From patchwork Thu Feb 26 16:28:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 4925 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 26 Feb 2026 17:30:27 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f57.google.com (mail-pj1-f57.google.com [209.85.216.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61QGUQ31010396 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Feb 2026 17:30:27 +0100 Received: by mail-pj1-f57.google.com with SMTP id 98e67ed59e1d1-354be1b25c3sf408605a91.1 for ; Thu, 26 Feb 2026 08:30:26 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1772123420; cv=pass; d=google.com; s=arc-20240605; b=lFcB5gemNL8Q8Fo/0dQBsOnJ4lCeEnrV7rCrBKRIog1VQSoRlMR7notP/RFJbJpO+1 SQkyy8d4ytZP+S3c+sZngMvr36Tpd6BYCwP9Z9kQoMsh7pPH3O+raa7KHDxReYxXLMEl hHoeilKzKO4thFFNEHIuYpX1hkOQ/cR7NybU/mjadysPgTBYHjfe1r/tvQYgs09ClbVs 2DmEaWc6DDlmwaBKpRb4Irky51ROGQbEOdBMizhrQ4XaxF8pByN101UFHLVID63gDA+T d3UNaLvAuuIrkq3HoT+Ow/NMbWCE5uLaAJPYzE+ExaJUwoTRDGBT6xC2j4hDuTNKPHlo 6W8w== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=7RpxGC+C8MrczaEZSEBRrHsCm1cluWF/4GR1vgg/3fw=; fh=Dpowr9gJlU1jqOGyrmmyjduTdvsXlrjcAQw2hc2/CEE=; b=b/xhxOOCjhtPs8RbfwJeiTokB3hQnoXaexJ2G3TN8NKhNV0/3eYglRtk1+cG0Temi+ ytidCorQhho/Kh+qQdpWKRupXXhOs5U2frA4gSYbfi4ALyO17swtdaZZ+SGh3JGhErgA sQRSqH3byBPm/LWO6pArVhmfgS+LK7vh6uR+GXhS6sCLDYPWuCgz9x/L325H+F2/q8FR PlgtjxEX91G4IBCEpSKUUj6wTYL9XoD83WmjabRyMRMHRsYsk5Cwzgr9vhu0Pl2+6S/2 7ahb/psWfrJy6PUMjnAr+mMdyOAUSzn55nxctGww6439Md2WDebUNNC5PAmLiCna/okA PJ9A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MeuUvq5w; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1772123420; x=1772728220; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=7RpxGC+C8MrczaEZSEBRrHsCm1cluWF/4GR1vgg/3fw=; b=b2wdiFziaZeHzGTRAiJ2S11iiIZsSvgwJfSVfzF7tTznL4nUV9mIwwDgrRVBY7azUZ XZi8yx8/8CzgYsjqyhSUDgN/24KcTfwmEYVx0q3LDAerQihOWtrbtwkZhCpoM0/rd7uF iUt7HPu8R5gzsbkvGYpYxFhgjd4bXzyz/kYZrDmubJsqlQRDhfRDd05JeS/ZLZ5s3rXz 4Xl1XRQjx4u3AjTvh6wY1bxog30TzafjUJSSf8fkghQEdv3nwxBm1hBzgRMvrUw55/oV dhYOgdtZ1gKvL6kogANpkqsASnS5/m2jk5/8MYVLryWPTyvDNsOmsCnDCKtiuwbXUNMW JPTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772123420; x=1772728220; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7RpxGC+C8MrczaEZSEBRrHsCm1cluWF/4GR1vgg/3fw=; b=HclxMI7xirtBQiq9LgOmY3CgQa5AQ6OGAXHAKdXXys1Xfj2RFldVI94dlFTMsDxeNk v/zWotfyBlwOAXj8vIOnfkqjSVND7RZCpiB+R2LoyuFQmlkRPhK6VJLIfhshaYH42szH YLZAXzdwu/RIvjE7uiWBAay8h47EZY5qHumSUdGXOHo3Lyd6rG9cyIKa4K9UiRho1OJv JzYs4JWdAru21ksTw0epzpz3RdNNJ59zUk3HsiypSfxFbZxluj1GGeceX7ZDN8JknOgr vup7HmQ8mhclNA4A8+tfTalts/ik8rSHo5BEWxufypkAW9KpvWmsaITXEIWHl8jxunaH jBTA== X-Forwarded-Encrypted: i=3; AJvYcCWlAb0qvvlk3UwObszwuy6O4yLZr50w8bk4tSswsS5DJr66zBJM3G/+tYwWepcASMjEKXvR6lk=@isar-build.org X-Gm-Message-State: AOJu0YwGggF9I66PIikFGNGljctPiPpdVZJ4QFalId6aTnVb1sO7IvDr mZkYvDFhigewSNTuqZz4bm/03h2NzmDQc4RW1ip/npGzsvF7NQt3nOES X-Received: by 2002:a17:90b:560c:b0:34e:70e8:e448 with SMTP id 98e67ed59e1d1-358ae8a7a12mr11917670a91.3.1772123420041; Thu, 26 Feb 2026 08:30:20 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+EPtNvK3lQy8OKSVZfXEq3d7485EXYbRTzeslCRp2hX/g==" Received: by 2002:a17:90a:b897:b0:354:be1a:5f63 with SMTP id 98e67ed59e1d1-3591078727dls1273866a91.2.-pod-prod-04-us; Thu, 26 Feb 2026 08:30:18 -0800 (PST) X-Received: by 2002:a17:90b:2d84:b0:32e:1b1c:f8b8 with SMTP id 98e67ed59e1d1-35928be214amr3697845a91.26.1772123418240; Thu, 26 Feb 2026 08:30:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1772123418; cv=pass; d=google.com; s=arc-20240605; b=jD2khi8Wh11yL60o3/DBeA+/SvGiLWb48AyE0ZLUWk8fv0PaloY2oydZrkjDv/VtWv rJVv1ZJJfsW7YQ0X6WIabbjueJOJU8ceAM0tCX18zE9TNReq6CbHu8TBngBu1uojpry4 f7nMxuPMi/hkQul45tdUbOSvKH5SqDjRL6vBoVBTsOsO0kspWR2hxNDj/Y4Yy+as8PBx GpAM1DfYIeiib1+3lvQAMJfi8QgbqlZlal0h0DbUycogiJqzy5RqbMMOMuFdS8kOgfh+ TbNuXY85cDCTybUoiWcQ3SbXgPHGDzpbZFFDeM62PK7JSdeujodnz1Z8N5orMNu0sDu2 xRMw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Dw2RN0D0ziMOY7aeC34ixEpenP+TUcaEs2QEz4g6AW0=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ZxEs9ryXsWemoXCQm699oEF89zQ6IAGeHJed9krRAzZeUTgfVQgThXnS9+ryPWV3yb DklC6Mrx5sskGQMxVXCOU/+myoO/uOinjgJDUUEBOkoNq8t4vc7mCW1whduI0TryM9TQ UtlxKsUmnIF00UYtpm73GO/AVLTexLpvJHrxEiS/IDqfhaXPzf4NlNYQk+dgkCqYQxpl /7PvfBKmoIaMjr6Icf27zywlnEit7wofHTpeMgqCwkOxxHtsFM6Oz0au5yx0N7Ej70dU cuQE3JWSAjyJ7CeAuav5NoT1RapJm3OOWOpH65r5iSzCcCkREJsNfkClPwofFhPNvaTq 0FEg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MeuUvq5w; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-3593db8869bsi82749a91.0.2026.02.26.08.30.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Feb 2026 08:30:17 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NrnKq6sOrw1EClJ/IuGUMiCfCy33SCFAbqBA5nQkFqGuA2Jo2xsD8/CaEb5htniUaNpLx9Ejk46Jwpz0cAazVzkuSbE0UfrfIyu+xjgah1NtenODbYwEo65macFwpN76DWzwZxvb0aUSvH+vrN5cZg3pICtsnl3dlAlHz7SWmVyDflPqJm63emwR0/Zl+/sginpwaC/ckdhloR/1nbqCl6UwYZxpZ0Vq/J4+NguEq7TIYdBiRfZTU9Bl9JqYrY/2+3EQ2YX1EsgaYZG/5vz4r+L9DeooKzmG9OHmMkz0QaZKbdC7OXu5CusZ9mos5nOkqgoNHi59aE/F78eMVpV/jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dw2RN0D0ziMOY7aeC34ixEpenP+TUcaEs2QEz4g6AW0=; b=E6j99En9cPkyLVeoYP/a17m6eT5Hhxpxy1hWYp7d2c5BNjlau22rKuHyduY8XyB24zgP95ypq6ppbHVu0E0DSsihR2NtLpno3nRqaSpIocF46bJFzAh7OM/zkQ8jfm+xCs2jzyS75cGJu7S1508xSNzeLNkUl5+ZU+G2uvkmRcRa9wmC59zWkDn/laIf1s2vuXr26052ATDbAEcFVz62Yt92rrzfgIoZzP38qNrvoCjprRNH1HhIw+tQFHVQlmW68Lq+bZsB1/n1dSuRRqq43oOGJCy2wsS2+2UYLzpvXvND+IK7HvpyioT3q8kdo8m6StmEJ0OIfuOnoNAkNl1Qgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS4PR10MB5669.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:4f0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.23; Thu, 26 Feb 2026 16:30:12 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9654.014; Thu, 26 Feb 2026 16:30:12 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v1 14/15] use copy of sbom-chroot for sbom creation Date: Thu, 26 Feb 2026 17:28:40 +0100 Message-ID: <20260226162843.1642329-16-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260226162843.1642329-1-felix.moessbauer@siemens.com> References: <20260226162843.1642329-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0277.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e6::9) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS4PR10MB5669:EE_ X-MS-Office365-Filtering-Correlation-Id: 87c9fc83-afb2-4fe5-f270-08de755450a5 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|10070799003|1800799024; X-Microsoft-Antispam-Message-Info: WAhn7UNuxQa0NJ31RTL897lYYsZPzUmW1IPuNWUaDyyOK4ghJHPcBze7ZSIj3liSUT7Rz00wKcj6Ef+E1Kea4nXsTxQuHKdeEUG04zduY/aMnu2Pqm5SQPOqc8zBeedT27PHJJIeZGxvE2oaRac3DRhm1rfrHocDXRVOIHTHTrvMQR0wKn2aJbZoKQ0Jo0GD7a9h5Ux+s7HwA0GhGiFCYl7o3vSQ9pf5wTI7C0RB4Q02ZN+dWq660iZxHv5X8lWDRFqPxYBugVt/zKS7bixbkZN3sy4hWhZ/LAizv37k42iVYuplgB1AdUAQVho6vKSIG/zOFWe/DWw9BN0XNdi6cNltrZQW1P61DFWP+O+RNlHCkWi+g8EaOjxVYRf3pGkuwGf3DhTPcoRoroFG5l7gF+vXivpI1KlgJnRx2LlQrtZbykhCfRmg82ugecSZjb1zr0jr/MOepNYC/sjrg9V2Behz6kqLwiXN0rVtbolMMfOk5MgqEL8VPfVYZc0LAtkeTeCi/nK+O+DvTHvCeONZxrOaORoAtXJB4LqZZwtmLbWI5BlfHI3fkMT7eOKPCSxT+nUiB4dsTwyeYT2LQ8oTMb/K0rg2g5hU4Q54hX0oANjSlVjeAXU+LL1UK7p9WHBn48Xb0BAdhpCFoUv22k64rUbCF243SFMTJWIMvPwtQ5TyyRZbZR+T5G4AcggiYyo/ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(10070799003)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: oFgQorPOJqtVVYbsFnIIeoVno/jBCPlwMlXAqTed/tbe4FUDPhTsMbAzllcnX/HgLYogCzzmeX/BW8WkiGE6kKLHNmKfgwkVpRQIfVglYaHSyuKkKxurP1mXI6Cj+n4QgPHo2wE8TWRD5f1CaZ42vmCC1x3zso6hbOZ4iqZ5gP8cYWAJ/rYASFj+q1WHcSqnyXRoHm+W7VC72Sj7Zj/rKYQJSDU6enhkIsrjO16PR4WTMK8G+Wm2DNDSzk1XmJma4aRYbsA1wb+DB4S8EocmmLns00rcGxOfvsZcTb0j7BQ2nX2K+9AwwXXTxbp0AavnHbso268K4wCPAPHyVxyRmeYVyl8EMmEojUGzUQvJTDyiUpZ2MP28jLOeg7PA5h9juchdi6Y0Px9i1YNtZxGiivOt1UShlRAe7qGS/t+a22Ce8kGG7aaOfcgKCGPcOe8nRDQZf/90ofV/01xhDao67ZUkM0ZHnuKgaTSa+r/R6b6EQpbu8oQy76alsbpwMKIiEqsbUyxZGnDd+VwFTmDfkGvAZFFzAuKS8OZ22Q/fU8xYAfh5s8qxfcHyROGw13bObHgZ47+gDFeUlR72cfRCQBCQC9dFP9xwOf6xjymOaep6b1KzhgvaLaqR1bm0TfN64awta8zqwBXdw2tcrJP5RIul7LYnCQA27TLEoTZoJZ72tKYWHWybe1VkGpImwGj07f2wuXObsfiLLDubO9RTJJYD/f87lFznjrwnhfNx1qoh2daUqv/a+uqCkcAThXC8e1Jw1kZbSWH1PNiRQXZaAFdXNeHsLjN02GW6gVpuazrlgdiHSU0xcI0seA4lZnV8WaDmizZw+ij+lbvCgfiMiIHQG3s1nqOWIYZ/VPNmSyCwWEsthJTFt4iHjmNtC5PX9ZNUakyuB0Uu3yKNAKZk5e+jEuxX7E+bgYgzIR2p41Kg7cmKcfeoGAKtIYuqT2QkcYMMiagebp7WMQJ2rljaQZu3HL3HBMsD8M3xIE6Wnsek5rWv65XTNobPfaY72ovQBREPpH8BU1LKdSx58gqt5fCb2frSLQtza82uWiQtiVVimehtrSvdZxS8oiec/jxJ18hU4VmIKaR21ubAN+9rhkn+VaW52OstTVE97YDdSrfDAZAGB3bcyZ450mm//6hfC/fJ58AkVSivVBjxzgMYqs6H1qum+EZZaT9SQTcoHA4sogo+eUsZuuVSlYBKeMsd9g8IBifvccNJ4AIXmNTXvAweXyIpeJse9raccWQYI5lVtt8lAiTKDcaccbczBbm9FwaBSHxHMeFV2YdPFLBpeoImX1D3XA6sRkqD3XAhxqxy+6hwD9oAEOGPiBfbN2zlAJUi4aFtCSVoIH89IuUWgBcv0uuNiGRTc36Z97sTnxAG0HFT2jDwj2HJOqRSbxyLhO5l5l98ywHxX24/ilVduOgH6QBNxVXaBYN6qi4NWE7SYlWJhCtNarIwxVTsmzYf6FHbh6QlcWfAPM3old6u4gYXo4Qxp8dvEViadXECOZNvEU1LBu43za1uQl5UpdyMg82/SzAKmaDQalFkCyzIl3rKXWDO+GGcZvgJA4nN9eV3t5tiulQjhZXCSoBnMplib2oOGFZbddbTaDpsIf+R8TFHefaxHcuOE/M3hhNS+Mu2m6ZUBYHVRaXQRLKd4z4Q0Xzx+KKM9SfWxJPAV//xWl1MY2z6TfXRFp4zZ7IocUIgkiJPwhA2vlgshZcrUcnb5VQ4ARzqPZOYSL3KM8Y4Ue0h5tabMF7ctOLyFSnKvvmrLyXo9Sc83XVMJ5lyunfu7SB9SRVd X-MS-Exchange-AntiSpam-MessageData-1: SrAabY6m9z6J74xDZkHUeO6o4pw+UxOztHc= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 87c9fc83-afb2-4fe5-f270-08de755450a5 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2026 16:30:12.7097 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: thsZ55ZP7JYj6JLoJyxScFSripPv3YAqm0Q3b/y1FPXPP9gy7TT2bMab5u8wfYDlBYeQMjWzu91tTwEvEawQ7LK52zRyNcpfP1p3boBNcDg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB5669 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MeuUvq5w; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 9f1e3de4..20afc615 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -222,7 +224,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index e3d0e702..d45ae54d 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index bf6d6683..fec1f502 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs