd8ciJ535P2KbPJlb5WSdF5B/gQjmFbZvOSkNAujKqaEl+Mk9M3VqghzM0qd0ntWXYBzsqz4bziWYkI73kaIA5Otbn+6cc13DWVDZolhggcGXfRDy2e+0hye/kJx1ug9/9eR6BcvBNTww9uRo7tmFtQpgozoxKLkTlGuTDPiePnTADXhRG/KkidalJ9/lCfUy9AzTaoObIbzQkqjg4POzUjytNDHUh/5FMwndk6C3wwINqfKUMzNk8WNubotWK/1xdcPX/OmhD5Dz3ZDgodCu6I5Jz0A15ScbNHXDvV4j8BGCI= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0b1e5a70-b47a-42d8-829c-08de6ee518fa X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:58.2708 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /vvNpnmbcv6m5zBlnvP/JAZqMotFVUnb3SWtlu8O1VChc1T5NIOJgAUknRztmGYTbuUIIB/U+3MTveCNtnMqw6ktIA33uIGbpGeHnwVSl1s= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=fXmtyDn1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Currently isar requires passwordless sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). Signed-off-by: Felix Moessbauer --- Kconfig | 2 +- RECIPE-API-CHANGELOG.md | 29 +++++++ doc/user_manual.md | 2 + meta/classes-global/base.bbclass | 67 ++++++++++++++- meta/classes-recipe/deb-dl-dir.bbclass | 9 +- meta/classes-recipe/dpkg-base.bbclass | 16 +++- meta/classes-recipe/dpkg.bbclass | 14 +++- .../image-locales-extension.bbclass | 9 +- .../image-tools-extension.bbclass | 82 +++++++++++++++++++ meta/classes-recipe/rootfs.bbclass | 53 +++++++++--- meta/classes-recipe/sbuild.bbclass | 27 +++++- meta/classes-recipe/sdk.bbclass | 11 ++- meta/conf/bitbake.conf | 7 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 ++- .../sbuild-chroot/sbuild-chroot.inc | 24 +++++- 15 files changed, 332 insertions(+), 32 deletions(-) diff --git a/Kconfig b/Kconfig index 683c0da5..5ef2bfcb 100644 --- a/Kconfig +++ b/Kconfig @@ -14,7 +14,7 @@ config KAS_INCLUDE_MAIN config KAS_BUILD_SYSTEM string - default "isar" + default "isar-rootless" source "kas/machine/Kconfig" source "kas/distro/Kconfig" diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index f80630a0..29bf7590 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -990,3 +990,32 @@ rootless builds. For that, the deployment of images happens in two steps: Conversion commands need to follow this strategy as well, but can read the image (prior to conversion) from `${IMAGE_FILE_CHROOT}`. + +### Rootless isar execution + +Isar is able to run without the need for `sudo` in an environment that +allows unprivileged users to unshare the kernels `user namespace`. Further, +a sufficiently large set of sub ids needs to be configured in `/etc/subuid` / `etc/subgid`. +This range should be `> 65536`, but smaller ranges might work as well, depending on the +ids used in the rootfs. + +A simple check if rootless is supported can be done by running: + +```bash +mmdebstrap --unshare-helper /bin/echo "rootless supported" || echo "rootless not supported" +``` + +On many systems, setting the following settings is sufficent, but no general guidance +can be provided. + +```bash +echo 0 | sudo tee -a /proc/sys/kernel/apparmor_restrict_unprivileged_userns +echo 1 | sudo tee -a /proc/sys/kernel/unprivileged_userns_clone +``` + +To enable rootless builds, set the bitbake variable `ISAR_ROOTLESS = "1"`. +This internally switches the chroot mode from `schroot` to `unshare`. + +When using kas, the `build_system` needs to be set to `isar-rootless`, but the final +interfaces still need to be clarified. Further, kas patches are needed (for details, +check the kas mailing list). diff --git a/doc/user_manual.md b/doc/user_manual.md index 7520854b..77a37e9b 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -74,6 +74,7 @@ Building `debian-trixie` requires host system >= bookworm. Install the following packages: ``` apt install \ + acl \ binfmt-support \ bubblewrap \ bzip2 \ @@ -88,6 +89,7 @@ apt install \ qemu-user-static \ reprepro \ sudo \ + uidmap \ unzip \ xz-utils \ git-buildpackage \ diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 16939f64..26d1ee22 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -388,11 +388,54 @@ do_unpack[prefuncs] += "deprecation_checking" # Helpers for privileged execution. Only the non-underscore functions # shall be used outside of this class. +def get_subid_range(idmap, d): + with open(idmap, 'r') as f: + entries = f.readlines() + for e in entries: + user, base, cnt = e.split(':') + if user == os.getuid() or user == os.getlogin(): + return base, cnt + bb.error("No sub-id range specified in %s" % idmap) + def run_privileged_cmd(d): - cmd = 'sudo -E' + """ + In unshare mode we need to map the rootfs uid/gid range into the + subuid/subgid range of the parent namespace. As we usually only + get 65534 ids, we cannot map the whole range, as two ids are already + used by the calling environment (root and builder user). Hence, map + as much as we can but also map the highest id (nobody / nogroup) as + these are used within the rootfs. It would be easier to use + mmdebstrap --unshare-helper as command (which is also internally used + by sbuild), but this only maps linear ranges, hence it cannot map the + nobody / nogroup on the default subid range. By that, we have to avoid + the nobody / nogroup when building packages in this case. + """ + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + noone_id = 65534 + uid_base = int(d.getVar('UNSHARE_SUBUID_BASE')) + uid_cnt = int(d.getVar('UNSHARE_SUBUID_COUNT')) - 2 + nobody_subid = uid_base + uid_cnt + gid_base = int(d.getVar('UNSHARE_SUBGID_BASE')) + gid_cnt = int(d.getVar('UNSHARE_SUBGID_COUNT')) - 2 + nogroup_subid = gid_base + gid_cnt + cmd = 'unshare --mount --user --pid' \ + ' --setuid 0 --setgid 0 --fork' \ + f' --map-users 0:{uid_base}:{uid_cnt}' \ + f' --map-groups 0:{gid_base}:{gid_cnt}' + if uid_cnt < noone_id: + cmd += f' --map-users {noone_id}:{nobody_subid}:1' + if gid_cnt < noone_id: + cmd += f' --map-groups {noone_id}:{nogroup_subid}:1' + else: + cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) return cmd +UNSHARE_SUBUID_BASE := "${@get_subid_range('/etc/subuid', d)[0]}" +UNSHARE_SUBUID_COUNT := "${@get_subid_range('/etc/subuid', d)[1]}" +UNSHARE_SUBGID_BASE := "${@get_subid_range('/etc/subgid', d)[0]}" +UNSHARE_SUBGID_COUNT := "${@get_subid_range('/etc/subgid', d)[1]}" +# store in variable to only compute once and make available to fetcher RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" run_privileged() { @@ -404,9 +447,29 @@ run_privileged_here() { } # create a directory that is suitable to be the -# parent of a rootfs +# parent of a rootfs. In unshare mode, we further need to +# give the inner user the right to create a directory there. +# This is needed, as the inner user needs to extract the +# rootfs tarball and owns the '.' dir. +create_chroot_parent_dir() { + mkdir -p "$@" + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX "$@" + fi +} + +# get the base of the calling users subuid range +get_base_subuid() { + grep $(whoami) /etc/subuid | cut -d ':' -f 2 +} + +# create the directory and prepare permissions to untar +# a rootfs into an inner directory create_chroot_parent_dir() { mkdir -p "$@" + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + setfacl -m u:$(get_base_subuid):rwX "$@" + fi } run_in_chroot() { diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index fc0cd915..2020cdd0 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -121,8 +121,13 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ run_privileged_here << ' EOSUDO' - mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + mkdir -p "${rootfs}"/var/cache/apt/archives + chmod 777 "${rootfs}"/var/cache/apt/archives + else + mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + fi EOSUDO # nothing to copy if download directory does not exist just yet diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index 5841d6ee..e4e72f80 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -168,12 +168,24 @@ dpkg_schroot_create_configs() { EOSUDO } +dpkg_chroot_prepare() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + dpkg_schroot_create_configs + fi +} + +dpkg_chroot_finalize() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + schroot_delete_configs + fi +} + python do_dpkg_build() { - bb.build.exec_func('dpkg_schroot_create_configs', d) + bb.build.exec_func('dpkg_chroot_prepare', d) try: bb.build.exec_func("dpkg_runbuild", d) finally: - bb.build.exec_func('schroot_delete_configs', d) + bb.build.exec_func('dpkg_chroot_finalize', d) } do_dpkg_build[network] = "${TASK_USE_NETWORK_AND_SUDO}" diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index 8d7ff092..9fda58af 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -78,6 +78,7 @@ dpkg_runbuild() { distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" fi + create_chroot_parent_dir ${WORKDIR} deb_dl_dir_import "${WORKDIR}/rootfs" "${distro}" deb_dir="/var/cache/apt/archives" @@ -85,7 +86,10 @@ dpkg_runbuild() { ext_deb_dir="${ext_root}${deb_dir}" if [ ${USE_CCACHE} -eq 1 ]; then - schroot_configure_ccache + ${ISAR_CHROOT_MODE}_configure_ccache + fi + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + sbuild_add_unshare_mounts fi profiles="${@ isar_deb_build_profiles(d)}" @@ -110,12 +114,13 @@ dpkg_runbuild() { DSC_FILE=$(find ${WORKDIR} -maxdepth 1 -name "${DEBIAN_SOURCE}_*.dsc" -print) sbuild -A -n -c ${SBUILD_CHROOT} \ + --chroot-mode=${ISAR_CHROOT_MODE} \ --host=${PACKAGE_ARCH} --build=${BUILD_ARCH} ${profiles} \ --no-run-lintian --no-run-piuparts --no-run-autopkgtest --resolve-alternatives \ --bd-uninstallable-explainer=apt \ --no-apt-update --apt-distupgrade \ --chroot-setup-commands="echo \"Package: *\nPin: release n=${DEBDISTRONAME}\nPin-Priority: 1000\" > /etc/apt/preferences.d/isar-apt" \ - --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;\" > /etc/apt/apt.conf.d/50isar-apt" \ + --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;${@'\nAPT::Sandbox::User root;' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''}\" > /etc/apt/apt.conf.d/50isar-apt" \ --chroot-setup-commands="rm -f /var/log/dpkg.log" \ --chroot-setup-commands="mkdir -p ${deb_dir}" \ --chroot-setup-commands="find ${ext_deb_dir} -maxdepth 1 -name '*.deb' -exec ln -t ${deb_dir}/ -sf {} +" \ @@ -125,7 +130,10 @@ dpkg_runbuild() { --finished-build-commands="cp /var/log/dpkg.log ${ext_root}/dpkg_partial.log" \ --build-path="" --build-dir=${WORKDIR} --dist="${DEBDISTRONAME}" ${DSC_FILE} - sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + # TODO: unclear if needed under unshare + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + fi deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index f4eb3718..f0683996 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,8 +29,15 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - run_in_chroot '${ROOTFSDIR}' \ + run_privileged_here <<'EOF' + set -e + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' + fi + + chroot ${ROOTFSDIR} \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge +EOF } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index 2eac3619..addc514a 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -16,6 +16,9 @@ do_image_tools[depends] += " \ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DIR_IMAGE}:${PP_DEPLOY}" SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" +# only used on unshare +ROOTFS_IMAGETOOLS ?= "${WORKDIR}/rootfs-imgtools-${BB_CURRENTTASK}" + imager_run() { IMAGE_STAGE_DIR=$(dirname $IMAGE_STAGE_HOST) create_chroot_parent_dir $IMAGE_STAGE_DIR @@ -114,3 +117,82 @@ generate_imager_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} \ < ${WORKDIR}/imager.manifest } + +imager_run_unshare() { + exec 3<&0 + + # ignore everything before '--'. If the remaining list is empty, + # assume a here document is passed via stdin + while [ "$#" -gt 0 ]; do + case "$1" in + --) shift 1; break ;; + *) shift 1 ;; + esac + done + + if [ "$#" -eq 0 ]; then + set -- "$@" '/bin/bash' '-s' + fi + + local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + + create_chroot_parent_dir $(realpath -m "${ROOTFS_IMAGETOOLS}/..") + + run_privileged_here <<'EOF' + set -e + mkdir -p ${ROOTFS_IMAGETOOLS} + tar -xf "${SBUILD_CHROOT}" -C "${ROOTFS_IMAGETOOLS}" + mkdir -p ${ROOTFS_IMAGETOOLS}/isar-apt + cp -rL /etc/resolv.conf "${ROOTFS_IMAGETOOLS}/etc" +EOF + + # setting up error handler + imager_cleanup() { + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} + } + trap 'exit 1' INT HUP QUIT TERM ALRM USR1 + trap 'imager_cleanup' EXIT + + if [ -n "${local_install}" ]; then + echo "Installing imager deps: ${local_install}" + + distro="${BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + if [ ${ISAR_CROSS_COMPILE} -eq 1 ]; then + distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + fi + + E="${@ isar_export_proxies(d)}" + deb_dl_dir_import ${ROOTFS_IMAGETOOLS} ${distro} + ${SCRIPTSDIR}/lockrun.py -r -f "${REPO_ISAR_DIR}/isar.lock" -s <<'EOAPT' + local_install=$local_install ${@run_privileged_cmd(d)} /bin/bash -s <<'EOF' + set -e + mount -o bind,private ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFS_IMAGETOOLS}/isar-apt + chroot ${ROOTFS_IMAGETOOLS} apt-get update \ + -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ + -o Dir::Etc::SourceParts='-' \ + -o APT::Get::List-Cleanup='0' + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades --download-only install \ + $local_install +EOF +EOAPT + + deb_dl_dir_export ${ROOTFS_IMAGETOOLS} ${distro} + local_install=$local_install run_privileged_here <<'EOF' + set -e + mount -o bind,private ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFS_IMAGETOOLS}/isar-apt + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades install \ + $local_install +EOF + fi + + run_privileged_here <<'EOF' "$@" + set -e + mkdir -p ${ROOTFS_IMAGETOOLS}/${SCRIPTSDIR} + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 +EOF + + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} +} diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 5a7c2a93..4d1f542f 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -164,7 +164,12 @@ rootfs_cmd() { } rootfs_do_mounts[weight] = "3" -rootfs_do_mounts() { +python rootfs_do_mounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_mounts_priv', d) +} + +rootfs_do_mounts_priv() { run_privileged_here <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ @@ -187,7 +192,12 @@ rootfs_do_mounts() { EOSUDO } -rootfs_do_umounts() { +python rootfs_do_umounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_umounts_priv', d) +} + +rootfs_do_umounts_priv() { run_privileged_here <<'EOSUDO' set -e @@ -234,7 +244,12 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + create_chroot_parent_dir $(realpath "${ROOTFSDIR}/..") + rm -rf ${ROOTFSDIR} + run_privileged_here << 'EOF' + mkdir -p ${ROOTFSDIR} + tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" +EOF # setup chroot run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" @@ -304,10 +319,14 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ - -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ - -o Dir::Etc::SourceParts="-" \ - -o APT::Get::List-Cleanup="0" + run_privileged_here <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_install_resolvconf" @@ -335,9 +354,12 @@ rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { # download packages using apt in a non-privileged namespace - rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} + run_privileged_here <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot ${ROOTFSDIR} \ + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" @@ -364,8 +386,12 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - run_in_chroot "${ROOTFSDIR}" \ + run_privileged_here <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" @@ -669,8 +695,11 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then + create_chroot_parent_dir $(realpath -m "${ROOTFSDIR}/..") + run_privileged_here <<'EOF' mkdir -p ${ROOTFSDIR} - run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar + tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} -f rootfs.tar +EOF rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index f0757891..d2d333ed 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -7,7 +7,8 @@ SCHROOT_MOUNTS ?= "" inherit crossvars -SBUILD_CHROOT ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" +SBUILD_CHROOT:unshare ?= "${SCHROOT_DIR}.tar.zst" +SBUILD_CHROOT:schroot ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" SBUILD_CONF_DIR ?= "${SCHROOT_CONF}/${SBUILD_CHROOT}" SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}" @@ -144,6 +145,14 @@ END EOSUDO } +unshare_configure_ccache() { + # ccache must be below /build for file permissions to work properly + cat <<'EOF' >> ${SBUILD_CONFIG} +$build_environment = { "CCACHE_DIR" => "/ccache" }; +$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"; +EOF +} + sbuild_dpkg_log_export() { export dpkg_partial_log="${1}" @@ -152,3 +161,19 @@ sbuild_dpkg_log_export() { cat ${dpkg_partial_log} >> ${SCHROOT_DIR}/tmp/dpkg_common.log ) 9>"${SCHROOT_DIR}/tmp/dpkg_common.log.lock" } + +# additional mounts managed by sbuild +sbuild_add_unshare_mounts() { + mkdir -p "${CCACHE_DIR}" + # sbuild id from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110942 + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX -m u:${@int(d.getVar('UNSHARE_SUBUID_BASE')) + 999}:rwx "${CCACHE_DIR}" + + cat <<'EOF' >> ${SBUILD_CONFIG} +$unshare_bind_mounts = [ + { directory => '${WORKDIR}/rootfs', mountpoint => '${PP}/rootfs' }, + { directory => '${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO}', mountpoint => '/isar-apt' }, + { directory => '${REPO_BASE_DIR}', mountpoint => '/base-apt' }, + { directory => "${CCACHE_DIR}", mountpoint => "/ccache" } +]; +EOF +} diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 074f5ef8..64a501d2 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -74,13 +74,20 @@ rootfs_configure_isar_apt_dir() { ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_privileged_here <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} +EOF } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" sdkchroot_finalize() { - rootfs_do_umounts + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + rootfs_do_umounts_priv + fi # Remove setup scripts run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 0f84e715..1c3a6f4a 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -72,7 +72,7 @@ KERNEL_FILE:arm64 ?= "vmlinux" MACHINEOVERRIDES ?= "${MACHINE}" DISTROOVERRIDES ?= "${DISTRO}" -OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:forcevariable" +OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:${ISAR_CHROOT_MODE}:forcevariable" FILESOVERRIDES = "${PACKAGE_ARCH}:${MACHINE}" # Setting default QEMU_ARCH variables for different DISTRO_ARCH: @@ -151,6 +151,10 @@ ISAR_APT_RETRIES ??= "${@'10' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAP ISAR_APT_DELAY_MAX ??= "${@'600' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAPSHOT')) else ''}" ISAR_APT_SNAPSHOT_TIMESTAMP ??= "${SOURCE_DATE_EPOCH}" +# Rootless build execution +ISAR_ROOTLESS ??= "0" +ISAR_CHROOT_MODE ??= "${@'unshare' if bb.utils.to_boolean(d.getVar('ISAR_ROOTLESS')) else 'schroot'}" + # Default parallelism and resource usage for xz XZ_MEMLIMIT ?= "50%" XZ_THREADS ?= "${@oe.utils.cpu_count(at_least=2)}" @@ -206,6 +210,7 @@ CCACHE_DEBUG ?= "0" # Variables for tasks marking # Long term TODO: get rid of sudo marked tasks TASK_USE_NETWORK = "1" +# nested namespacing requires this as well TASK_USE_SUDO = "1" TASK_USE_NETWORK_AND_SUDO = "1" diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 8ca295b7..c90bc59c 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -178,6 +178,8 @@ do_bootstrap() { umount \$1/$base_apt_tmp && rm ${WORKDIR}/mmtmpdir && \ umount $base_apt_tmp && rm -rf --one-file-system $base_apt_tmp" else + # prepare dl_dir for access from both sides (local and rootfs) + create_chroot_parent_dir ${WORKDIR}/dl_dir deb_dl_dir_import "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" bootstrap_list="${WORKDIR}/sources.list.d/bootstrap.list" @@ -197,6 +199,7 @@ do_bootstrap() { -o Dir::State="$1/var/lib/apt" \ -o Dir::Etc="$1/etc/apt" \ -o Dir::Cache="$1/var/cache/apt" \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ -o Apt::Architecture="${BOOTSTRAP_DISTRO_ARCH}" \ ${@get_apt_opts(d, '-o')}' extra_essential="$extra_essential && $syncout" @@ -214,13 +217,14 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap 'bootstrap_cleanup' EXIT + trap ${@'true' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'bootstrap_cleanup'} EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + ${@'' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'run_privileged'} \ + TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -239,6 +243,7 @@ do_bootstrap() { --customize-hook='sed -i "/en_US.UTF-8 UTF-8/s/^#//g" "$1/etc/locale.gen"' \ --customize-hook='chroot "$1" /usr/sbin/locale-gen' \ --customize-hook='chroot "$1" /usr/bin/apt-get -y clean' \ + ${@'--skip=output/dev' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --skip=cleanup/apt \ --skip=download/empty \ ${@get_apt_opts(d, '--aptopt')} \ @@ -252,7 +257,8 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged find ${WORKDIR}/dl_dir -maxdepth 1 -mindepth 1 -exec rm -rf --one-file-system "{}" \; + rmdir ${WORKDIR}/dl_dir fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc index 61d37760..7a778d8c 100644 --- a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc +++ b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc @@ -66,8 +66,28 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "rootfs_cleanup_base_apt" DEPLOY_SCHROOT = "${@d.getVar('SCHROOT_' + d.getVar('SBUILD_VARIANT').upper() + '_DIR')}${SBUILD_SCHROOT_SUFFIX}" -do_sbuildchroot_deploy[dirs] = "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" -do_sbuildchroot_deploy() { +sbuildchroot_deploy_tree() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_SCHROOT}" } +sbuildchroot_deploy_tar() { + lopts="--one-file-system --exclude=var/cache/apt/archives --exclude=isar-apt" + # we cannot use pzstd, as this results in a different magic + # (zstd skippable frame) which is not detected by sbuild + # https://salsa.debian.org/debian/sbuild/-/blob/d975d388a98627a0d7d112791e441c27a6d529df/lib/Sbuild/ChrootUnshare.pm#L608 + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${DEPLOY_SCHROOT}.tar.zst + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} +} + +do_sbuildchroot_deploy[network] = "${TASK_USE_SUDO}" +do_sbuildchroot_deploy[dirs] += "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" +python do_sbuildchroot_deploy() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('sbuildchroot_deploy_tar', d) + else: + bb.build.exec_func('sbuildchroot_deploy_tree', d) +} addtask sbuildchroot_deploy before do_build after do_rootfs From patchwork Wed Feb 18 11:58:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4875 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:12 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f187.google.com (mail-qt1-f187.google.com [209.85.160.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx9Dn023657 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:10 +0100 Received: by mail-qt1-f187.google.com with SMTP id d75a77b69052e-506a1ce5d31sf87708901cf.0 for ; Wed, 18 Feb 2026 03:59:10 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415943; cv=pass; d=google.com; s=arc-20240605; b=H/Cc81AyBfE5vL+/90aNkAgEH9ptH4OTy2pwWep8cvPO2GZieFlPbRoNjFVRGtKNoc xcpZaHLQ8y07MvsomhUyZkTRgmyPwZSLTnaPlPb00W/1se6ZUmPoDJEPsW+oN6cll0Pv U2Z6yC/Hs4vS8yniuzeeg1+YegIs1IAYoXOjLQQP1SWUQ9I0gdorFYlc8843wJGi1nbq IsVLTRMw2Qk2trYTLHvXqmPzbwYK7sK0DTJ5JQ2mSDwK2i9h2gRACB3pl3fMRCmcib79 B8+LQ3cEKZemir6+izw/rIFcy26gZPXCKqnSGFdifpTs4uQNcB68VLa67KEk9Eqp1nDk 6QWw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=gcbAzDqwkibp/bm8pOHrPjo4txfRla5C8Y+7FbTE4NU=; fh=9T6e06miUkWKtfpQdrbQtmS8wq14s8Sr6jk6+SFki8k=; b=JsbcJAgVvQntrdN+OHogHDdktJHUCRbFTXWVXahD3dnslHSF3CS8lDmjESzkxOo1Vh A+eDdtT1+ErWkVRcVnzvwjHh2VOO82A6EfgOJxFirc68mDwOeq3aeCrImAZbC1Rt6OVl 7LmbEefbY/MT93t2bx+O+1p63grOG+J4TR1IS/xhHOruVCxStURfzCTiYFYv0lmFDew3 c/WE47m0b5N3YzAE1cpvjcXvAmo03Wl2iM6rdxrd46SYb6TqtAjrsYY+FyfUPixfX33i LHh7UFV3j1ek4g/mJvLCc3V815c7hGWBHeDG+HOKvSG3RPjv0c4+aZMhNk/Cmmjc9Mlv 7imA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=mcAxHu5+; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415943; x=1772020743; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=gcbAzDqwkibp/bm8pOHrPjo4txfRla5C8Y+7FbTE4NU=; b=YoMaEjPCxfVtsb8LM68cdRB1XztRLsxJteVnOwAzlZDocUegU9add2vxHulqM2npqH 1klXk0rcOGPZTosLna2sp2siDuVpxkncIc9lYItEZ0OVVpBYdW4YYUUFtHhNVLI9dN4P iOGRhD7LHpvqVgkAmvX+Uz0p/T+5+51MZ8uFuJVgV8n5zaTS1EtpTSBiILEIUgtbzqkj 93PUQiDeRy/rnZenPlljM3HR2B6btCX1QSF45vFBC1g8/XSCXJRmCizjzNtftCXo4k8C AIo29XJL8OOMZBY+tZWsdHdKTFldmFhjTlfPDhhFLRNC343x1obOGo7HKRUc315U+bxh 8IQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415943; x=1772020743; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gcbAzDqwkibp/bm8pOHrPjo4txfRla5C8Y+7FbTE4NU=; b=oCCGU8zMJY+37n2W+bPVez87BSu3x7F9iH4vD934Qci3NGjDWEIhJ+Y+Xujzfy8o3g jHhYL96YF+QpK5CC31myc2vASHsY6qgaVLzLhcsfufBcJKPpCrxxt3k2a4T5IQ3X3T/y RO+Ps8usvXecL4/gRYDOT8bWGUnc7apdiNkAl5Xbo2r2x5NTNkV1rBP9YEqplAqnNCvU A+2jej9ax/OYOUrI0Rx/7a9tcC0WlKg1+9otH57RFxTM8mNLvYIjfiuvOl0O7xtlXsHp 02m6K/QWjesnfZnKN28vtVqYXmFEQk30mUFU8t24AxN11yDpJ7m74dU/M/RpiWU9fa+a rUiA== X-Forwarded-Encrypted: i=3; AJvYcCXSwU9Wq24a79SPGzKiKHHebcdSOVMqB7HCR7K97P7epvk/lOQYi/zECSAGK00D3N/5XNYQxlA=@isar-build.org X-Gm-Message-State: AOJu0YyNOE41uVVQ8VTNQbkvU+Mnn4B442NGF4Iv/+CQGaMvUtDuKVkd b3cTy5kdVz135TQj0n8ETh7imF0wOBV+qh/gMZOmAoiVDNaXQVmy+0sX X-Received: by 2002:a05:622a:50a:b0:501:51cb:1371 with SMTP id d75a77b69052e-506e913cba1mr16047171cf.17.1771415943408; Wed, 18 Feb 2026 03:59:03 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+HLkc7lpRU9WTxKIajjAr1UCMLfW4i4ePe7Rk/irNbI2A==" Received: by 2002:ac8:584b:0:b0:4e4:600f:d8d4 with SMTP id d75a77b69052e-506947c9e93ls108016831cf.1.-pod-prod-08-us; Wed, 18 Feb 2026 03:59:02 -0800 (PST) X-Received: by 2002:a05:622a:64f:b0:4fc:8ed0:d4a4 with SMTP id d75a77b69052e-506e923787dmr16240291cf.64.1771415942466; Wed, 18 Feb 2026 03:59:02 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415942; cv=pass; d=google.com; s=arc-20240605; b=DF6kzznckgyKS7ej+DEeL9RaBOmeRbKVQTuI/vcEfJGWAdhiCla1dKPCLEepd4TTQi dOL4hJm+P1hvFgArnIXKhkZLg1G8KvuG5rQOaWCOyAh7LxYUd8CWXgxm36zUJSRl4HDG JoHJELCWSmGkETfuM0DYkcrZmvOqLjkB3aFvPgwiPg2Baj2qi/qo/Ch6Uj2ZpyLZIopZ Hw/VpSuqOcu9DEbGaChQc0rVCKFv8tmVOqHEs7d+su1jbT/NybkvKBTVMtdkH9nrDD7n JrX+iWiJVME58ztMxjrQbGm3exlS6DXpo3m41nYsdb/EpDA8KlPTG2FJP+xyEzquEPvK PHlg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=KCUgEh6l0DI+UCCQxAvkGAfQeEE8soSn54tvfc5H114=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=EgHLOEDeHuEsmUPK/d2QuvDCrBaxF3jckkmo5f5MiADHbuSNOqlMfIwi/TqqkN4e4/ OGv75AyQtbjZds6oV2afdrMVAcbH03fAy3iW34VWMDKlczip2rufxBylMOQkuOrPoeHy spO3KQdUlNWYo2THdx4ToqHJ/4N9F3eOwMHmoaZHvJLsUulUbpSFifqvkhcSyP/x0yYJ Hs/bgkV94C3KS+OKytUWxZp3xmuRkjwklYiuD1yq55GBYJcO8bfrXaTi3Au9bvEbcjRj 1TsN5ZOkceJjiVs9GopGFsRpqWcqP4F9PES2FN7OB8sKGT4kIfCPDYi2GDfLjknRzuXd LBYA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=mcAxHu5+; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-506846aa643si7938151cf.0.2026.02.18.03.59.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:59:02 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MCP55eNS2lKF+E1zLe1ghFlysdA8Z4YlgMrI77qKeIUWQuBxrpw83wDRuAPEbHUTb4kwrz7ILkazwMD/8xN2g50UDvtuR1kG8zG2joRcQARur1+xX10XvvrBFHCQYRySkrG9vKa5rOKrMkvbKDV1EWuhojDk7plNnLz/dGgIr4HPfOIPAxHftmBOlytplyGH7CwMmifcKNtD2kSQQYwf6uR9wT5T77vI7nvyiRnlT/6uYeZeMc8qqg74u7V5oWOp6Uu2JFb8yOhOc7LKbpWpZy/HcjPJ9wwZ5F+a5QPZiGGJuvlCqpIYHo4f2fkrPgCdIsyVymhlbfR5lB0qpkM7Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KCUgEh6l0DI+UCCQxAvkGAfQeEE8soSn54tvfc5H114=; b=ioY20e6CdWiut83YCYpI9acvD+30kOPQS61lxvvihF7VkYIE1UTnYGdnb6zbFQzXSJzMEl8Sz8c7exnR2A69M1a3gbzFmZGTpVlwrl8xP05G6NZhAlmk92BTBb/GC2QdrqCqAS9+mRMhV7/L4vKppbvamxSDPj6VS9KRx1YAHJ0j7CaBGenxb8oin0qIw9Iuqbl/CnlayFUwXXiO3du+MmeRcExKpzL4bWmvBEYfeSzbO8P4wDpMXPNmUmGItHmhHqJvOqLafEzvzFIenRhPel5/uo4RQRbuxiwnA0z59S8hjFpRg5O3KGHZCjmf3JxZ9bVCd6UKqgxnryAIKIqUlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:59:00 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:59 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 12/12] apt-fetcher: implement support for unshare backend Date: Wed, 18 Feb 2026 12:58:27 +0100 Message-ID: <20260218115827.3947145-13-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 366482d4-d329-464d-03a5-08de6ee51a0b X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: KBSehx4pC3zkdLbhxCLZFfcXuy2v9Yskeo6Nu3zg9hGJBeqWH81qVhAImghHVJ4/DpFMZEEZ3XeGfzdpTbVbjC9sVvk2CyvNyYNpY6wsNvHDgW9OPjUfcAD/rFmgpHG4KamBWzGkzxwWgEwWiBjtBZPeE3LQcZcpZnBFSQLCDxr2Nd1EdWjJEJyg5JyxvNpXBCClrv89+slWW812UUEBT2FyFQQaCz87C56ANobPGS7rfgCx4G1FDK8bQYopoJu0+ng2XiJyecCYRA3BNXWyfnvuF/EYh0s9yXb6a781yZ3uwLHBwnc318HaliWhtY2+LYYtyviPDloCt7U8YBGdSuYsvO+gnYfu446RfPToV7XixK/NmU4Ij4Dkvv2qo/8X92mfOpkZ+qk+Od3aG/S4oWaex5c4x56z/SMSk8AX5sRd51Z7/mQ23kpnZ1N3MsnH/GD0sWW6KgCCInz9aTdFpgmSSKiiBxiYvbB8h27kDR62PHa/mDIWMMh1glgrMtrweSsBVQusUChDiIcKrW4uJbxFLoEAMkmoNzcSV4Rzu65AWdEI98AGt330hvLVinGq01qNiBPLRDT7/a8vk2j5FGJwc5N/BqfkeRAuAhZAtUXPuHaGPJlkQ1JgLktUpvaE0F+GpkdvF5S9WYrZZRedoBMpcYMuRlyckJAm+6Tp0Sa8GuE9ve+RflZMnbIuKdg8T2XFphGKLNg774xISyimy5H6gPPJib4Fx7aGog4LT7X8ZEt0UjIYRjIcsNCOdmhTDCHsweD/T2mqsMqafQjSDs0Z72bpskgOmsNe1Jsnks/JiZ+sK05lrP8t7JFKKJtFZVDqHm9RAyO+vNfZfOSMC93YTMob+jR8RbK8EqxIfN9TBnnijNbwnd3o8kqZapNcearbfq3LPgxi66ujFUHSUD3Co/fRLyzGa4tATP3d4TNdxHLnvA1x3pwEy9TdDONht/fcC/ZF1KwhN4g6LVygazcZnn6Dt8r6+o42tEaRezvRz4JnRTjrT32ugSh66gb70uqXXZWUN1VJKXJO1vmBhvuWJc2cirQtQpGVF4j+z+7Yat6UBSNIuRJTOIAJIivUNFhQBWKKOT/n/LUnU83pK7dO880OJ72XnY+XDp/H8g/CPYjOeqkMyY6RW4CT4TEIWjx3lcXWnRcUAlTGtUJ0tYoULrrx/e9hJJ5y7Sa10tcz5nMzmaf/3MxzJNfd/oqiHOLUJSTGXdHj7j6Olh9rs4NFyc/FwwZ3tWhLDIREw60meinytKDwpsiyrNoulig0GQ8zMqCDQbamnNeNFosB/bwmZEsALsvfwG1WNaPU0RdaYwN+1HLhchb+uVp9qxNA8KVce2zlpkGNyrB5zFNvIIJlChXV4NtJS7pDuq8+FjtIkMlGXVsBEe4gIeh1mDEQkXiIBZIZvAYCvBpvUByAjSiA4qYF9XKA7IeMF9TjN3bzfaHbrz2Sw1QL7QVVdmgUpZ6iNjJzWu/lkFurvXpcR/RKhxbqmx3DZmXMz5iES1eUlIDDuB9o8vSLWftMIsK+N0oMjvz/isYNFMAY+ksbqlR+qwBB3EbDuUP531GMF+0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: wE1aVAw6r6F6E+RqGwa08NyKmFQwoG9mGoBzOfXP6V0ne5MpeopGol2ZKi1PADQQMEjWj30N8YNnHcEO/rweFu0ayruRlQ9vQZKs6DJQ/MjmdBQxjbyxtSgAFRhteIX6v3M+Tvl/awNrlnmARpfcwwrk2t/xJpeFUWxOyFB8LAP2YybRpyLWjDSzpd2TUFSMKQ9CGmNU7OHL8zHudIfe5tB3s0NBJleuSXSzHEVrPq1eqHZ3BbPEL/keZ0vgprZNpyha2JvkHBDj1dgeVD6DWW3GcAxMz8CqwbiOLJOpDPZ36dNNG4QElIjGhVw0jjQ3q3VJg6NrJTZkYIEgQCUKVuXT5AeNVUWix3JJdt4aULVJcWabjDNVMlaO1gbsmBz1Bss9wgK0GH8o41LkfCGTwOAWB2mYP6m1ZnK9wtBOWvf/3VImAK28f7Bz3nFp5MuIau3kUe9tpAJKj4nYXaemD2ru4y2VJvnptu4w8j/vk351s4R4imF+ZlSY/05C9AIV88AsCFHCUcRfr5J1q5JMc9LcHiN2bY2RC66NdADA7A4F/aZ4d8dnVLMynXLDU8N5+jb9RJQBBKan88w5Cgjsw9i07Z7yvaqL+oiziZzEUaWkjTp+Mg17KUaMydb/Ug6ZP39HOLLE6i8f7fPLWz1E/oYTiQZh8PSLUNpAbPbKvXjMl7g7Ux0+XZQMoQSwccUki+8HXwC4bBz3BNKb37qlYC35yQdd8plTdzXXTXyZUPfaji8/T3W08ayL+Hg1OaZmSpWGit98Qnm/0WyEMwEjttUliH1udUvGSk0MJgHwXDwBw+yw7/+JKB/2IsmZW4Rv9CkL62icuzwQ3p9kpaVPoNAnr1bcr6t4Bsi1WqBcLr8n83wmVh7HZuFADZ0Z8QIttiMqi65vay3+w8QjCFviGfbR0EddmzRwTI/+dF30DDUfd5cMmnOB5EDiBjxp0Wu2oNnkR2hIm+OWFlk3YsyA1v8kHc9NDx/3xCB83Lx15+YVyX6rAAkgOZ1n3RHipK6l3mpuaduGpr9ouQZPYKaheKsTWkIkMV8ZbynA8AoOht1ngitaNMxAQUGPj3EzoGBy/hlaO2uBFlCHrFKvjAjFDfa34rZjwSH70J8Cf640V05qfVWoujeIax9+3Ko6l1DVNSy3CWIAWCIYRqMb5kmgUw3U0YwEgp2lTc+7iHkJpBw4LL8n+0cgW+kKE/XopvDVca+DoeHjZgGu4jNheoBAx/kYDmZ9N2APrb3cQxv///mR30OXTr7eEAa0AfpHVsyKy2YFZBS73hTG6UJYufejSClvnAr7vtnt6ej6PweOdzAnTzlfXkQA6uUj+L5nsT7IyV8//17flU2lZPDdr1IA5Y/A9ddIqeOpzinsFklj0FLvMyO00+V1x1VS4YIFIdBirtryBCT5aziRbGUfnFsexe3jcZVEUV8hkn+RoYKABiTrZuUnXgiXwXJAttBcM33AgRwaP/ICubkQObvemkEbW3M4JjfAx5mZAShQbqLhI1LncjITI9VM9AMI/xMfh0Wj00MImSZLGIhsLiwxBnxaEi4NH31K01FR8S+Rk7h1YYto0Hn/sVE3MovlON8XKUcp1z4P/JbbCvtERjCiJyrhfB5ZMSWZpNprYLM80Yxb8QVVLe6OSxnXUVjNEfoiNgTc/6M/MKvPcqb7C0FJZGT7jboPZYtrRUv9QIWRDY9kPwgVjfjeofeafNuLlVDJa9oG6aP/OqxPdDHsSZLFdEe8RoqjaWUCUntmINcjFtW9JP0= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 366482d4-d329-464d-03a5-08de6ee51a0b X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:59.9180 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OWammFTxJAYYYPLmpaa+rugZ+rAef06FBboKIsY/kcSuKT8daEM/Vh93YWpckoGs/ycfuyWMeRKnngLzxF/WzA5wCOOnqTrk5fSgMcHllyw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=mcAxHu5+; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/lib/aptsrc_fetcher.py | 78 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 37c84fa7..5cacbec2 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -7,10 +7,13 @@ from bb.fetch2 import FetchError from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import runfetchcmd +import os class AptSrc(FetchMethod): @classmethod def create(cls, d): + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + return AptSrcUnshare() return AptSrcSchroot() def supports(self, ud, d): @@ -92,3 +95,78 @@ class AptSrcSchroot(AptSrc): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) + + +class AptSrcUnshare(AptSrc): + def _setup_chroot(self, rootfsdir, d): + sbuild_chroot = d.getVar('SBUILD_CHROOT') + workdir = d.getVar('WORKDIR') + uid_base = d.getVar('UNSHARE_SUBUID_BASE') + unshare_cmd = d.getVar('RUN_PRIVILEGED_CMD') + + runfetchcmd( + f''' +setfacl -m u:{uid_base}:rwX {workdir} +{unshare_cmd} /bin/bash -s </dev/null; + tar -c --owner=0 --group=0 --numeric-owner . + ' +EOF + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.unlockfile(lockfile) + self._teardown_chroot(rootfsdir, d) + + def unpack(self, ud, rootdir, d): + workdir = d.getVar('WORKDIR') + rootfsdir = os.path.join(workdir, 'rootfs-fetcher') + extractto = f'{d.getVar("S")}.dpkg' + bb.utils.remove(extractto, recurse=True) + + try: + runfetchcmd(f''' + set -e + find {self.localpath(ud, d)} -print -type f -name '*.dsc' -exec dpkg-source -su -x {{}} {extractto} \\; + find {extractto} -mindepth 1 -maxdepth 1 -exec mv {{}} {d.getVar('S')}/ \\; + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.remove(extractto, recurse=True) + self._teardown_chroot(rootfsdir, d)