From patchwork Thu Feb 26 16:28:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 4927 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 26 Feb 2026 17:30:29 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f60.google.com (mail-pj1-f60.google.com [209.85.216.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61QGURDK010419 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Feb 2026 17:30:28 +0100 Received: by mail-pj1-f60.google.com with SMTP id 98e67ed59e1d1-3594bf70b25sf458403a91.0 for ; Thu, 26 Feb 2026 08:30:28 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1772123421; cv=pass; d=google.com; s=arc-20240605; b=bY08fYsw2m4Fxmumv+NSHFHJLS1M5RZzciRLEbdaOsWOpIfqU13tKK09XPsIcPYAMM meDdp4SSASN+f5amfQTmwSEyK4Lk5uBldW/58VMWI4Yp6bv8rKBgpwZa3f9hRUkQzOY2 yyWdVsleBw9v93AtegqrVKiHo9J7GECWCoa0lj2HBwkASpmMf4g8LyXUDsYOktblgiLb PZc8axOj4WQziI9nPQ5QtcyUtJRcvRZKNzYTSpbxjh85U6IdfHQffNpXQER99BaIss2T Y7PGZz1aLwn+cuU7gTswI5sCPd8CQ1pwFufJI4UBxE7SIIwczqtH8DC2o4ChBoMc7i28 3HFw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=jBo1lZmRkORkUvFvGWATs8y6jzwU+i+gxdcVn51Tf2Y=; fh=m8iq9ha30T43Wb+jAks5qHFTmUXoHwBx0h/9DA2Dg2U=; b=caRLlIsVXrsEPov1uFHy5DpHWY55E+vyzcC6R3hXtN517uJN1uO0szJd7GLsRZ20bd 3DSH6c3YYFEjWRAhEp0CMKTQGy1xsE6zwXxopUiDcRW81dvxtUEb52IKKebOV8z9XEc1 mBF07Dh9VQR2NpUJW6ox0FfskNFerxEC1baG37eWx6E5ULnQ4HGwRESI7QixVM/YFsMR lFOmPHnSpgLCRBV36QY+JYZunNUOAkpeSnRb7Y1dOuh186kMkSgxVsXX0hPfHue7Povx PCqvk/pAsjwcwSl1esvDqyCEhLmnpm5bcKkeYVIJrpx2la9Eew8MnZ58MWFka3uDIzyd 8qsQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="Cnd/mpJl"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1772123421; x=1772728221; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=jBo1lZmRkORkUvFvGWATs8y6jzwU+i+gxdcVn51Tf2Y=; b=K8plM/2JOKeyI9du2m40MNTlXtJ6NmVv5vNBNAfl9YQtL5gCp7tD/wU+6XjIfvA8zl Ial8FmjapgpLQFFpob0tu1aE7pH8cwnNubZNajZGiqoYxrInU8XreaPx89ibujiU7kH+ 8jsR7Js2gYXMYTAt0MOJz83YRNKAJ6R+XAW6P5vQhzuWCvleh2Tg7EDZML9e8bFnmczC WxO7po13boqbLnPyfDBSN5aQOOYXZIH+EDpmHYhuyorsFTyMnH7ZGmcw4F5yzFZdftii p6h6MP6zI2J8N/vlSNvFjALZjMH24CpguNy4n3lzffPVo8vntZhSSn3Q6s0Ms/08xOjQ Wz4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772123421; x=1772728221; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jBo1lZmRkORkUvFvGWATs8y6jzwU+i+gxdcVn51Tf2Y=; b=NWHYaI07z8sF5Kc60cm87SWx8oHrMr0MFakrSS7FZASnM8zFtwUpFNYb5H4jbH/2I0 jSksiKQS3ShT42WCPgU5oV8Z3RcoUrvX3gFLgTaD8JN9rv1oSIj++hzXtATFybxyrYO1 aMvuWcwoKXakYbSCKt/6iM6rCS9n8soX2UciD3Q/msMaFa/y9B2Bi9TJob3/rfcEexGw StT8g2VqX9fPgbIdIav92D4rw9haPjq1KcgeRRUkTB7rRyor2Y8cn74DKsLQIhXl6t3b +ePdleeomyJ3gAgKFHO5J+lG/WJv+pV4MjhamwJt224qB3b624a9AzqBacY9/OKww+qu bqew== X-Forwarded-Encrypted: i=3; AJvYcCVA6S74bs7Ez5/OoSVG7P5EYlBcpw3ZeKgK0MwdEcAfVmOpVP44nVXy12xFkD6f/491xe+0AFM=@isar-build.org X-Gm-Message-State: AOJu0Ywm74FH+2x5E3ZZcJ0TVh7x9IW+Xzxt8x4gTuqCJTowa4dUqtKv +Y4BQEoAHZySNu51TjP6Ygr2wYcIoUFcjsvrMSh9yVVr/OTzwCD7yd/r X-Received: by 2002:a17:90b:3c8a:b0:356:ab60:e90e with SMTP id 98e67ed59e1d1-35928bdc49fmr3918437a91.25.1772123421003; Thu, 26 Feb 2026 08:30:21 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+HIFpCMF9ZT8KDU3+LqyjHWKySFBX+oj3eP1d+hPmWDBA==" Received: by 2002:a17:90a:b897:b0:354:be1a:5f63 with SMTP id 98e67ed59e1d1-3591078727dls1273885a91.2.-pod-prod-04-us; Thu, 26 Feb 2026 08:30:19 -0800 (PST) X-Received: by 2002:a17:90b:270c:b0:34c:6124:3616 with SMTP id 98e67ed59e1d1-35928be9848mr3933599a91.27.1772123419387; Thu, 26 Feb 2026 08:30:19 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1772123419; cv=pass; d=google.com; s=arc-20240605; b=PAxCvSSR7mYbquiVqMRk50VEytelHP3STLD3snSscuKFqRv3iWYNoio11vAetS0un2 XEkslQ5JAHJcIJeWLBMjoeV/zQoaU4Q2NBWutL8RqPExk3NkHIartA+gnUo3xAZYl9UN MHmyO/rhqAMsxqKrDfHJZwSG6cOWascsMJmJ4ZlKGMzNTbpWYiScem5+KGl7XFKg8uS6 DAStR+5tEaaOJkQSb/Gl6CtD5ZqSdhynlOoE9kCjAn58lEtxQVPAVUVmOn726uDaFZw1 1DrRzQL2yIkwCdi0ma1Lc7oEqEBZULF8xdmUIaJT9MTj8Gd8a9VDPTrjhMdHyg648X73 vHKQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Dw2RN0D0ziMOY7aeC34ixEpenP+TUcaEs2QEz4g6AW0=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Mhrjs+pmEo4Fbb0uCbUxV6Dz/v7/JZqM9sMKm4/qXI7E8peUZzwaIA9V3r1+Eck2la UBj85b5N79PK30j+jcgAgO0iCh8wJa9SNVG8ZbpF2jpyFdGjD9Gp9pn96q0GFgkkNUrc 5nKww/MvZkfOZkb0BK/peHKRmI3dizI+oKmmUUQbJqj6PQPPzfN/w4e9E0W6xdFZWfJs sNxghrO+vTe1Qc2GtpJOfLoaQBiBubNE2UYG/mrFRHPOVGhVPxIOxkwE0dtUJ6JdA7SU LOHTjdTHIIOB6KSTwAhJTEGQo51Sj5I7EsRcmBof0IESYJN0GSFFKjh4PwjKt82MQDm1 3Dzg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="Cnd/mpJl"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-3593db8869bsi82749a91.0.2026.02.26.08.30.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Feb 2026 08:30:19 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NhU0bmRLhLngqFE4tZpVYSbLxrdk/w16sZHWuVyqSRO77ZGAPsAQcNhyYVHP0dL893+vbuoHumttPSKmstAglUtg58kYG86JUmH8Ui4IY329oXx95xf5Lloqv7ky5DXSWQz3t+OmExfTi5sfTJQd1DDOgKKSHxg94347Z74D7RYhp9wJF6Zkfsky/keacp4sIBTJceURUKCUfUeCn+3FdPeBRE8t1sV6c5Ul5ex3BsqdKi8Oz8eLH2jhUxLskEyqIPqKB4ZtjwIajr+2DsCfWRXqK7viBnxdqTHnWBQ7LiGOWqk2dzuu8yEJWuVROGhz54zpMPS9A3Psd9kzENZfFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dw2RN0D0ziMOY7aeC34ixEpenP+TUcaEs2QEz4g6AW0=; b=sthXgn6sPWKbJRiZ/hNV3WiRI4UghF1waO2kSOmYd19Bx6wFtGADnfZYfH5Q2afpNmnFNRMpt8lm80fb0NPyCV1tG6uW32zdigfOg2sqlgGPcEsX8g52NnpAR1I1M5DQZY0vmDzu+DqB+YUBiCrjaRid8mpZnGbBBiu23JBnrf2oe9AHBB5cEzfnjkUShET1mzVShFhNGP7nHzuBzd3OGSX7OHGFkrroyKrydEeQkzXKNDpR4LzgZDBs0m1YnQFz3gOl3ql5S1+5XS0LfyEKZj2y195YtvMKFj8Lgckvw1e1y0Gd+As5+TUnFHC0YqrBBidIjnYyG/KKxfeREatfAQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS4PR10MB5669.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:4f0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.23; Thu, 26 Feb 2026 16:30:16 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9654.014; Thu, 26 Feb 2026 16:30:16 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v1 15/16] use copy of sbom-chroot for sbom creation Date: Thu, 26 Feb 2026 17:28:42 +0100 Message-ID: <20260226162843.1642329-18-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260226162843.1642329-1-felix.moessbauer@siemens.com> References: <20260226162843.1642329-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0277.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e6::9) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS4PR10MB5669:EE_ X-MS-Office365-Filtering-Correlation-Id: 1ccec9bd-18ea-4ee5-4ddb-08de755451da X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|10070799003|1800799024; X-Microsoft-Antispam-Message-Info: 5VhGIHnbcWR10scxRa2sWjrKUpN6lyo8wu7Un5Zip3KKesseOQpUdKfrjb34YnwCR2mL1AGpNgrWyREyxRg5NXe5FyBtVV9T/92AthW6IEJJq5c7ceGAwoKY9tDQbBDfQSaeP7igOLlG+fxnv5e4N8SLdAyAAzSDKHDcGMftltBCOmWuQnYgHWffv05ni6hcwk/US3e2D7B8oQBgboJt42pKG+NAVeDaAhxImqhoB2mvGbKVCQ5sXG1PXMQ9pb9at1BKaYfcZYvYr+HpDH/4At8Hwvjpj06H3xMMfihfosPFwOjFsOa8fHBTp9ZNFvMuZsL8ClDLD1maat+AS3MfApIFhQoT4KTPgeqNO9C+jB4QV/PVIPn2xMgVfbCxYivWZmbJbilNEWRqv8VxqOj2cXBAvIVEclmxDRHH0pfQJ8GG/5wYos/eyRqFzFb/Y9bDApmAJbkMnWIPTKGQT6QIDyR3cIB3/YIX2rcKBezhbZsOCU6dtcRHsTpiHJDPRpQSKsVgnJ6CuPpgu/l3ZfgV4s47HAjA3IP2RNUeh1AJwlVdsqjPBbzEFrYZ/tAzzbjXMAVZEXvjZAOo8TLgpH4NaVO7NvIeKGZ/ypb8VjHovDeeNovFS4Mq/cr5fc+8RqAdi24HwupF/ePZIGsFPE3PwmQTREMmT+VeEbfui5xVneebaGywJhu9W14m5oterokL X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(10070799003)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: VCKSUgrq1HmegC+8AHTSwD7REdZszQjeG+F9GRG+Q9pDzp1+F+9l9kjRyOkgf5umuNEV5Xwv48jpUt8rRhs6BsfVfgrAAxS9UW4/g5l/T/2Nf51KsUgcJJEX91D7lGsoul0/0Vk0+yeppzTPQ+o/8lLgKBaznxsMnM79fIP4mn4v7QOUH4KtBuUHjN2irF1K6AGNSLzEzbX+ksa3LGiAVdKTVQZ3kKEhltH6mUe3YzUcaWWS6UfPkzGoJ8zQyGB4MrLHbceMi0EKtbwgXMrhsyViamPufWGJvDWkC6+foGK/bIb8q2kCpBFNm1nkr691A/jAiJ60Y7hi8ONl5ieHmtL7LBBB5ksvwP/ZYqB+QuizzGYJ/bAJq7xjPU7EB3hm4NBvv0yA45IesvlgxmsQceL6L6gJrbS7tyeaKlMEEiDVLxFTaOGCu4IEtSDqlpqnzRpHPuPEIILN5l53uH4hcN9nccSaLmx2rDuWqQ0p3vhyJtAEQsJPtWvXPzTgf8VNOhSJW4/FELVJm4YBNAbpGO7FoKMsUIteZjt1jAQ/hTc1Zs5cvU02vh8+FPa6txdfrhotOGKOT5fMgwWAZGbBiyv/ZaKDxP9e1i/ZEt535kOxpo2PsP0FoM8sA7I6QqmBm/cJGQrT8kbk0Zemi3Lopyp+aewPETjNxM08Yfz7LEHe6U8kOdb75Jr8KwN0BJZ1XWiaE+YhLElF/dEbV84xVTS+Z9Wdg3J1RAv+Jt0a75I2AAjd5eru7ztr0iZhope/vuIYeQbT0d1vBdt4dqCHUhtWyb86VMj0DEedkc51Y733aNT16oTcFnz5Xzu51W95Mj8HlKxDbsGyuqneeNezAo1mu2an1Bg4nwgqq+NsBGDhfQReDKl1ZaihkTu8wCyhv4mocQsPtx6XQy86ZXJyGadzXW6Yblf9Ro3T0FEp1N8BKhWIRhOwVKQ4V2aczJlZ4v/vZSvCAa/754uo+rvTQd9y06ola90cclorNzs3U1AmvNkTm+EM/SeRzQL48fnKmTz545FmTo8HoWct8cjetvpCyLeRvb2iGfdm+4fjKtAE8qsUyZGVB0YZ6uqVKfBbUQXa1V0p9doJYMvHGXlclylrqQ0Ro1W9T29EpMnc2dBl1l+IUE9VKLXgVve9c+4HdaUUdK+bq3ztYIEHrgxFGqXmyXdJEEJSkDWcCRdDsYrQN4/Oe1/OcHvxKcwR8/IwRsAI6uv58IMAljor20WoCqG8F6N0fX83/DdbuFLcjfwjTKF4ee354grpXOndpn255p6XrH1yME99LMt9BqdsvxdKRkzlBLPzJzAVkrOk05BDxrtK0hMJ8zL9qaiqFujrZBKBs8+ejGtFxl/3e6TtIVCigmuB8ENzbLa3tfIEfd7l+ZGaLVT41pryoGXzHBvOlocSO5MXlGtwRx11uT3zW0Gi8lRRLjS+tfJkPcg7KHRds/PXlyhmyPCBXcPQtwUSsdWBwszC1Rj9J5XoEmyiqUE4hF4NB+JSNpgbiQog7uM8rzic2kaWLXDa3TZ80j/d60g/XrPuW+1P/g3qi0PdKfK+PQUpnFdX1GAG72LJZFiqWY3g+MF3xFVt4KUbC9bRRuiNdp+aXxs3cfQVtk12O560OK1Ebya+4ZNo02FvXKF2e90lzoWXUh7Eyi+oyoRBK0AngroZqt3RtLV0hC3eMNjWQStwD1Hdi6R165/jBm0/J8Ge6hKqoi+EJ8Taj0uBbGWDScVeZLIDn/9JaNE/9DziRgjwz24QchnEXukuLnKrYUuknVJQYaxiPIb4DeFTt5/34nCK X-MS-Exchange-AntiSpam-MessageData-1: LhZqqWJ2RiTeHDSyZa3kbfotBO3uq0mj7jo= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1ccec9bd-18ea-4ee5-4ddb-08de755451da X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2026 16:30:14.9875 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: q+9TfcPsfsE2BQTWVps9npfzp2lkIwOTdwOuMB9daxmnrC7JQPHRL+Hc/ylkEgSUmUBwGNbwoBjRc16MSCur8iiyb1qADPohGDMqRx6V00Y= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB5669 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="Cnd/mpJl"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 9f1e3de4..20afc615 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -222,7 +224,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index e3d0e702..d45ae54d 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index bf6d6683..fec1f502 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs