From patchwork Tue Apr 7 14:22:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5009 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:32 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pf1-f191.google.com (mail-pf1-f191.google.com [209.85.210.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENUsl014975 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:30 +0200 Received: by mail-pf1-f191.google.com with SMTP id d2e1a72fcca58-82c4664f75fsf3346590b3a.3 for ; Tue, 07 Apr 2026 07:23:30 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571804; cv=pass; d=google.com; s=arc-20240605; b=gAnA3TInClDjmzso3G5tqwoTzL1fLuZjDQXQ14P5Vrv7MIIwRncmO3YjNXCMiX85K2 rDFqWmwjWqIVQxdojEHN6EF7Mv3skbSxJrzO7kxEBz+kHfRHx41IVMACvIMJ/wZQGQj9 otkf2/QtYfypLyhnL4ifvgCpFFfu1EJ/L203pfvwY+gVy6m9cJch9KnHZw88WmgPwIy5 8NTs8A8GvyFyjSKeWCW+OSV1ZZXBfvjWTWEWz099bHFbLJJx1BV8xsNsKJaN0R2v4vJv TDBjsHdGfKvj9HtbfkXXJHsGkVSHZPgcmNc0qAfWvqN6UHM+8OdWEtPD62KV4RU9unDp R1lA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=o4piHoZhOnR/7ghg5MFClQzkvEsslJfWkQqbfsgqGGs=; fh=mtQK5HMJhCYqn4tw8BWut0bKjSPZCtdkKaXxUWCdMs4=; b=BzaeqO6KyFzDXCtEEeqgq8T/RXQQKZezIhP1Ep6WzjOeBAApVPnJ4qTdNa2a0NUQiQ 51d8v0LiDNO0Va3Xv48FXWSwwPbIDFlu8gyswCNDijTV7an6e5f+7LvC9iKKGc39d+Im ww6ku5b9M8BbgxQ5HK8aQD3syFupP7FJuzvvnkQ97hhNYQhMaW0XWZzfFl6dbtvxWxxl h6b+7LVa75ERMzyF6lYPkS8wubmEeQwb7Ifl4cC1qF1OwKiNRxFAPxb6ej4FFU4+SZrq ZvFbkpyh0RRewI75ZYXQIlDtNJL9Wtgl1tLATORB00q7sk8l1CL+nHcQ2x5sOy40ok2y juWw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ZC9pOWkx; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571804; x=1776176604; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=o4piHoZhOnR/7ghg5MFClQzkvEsslJfWkQqbfsgqGGs=; b=bLK6UrzPgbcsk9FDiFHP5WMwvbh8HEJcJ8z6aWi7vcLZISoVhD4WKpc1gTSvxAWfxE Jc3UQsilLPsKXi/SZk/bc2aXKUxfgjgY3Fand+jtoRybmT2j8FwYmFel/QvUMCJS55aI Yn98JSknkZg+mspH8yGILslAYIZmB6A1ZJ6gAZrMw23AuC1Zqq7vcdjwZ94QEnM/KkU8 rDLMj/FWkNLRz5JvobOpnx5djU28INt9BVCBGS6IEWz1+yZ6sbtnT4gMNzwLefb8CwKV r6EZNhAMgE7VlvcbJNZhqEGkzpqwDzrwRNVywZFw1W4A9jrHwthVGJD/tS05lIRdPB7b 1Luw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571804; x=1776176604; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=o4piHoZhOnR/7ghg5MFClQzkvEsslJfWkQqbfsgqGGs=; b=pjHHSosJoFGYZ18Oe1YatpijzbYcMXbWhrghkbjS2hlTILU4m5/4YnesBpy0Xd3UBc KmMfwg08Rwge4nX2kWuySQyuS50n7bDDgPq9j7yPA9PAZzvu7vHHuhltWMnUz5/DGZQ1 svzW44eZmieeaLcxA33bzSXGFKuBpqvJpaQ4E1vj+vfUqyPphX1oPDWjRG8W7fVjZuY8 ZOEd1lgF4nr8q/JrlcmvgKuJIPAw8ixT1nnhyQi5dgV0v5NSuvBHfSM665vxRErYc9sN bkZ6jsYQtUFMZp/6W797Kbar++tAald1eF/+vDF64P7/2sLz+L94t6fObEuyBLFJ7uNE GKcw== X-Forwarded-Encrypted: i=3; AJvYcCX7QQ+qYZh8Ey+e3fZArsXnt6uG+UbD2cBDfL97oXX/6nv8ephjTNacCQvZW/XYsSacoSfRoQU=@isar-build.org X-Gm-Message-State: AOJu0Yx7etrxKNs9MIc2jv6T3b7uDXyUL1CNvCIdusIIENx+ncHcJFMF cZ/CepsQFU7EKd9uJxDh3ah/90XDizYjB43EgQgIB8jSbf30TA6WblSv X-Received: by 2002:a05:6a00:a0f:b0:829:8a84:b9fc with SMTP id d2e1a72fcca58-82d0da33e8fmr15848824b3a.8.1775571804133; Tue, 07 Apr 2026 07:23:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiIKUVxCIW7JL/oOMmiJvmcIFQlnNwbOyBYrpjPGKIppnw==" Received: by 2002:a05:6a00:91d7:b0:82c:e0cf:705 with SMTP id d2e1a72fcca58-82cfd7fd72els4767665b3a.1.-pod-prod-01-us; Tue, 07 Apr 2026 07:23:22 -0700 (PDT) X-Received: by 2002:a05:6a21:6da8:b0:39b:a96c:9e20 with SMTP id adf61e73a8af0-39f2edec759mr17066971637.25.1775571802423; Tue, 07 Apr 2026 07:23:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571802; cv=pass; d=google.com; s=arc-20240605; b=Mdpews59gkFGy3kkzXTvZL0MmMAmXKsZqK2m2VFaLrIZmVVjX9fTjjATggqgUy+3f2 tLAtizvdjeTbmvjQRGfcuPeQ4W8rOSN6V872y3S2RLEMbsBBW7Vf9lmrf+rKRnCsdXCI pMRPhQnRuT2xYsr2tkpn1zbhbvD66MQmuAWXbcJCkzhx93qZg86cGDzNizKvZFSE8xkY Lfrr+bAW04S4n6EvjfHtGxZMmiN7xqeGhvvTikEjo1Su2MaAFKqdBAzNNx4WoOBse9mv b7m9LGETnhclsPwBTD5+9PW899iSb1g6XZZcD7ehznZ0LSjrb4CVvTTFBJWOuhWU6YJQ HYlA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=eZ5bSudR+ET4lbVc0yZnKYjHCHEH9qnzR8VGlS7PnGo=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=JUM/jXi80pwyrOTNo0z1fds6mL2phRKyHukq6WwFbUDxgrrU5XeacSZicKbe0ntZuY PMZ5bKMWgWAGC2R+YCsGLD8vGPZxRuWmYelH0sG04UiMRr/6umrEuaGNx8fDSyz+Vuhj Vb1nRJrWgSddxFZ3DnEFgpFRp0+2bAaBlK5hu3pju/JYNjLt7Hqs11vCH/KeYv+DJFzn 46cFW+QbomNeA39QKy0QnbyNM6LvgkyL92vsVdb2DFEXgR7i7fYH3y9hJ5OGOEcDdN2y NxObRczLPNEHZUptYMVjs7duwq7SuCQfgaHle2Ac5h0UWgzexJr1MqMWpuqDTMI3AXdr ZEMg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ZC9pOWkx; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 41be03b00d2f7-c76c6565af5si550283a12.7.2026.04.07.07.23.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:22 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wIjwuNVEX6VZxazVruPseFV9xatBOZSdVufrRSywJpEf+sD0GLGny4FJt4DGj6XYlgm5RpDFocDGpfZoG9C8Qpg9jALOY0tF0IkaGULnCZeQv3ptAedDP9y+O3YqGmPZEHtregm1W+NVVdXony0caz78G3UtYluEWjn9O8TIHYyqIcezgPE+nBGIOf1fl66fZNJ3ky2sQ6FnOmSjiwvugYlSabtMGjdlukjj08pTb6yEcuVZuPpReApJNP4GsT8hC/9/nx8fws27h7toZ2DW1hUsbpS28Q5WlpqnkCxvb4XPKRAzfW3LBGE3z5Ug+roXPH+jd56N0xUR2ngc0XZ/iA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eZ5bSudR+ET4lbVc0yZnKYjHCHEH9qnzR8VGlS7PnGo=; b=nnshNAQwnCuS1N8OrNbRLA+S5IBIhMNU5wwNM54r3Zs4+Tm5KgxjGRlz/e8W94tflCVpgx0O5uVnhfsfQOcG4OaaikfmzvBFirZ+taJeSnO8lbPxE2mZXHVrA+MrU37VgNS7B975uKY5f3qU4SsRuqipLqJb1HzNc/hU4LBc/qg2Qc8DNDb77yn9uZ3j0RZ6pVZ45GbaQTFr4w//Hs0hf7xG87PPpL0O/oGKOHQDTdS7P1rImr/etBBPDc294SDPulpGgGowK4MSr83RMvqSM5wpL7EEJB9XLD6WgPoUMo7V2QjcZAaVdXvGekaI1fv5mpYZAVPGSh+Ypf2cqO1RUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:19 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 01/16] refactor bootstrap: store rootfs tar with user permissions Date: Tue, 7 Apr 2026 16:22:55 +0200 Message-ID: <20260407142310.2327696-2-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: 9da9d817-1cdb-411d-071f-08de94b13762 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: yUUhuUtcfHcxJSNwrU+nWMULPmcOEZylZq8SEIN2nx1mrScA+ZTaenWlvtwpfIRFYklXbDUubzEg3cwy3jmwAOxQ+yevG37IxQ8aYd3cZXvaczqEf0oS3KQrhtcAI1RoeyRcnlOBC1gdI0HBGlGqhAO7N89dpOXmFJwSHyncwR4dYi1arfWt6iPijsk19i/N599V02TZmppqHl2XXyLG3ymEyKuP7taAOxrnRGMhFuIiShDZO58rneOFMYFe8gguWPdA80k4I5EZnIpsPPZq0v3FIsWGBsMdhBV3foGY0SGfNtBY0+F1KfxZ8srz/Az2Iyw5Y5kM5/gRqcOFeWhsRtWHNL/CurtP6LpEsP0rfMC0at8D5PLcQqs/PxUVyjvxtXMC+hLSxsnGI3vAQTG6YdcDFGSaD82nX59GPdrSuYcrkWmm7X/VNP7P5OxNWn4CFKIb0OdAWP4ejCtzFb+38corckqhZ6L6snZXTJ/8HutsCa7WzySx4SgglO+mcFgK8ZYaUwmDEPBSAPQIiFbBeUantVQkn/BKcSqPnVKV76a4xAZKehuSOiIcB5zjw/U9b2g7KA/B3pESQOQ2FM0dEMMftREesir9bXpMjh4NPkflvAwwrblsOKOy0+UpZ2nCTR5vVL2Sd1GJl1CJNKiiITBcDS4qctsewJkuuxO/aaq+ROmNOvIr6zkG9rjP7MTnU7Nh5J8+GmFFpWSMTujfke4jWLAqSu9aUNyxuS/wZDs= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: dmDNzadpWK+OYhRdBmntZR0GKBERlnUgfq2RVu8uE2HGQiT5MiyiI8AGJR4idR0sjQY9LF9Qc3ORyZAz8Qv6t3PqSJ3wwY1fwZ5w2esNS9GU9RRefoap/Gh6M6pI2w2rbWn1mKVVHPIHDAcZd6r5gPJC2iPg8mb8++rlU6YfJshX4khPCqM0sB0n/z5iFdIJJy34aahqJuJKl30Yc4o4Wp/owYKsdUqT2D2leISQtOn3UGbOymqcZTPIQUrc7kCc2bF7vydYoF3gQXtnWhhL9aAXBBrdub7E23i0m1+NC5SEycEmpF0k6zOrevZq47QMW2+5dADn80rgC4r2TmiaQmN3Hlw/b2+nhoIt4YbS5S0e6VO9mzTvravWPtTCw5dZqlGzFQ0ZTeOPMkXjMwptJJqxBXWx8oqnTeWxTF10ntbvyIoUnLB0MJaLh23bN2jHeGSs4lDGRJt782TwJS0vX6glgMRFAUUwunI/gBVFP+c/dFKSv0OJJedlYo/OxyhWMSeUtL0AgIE0H3OLbYCUaUF1KitBfCKVf2kxqoq7b86cwO6He9FzYRepvJflFrYUkEVqBqrub9ebu07XBUYkGeiO/vfoh35Ch9+D26iS4z38WjTKhCXK+oL0NaoGgqtscWi0yOLGUxLkY9ZxyP1tVSOQtAsHMEYF1/08LjdR2s/wHjxqsrqK+XjVp5CMl7KWl7RfwwT1U/E6Ts2gTVQRrp1LTuoGlfOWmoJJIpAdP8JiudT5y0+YSOrqipkP8OdxSFjpgaFzva+n9pcogFp6T3/bWQIqGrF2uUi7pUOG92IGxomQP5H0Y2iRdG0efTfOEbULa7nEJWYuIq4NtcR4cbIZxYw2WPWS0UzdPTr2sjPvHkeCJKNF6FbRs499Pvj3wQcimxSYc9EE0Wa2MKn4S4+ebL8jCj+zXHJgk83BATu3wujXwCrR7k4KwBTZMnmH2e46s303xIllDWSP3MNrnsgVMWf+RsGwLv996gwZPKyh8bNmAskkA1qWU8U4t6RlJr40wJzx1PDIKj0vV9TL8iVKh6GHeUHRjxkANz57qHkd/3fmk2GjnBEvvfWkZSJaaPeQMf2nR5jv4D4WAQESmfEmyfHjdFaRwXk7W2bTPy3ilffQzr98nr48/Ma9toteHv4qDQrVwJ18NBMl/TVlc6tmFn3aQIBA37u2s2+yHsHDN5eRfcdg4eXmCwQWDKOE2Ncm+oCPqKiW5HU0cymKWbOrq9/XzLz/cmEvTIxcwcWOcs+rI/KkwznMx7vMc1Lp5tLqPRvXJ8hl1YzISrXMFRUzD3FhIk35wxUTCP2n5/9A+2otqH+xyVPRTgrhmAkmgZ05GUK65l0QdGBaEctd20zYB6/jn9McDOtuF8zkacu9vRtQy9iiiMeCR+BL/gkfYXrs4iStXGvdJ4BVj/mfvLwHm9Gg+KA9ExyEI99msrZd/r18wRF1CbAX0nQFL9h1wTa1YZiUCTSijq83X3g6QseRj66S1YfwSDn5xGwNbOiqjzulZ9BMsebDjFsytdYNc9p9R8kwA2cWLM7ydIsJGN3LjlUVyL5y1THfOwoKS30apsafCmeexr7LISJyg2lRiFqK/53ZCDnO03T8pT/OCSfn8V7Il0PlNIlMoXbN0odMFdkTn/MVqYOQmmLU9mi7v0w+kjG7fQJLtTHNMYXc+ZxcaTJ2wwS64b1GZrpIDXYFLBTB8qqidfl5Pk3pi26/ZcJFnRDA1piz2YhC6Z/cM/vX1oiUuNm89JB9MpoaU8k= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9da9d817-1cdb-411d-071f-08de94b13762 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:19.4276 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KgpHUyxPcgd2kBPLaOtdCfdWcSvoHULsBw5F9phwKDLsb/L517FHdxKyhtnDEjX6Q2Z9NRSWeIGCxT2bYe6TOhVj6791wyOlvBOe3gfhYkU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ZC9pOWkx; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As the mmdebstrap itself is executed as root, the generated rootfs will also be owned by root when stored as file. To avoid this, we let mmdebstrap emit the rootfs on stdout and write it to a file outside of the sudo call. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 6c2cb170..f21a6164 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -246,11 +246,11 @@ do_bootstrap() { ${@get_apt_opts(d, '--aptopt')} \ ${@get_distro_components_argument(d)} \ "${@get_distro_suite(d)}" \ - "${WORKDIR}/rootfs.tar.zst" \ - "$bootstrap_list" + - \ + "$bootstrap_list" > ${WORKDIR}/rootfs.tar.zst # Finalize bootstrap by setting the link in deploy - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" @@ -265,8 +265,7 @@ SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize" bootstrap_sstate_prepare() { # this runs in SSTATE_BUILDDIR, which will be deleted automatically - sudo cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst - sudo chown $(id -u):$(id -g) bootstrap.tar.zst + cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst } bootstrap_sstate_finalize() { @@ -274,8 +273,8 @@ bootstrap_sstate_finalize() { # we should restore symlinks after using tar if [ -f bootstrap.tar.zst ]; then mv bootstrap.tar.zst "${WORKDIR}/rootfs.tar.zst" - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ - "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ + "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" fi } From patchwork Tue Apr 7 14:22:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5011 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:33 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f60.google.com (mail-pj1-f60.google.com [209.85.216.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENVak014997 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:32 +0200 Received: by mail-pj1-f60.google.com with SMTP id 98e67ed59e1d1-35c1107da15sf5477077a91.2 for ; Tue, 07 Apr 2026 07:23:32 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571805; cv=pass; d=google.com; s=arc-20240605; b=Ce2lVDc42623CctZwhIFek0iTHkUvJZA11oJjDiSR0xsRjSpMF0ovB5UshWDBToim1 2flBjzlOAf1g6hR2D4o/2vF53PbXUBlDSEeWjZcZ82jsTvsBwuwyIzvz1jVfUMCB2A+h HXxm0Tc9vQjaMjOdngdTEgKUrvi710KUVJNRZDOGvOljoiUqeWJ27MXV5ooDvjQv0qAR Gp1EOBIumVmSMMZEK6FLGp6IixGHqs3cuz3Xw0BLRqQMSJBwGEDbVY6WksvMykruRc50 b7ryda0j7bZYTcxYYdRVcyaRyHk6U646ORRsL8QK2+uBhksHkxsibqQ7RQE1HaesO0Pm f+Tg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=h2lL8QnDCYzNzzxif6tziD3aW8nGZq3wwhEgxB2nOqA=; fh=wQMNfFrZODilF2DfW/NOPfalWPPeP7MHqHwm7jUMb7k=; b=Ka2AgxIm8PWoRA9aG+4j/uGK8mWavz7D9RlpehkKlnh8Kf/aM0BjYtXLrDMrGu4+sl 3EOG4WeEFO4Q64N67f6Q1Yh54aUumF9D1FQ7mAUYsEirSNZn7utpgwwVJU5Ks1S4Chh5 QgqPx1xE6DPuDWtp3ZgIvlKqvmKNX3F2Teg6wOWtLNeV8saY/5szCSUzB/w+h2DNwZFo eXDSFNjP7xwYli2F+dHJvlNO1GfEzlBKAZ4o+SFHqUEbPIsLDOUaLRzQtogzccwusk1W ILEyTJWDGXZj2zpgK2SgVyfLyHdPynRYBe2Isi9VY9Ym2oz97MUt8bEeEtke9zP/huDm ocFg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="kvA/Azpb"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571805; x=1776176605; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=h2lL8QnDCYzNzzxif6tziD3aW8nGZq3wwhEgxB2nOqA=; b=MebYCpDZLKpSAZPrIy88g+yrEBV+EO3XywM5b93BUFKxROtk8PqAVn2ECDCqFoAmTS DJqVZbGAFsgL2I5RPxlOmP6rKjbvR3oq1VljuZCDkNJmsDCkZ8NuuUlIQPeUU1Lhxcvs eD/tf0mecpIPjNzWosjZFY2ZwMzqmLsEX6NFtug9J8ZTGPB88awNywPwvMXNDyyPO8xD WdhnlRe9SbfcMZr+b/wNO27V8SLe4Q3zL4kF3xOZy0DiI5Gm/yq4cflsejx8tCCrJiNm xJFz/yU1opH9fR0aTvY6W+FXlnQnToxmWqALM7v0sBlf1JKxRgrQ5CCT2eeY3AjqicAL lRIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571805; x=1776176605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=h2lL8QnDCYzNzzxif6tziD3aW8nGZq3wwhEgxB2nOqA=; b=mxNjTnsOGH3ZSe7aOtnZIstsmUGk3h4HzydcHhz0IHmfY963hCn2SpT6OiO1cLgvuL mYWTozdHTrXApOUEHlGPW25kP6RdJaZfI5Iam8/98atTp6ynkZTfZtXmr0yqXmMrLabl mju8WQ30xgAcS0JoHO0AkGWy3v1+QJHxUDyGcKY7T0Vknbe/GCMBYyLurSV50xwyAIKD dwlFUicyKPfuhi75+oSTiydw67dSHx/pSF2mDeWLQiw/oayECoAoP8dmq1k2gOh8X+BW WzRQNckmU1kEBeG8TPAd9Ab5e+IXGJP/bqqylX2/ui54OLfUCkU4KueqUhjbIOn8QRef 2uWQ== X-Forwarded-Encrypted: i=3; AJvYcCWLY5xKSree2MbkDfWkjuYyhG5psciFEKf794gEt8EN3ayY/RJRgkWWZGYRJDw881TKRrUgzrQ=@isar-build.org X-Gm-Message-State: AOJu0YyMMhC9octyjhQomJsC6OME/bkiWK45GIwfZnYQnHRhjZoUbh/Q GidGTN2ujSijOqFvQCUTKNUF2v1IU4pJtImYxu5IzVIUuAR/J24b2el9 X-Received: by 2002:a17:90b:5110:b0:35c:30a8:33a with SMTP id 98e67ed59e1d1-35de68718cdmr18085668a91.12.1775571804646; Tue, 07 Apr 2026 07:23:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiJcY+uKPa0/4O2zNsdZ2f8QhHK1WZquzfXIFsu6fSyoFQ==" Received: by 2002:a17:90b:4f43:b0:359:8c87:500 with SMTP id 98e67ed59e1d1-35dd41d5a00ls5184579a91.1.-pod-prod-02-us; Tue, 07 Apr 2026 07:23:23 -0700 (PDT) X-Received: by 2002:a05:6300:2109:b0:39c:39de:3cdd with SMTP id adf61e73a8af0-39f2f00cbaamr17316135637.25.1775571802914; Tue, 07 Apr 2026 07:23:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571802; cv=pass; d=google.com; s=arc-20240605; b=KdUSkMMSI/h52lNE1E6bwfFKlRYHiWQO5sDmzR8f23CBOURUXmB7xhMbPTAZRdhAvH NtbnG7BtU214Bv1i+6vxKRtTCu231AS3kSUIgUnjqYcT4p4nVxYVfB5EbiUFiot0BjgX fzapWWiAmyxvWa4C5YeaA2d/8T4XT4w31/99ltJskhcvn6RqYSxvAg0Ui67e8ifLF8yS gRzIKOBufl8wo0GYBhaiicj/LvAh8q5Sc10d4P9G6XDtrVeE+Cyh80oGghLIDbvh4LKk 0JTNCCn3KpZFKV9G4lyS/W3zcP0v2IjdSu2TCbhUq551LMkHEbDqFIEj9CRG9Ln7bumG WYew== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=4ZO/LhqIFEA6rIvNly8Z3oY3oFv/3yeLK8xdRRb7Vrg=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=i29pI/O2d/396ofHkGGJrgtwhe6gmW+nZZGfA+g0HaVM6Nix1G79deyqrZJiUvmIlS bpRHhbpVWZxRsvPPlyl3E9U8EMt+drx2ltNryKB8LRmH9ORDRiGZ4sjxtnjep0Xstjzw Cs5FKp0P5Vp9lCv/8b/OepndQJKJS+l01OS3otoBpZJStflU4myOp45vTJQN9uWJsHkE PAdpfTpnwpv5TeaZGLIrjvy9YsSsGhNl4i5c4wi2TFggP8Cjx9gOD3BpkA8alzoDzRl7 VaMYqlYMfpHeoWpTaQdnw33O7ZCpqps6QIHRkQjK/+rPQoRl6K1qK33pdq5wTLH+LIIM gVTw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="kvA/Azpb"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 41be03b00d2f7-c76c6565af5si550283a12.7.2026.04.07.07.23.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:22 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=n7xdSpAC71U0d7JiticGDRT2dOhdM9pqhQiJVvDfwvzjma6kMbXTDZShahfHW4itWA9gadhcNJ58LjGdmZbviOruAdirU4SM4EEs8Lk/9+OzMqWC+PaGJH3meN7qc91Ts1vhv+5b9txJ+3lAwXVmdTElNNCOIy4xsKIGwSJPG19LfjIGj1i3rbL8HL7og3NCV0nlXlZDGbm9LB7anCiTFzpVrNdJJEhWalYqPhgsSaOmHcFpbMqssGlMHxVSOMN3wai3PhYszyLwV5UNPvDK/6IGhFiAF7XAKH+0ZRtMIKQLGzF+8LbGNqgygd+O1Bnl3yp14emZ4tuUyQr7couySA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4ZO/LhqIFEA6rIvNly8Z3oY3oFv/3yeLK8xdRRb7Vrg=; b=KZ+FlbjGie9hsDrP5QL+AyMnJO4SQLe2A8rRWaDuc3oD84OsD5HSoWzdrqDDEcF93NyPeqbZls40YQdjc63Iq19K3oapWhbyHJxoWultORGKIJBJZ4/vfsbl1bO2Ccdf4wbCN4KWbD92fteHwDsujRE8UgOni7tx1LK4SOpsXc7WxkjLgC/DkiqeLETG+SaIdjA6OwxF7ZrW7YFSr3DELq5D6saVzF/ODRlJpr6Kin4X6ppg4/FHHaQvlFdlHZJUggTYzGHyUc8aotEapT7rNfc4Mc6dJSeb9KdMT6ypfKe22kPeNoent9ggAOTmCnt2qdhE+pu623UxLAN2W14O/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:20 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:20 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 02/16] deb-dl-dir: export without root privileges Date: Tue, 7 Apr 2026 16:22:56 +0200 Message-ID: <20260407142310.2327696-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: ce6ab548-199e-4ab7-aad2-08de94b137e2 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: 7wC7l4eFgWX+HpcWEuQwc6QHnpxXS4cTtJBmLUl6oCn2PPjwuyRD8VDtFgy6Zslu5hXltwIcmcpiNkgpY7M3KPbJ8AyvHDn3eGkFzryr4v5VKFVp62D2xOPWxPBkh+iS+hEbxX+EkTzTAbAdBFBbHM1MF/yDrBW8AdTu5Btlwnko605qok4IUJNONqaG5xG510gJ9GbpopoL9+P1cb67yha36vFVnwGvCJCrTFAmvjPQMmYM1bfGlX+sCpp07BnKS2YApWr+vv90F88jkAAjLjM4uS0BiQAt84JMtWi3bf1otb/El2oJhibT9Ou3e02Eb1DHBr4asvBVm8s6gixeVKLpD8T9NyUiOYlymoa2MLzckposynVE8CrqagC7/rqtxoQ7t9i5dc+nlAr6AJq8Z5NOqDgTUPbYdwkI4yFHujVs/5ALvybjJ/2Gn30/tSBubF5+lbjHdZyhon4xIE+ylJg5hSEIOK557V4d0PxfaTRNtPLy8L43Noa2oDckP44BDbknSMvyat5w8N9XYVVCpnZx02aA+CWzRWr0rnIMbPJprYSQC5PXQO5GdXZadW986W9s2h0DDVBhawK0v9Dl+5t8fbiOWZDkqR5LRFHCSgGOU7lHqPN3PZGsQ9u2T1bvrVd65XbQe7JlJ47KKHhWH5OqmSbj9PLQ2vJ8jfMoPn5X5AFk3qUeCknVXRCy2fRxSCmZgzj5hl6XJFsf+G+jD5RBKyUoDFwmS3hXacHcK4s= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: yV3mopKzxtuNnt1ax9x3JLx0QcsaJ39PEOtGwwt1+GsW+IQ60ZQRZh/EqJLUD0frZHbTRx1ilR583BRcveO/WQ6GJDWmD7f/aWeOC/GJE1o0KZf+PnnFBk+rIgbNcb0MjRahKKeND2Bwa57UsWns5irIWFNj4DUFV+E5Dbbz85sAhM8e0bXetZ0JAwNjbYOeptx9BSFu+ol7LQ9Zuszlj7Ces99GGsjjApjyQMY76ZlceqWCaxkT/tc9SV02skg//SzW1pkvMMB6z0R4x55GZX27od+9Olap4vnmQPoj/NN1G0EF9rzOQqeJigirsFEhfV3jD0LjwUv9bHKPA6wYpY6wxu4zOEkzBT4l4p2iyPxvljb5Xdlat9IkSiPU6iVrOUJ3P64h5w6HrsJ1ZLprtCT6PsWzWcjAPISN624HtV49zKuKtn0qZxmJ+2t5Nz6hInULfEbELlzirCJ9MTq++v6PFhGwZQs9qSUo+smnXDdhEexMxHYuPssxaxZBgkSpEVmz1i1STB/DmtJMMOMcG7leyWjd0PqMC6xdT5A6CfxcJKsA6yhldNfFVynoKBFsT8hPgPfEf8jwGuw371hMDPFTsN5J9YNPi9k/lDWVP6PSjloK+gxd4gz8PkrXUVIEh3NyRwFn8KRQe/x11N5W4IzlR3WXMzmaBTZMLw1AVBfEJkPnIRpOtmum5XvAxdpX7eFabvp7reMkiwyG1DRgSSwz29Jhi7QcPbA2u+s+Q9ElhgNboQuD/HfDXdCceTKFbHfAPQQutcj+FOY9FNBobAK5vBsTuPn8fX7iMfOGGzMo8aXsW8ZkhdRHEgAwJobenGFz5RRZ18xu77idYL6/APuh0HYw2chroC/Zp4ARPRAtQIj7PHbVlj0R+mifII4tU9f/MSmP42XHwu8JcRhiS9I9sq74QFxO9J1XHYnsCq3wmVGcC66X9Cb66xmKh5OUdiOeKKafUSrWN5DUgcnCowzVCAAbuAeTmoYOGk5GagonkDPB1yoInfE4TecrXWJtGT0Oe0ZevCJTWbFcsiJsJjJSLe2/v4udnGTJ+qgVaTRaqpvAUUy5Csx7CPUWYyvU2uphcperK6fRuTu7zYoY9yAscK4t1gqUlNXvBLvoA5Q8QRm3unFMh+85PsUHO6QkwXB/1fvTUUqv2Dp4lS6vrD47Qw10+tNrkSMuM/9Fdor2qIfiGMJyKK9IXrcDk2iOfUot1jHc3hAKAjOknZZGKNXSQVlaRY4/CGU6GyBupF60Q24bn+qBNlYDq86qhx+CMO1Ef0OZ49XsPPRfYy//5QgnKY8Fm57BWp7X3zs/0emXBa6ZmnEFonzEVHgWQe0Wqa8nY7BjrEXGLKrdkFbV99odahu8+FJAuWkfKdnJcY4LihGQXXz+zuxMzOfxWiIaoUOsgWFPrnR1exPGAal+pVQM9VdbqCxDK/M9mP2RIKgcN0hoiSpKqhebflYE9pIPN2DnZwX/nFVzLNeVPbuqM8S+u01Z9I7j0HB7tnrdacRkx+xhi7V4Tg9aEAqAKrfvgsFgdvWJgscB0Bzzw61KIE/pvL9UffXkA5per7yywMIKBSJIbBNTyfjH+/vH1bKY0avSD/hUdgbpR2ol4z+7lbSmTb8grhGbV6ZiVyrKYRlH6Shw+SpBPL5UqzEgkhgAnbPDOKbJ2rykiI3zCeY6rMIM48eW2eIjpRxIDOS8mAajgbMB0w8G7VWTWf3J0Ex+HpZLcj8b+eNANZD/IqXyAMPyNdVw9IZ9aERdck852tE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce6ab548-199e-4ab7-aad2-08de94b137e2 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:20.2891 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: VgG1qoF7HRbW1Qaf8vAyFXsZ6XNDEY6L48wE/rZB6kNu/yFqJFWYJmWY5ab9dSbEq8+coWUzk7n7JI/Tv3HGGPs1YjVKnwoUndpuELLgquE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="kvA/Azpb"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 27d1fb24..3ea75996 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -153,7 +153,7 @@ deb_dl_dir_export() { isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -170,6 +170,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF } From patchwork Tue Apr 7 14:22:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5010 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:33 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f184.google.com (mail-pl1-f184.google.com [209.85.214.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENUHG014991 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:31 +0200 Received: by mail-pl1-f184.google.com with SMTP id d9443c01a7336-2b24305cb3csf61905005ad.2 for ; Tue, 07 Apr 2026 07:23:31 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571805; cv=pass; d=google.com; s=arc-20240605; b=HUz6TgvLtARDD2hO5ibHzCXn3ag3fB3HaEzj9BrM90IwX/sClQ/N5hNDk1Temtu2wY g15BbPMVx1SMbtEvziOBVG1F3KjdjD2f4Ztm9dKcCTU1pEV25TLW5C4JK5UBfQmTj5rK xzdq7d+bJaHpa95lQr5/C/6BoYm8UXMvHnTaccKTO//edYVzK5vTB3lZKCCI/tLC+8Cq beQElaWjwB7wY2ffaoh4P06rpb2O5n2CTbcojEczfp0PzfFn9hy+zddX0Vk20qrLXT8d 4IUnqHd5PchwrU/zoHB+6yHxvClMYue4gA53nC8DZPFRLqGTzKqEY8H0e90G6LuOD1FT mpcA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=MBfZ34mztRff5yvs8DPW93niiaiIKhRKK5zzYivdswA=; fh=yQhAAT7pK9TboJhvlqNUgUC0q9M8U34vBWEjD8d+Ytg=; b=ZZ3O6IJ+q8/5dEgX39xgBuRydMeUzSFNrHykteDS6584/H/23rXeB0XO/ZGqJQSzLZ /yPr4EX5S1m7+XmZ/dBdTRtv/KG/XJgGLx8o3I6rJ0vZ43IjUhyvPFqhs/YqwnFZPSH1 H6xdWB2IaXEoWDnfo+3sED7EkD0Z+S0dP6B3tRHuBkqYfqWt8kPJ11JN3X2fVZ/psN+t vPW2OPWKgj9MQtva5laZykrRqMKY86luyoJBUCrFqT7q4XpIvJRnF4MWzLt97Mlq8RBe /MCtDNGdBc1XAULxdOiBACNRbqg6JPWp0aRLNb7BW7qT1OUqn/Us0yqydKuEQy5EOP/t 1Wkw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=BbYxOPHD; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571805; x=1776176605; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=MBfZ34mztRff5yvs8DPW93niiaiIKhRKK5zzYivdswA=; b=mOgE41846DbyDX3ENw9Y8RQrXfrwza0aM9wkx4BnFQl5PVAweGTa1p1q8ICr0O0MEx chadmAxMxvYoSiwRCOUMlWxGLN+BmR1s+a7aGTU6mcChHjjs5Wsk1tLzqueW1OKP1zog sJuEmFYBep7sDBMvDatk7xfuPSRy+Os/OYCQ4eYiA8onc4JGMFGD0p945ZVWStIlgFxw pVAw6rNKWIFV2loAJoZyN/PNHh556baeTnZMJmMjoOYVMwm/uMyQQBfWilxzag1cCoB+ CJgGDX6SkXbJrH2YK60A7fR54dquZSjjqyziUCnIuG8kK1c4zjAb8Xq+A2/x508BNXno D4jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571805; x=1776176605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MBfZ34mztRff5yvs8DPW93niiaiIKhRKK5zzYivdswA=; b=MJCNKqIYQh8PdqT8pt2JCcbnMCQsThg0Kx/C50YIZjaeDvHiF/YOS/JX6RVQjre2H+ BqzbdEjobaOXIZaCjuHHfA/AsbW+xt/uSj8peITfuyQSugFQY+IFPmpfuRFKmQVyh3MA sNM6qGqT+hlR4bEBzk7AqUuYSNCHcE+kpeAvjkL/5bUOxpGaGeESVTlVbXoE6fgz2VXq CTojznm4+ZWc+BKDnoL+6QScdzkCLjUqq0utlLo4WFP+Dbs5Pvs80UTU3q/4kk5kKGIY 4AkG6BaX2aBAO5wsTc/lDOeKRT6gNUF0OXFPMw0gITNYA6Rc68Xi2GrQ/BteY/NnX+bd 1/uA== X-Forwarded-Encrypted: i=3; AJvYcCUruxgc5BJCQH2dYiKUqlQwNQlmPqqlsrJ17TjgUkJk/pWgh2hvksdxXWHWTGcl8m/O2DZnnag=@isar-build.org X-Gm-Message-State: AOJu0YwsbVwi5e2/5V6q+2lY6NClFXFY8bdNtK89BPw7gKyJsA6Etblv ysX2afP/2+/FJUHs5cbefzPJy7DK2AnH1tHXE7me4r6lwGjn+kYejgDG X-Received: by 2002:a17:903:a86:b0:2b0:4aeb:dedc with SMTP id d9443c01a7336-2b28178ad51mr156603585ad.26.1775571804796; Tue, 07 Apr 2026 07:23:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiK62c9ZdUQJzNpcKSZAqctGfRjqE5eUL7fxlA/aK65dXg==" Received: by 2002:a17:902:e48b:b0:2ad:ba5f:cdcb with SMTP id d9443c01a7336-2b275f77fcdls35075235ad.2.-pod-prod-07-us; Tue, 07 Apr 2026 07:23:23 -0700 (PDT) X-Received: by 2002:a05:6a20:d791:b0:39f:93cf:c183 with SMTP id adf61e73a8af0-39f93cfc6f9mr4522195637.41.1775571803437; Tue, 07 Apr 2026 07:23:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571803; cv=pass; d=google.com; s=arc-20240605; b=cZpbwMPo2x/Amr5XXFaaX/oExRymX95DwDKCTEOg5IzqVS1gwi3CcM0AlM1a83IvzP vs9fyt9fNDJoNx3Yc+1ksuDiuZxHWKf2YpA+LiIAqVstfKgbblQyxXInZ0UBqma5SRop nibfItqMVtkRzi4iNoiBx3gXnge2IVdFoGo0sv2JsED4uWYCuKMyuq/P4Gy3MAdqwPCQ 7Mb4wno28fMSDashRyi7yiZL/HXTEv49a0BDzB7Db6B8hBnnJHnvdN3CflOIusnE/OXU i7/TWuCxLOKjzglc2Vf7mD82An6skas3Z/KQzCXigVPmJ021Ol00AvGBC1zdrULj39j2 uTMg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=zdKmJqXzhwdLaym1Gpr/YM+FCjnwt2mdCRKdKUcCHWw=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=a4Wr1rG/7eZBobwn7cgFa9N3kGVzqj+dOdsRS1Z9oiPUYIsqVf+Ut7xnHfhsB8OWDC BbB+YE3lfLXDx6ROzVm3/HcXvpUjINe4SW6TQVrIy8gAAOoQWXCQiMGJS9MxjzuK6agC z73mETstOtJmkyrs4kVhLvn75zS4Wzwx2hLmXQBHTRS1Xn/Y/iDEZEC+ArCrEXEveImS QooEovdqMmLwAG8khiXIxAgwaoAMWiGoy2K0ZA34kPlDOf5DBDD8V0gycxE/naK59EgY 4Hnu/vCcsf3gmxZl9lX3pjdl3Uj6hs+XnQZL91KX6Z5KOlOQRi/61JAvq+ZwRyGL53/+ NNKg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=BbYxOPHD; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 41be03b00d2f7-c76c6565af5si550283a12.7.2026.04.07.07.23.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:23 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZE9lvpuBWDSBEK23WwZ4ytlqYwfh+c6R2a0WK19d5MJlH78Y3olrxilnurzwF5hHfSPGA9lZPImYJnq3UCNg44GLFSn3cD8CICpc+8+0rNv7eFfbNjInAtwMGrp1EjnJgGtO15dMfGscUXXlvYz4XVfhf8pDMglOY2b/HUbOTge8qnoLodCaPrI4A5UfttlvzzbTGqLb9TfBMUojgYkf12k/7wH6pBCtAFhXrHbjszex+Wiu7SzDiydLSN0171u5aD7fZ2yVCOrxGxcK69HwFEjinG/40TMtbxxm8jSE88cjIxRaaKrAcJtxbz3WkVtHHB+heyyaCafqSdb3M0k6hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zdKmJqXzhwdLaym1Gpr/YM+FCjnwt2mdCRKdKUcCHWw=; b=fx4sK0NjIF5qvvlNljNDkjb+78iz7+qj+T4IBUTzP9Or+us2Rb3s0g0NhlDgRYZuWu82Xa5h4n6nlet5cVIQyjFaig/gadMBP6a9zlwR0g1TdILMJDSy/t2AoAOMABWrWUyK3C490v1Uh8ZqSgCYa0ZNMsV7u0RsEPin0gpWeX1hhkAHeRhM3jWJX4lp4gHtlCXABznuxavY7u+HKO26V1JgRC2+5wt/ZfnMAxzVGI5cOZWxNTUNiHHE3unGSdvBo9Cej1w8KWYXmzH9FUvTx+ZRVwVNwr2CyxRoAamMqjuFOq9I7ZSKcDuDkL8GhEcsMQ21HT3HKtfhiFNBQiMIog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:20 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:20 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 03/16] download debs without locking Date: Tue, 7 Apr 2026 16:22:57 +0200 Message-ID: <20260407142310.2327696-4-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: e79eeaea-cc40-421b-d880-08de94b1383e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: xaKPMj5dJepgjtmH2NoRVtOxElYGuaAHElpyFsCfvzgk6lI5/o4YI4kpa/XSlmTQ8h5yLJ9JOuk5xGuPeF7IQY2AmDJzuiJUdFTmq9CK3W5jA7uq/MYMXHmMhBj7x1u8MH3VMoP4nL/PJnPbalQiP9NbjXpF0co6pDbEPjNHBj7HQQOJL5eYOWCIos1j9VvTkO+SR62v1ZRM0KGvcFjs73tulbTAJR5lK7T7+s0wf5FU9CMYopvp//BHXvggKws/uVrJRGkqTLuEbPmkELCr+RYxa9DdBapU4GwgXbgGmxDdI/5hVF17qFQ+c8rH+Wt10+yr5rPDF6tsFZfrHo0+BocVxBhaGHeA7lb6FT7LfBrqyMtCCaPk+LObHEGBQXxiGoIMqFTZIgtt8SDa4XY2x50AsBEreczL5aBfb7d/qYyodfSd2vyRSRSR1BpW+M/G71GT1L5LzTpFkO++ltvZGWroVzDm9911JehXKa8tXTx64qRcrG4YQRt9vaJlmKP22Z7hTuPSRhpkWS8wVzQWe1E74qLsJDHlUh5m5UEDLlZQpst2IdCMmeN+49Jt9pdUY6aoin0NtDtbx5Y5S53XTGjROpsK5LBOalkt9uGpw7MoD2d/Yg9d7wmijJRXMDwe2o1X618vIezOcRdcYd/jcjmx2eNaNUZvmsQYMgahKo++83k8fEnQKspj5Upo6tPdBqfC4EuZ6Wi1o3GAvRzBfKlobyDxkYE7zbdv454cZCA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: UEuHetEGHf9cwEoNIe5LXL7zVn0Zz3ht0zc8bofAseo023y/dLNltrDVe9F3NaIVe7/voA1FHvZoXLGafOO8JA3/k1+fRntH1Roio26LzeQVJVBC9eS7jozA+L665WmQCt91ma/QKH5UWe1jHVLNBljy34B6JVjANmMjjJJ7alXhA4VXYCta5F98x6JHlLKsWP+aHhlTZraLeEAZgs/hAdgxJtggp3bxZHEHFPTEgn2LtRbb8M/0ZI1rM5rPY4YCLrAIqfO3LyiFDQldjeGunlTIkQPd9ijAxJaFWVEpLYbZgyLV/SFmdYPHMQS2K1JoyGWxaEIPtATEcbhBR10XjEbSjqXX/EXcYCmXICcWf5KB3W+rji42xilX3RN29VpWpWXGN44b4XMsPQ540qQkdzPpgvlPLqeB/9mXPnAPi4BQGVZO8ILhJNZ9rHa7sMxInsUly/I0zjQ3NkPkmKHk/6fY7cNFmSi01iDfV3LwUUNGQQavG+KYe++CMkCiKMR+4iOT7Cyv0rroE/FLZPVsTSMoBa0bUa2UMO/TcwTB1D2k/NEu/i35MDgbI31f4jUe+ZcF2SazOtWozS1GmJKd/jnO9dymPODCXeRyPBTSJF01o6yLxGyw80S0kDsda9EUGDeW2vLXimyIB3+xL8XSSb4ueVUtcyCqXB2ftAF2yLZTcIaRx+1+Y8wgvg6mYOat46ZiW34SRU0652NadYm6OjN5wyaIJR76Jub7fgBI+SNQ5Z7tBUDIlC2H6nUJgJsmbM7cAoPPhyQ6VlujMcKfiQbfDLSx+UFPzRFkYSrzd13auFTELEri1gYB4RMhqmEOgtZ2RANyz1shPV81LnrFLyqXTS2Ttme+qSYvQhDkOUyeRZXYE4aKB3T1FJtXlSZ46fy2OvpioxhnrB8HVtob0G+anjdIVRZDfoP27rpmCj0wY9g55JfwhCtrKd/woOvKbqglDJ4ioE3ZvkORVK6BrBr1DbVFesiBkSNb7vJGXsWmujSs1ssjH+eIGatYWh1dC2sQAtB5J46YG88GA+36UtQm+DN7DoIrAO4TjI4C7l3oySiGIynshGHut6HPqQJlM5nUdmJbmt5MN/5fAletwxpEdFN1jHkZKasznpEUsnJjQE9nJSRx+iSam4L/qVJTodZ3X/dzCCmR1NCE5tmQdWy7THf1DRk+hDg8yzCYvaFAbFES66hIzc6lNdWqVtj7xbcLy3nrYcU/vKbWggXCpcwV8/wZ5T9xvylXTy8u+URRzwWt7NCr86aoQ9iafpkNVQiiMGqHqExXejiqDZID4WmpksIxN6THfFVi6RwYLMsuCLrKj0i9nPV1mshcIdqMSBDJPAGZumSdNSTXra2lSJg6A18YgexwS+l0/Rcu6OuNLrZ23R3Tswc64IWV7WlhX1srILDHJkx4ovJGk0krAxYco2JWDvBi8QNOsSAII0dm1YYkfNYJiAZi708wL8Z1kn78NdEqk7tHrH9d1w62biscQZ0qdX/pfjb0MmD2qLu3m4mw8/4lGxK5e3LpY/mhtTQtsZRzIqM0Qt9qIiu7Vh7cZ9Y3uLoC4k258glemzFW5Km0qVaSLbwzIIjCAUVUhyaGAJa9FmlTzq/iLWOcmFpv73EX4id42AaaJasl0cOFawI+rmhvVkdiUVV0/ldzfU1q9HmLY8LKQ/1Avi39bEksXhX+XcSqq3v1pe2xlZWMPwJJWiFJJJvsra4psb0QKVbiCCUpbL8ICNGvYYxpOZYaD8o+sDQrgTgyUmy2/dc= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e79eeaea-cc40-421b-d880-08de94b1383e X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:20.8375 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pNAuxsv8C5pIax9skkF/bmbt6aE6ENDVnLOEMaAs4R51CrBBJ7d8Bw9WB6da38W+OXc3Ozo+PYHDDCtmLmBEs3pn0fhx7Lp3nvqMyG/HdyM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=BbYxOPHD; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As we are only downloading and we are the only one acting on the rootfs, it is safe to not lock the apt cache. By that, we can avoid complex file ownerships in the tree. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 2 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/image-locales-extension.bbclass | 2 +- meta/classes-recipe/image-tools-extension.bbclass | 3 ++- meta/classes-recipe/rootfs.bbclass | 10 +--------- meta/lib/aptsrc_fetcher.py | 2 +- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 3ea75996..e3f055c5 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -80,6 +80,7 @@ debsrc_download() { --chdir "/deb-src/${rootfs_distro}/${src}" \ -- \ apt-get -o APT::Architecture=${DISTRO_ARCH} \ + -oDebug::NoLocking=1 \ -o Dir="${rootfs}" -y --download-only \ --only-source source "${src}=${version}" \ || echo "${src} ${version}" >> ${missing} @@ -121,7 +122,6 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ sudo -Es << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - touch "${rootfs}"/var/cache/apt/archives/lock chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index d14d56aa..629796d6 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -77,7 +77,7 @@ do_fetch_common_source() { schroot -r -c ${session_id} -d / -- \ sh -c ' cd /work - apt-get -y --download-only --only-source -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' + apt-get -y --download-only --only-source -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' schroot -e -c ${session_id} remove_mounts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 32666311..c90280aa 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -30,7 +30,7 @@ image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index ab616b7e..766f386d 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -54,7 +54,8 @@ imager_run() { apt-get update \ -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ -o Dir::Etc::SourceParts='-' \ - -o APT::Get::List-Cleanup='0' + -o APT::Get::List-Cleanup='0' \ + -o Debug::NoLocking=1 apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ --allow-unauthenticated --allow-downgrades --download-only install \ ${local_install}" diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 8b502a50..b201b97d 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -340,18 +340,10 @@ rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadPro rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - mkdir -p "${WORKDIR}/dpkg" - - # Use our own dpkg lock files rather than those in the rootfs since we are not root - # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) - touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" - # download packages using apt in a non-privileged namespace rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ - --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 4fe5a9ea..da2d94c2 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -41,7 +41,7 @@ class AptSrc(FetchMethod): set -e mkdir -p /downloads/{ud.localfile} cd /downloads/{ud.localfile} - apt-get -y --download-only --only-source source {ud.src_package} + apt-get -y -oDebug::NoLocking=1 --download-only --only-source source {ud.src_package} ' ''', d) except (OSError, FetchError): From patchwork Tue Apr 7 14:22:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5014 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:36 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pf1-f188.google.com (mail-pf1-f188.google.com [209.85.210.188]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENXSl015019 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:34 +0200 Received: by mail-pf1-f188.google.com with SMTP id d2e1a72fcca58-82c7ec40f92sf6676580b3a.0 for ; Tue, 07 Apr 2026 07:23:34 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571808; cv=pass; d=google.com; s=arc-20240605; b=bIy7kY82aP/kVUXt0ix7CBmkBVPw7agjEsGMJg6GdPFtU2KWPqsmpnLvd3J35kr5vC id6901TZgTz/ke8TO5ZBLuQZHZyZd/ZCspnqHxtVYOpxCRRsCyQ0Dli1MudZJfQxOm4o v6aU49nwWmSBg2xjCsznnpMzueLJQZHPM9mS9ou2fqQ4iQKAvBuj09QOOW5ttcyCjZLV iCvbYUSG/dVbW4lR3WPYNhM1NlRbOdE2ad+nWDf59/XO28epx2dCsZWS4UvLMuj8L9m4 jGmVjMidrMbg/jfXtrs/hujVjgBPewNBT0P25YHtEHVkLRzvHesIaimrMLNCYxizkdew m4GQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=vq8CLxhux/Ow1NuZ1LzbtcoPx3Ag9PgGGwxGXuM4MdY=; fh=vAP1CuZQMN3dzPNJlZy+YFJvxBzdq+Fdv30mDRK8Nk8=; b=U9MlNniAFd5Zldj/+Gj3WUGGTfgX5AD9j2QIWELriMRBp1tsHozlFZocX+ZChySwHq ky3n8jLwJBrHFAMQXdOIaTLBMU4BHVZBzqzWsZH4UyJoJUggGp8GEN3Fe2KGUyaxZT/s 8TzpGRI1xLh5u/wM/Wf/4QMaRK7BFrA7uRirG8PSoON+F+8YvJOZch8LLFyEHHkqrNDW N0Fy/9MLWG6+/FuYtKIjzQtUxMJ1Vz+YTGFFRaSSLudkhEnjcbr9Qt5dp1BdPKfr3E12 0ltnv+XTrP7KxIfYWps2hvya5+MRxfc4ED7NbXX/F6bQOhNCjo/zrbJq9xLB2ZpUk+8C 1fbg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="C/vd02dP"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571808; x=1776176608; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=vq8CLxhux/Ow1NuZ1LzbtcoPx3Ag9PgGGwxGXuM4MdY=; b=ntDYSqymiYLSRANitfFc2RIzs2M3XR92A2sVwi0oKA5i3JcosbpOfnu1aitmOBNDFD ro7MlKh83jAtLDX4k07FUTDyWkUPuifN6WSHReKAkYzKsNnKWqxdyjeSXnIkaIRup+hN 9Cvb9wgSs8cKGXTpdUIOvNKbWwYrVF64orMP/GYaz83/Pl5POYxN3ym4hmiaqDOaTvwC 1fLRMBwkd2AjxMXIdB0oG2gkKgRL+nAbjBiBL3WR4fKkPVIr9mOJW8EGjghYRYhsJRez ezOST3r3CmaihGuXI9gbPhQn6ua/SAK30YJsXPHIbVGSZ+Yc2cjoBzevLwqZa0Wg4k4t JmcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571808; x=1776176608; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vq8CLxhux/Ow1NuZ1LzbtcoPx3Ag9PgGGwxGXuM4MdY=; b=RJcMitZjy1sFaD/lYTiD0Amk/9Znck2IZYSfpg6OO+H3aqMtevnlajGc3Kn0BQIiBb Aa1Sg3YpBhaUAYYKbKI6U4eHk9FjasKgSHrTh6k6wXmcDUcrDDYL1U5m2yfup42zalKd 6KN+th7Fubd4ShSH6oYDrdHg/W/IJ+Lu0G92SwP0HQMRIKosuVW+8AheFEfcLS7IiPtE fG8W+FVpDHSnT0mmAHRrwUTfogXAMFF6G9pMWXxsXXFel5V7tj5s5bRnsvHiq800jck3 FC54Avie6JtdU3vEjhaQX8MDEcAzNRrJtlzAGIzVNWUg9E17XC8fKYa4AO23RyuXa/XT lFqQ== X-Forwarded-Encrypted: i=3; AJvYcCWIUtpUILreeao14AT0ACWAKz1Qmdtdt06+HltPHTOqKVhAgOt0BU2ehLzHbzDaRF0WptW0W5w=@isar-build.org X-Gm-Message-State: AOJu0YwEypUH33xYxWNeXBgK+cnGqfIvuFTYSeffYDnS3uQyF15Y3+hM RkleDHU5Xho+3q9ii54i7XbrBkmaXpaIv+qWmYmNacDh+g9k2d+vwYPX X-Received: by 2002:a05:6a00:ab87:b0:82c:ae58:4690 with SMTP id d2e1a72fcca58-82d0dbd4f9amr16298059b3a.52.1775571807580; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiIN3ZyUzEEjxn6TmTLQDaMkLBP2yY08KGqyZPobVurlTw==" Received: by 2002:a05:6a00:1e5:b0:7b0:cd34:78d5 with SMTP id d2e1a72fcca58-82cfd4c731cls5573811b3a.0.-pod-prod-06-us; Tue, 07 Apr 2026 07:23:26 -0700 (PDT) X-Received: by 2002:a05:6a00:3696:b0:829:86a5:d30a with SMTP id d2e1a72fcca58-82d0da772d5mr16630968b3a.16.1775571805974; Tue, 07 Apr 2026 07:23:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571805; cv=pass; d=google.com; s=arc-20240605; b=FSxAEtGMzZjV3rcphulHfJ5L1SGaEebPmCsGMKnfomg6tVEQAVAaWmRg7OZI/BH0Bh BY3IvWRqL8rQeHpHy9+J3CsKtLxy+4ROaPEjtaepXf3Mt0n8TqEnykn78OfTAdqaoU8n 7w/wzzasoBbBevE7nv2HVkEdKjuMGSrUd+1AUwszjAsZ61w9j3WpjuQNft1WeeMSrKvF Vmfkc1xXXf4cxb70AxrjGBCnT4XMOtNYu1TyESJqvdtvPZFiehm6SX6kfbQRsmk2S8bk c8TBftlwDwEut9cq9xvHk4ZBgVrbnxsigFR15yNt4tWvmsX1ZDnepNaFNTGbN6n4VSHe RH6Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=gZyK9wFrBMcQkGARlo9bRhGDSDL8hdkP31epG+rgGJ0=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=LyWLFwvLOpWP1sjXT3VHkiqQsrt2t8BALrm5XPyL5yqsz29y6/M+P5BGYfXR/RYA/6 5l3FybPkDfXx2zPdZQSuJ/bKfu7HyC//lpIoGk20AsX3HtD2usR6XUTNyjE9XUtYE3tX SFLLjkbNWOhUC1Mr7ktU/7wu0mBX864UsWzx4PmKq8nTP0I3V8X3jJZFS0mFZxKlXEEd Fe5hxCQrtIT+bLayd9XizjXOZ4vtpoGr4JxNVPfLg/UiIfF/KqX10EsA3q0JOWkvwB9w 8YbZLiq2owqR0pFtSmiJ/zQPp/8Dp8XYX3KTFWi8r4pLihsK6h58X6PqqaMMcjdjAST8 SYlQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="C/vd02dP"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-82cf9b37161si563917b3a.2.2026.04.07.07.23.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:25 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CV+oa+iPeVdfyupD8XSzj6S4StBN6IYEVi7m+LivQOtuLFRHf74Iif9qAOgKzKE+ZdkbQhP3yCzgAedPrwSllLvdOEQcOXO/cF3HOHZck69P8JRmJRruI7AAZChtmN+uuvwfSLHJCgEZLmhdMnX9RPiaDRqtw/PTpIH+ov0nHOc7vFEiHzEIoDOlr0972wTx/GaPl/6zRZycnjOaUKfXZLq0nlNYKVefAhYdj+J0VIawgg8oAg6fTLuBVwblMoANiVuoPzpLVD6eU6xRemDhWdt8dgZBAIlBJAhyEfIuyLZWWAMl0sQG5ezbFfhcoiw4oXfuGhnykz3ftrUCHhR+6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gZyK9wFrBMcQkGARlo9bRhGDSDL8hdkP31epG+rgGJ0=; b=OqvmpcEpjmWHjr602CpYULG7C7wqifb4I4exR/BXVXzVIyJA4LlkjYiPaU8yk9PpbmCAI6GL2QN8ckd63iyXFYqRf8tZzskTjAxstMzg+pYe/zHIfcaCLqYplmAQU+xIq2aNpsteI72efJ0y9glN4BjTo0n1360guqgWFTUrq8Gfq9DhVHuVNWaegLHVu4irI/OQWSjaq1My/lwBsCWo7LMLzs6k1yFi7QMWsSkcdDA3OwQ7VqYXJqQDJ2T/pKEQIta7Qx+8u0EhaY+DAYnLsJzm3aioqwWeTfP+oDUGqTZwSqedXQhS54hMSb5Xfd3AZ1Bw4xCOPLfB+l7DmoogTg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:21 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:21 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 04/16] introduce wrappers for privileged execution Date: Tue, 7 Apr 2026 16:22:58 +0200 Message-ID: <20260407142310.2327696-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: 47ce123b-ce29-4346-ce48-08de94b13890 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|20052099010|55112099003; X-Microsoft-Antispam-Message-Info: +uxoOk9EJMNILZ1+HtBisFnn/+/Wu42vHRI00xsYQ06hfx4G43Z3Sof+E3lZbNCev44+LQu2o/ighlQPKv1bz0eoEaMaat5qtzl98Wjq7WswkzhaoJQ7DJvW9JsvQHWRQ1DUvN6kYmWt1XWrCZk7hwe6qg3YT/Ozn1syFwRRq0ALst9MqtqAJvYktuwuDp7oh7ANBTzStosafTu2Eb0yeO/xsBFNAmQuIkdIUejzbrJQ2q1t3wQOC/M3oS2CiXCdE60oCy8q/Ba86jO9nx2Ru97WEIgK2tm/B2LSAM4q05BttoCn7tFoP/bw6ksyOkPLVi1nFizfnf4GRgu862M2XhihgbKaJodzVR+I3f7qwS2I4AL5b7bzUknOmM37gstl07nGcYMgM3SjCa2hmJeCP8KprqFalTFFFFGo+Hm2tFa4WEOlecPfU5CLYLo93KVAqOgbuzkrrXToy1O7hVJYCyLtE1YjEJByd9gRZkQXyEUouHyYVHKSSr/lgNA/z1A0hbxH0a59o+b+Zrz++jwjZTZ+XrP0isSm3YBdk0aeXvg5P+n5hILktJLITXIRu9J2c1fr5hct6rJ6ri4WwAun/wvvLOs2sd1d9hb8W7tvNIouXo2mHS4cUOToBwgk9AbB2JxKDnfCxOHEMAKZtMMr6EMPoDdvv2sF+luOb6Oi0pRGs4YUiu/Ai03VKoOeTWkOPde6ljSGM9eKi2AyVeioEPpcGlZS1Q6gIBAzCuWkrTc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(20052099010)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: PXmzKXrHv5vwS7UcRmV/ctcSHgoUrH9QBcXSvDqzB03dAdOHbC7oP3pKowwDmywkxN5PEKgs5lPcfm+ueL7dpiCURFH7U1F8y+KOwm88KAqEmVOqzj1B8ucJG3luVHHIZjkZpA4kC3g9SS6Z2SYEXO8uF7+BZdLjYafAbKMlmz6Nv0oo9bw1Sb4oYrIae0sEmquMNdITZA49WpUBMGqAEawblcLKHB3Q7FLgUdTACM1vLd5NrZQatXGxojh8Uv882GL1VG9X+lJxXqCN8xpAps3hFSy9Et9dICd8fm4m3r29sWAzI95jSt4IVMkdTZPr1khuB/H148EFJnilInD0YBT4TxWWqCU6XwYuwtwP1D8jrvQF8RI0SqB7llmOfc6KAfpyHuKJqSVeWiHWZ1P5ImIQAYFiAYXnVtPJ0Pwk4pILJINp6S27TTMtMG2RcUoiZyybXFbEdFVJPyGHk8OwAx1s5Q9SGDxK13s0whHvCYEeSV1Sp79XQk8Scdstaik6cTnfC72rAsH0j09mL6pKpGxzoyP1VXTraVSbwvzlTE4NeQ9huOnGLGQWNQ1itj0vb/ZCK4nnsgzYBAutoV9X6llnEAi1Blyx7q2f+FSGOxHFLpQgnOzBT2iJvHEZegGQpwUpOxltt67xvhjNn/XqPXZINDJIOTHe2KCb041HQkCjBJK2w6zvbnph0HC+nb5zUvvu7OdaBSPE7NdBcwEKbTYIkb5jAMF3LTgNDYiBA20dtnvsaDKIsyHh7EqcvqocqkaUX6Ve1Z2SLR4LF8E5+4Ew5VsRCr38620H2JwzUqk4CG0SalOw7/8s4RVg2V2YYMFrzW3oHoJvfO70tcD9K7txQ5/eVX52jk881j1UrI0KRnxoKPbCTrvn6DAdyFEqIrNIUWtniE8M6EDwx0CZZR7MFJ0j4QC54L7+uHEp43ab3Gkyvyuj06v/Klekz3XurmX9oUc3I7XxZaIcIV/zRg+3ye9V89Gq4PYCa/EdS6YWY5UDXx67F+SZv63BgtCfy3PdoHcMY2zMa2PvjQ9n15328HJDarK6BPNZaxgiBv5MN8l6NXD7r4WgmkdN/dRrYqDvZVrgshsS6bMc19j7QIjecT/P3mi2s1Ph0V6brx8bICaF9Ton8En8EYEbyCIXIOIGdXwpjgU05GSNnJeg9923g5VNwzm9ee/RL4QCs4fHNyDHwilj4TKaQBRfTeBR6UxGpofdtP1ibsuk+BE26uQ0+8jkyDtk1le9XPcF6dZ/k2YgXIAYUn6LNkEFNsr4EMJTNr2tQ+kJ1/b736foPbbFJNLOdt2NQ6oo1Va//+GLbB9rFrGSJ9YKQE2maNDcxSi2MjLwkHxaHEJ1Uzwrp5qsJspUtR+TTVo7E63mAyVer1mYqVx6aBzetRd8mThPoSR44zTcS1OUcK2Q31vOvKIRQh2fwjcYT2acl669xuAflGsyYwnZd+Fh1Lse6fYlaz9+sX/TiWGiL/m+ClctDlB0NvyuaNRdjvVefp0CVM+jKuiYuo75iFK4voB6Mrgv0B2WGWQWXwaXXluWO7HoUhJlfyWLJfZAup36hJt/rCEiKhH3u55XRgI9cT9JpfWYT5jGzb1/Pfc+prmeuG9OvVedshc0lSDIUJW0mKHZAqd47C4A803pZonmsfq3TqIbB8u6YVey1MS65xqHiDnRlNTXkhruTzZkb1oVeORyza3Nug7mDPFZE9W8kO7HDkSMH48Qw48tHUiqca1JpBGFQvR9SgJrfifHV9mrTaXknQE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 47ce123b-ce29-4346-ce48-08de94b13890 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:21.4914 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UFMGZm5HGR3K0Ap/sr2oG40UbNWVbTtPL4lYUdhE0NZQuWuZkJwcBW/p4PYeI0bjG+072szmhjNh+xNaBL57fGW7dNakKs3m3TgE4mY8oQM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="C/vd02dP"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As a preparation to enable rootless builds, we introduce wrappers for common cases of privileged command execution. The wrappers are defined in the base class where later on the executor dispatching will be implemented as well. The wrappers are introduced throughout the whole codebase and downstream layers are also encouraged to use them to increase compatibility with upcoming API changes. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 16 ++++ meta/classes-global/base.bbclass | 26 +++++- meta/classes-recipe/deb-dl-dir.bbclass | 8 +- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 2 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 4 +- .../image-postproc-extension.bbclass | 30 +++---- meta/classes-recipe/image.bbclass | 14 +-- .../imagetypes_container.bbclass | 26 +++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 +- meta/classes-recipe/rootfs.bbclass | 89 ++++++++++--------- meta/classes-recipe/sbuild.bbclass | 10 +-- meta/classes-recipe/sdk.bbclass | 14 +-- meta/classes/sbom.bbclass | 2 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 +-- .../unittests/test_image_account_extension.py | 9 +- 17 files changed, 156 insertions(+), 116 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index c5962969..d0aa6e1a 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1061,3 +1061,19 @@ incorrect build results. Changes in next --------------- + +### Execution of privileged commands + +When operations require higher privileges than those available to the build user, +the following helper functions shall be used: + +**run_privileged**: Run a command as root while preserving the environment. + +**run_privileged_heredoc**: Execute commands provided via stdin in a root shell. + +**run_in_chroot**: Run a command within a chroot environment. The first argument +specifies the rootfs path. + +Using these helpers instead of direct `sudo` invocations centralizes platform-specific +privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged +in downstream layers. diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 70b4565b..d4dbbc3a 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,7 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - sudo rm -rf --one-file-system "$TMPDIR$i" + run_privileged rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -375,3 +375,27 @@ def deb_list_beautify(d, varname): if stripped: var_list.append(stripped) return ', '.join(var_list) + +# Helpers for privileged execution. Only the non-underscore functions +# shall be used outside of this class. + +def run_privileged_cmd(d): + cmd = 'sudo -E' + bb.debug(1, "privileged cmd: %s" % cmd) + return cmd + +RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" + +run_privileged() { + ${RUN_PRIVILEGED_CMD} "$@" +} + +run_privileged_heredoc() { + ${RUN_PRIVILEGED_CMD} /bin/bash -s "$@" +} + +run_in_chroot() { + rootfs="$1" + shift + ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" +} diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index e3f055c5..04fd6414 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -98,7 +98,7 @@ debsrc_download() { dbg_pkgs_download() { export rootfs="$1" - apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ + dbg_pkgs=$(apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ -a "${DISTRO_ARCH}" packages \ "${rootfs}/var/cache/apt/archives" \ | awk '/^Package:/ {print $2}' \ @@ -110,7 +110,9 @@ dbg_pkgs_download() { | grep "${DISTRO_ARCH}" \ | awk '!/Binary:/ {print $1}' \ | sort -u - done | xargs -r sudo -E chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- + done) + + [ -z "${dbg_pkgs}" ] || run_in_chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install $@' -- ${dbg_pkgs} } deb_dl_dir_import() { @@ -120,7 +122,7 @@ deb_dl_dir_import() { export gid=$(id -g) # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ - sudo -Es << ' EOSUDO' + run_privileged_heredoc << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index f7a12302..e5987554 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -161,7 +161,7 @@ def isar_export_build_settings(d): dpkg_schroot_create_configs() { schroot_create_configs - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' sbuild_fstab="${SBUILD_CONF_DIR}/fstab" fstab_isarapt="${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO} /isar-apt none rw,bind 0 0" grep -qxF "${fstab_isarapt}" ${sbuild_fstab} || echo "${fstab_isarapt}" >> ${sbuild_fstab} diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index c1c38184..dcdef487 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -129,5 +129,5 @@ dpkg_runbuild() { deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts - sudo rm -rf ${WORKDIR}/rootfs + run_privileged rm -rf ${WORKDIR}/rootfs } diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index e874f3c7..de01484c 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -34,7 +34,7 @@ def image_create_groups(d: "DataSmart") -> None: """ entries = (d.getVar("GROUPS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] @@ -72,7 +72,7 @@ def image_create_users(d: "DataSmart") -> None: entries = (d.getVar("USERS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index c90280aa..029caec7 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,7 +29,7 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } @@ -60,7 +60,7 @@ ${@get_nopurge(d)} __EOF__ # Install configuration into image: - sudo -E -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 diff --git a/meta/classes-recipe/image-postproc-extension.bbclass b/meta/classes-recipe/image-postproc-extension.bbclass index 43ab750c..59128c2a 100644 --- a/meta/classes-recipe/image-postproc-extension.bbclass +++ b/meta/classes-recipe/image-postproc-extension.bbclass @@ -17,19 +17,19 @@ update_etc_os_release() { done if [ -n "${OS_RELEASE_BUILD_ID}" ]; then - sudo sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "BUILD_ID=\"${OS_RELEASE_BUILD_ID}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT}" ]; then - sudo sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT=\"${OS_RELEASE_VARIANT}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT_VERSION}" ]; then - sudo sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT_VERSION=\"${OS_RELEASE_VARIANT_VERSION}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi } @@ -37,11 +37,11 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_configure" image_postprocess_configure() { # Configure root filesystem if [ -n "${DISTRO_CONFIG_SCRIPT}" ]; then - sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" + run_privileged install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" TARGET_DISTRO_CONFIG_SCRIPT="$(basename ${DISTRO_CONFIG_SCRIPT})" - sudo chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ + run_in_chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ "${MACHINE_SERIAL}" "${BAUDRATE_TTY}" - sudo rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" + run_privileged rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" fi } @@ -58,13 +58,13 @@ image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( run_in_chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" fi - echo "$MACHINE_ID" | sudo chroot ${IMAGE_ROOTFS} tee /etc/machine-id - sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' + echo "$MACHINE_ID" | run_in_chroot ${IMAGE_ROOTFS} tee /etc/machine-id + run_privileged rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen" @@ -82,13 +82,13 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_disable_systemd_firstboot" image_postprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_VERSION=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${source:Upstream-Version}' \ --show systemd || echo "0" ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then - sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot - if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ + run_in_chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot + if ! cmd_output=$(run_in_chroot '${ROOTFSDIR}' systemd-firstboot \ --prompt --welcome=false /dev/null); then bbwarn "Your image is not configured completely according to systemd-firstboot." bbwarn "It prompted: \"${cmd_output}\"" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index 866df68a..9fcdda48 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -364,7 +364,7 @@ get_build_id() { ROOTFS_CONFIGURE_COMMAND += "image_configure_fstab" image_configure_fstab[weight] = "2" image_configure_fstab() { - sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF + run_privileged tee '${IMAGE_ROOTFS}/etc/fstab' << EOF # Begin /etc/fstab proc /proc proc nosuid,noexec,nodev 0 0 sysfs /sys sysfs nosuid,noexec,nodev 0 0 @@ -392,7 +392,7 @@ do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - sudo cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" + run_privileged cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" fi for file in ${DTB_FILES}; do @@ -448,7 +448,7 @@ def apt_list_files(d): IMAGE_LISTS = "${@ ' '.join(apt_list_files(d)) }" do_rootfs_finalize() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -e "${ROOTFSDIR}/chroot-setup.sh" ]; then @@ -474,14 +474,14 @@ EOSUDO # Sometimes qemu-user-static generates coredumps in chroot, move them # to work temporary directory and inform user about it. - for f in $(sudo find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do - sudo mv "${f}" "${WORKDIR}/temp/" + for f in $(run_privileged find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do + run_privileged mv "${f}" "${WORKDIR}/temp/" bbwarn "found core dump in rootfs, check it in ${WORKDIR}/temp/${f##*/}" done # Set same time-stamps to the newly generated file/folders in the # rootfs image for the purpose of reproducible builds. - sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + run_privileged find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' } do_rootfs_finalize[network] = "${TASK_USE_SUDO}" @@ -518,7 +518,7 @@ do_rootfs_quality_check() { ;; esac done - found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) + found=$( run_privileged find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) if [ -n "$found" ]; then bbwarn "Files changed after package install. The following files seem" bbwarn "to have changed where they probably should not have." diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index fba15503..fb1d0cdf 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -37,38 +37,38 @@ do_containerize() { # prepare OCI container image skeleton bbdebug 1 "prepare OCI container image skeleton" - sudo rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" - sudo umoci init --layout "${oci_img_dir}" - sudo umoci new --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" + run_privileged umoci init --layout "${oci_img_dir}" + run_privileged umoci new --image "${oci_img_dir}:${empty_tag}" if [ -n "${cmd}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.cmd="${cmd}" fi if [ -n "${entrypoint}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.entrypoint="${entrypoint}" fi if [ -n "${path}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.env="PATH=${path}" fi - sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci unpack --image "${oci_img_dir}:${empty_tag}" \ "${oci_img_dir}_unpacked" # add root filesystem as the flesh of the skeleton - sudo cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + run_privileged cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" # clean-up temporary files - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + run_privileged find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete # pack container image bbdebug 1 "pack container image" - sudo umoci repack --image "${oci_img_dir}:${tag}" \ + run_privileged umoci repack --image "${oci_img_dir}:${tag}" \ "${oci_img_dir}_unpacked" - sudo umoci remove --image "${oci_img_dir}:${empty_tag}" - sudo rm -rf "${oci_img_dir}_unpacked" + run_privileged umoci remove --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index dd6c501d..8b048dc7 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,8 @@ generate_wic_image() { fi EOIMAGER - sudo chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - sudo chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index b201b97d..440786b5 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -136,7 +136,7 @@ rootfs_cmd() { rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ ( mount -o bind,private /dev '${ROOTFSDIR}/dev' && @@ -182,7 +182,7 @@ EOSUDO } rootfs_do_umounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if mountpoint -q '${ROOTFSDIR}/isar-apt'; then umount '${ROOTFSDIR}/isar-apt' @@ -225,7 +225,7 @@ rootfs_do_qemu() { if [ '${@repr(d.getVar('ROOTFS_ARCH') == d.getVar('HOST_ARCH'))}' = 'False' ] then test -e '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' || \ - sudo cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' + run_privileged cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' fi } @@ -240,16 +240,16 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - sudo tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" # setup chroot - sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" + run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" } ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_isar_apt" rootfs_configure_isar_apt[weight] = "2" rootfs_configure_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/sources.list.d' @@ -270,7 +270,7 @@ EOSUDO ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_apt" rootfs_configure_apt[weight] = "2" rootfs_configure_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' @@ -293,7 +293,7 @@ ROOTFS_CONFIGURE_COMMAND += "rootfs_disable_initrd_generation" rootfs_disable_initrd_generation[weight] = "1" rootfs_disable_initrd_generation() { # fully disable initrd generation - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -310,7 +310,7 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ -o Dir::Etc::SourceParts="-" \ -o APT::Get::List-Cleanup="0" @@ -322,9 +322,9 @@ rootfs_install_resolvconf() { if [ "${@repr(bb.utils.to_boolean(d.getVar('BB_NO_NETWORK')))}" != "True" ] then if [ -L "${ROOTFSDIR}/etc/resolv.conf" ]; then - sudo unlink "${ROOTFSDIR}/etc/resolv.conf" + run_privileged unlink "${ROOTFSDIR}/etc/resolv.conf" fi - sudo cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + run_privileged cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' fi } @@ -358,7 +358,7 @@ rootfs_export_package_cache() { ROOTFS_INSTALL_COMMAND += "${@ 'rootfs_install_clean_files' if (d.getVar('ROOTFS_CLEAN_FILES') or '').strip() else ''}" rootfs_install_clean_files[weight] = "2" rootfs_install_clean_files() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' for clean_file in ${ROOTFS_CLEAN_FILES}; do rm -f "${ROOTFSDIR}/$clean_file" done @@ -370,14 +370,14 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - sudo -E chroot "${ROOTFSDIR}" \ + run_in_chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" rootfs_restore_initrd_tooling[weight] = "1" rootfs_restore_initrd_tooling() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar-stubs" rm -rf "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -386,8 +386,8 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-initrd', '', 'rootfs_clear_initrd_symlinks', d)}" rootfs_clear_initrd_symlinks() { - sudo rm -f ${ROOTFSDIR}/initrd.img - sudo rm -f ${ROOTFSDIR}/initrd.img.old + run_privileged rm -f ${ROOTFSDIR}/initrd.img + run_privileged rm -f ${ROOTFSDIR}/initrd.img.old } do_rootfs_install[root_cleandirs] = "${ROOTFSDIR}" @@ -437,21 +437,21 @@ do_cache_deb_src[network] = "${TASK_USE_SUDO}" do_cache_deb_src() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} debsrc_download ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -459,21 +459,21 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('BASE_REPO_FEATURES', 'cache cache_dbg_pkgs() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} dbg_pkgs_download ${ROOTFSDIR} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -482,17 +482,17 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get clean - sudo rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* + run_privileged rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* # remove apt-cache folder itself (required in case rootfs is provided by sstate cache) - sudo rm -rf "${ROOTFSDIR}/var/cache/apt/archives" + run_privileged rm -rf "${ROOTFSDIR}/var/cache/apt/archives" } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-log-files', 'rootfs_postprocess_clean_log_files', '', d)}" rootfs_postprocess_clean_log_files() { # Delete log files that are not owned by packages - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/find /var/log/ -type f \ -exec sh -c '! dpkg -S {} > /dev/null 2>&1' ';' \ -exec rm -f {} ';' @@ -501,32 +501,32 @@ rootfs_postprocess_clean_log_files() { ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-debconf-cache', 'rootfs_postprocess_clean_debconf_cache', '', d)}" rootfs_postprocess_clean_debconf_cache() { # Delete debconf cache files - sudo rm -rf "${ROOTFSDIR}/var/cache/debconf/"* + run_privileged rm -rf "${ROOTFSDIR}/var/cache/debconf/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-pycache', 'rootfs_postprocess_clean_pycache', '', d)}" rootfs_postprocess_clean_pycache() { - sudo find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print - sudo find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_ldconfig_cache" rootfs_postprocess_clean_ldconfig_cache() { # the ldconfig aux-cache is not portable and breaks reproducability # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034#49 - sudo rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache + run_privileged rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_tmp" rootfs_postprocess_clean_tmp() { # /tmp is by definition non persistent across boots - sudo rm -rf "${ROOTFSDIR}/tmp/"* + run_privileged rm -rf "${ROOTFSDIR}/tmp/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" rootfs_generate_manifest () { mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} - sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ dpkg-query -W -f \ '${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' > \ '${ROOTFS_MANIFEST_DEPLOY_DIR}'/'${ROOTFS_PACKAGE_SUFFIX}'.manifest @@ -542,7 +542,7 @@ rootfs_export_dpkg_status() { ROOTFS_POSTPROCESS_COMMAND += "rootfs_cleanup_isar_apt" rootfs_cleanup_isar_apt[weight] = "2" rootfs_cleanup_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/isar-apt.list" rm -f "${ROOTFSDIR}/etc/apt/preferences.d/isar-apt" @@ -553,7 +553,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@'rootfs_cleanup_base_apt' if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else ''}" rootfs_cleanup_base_apt[weight] = "2" rootfs_cleanup_base_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/"*base-apt.list EOSUDO @@ -561,12 +561,12 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'populate-systemd-preset', 'image_postprocess_populate_systemd_preset', '', d)}" image_postprocess_populate_systemd_preset() { - SYSTEMD_INSTALLED=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_INSTALLED=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${db:Status-Status}' \ --show systemd || echo "" ) if (test "$SYSTEMD_INSTALLED" = "installed"); then - sudo chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" + run_in_chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" fi } @@ -626,7 +626,7 @@ rootfs_generate_initramfs() { mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - sudo -E chroot "${ROOTFSDIR}" sh -ec ' \ + run_in_chroot "${ROOTFSDIR}" sh -ec ' \ ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ ' @@ -664,11 +664,12 @@ rootfs_install_sstate_prepare() { # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - sudo mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro + + run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro lopts="--one-file-system --exclude=var/cache/apt/archives" - sudo tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - sudo umount ${WORKDIR}/mnt/rootfs - sudo chown $(id -u):$(id -g) rootfs.tar + run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs + run_privileged umount ${WORKDIR}/mnt/rootfs + run_privileged chown $(id -u):$(id -g) rootfs.tar } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -677,7 +678,7 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - sudo tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index 95dadee3..d9ccce7f 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -20,7 +20,7 @@ SCHROOT_LOCKFILE = "/tmp/schroot.lock" schroot_create_configs() { mkdir -p "${TMPDIR}/schroot-overlay" echo "Creating ${SCHROOT_CONF_FILE}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e cat << EOF > "${SCHROOT_CONF_FILE}" @@ -59,7 +59,7 @@ EOSUDO schroot_delete_configs() { (flock -x 9 set -e - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -d "${SBUILD_CONF_DIR}" ]; then echo "Removing ${SBUILD_CONF_DIR}" @@ -101,7 +101,7 @@ sbuild_export() { } insert_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -112,7 +112,7 @@ EOSUDO } remove_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -123,7 +123,7 @@ EOSUDO schroot_configure_ccache() { mkdir -p "${CCACHE_DIR}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e sbuild_fstab="${SBUILD_CONF_DIR}/fstab" diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 6f09b5f6..16165792 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -69,12 +69,12 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "${@'rootfs_cleanup_isar_apt' if bb.utils.to ROOTFS_CONFIGURE_COMMAND:append:class-sdk = " ${@'rootfs_configure_isar_apt_dir' if bb.utils.to_boolean(d.getVar('SDK_INCLUDE_ISAR_APT')) else ''}" rootfs_configure_isar_apt_dir() { # Copy isar-apt instead of mounting: - sudo cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt + run_privileged cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt } ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - sudo chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" @@ -83,7 +83,7 @@ sdkchroot_finalize() { rootfs_do_umounts # Remove setup scripts - sudo rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh + run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh # Make all links relative for link in $(find ${ROOTFSDIR}/ -type l); do @@ -95,16 +95,16 @@ sdkchroot_finalize() { new_target=$(realpath --no-symlinks -m --relative-to=$basedir ${ROOTFSDIR}${target}) # remove first to allow rewriting directory links - sudo rm $link - sudo ln -s $new_target $link + run_privileged rm $link + run_privileged ln -s $new_target $link fi done # Set up sysroot wrapper for tool_pattern in "gcc-[0-9]*" "g++-[0-9]*" "cpp-[0-9]*" "ld.bfd" "ld.gold"; do for tool in $(find ${ROOTFSDIR}/usr/bin -type f -name "*-linux-gnu*-${tool_pattern}"); do - sudo mv "${tool}" "${tool}.bin" - sudo ln -sf gcc-sysroot-wrapper.sh ${tool} + run_privileged mv "${tool}" "${tool}.bin" + run_privileged ln -sf gcc-sysroot-wrapper.sh ${tool} done done } diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b220f3d9..b4fcddaa 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -41,7 +41,7 @@ def sbom_doc_uuid(d): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) generate_sbom() { - sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index f21a6164..da8bc52d 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -209,19 +209,19 @@ do_bootstrap() { trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ && rm "${WORKDIR}/mmtmpdir"; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && sudo umount $tmpdir/$base_apt_tmp; \ + && run_privileged umount $tmpdir/$base_apt_tmp; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && sudo umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && sudo rm -rf --one-file-system $tmpdir; \ + && run_privileged umount $tmpdir/base-apt; \ + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && sudo umount $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -254,7 +254,7 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - sudo rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/testsuite/unittests/test_image_account_extension.py b/testsuite/unittests/test_image_account_extension.py index f78aa7f8..ff0e47e0 100644 --- a/testsuite/unittests/test_image_account_extension.py +++ b/testsuite/unittests/test_image_account_extension.py @@ -54,9 +54,8 @@ class TestImageAccountExtensionImageCreateUsers( image_create_users(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/useradd', @@ -136,9 +135,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupadd', @@ -164,9 +162,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupmod', From patchwork Tue Apr 7 14:22:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5012 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:33 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f55.google.com (mail-pj1-f55.google.com [209.85.216.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENWsF015006 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:33 +0200 Received: by mail-pj1-f55.google.com with SMTP id 98e67ed59e1d1-35d90c7ec5asf12584735a91.2 for ; Tue, 07 Apr 2026 07:23:32 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571806; cv=pass; d=google.com; s=arc-20240605; b=XxYhTwBUYiv3OAcey2yJXuoAcAeH3siAfTcNUeEt8JejK5/YQDXu3CwXwHcGgAyW/c Ejbra0KhGkGRRFY3LfGOv+goSwPxy+YMicljNcCLI5y3ka/iTT0UIV13Ax7yUTluO2b1 AyI4nXY1S884OR5BCHvrgf5pZ13A0WeyceVlmgaP4fF0HltehFbT6wKVTwCbSPnYAjwi 8g66gInTdQBxA38MHjVkk2vdGLerF7VXZRpIznm6TxLjlsd/VDvrcY6Zn36n+jljtf3f G6eavDzrA+VjaHOv9Z6vNv+vCrNJQ6KS1N4Ve0Ni2MpLmorpjlsiaf1yfGVDQmqNaLPm Of8g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=EuRk9CoD/a4T78HN9dK9o8IMbT+dZDQdUPFYkdbJWzg=; fh=vGhs1by/Kg9xbTZoAYISIcp+lGa/1ZtFqZuSCeqnkyI=; b=AcdORCcpDRCaZ6Xd4KDOc/GyAqJo9AvfbcM71oUfe0NrvvAZsZTA+EQkbRC0xm2+RP onVBSwLQSiYw1i5phQHUmPsbj138DQ7koVrT1R6/CKCpAqpv8ZtpZuojyDMyVZJEofuN YN11U9r2Po6L3WKOMRAEVEZo+4bjzoZDUTy7Yx9EjB90PT8DmeE1gGACPpESUL94rqKF jkKKj39jDuBZ7lgb5YduIy2nXo8dntzIle7PquEa0cuFHYB1+NiZTwurBcTHVwp9rK1j qjQOe/0z3ce9sXm9r9B4Fm+fb+QCpznBi5CYuI2wYL/jCFkzX26jKPQzKj64MBynw9c7 lREA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=AHE0HSb6; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571806; x=1776176606; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=EuRk9CoD/a4T78HN9dK9o8IMbT+dZDQdUPFYkdbJWzg=; b=wTQhY9+JaJNh/MeQ+CQ6V/FQA/ziL9M7AqCyYIjnB3aTGgC4kWKsZGUcQz32jebazK +fxXW4Lp5n/HlAFrVT6bzup3FW2GflojoB6ySWWc2BKExbM6gOXZIdIF9OHLRKAmPpRz u/MbLhTtMqJ1KPRxb+Xz2+frZvu0eNaGhHGLARTzxXOH8uceSimFLnQLY0xhJegaKyJy wZTnEKW1UimLoIAm3bCfTd0JvlmIpS5PMdGCIXiCoU+4Hw5Jd21UoVUoSU7IunneICxE PmartOefEZeyGMamRsq5hFw/mtKB8NYb+GjivrBsa0pQ8vLmnUZbwBV2KLupWS2O9G9e ccBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571806; x=1776176606; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EuRk9CoD/a4T78HN9dK9o8IMbT+dZDQdUPFYkdbJWzg=; b=KojNUgwbRZTkb5ugZ9x2iDYyogxVkm+5bK4XrnEGpdyTJO3ANBPLDF+pnR/dbJYI/X Lw7MvmH0sw/1XhDmhHHj7Y21+KkwHYiKavqZH8LlMOcxnzMZYx6QttaFzZA/fH4+UHEv hMAMxcOO/0iqRUNX+RYNAWJxHr1w1X5kbTzfxBkidQYy9Wmdt0CjrTrNvArHjssIYM/+ NasB+TRXzbrMO3OA0X3Fn+e1TW9F41WJh8V3/om4EUrMCxfxeKTqOJg+Rv800fxrVy1q kaT9NzNBbNzKOINC5kyeAO8Af/U9VfReAKBTHaJ/Wqi3V0vAwDplhkpwzVW0sid3J+9A OJCA== X-Forwarded-Encrypted: i=3; AJvYcCVFpPvTR2XXukXFF/uQbT8ECBPIEzkYXaDU/H3UBcmGfVhVjumebzHglLN1PEfSJPBq1+2UouI=@isar-build.org X-Gm-Message-State: AOJu0Yy2emIJ/4pMZcm9Oey6Ga8xEWbHnKqfy5E5xXTUo9FNyaR6qOtw rw+ejAdiVHFG7iOFqE+kXvFQ6mk4eJvUcOn0t2+zB9FEkN/yfsm7BsRq X-Received: by 2002:a17:90b:1dcc:b0:35c:30a8:330 with SMTP id 98e67ed59e1d1-35de66262d8mr17238752a91.0.1775571806548; Tue, 07 Apr 2026 07:23:26 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiL0keOruxwBGXzrrJ5gZFgz4asNmwmx2l1f+pIglipTZQ==" Received: by 2002:a17:90a:d50d:b0:359:bc4f:ffbb with SMTP id 98e67ed59e1d1-35dd406bd6cls5338243a91.0.-pod-prod-06-us; Tue, 07 Apr 2026 07:23:25 -0700 (PDT) X-Received: by 2002:a05:6a20:e291:b0:39f:5839:af09 with SMTP id adf61e73a8af0-39f5839cf5dmr12860449637.10.1775571805259; Tue, 07 Apr 2026 07:23:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571805; cv=pass; d=google.com; s=arc-20240605; b=FpEt99HHFznZRrEZcIqCwDRO653vIHzw29el+UGXEak073MPEbJgpytsWv5koetSvT H12u9iOagsdC7DsoVYkZo/ig2XPg5w2CFdCoyboKJX65SZCCNdL6nxCQftNsce+9TH+Z SbZbZxlelb1yTknpHa9de/P612XrOzVkUovcAtbxqvZDB9TAo1b6uHOqvFbMRvj0IcGa R4d38AWD+1jYiv2UW+PU/niUe8RMKwRSzaAAZ6xOsNnKd33EQg2P6ZX32jad0mOdvHVU bDdgRhtCrNIHgkIQBIZsW4arf070rq5MFko89i1irwKhFEPSVvdq6sfRVb6FQrr6BTVe cB+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=eLjm3fVFi2E+spo+Jm3IBFrrpOBotY5SRT27nuVLz6I=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=QNrPsp+aaXDH1RCI25KS6avJmr0/IOSi3ZRzWuW3bEdm1b2jL4V0nQ8jlKXenBNgDT QIU0SyyLjZsXx4EAZZXcIHFzJeEp+NJIy9ql9e+jpMpk5LKqoXn0sPqV7czNhdWi7y6I Qg7hJBnBPaUlaGbm1BwbMWNjmgaU2n+bD70Llch6/nXeBugEfMaPk9+LlSPSyMQtjqol phKuekHq0ZlSluiYX1Zi8Tunefax2a+quVWMRHeUj2UzWw+v4MKhTyY46rKP7Nf39mhS ti0lhXw43XP/7NH1jkwVvyjWJQdt5Dg5cG0KLDTSqsgliA/vzTK9JEXeZ9AEGIlXxmxx IeAA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=AHE0HSb6; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-82cf9b37161si563917b3a.2.2026.04.07.07.23.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:25 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QSBEP/k/ytUYjwh7M44obpulNuZBXRQKrf4XuZfoBVysTZ4cM2GFv7NRx/kbzn58bFYpK1JENvBFyNHfeNfylSaX77dqYT5ftX+KsSu8DxC3xoafGIT4lS7cWKW+hPdDYtIUG8M33dE+40iKAiOT2dFcbTBhrmlQjK1k1OsQ8tOEqHjuREWsomc0YyghAsHdVzUlSdc604OpYPuR+pBSUVGB0qBiYuXYDp772FiNUHXDVKPUP67BHH3oBfWjqvaxJsOycdB2hb7dwXI3hsXqHKTC1KsL6ihdkt4MMujvyJQodLV0vftDAOHYPfdQQWdWWyr4j1SfpuLleOUwEnw8tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eLjm3fVFi2E+spo+Jm3IBFrrpOBotY5SRT27nuVLz6I=; b=RW3Vz0ftQAfdQl0/kiTvKQoFgOVpPv+b6uVnJgy8Oa2fv0t7qW4QKq7vz9iAv6MzsYcHDmLyr8Z2Zxp+7tqWc4vQ9Km2/Gubc2ZzIoiZClqqfLXE54bhGa64b0o9xiucxSJ7bEu47sM6xUnhy14AZqGNsDo2a9TCy4WdR/Y2yrzXSfivoAgK4B7sVdozWm+GBiy8ogdBYK/bzGqQph6AzfYs+Ls/whiq5Sy+IG2/QD3pKL9As1CKn1mp4ypWDrvtdS4m62RkwLGL0R1aaVdml2vbRAUssBNUZMwNUKjKvC9LZ4nG6CBOTVpjNQIKiIhprTcKh8kNew/CEhvaQpRCbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:22 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:22 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 05/16] bootstrap: move cleanup trap to function Date: Tue, 7 Apr 2026 16:22:59 +0200 Message-ID: <20260407142310.2327696-6-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: 5deced69-ecc6-4a80-599b-08de94b138f6 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: 3RVPyaP236bk+V982fkPOIELjeMD96OKCUQeg3n9HnfykQtJu7gLkFq+AL0yAFLHH1NcHJHQIAdZD7z96j4vmqPhFCgPH7t77JgtBTIwXhuIDy53IiHzqBchX3WjsIlyuDxAhn8V2IeDge7V/85bLGGw9ue3bGNpmIJjfQbuh1OSpx78TNBeWg+zlyJPbOcZ9ymbM9qNt4W0YZVsooGbJvzWQlsxlRs5Y0YwHIk13iAt+bNfYW/Qx10ND8Gxn5DwxEnn1UmZpJ2mPWO2/ivUG/5f8E3IOfVOQXrEXQ3ecq1RWDfIE4+KH2KvISo487TD6Bo59abQj5zob4fCR/eGkgO+5F7hh1WysMlU8k8KWiw2gaj240U+mx8DS++kTwoI/Mtd6p3cGBi+TTB2qURypO3Hmrp1fC1tk/dE2LRdTPOlETDgfT2jkxjrhfB4x0fsXC3md8GyWiKYDOcPqJHp/r81TAlNHMFDnbTIjroCYOxCiy4CgkEAoH+VgVhwi5gGgb4Ii7ukFCzLsG5RAjYMhbIM2SqVJHDIAUAtLvQ1aLeQ8L5ik6sYAXXKMiftD3HpfendSoIGf5mvohirT7W2IZ09R+0w4+MLQlEGOLRyKWmlj4U+25UklHOCLcecTHdokKRR6gQwViA9sUF58zVC1JWCmBPyOTv1XRF8NC1g41nSsulEmdSco74IaQMrAie10n4jIYgvj/w32DkSmvegTcsuT+14Si8WDJNKbV8hdng= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ESH8/XEyqYSC4hnXhshG//SX9WhyRCbAGrDVyzUMcCCKpLOMFXF5w1gnbK2Lj2lZOl36wfyzVlew0/1vFgc1JgBgimsd4dz1G8F0153ixjiGGxxL7amfnzNDcfpJMBNgV8lu+VBZe3xs7r0/gvm+PxUKkmU1V892EQT8nh0ryZ5rfV+9+vWzkkl7nM9kdhlkbhtkwr7MHwzV4SjA4T2nC/pi4MxfnuFDUN1yEX1hn5lKr535uE9DA4Yvze5afdkJy6lOVlEAGtBdatztSxEuCfmPj/A58H2J5DXMVm/il1JF44lCQF63XZntfZwto69J3/aLyr0xLgvESXFpssly7pK7XMwzlkuARXi76aR8oXhaFkx28pUVd6PCIsfb0AhCiYmc4SZN1+ycLkAJONDvoIFRpZJHMCJs+VF0CcGGNrrTKipdlbU/Gdbe7jG4zWPY/QiMMPgl6NciagLcWrT4NmioSytb7TQ1zYr7xyltqHQPB73QYajA3n2wRC1GOxt6QMk18/2tPzJxG5yB+DJjDhZfLIpkcHSKtG4nKJpQ14xR2vKwEEBPHB5OA7Ul3fMGUh5iGJaCOi+XwBer5VN+MyJgdz7LQ7QMzXCP59vNJjTnkM32xOIrkKOWW9QmHSb6S5bwMVqd4IGfxqebTThQLqyT33Ge39NvP1y8ox8cVK6r/1X2woAKAE6glxlqax7dLuawDXrS7ALkM1mwX7r3hTWoNzllKaPWS6racuLvYD+7RnISu75TirvmoR+dJbr4TxuFf+KlybfsK5K/0Q+S+dMhsWSMLCt2QER0Dd7Jt00MLg5uMhasGGAmv2o5LZU0XVbCMdW7j7KuVJXm7NLCrh964V5UrXmWogDdhMQMdfifkoOwM6LAalPqeSYv9JtsnDCob9w5ThT6al8nY0UuS/Py5wovM27yibE1e/+Jci6aqyP9Q3Zuhvwh3lwemR3rFKR2SIMuctT9wM4vzFddWD1X2Z8xIo3h3Vb0vzDZ6OjUra2ey34r/PcSTL342C2sAawlv5Dnde6cIEI8v8Dz5aAMfxdWuz+NpZFMkKOP7lM68p28G07SZjYZ2fzHfqJ241XHtpw0LZn5459xf3XCazaB1+hga1PGzSAWdGhFBGcMg36c3HTwPM25OM2GLN+1MCEoIOlkwMHjnnoLkoE1hJUoEDJbhDEs9sH6CEn7/JU+zy0urGA+a84Ks89HFWS4ZobLwyUHQkCxQYhSxnuRDb5hmuwyVSFaJ5PKb8QLQQ5YqbIZzEkv8JfoDkoTzX5G/FIQCIpXWB9QEuTcGAwZiGBsJI0yyCk+pz7Yvwc/c+s6GGAngk7PZHu6MAS2Ld4Bh320VWW16fqWWGQJJg7ojA0g3e9W3N8we1sc6PXXS4NLDxVpDc0J4VxuEV7zhBTHNwZOxLkXVXIKSzgIJxkMfeXclXO2hVQi2ReDPIYuJUeEogyCx2WpUFoUevQJ5SHtXtjeDNx6axBs98pHRUWKlV/MRok3/Cz5RMBsp+UL07YHqaNc8Xr5ir2VYkMqpwcel9OOKJT5/Sott0g0RXCB/+U+sv9SfoipgJxoyn/8ul/N6nqC2N3jbeZ4Gq7BLFNRNhJ8w6GydcZb2T3rRzPXMEmjSwBtiu7zRt1JBfqotrBBnksWkC7QZhS4MkIdgWbNGny9juKYe6SE2f5AeDHx60QJUeN7wIH7LmdTjNSJ7ypZLLwOWIfCjJzXKNuBFoDYfCvBeIfUZ1psoYerd3tpBBOqd+r/BquzQsUlrbjS7Js= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5deced69-ecc6-4a80-599b-08de94b138f6 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:22.0513 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YiwRdbitI3sysSdhmQNU82G+BDUs5B2Es0/gE7kaV4+r43K4EXc9dBDm4ISr1PrxH8K7y/eQUb0aY9zOyMus6DAk2J7Rq6TlwU9xDQYI9CI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=AHE0HSb6; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By that, we can make the trap more easily conditional. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index da8bc52d..cf6c355c 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -110,6 +110,19 @@ def get_apt_auth_opts(d): f"--setup-hook='upload \"{workdir}/apt-auth\" /etc/apt/auth.conf.d/isar.conf'" return '' +bootstrap_cleanup() { + [ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ + && rm "${WORKDIR}/mmtmpdir" + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ + && run_privileged umount $tmpdir/$base_apt_tmp + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ + && run_privileged umount $tmpdir/base-apt + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir + [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ + && rm -rf --one-file-system $base_apt_tmp +} + do_bootstrap[vardeps] += " \ DISTRO_APT_PREMIRRORS \ ISAR_ENABLE_COMPAT_ARCH \ @@ -206,16 +219,7 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ - && rm "${WORKDIR}/mmtmpdir"; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && run_privileged umount $tmpdir/$base_apt_tmp; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && run_privileged umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ - [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && run_privileged umount $base_apt_tmp \ - && rm -rf --one-file-system $base_apt_tmp' EXIT + trap 'bootstrap_cleanup' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} From patchwork Tue Apr 7 14:23:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5013 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:34 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-yx1-f63.google.com (mail-yx1-f63.google.com [74.125.224.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENXUm015026 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:34 +0200 Received: by mail-yx1-f63.google.com with SMTP id 956f58d0204a3-649deef077esf7471712d50.1 for ; Tue, 07 Apr 2026 07:23:33 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571808; cv=pass; d=google.com; s=arc-20240605; b=RNo06Wu/gTBDvVr8b8cKEHDMj2u6/GHfskRO/B1B8nEZpo6mIezLz8vhrc0ROcPivl iByZQ+Bc/bLbMlYftHpjJl3ZIrqr/qEmZLp7/NQ30wNk6EidpaTowq2s4zVJgCVoijVe /ysXKpT4CgnVhGvM4sKH4SkMheDBXWLs9AIPZuFMMzq54VRIHSFXJKJ5Bhhj6jtZ07hG Le34HGzZ7FS9FabPAGq/zdH0oAPo6OeWWVABAOfsPU4K4aIb2zdL6cMZ0U7g1Y1rTxi7 um1UyyhSvFfhahz0jkvgcNOiyRopxKtYFiGKYF8JwIxERhEIZ6BRyTzEoUImCt4YUv7k qCWQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=74RjVsPifjfdfb7w/h5OsgEVfiI5VQ2XtcTRpuK2Cug=; fh=qYftzGWU8GeS1MWG9E78UCwsinh89ENZ+QQziqSQ0I8=; b=CE8QMiq3kQ4vrZC8X+PHF+duuPCIf4+M/a3NZ0olNPFtXlT27bRzadflf5i+S8ejCS q5NDvyLMddIfeRa0avr4NrfsGLvs2p7DSMc4tnViOD1+JOMO+H7HGgPsJs6Yvvs+zMFX xPDC49+8DYVvRIOfMsvpy8RmeEZEr1TdJNIE235XdsAbvscNO3+fASQBeJdSuD+mA9DH eVWx9TAf9H7N+sdS81sxjDsZQFy4X1PfeyJx6DP+pokqw0B2Uf5nR5gqODedtazvzzde l+9x2NXO/+uST7TQuBwt/Lv9An3KN0xEBzUf42YPnDzFnivO4o33RWFjymKA+llqnaP5 +B5w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IqH2czxb; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571808; x=1776176608; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=74RjVsPifjfdfb7w/h5OsgEVfiI5VQ2XtcTRpuK2Cug=; b=gg6GFo/DOVfS78Vwpy935WY9GTSqxTR7m8gaQ4olizl0lrxsRMq66ETXo9aZlN8FbC oYlNFkXDmAuvksMI+PBEHK2Jn0FOwe+XsMEn36gZ7ccS75ikiq0Q93DeCIQEUR4kggGE KOVfW0Up3A35iH06BMHDz+22ESOU+dpYuStxoU7VoVNCzUSCh5N6f5H6LyCj1xJ9qyg9 VhqdWXgeIyafboBfSWhJdGj35wh+qLkBMp4kPLs5d++OhWmwDzbb42suwDaAix+UZlmH qwxHHHPjycYpk1tPfj+t23AcacP3HOPr0EqQVUvH94X1+5NZUy8H+gqp2vABOmudg7jG 1vpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571808; x=1776176608; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=74RjVsPifjfdfb7w/h5OsgEVfiI5VQ2XtcTRpuK2Cug=; b=e65OgGSDABD4IF6+1+P1OvXtlo3w89iSoxuTeSuMubQ64GIQWipt9j9ojBHhz7id/n TATT5g0pSA45BzSgbHMG70CausyslfvZH6brrRb5M595/soqYivBki23U9g3sPVJFVAb sxnsqNsBqcDTH7iGqDhWE1zSd5N7/CY1y6K/7GpmKb9U7960pQIfWtq5wfwLcZ8Se4EL hjRsSguIAhQGImeOP8F+hl+ZAaHaY1G7hxs20W/GfqxDyArZmtBzFTZ9uk9vVGXTQUdX ++miaa/dDVYvzBi8vXiIi1B+Pgatyl6MKyIj0rN+NaQUlu8l8Yr3xGCSHARWzKnRipCf d3GQ== X-Forwarded-Encrypted: i=3; AJvYcCVXaRStTHxNAoq/7SUIP/xhX1ZKlvRDToM0wn67aDRzMS6B2/oQayEZDXIAtVisSYZ/wyd1k+4=@isar-build.org X-Gm-Message-State: AOJu0Yz7gsT2KrNgE43U91VmuV199bXn49Z1kO7JHpJa+F70DakdYHNu lDLe74FteO/crBotMMFkaEND+9AhfXYjudqjzi8wSK97FuNp+B4Z3Evv X-Received: by 2002:a05:690e:128d:b0:650:7a8a:f84f with SMTP id 956f58d0204a3-6507a8afa1emr3408841d50.12.1775571807631; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiI7WsJs+txUMFQ8CFE55bUwx3U3//OEhqbpqlSCgfH4hw==" Received: by 2002:a53:bd12:0:b0:650:73c:8a6e with SMTP id 956f58d0204a3-6503b6ac804ls6395425d50.0.-pod-prod-07-us; Tue, 07 Apr 2026 07:23:26 -0700 (PDT) X-Received: by 2002:a05:690c:c507:b0:79f:3b8c:a818 with SMTP id 00721157ae682-7a4d556ce2amr166301047b3.31.1775571806477; Tue, 07 Apr 2026 07:23:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571806; cv=pass; d=google.com; s=arc-20240605; b=bjRWeFroHYbWrwlxeT6pCPiqE6WF3UYk1MoPRe1G4iomyvOjQAHTaIBNY66CIuRfWY dFmq7sTw7CGr4Pynugq09g8cN3D4fPWZWiW6UHzyVE9+MtXH2MFQQzdZyJXUaly6+QBm Nc/04iE1zYJB8lrDhbt0ddfAZnHGqgnuTaK1n13/0meV5fj7itBRvyuemM1p5Fv0BFeN 8hDiBm1WA7dXbatrvgxcYS6QWHy+qUwtJ+Uskxywz3AeSWiLxamPxcECAJccMPbeL7+k 1QO7rsTVQHyN7MapvMdWtVpTSc3sHD40L9erNBes4M5ie5kIukgqIdpiNfYP4PaS+pkq CipA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=HY6F2LWPZSzWZnysI/leSk+SaIU04Ft5g8SPyfiGVfM=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=OcYbVb3m6mHmJvXZEoGiTEkWp0lCH0iOBO0/fGGJTTQ2NTcErRT+fNrSrGoQY/0B14 vbK4cFPW69JL2UoLfkH2eMDOwAH/aA1iNNU1baICKvvjsNcBGAE03gRdd4CnecpsWvpy 1cYL+9RjUi14qS3y+dujQr1TO6MKleyhXcy5VSuGR4Tg2J3VajE7GLM1SfiO99+UQpPf QKUTKTA66A0YKWuM695/iXoVjd9dmev8X/Us5mle9JZhA7FMpsP6PwMBsZF9Po8KAIKJ SJQHjxFGLYstXO38zNqmUqVrN2346kSj97CX6LagCSl/1WC4ATit/x2pE5HDad9LyInE DHUw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IqH2czxb; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 00721157ae682-7a36ea2ba0bsi5834917b3.2.2026.04.07.07.23.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:26 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=otSJatI3gjN2FAraOI8/BXB0sz40PrmhicTMq/3WVHtX2pXrZ7j/UbEBkr9ydmU6tOTB+9g21+jFQNNn6GYwi/CS0H1V+Mo/MmbHXHKXu/DasN+Nraas/QZEIlqgdHl3pKeCbPpxfpttDHGYLdVozDqWywO7ey3sT5AIk/bEztmXX53kaev2wM8RAtW4a45Z/tV3lleBK+IRl3teTkg5TPEhRGi6Zl13ujRtt7G57zo0PPNdyXb2Qqjiuvj9i72QLxsnJ7nIy/kopDcSGl2shS3G672x1idSNCnRcR5UhEPeSmLA52Gmt1DNzaHIzUhT6wkVsc/BUHM6D784OLKszg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HY6F2LWPZSzWZnysI/leSk+SaIU04Ft5g8SPyfiGVfM=; b=UluUe3OOcjj1atZPANFYJwGtwqa6FnC/y/G8vxdBfb3Oj82jNL58Xlbi/vKia3VqPQ+2HRsVOWg8u2oOctDOVEi28MAbt6DyFblHnnrSqbcOoQSTDUjRx0r2OqDSMIYG/u3v9oOnN6OcT3BxOPD2oTAFt1MfsxVzOtg3fhZ+OuPZ5euV2TmbQTm/nCBoTJMk4k07DGpi07oClpEnc/eXr3hn7SKmSWhvrhusKDh1c/xeDmRfu5rStMALFBmT94d7pMqygrCf1L1PDLUIC3JhRdOYAJPYPmLdN1CAFxDP6KwqGKcIsWTyX+zB3KxWegmDmK/gIFjOAZOehmZsVYoxGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:22 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:22 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 06/16] rootfs: rework sstate caching of rootfs artifact Date: Tue, 7 Apr 2026 16:23:00 +0200 Message-ID: <20260407142310.2327696-7-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 508ba2e4-60b6-4f2d-8910-08de94b13945 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: Lorb4H7PPgV7RFTsN6j409zV6/LQho1vC7JPgbr6pzrvEQdy4/AFRM26FRcnPs4dAhpY1gQgophvHnpYoa2wrwnie8mXlZOwVa/tZVRDZjwdMmdwKz/Pzcxo/D6QkjQ6FE4pQichFydcwFSZKjB9UXoMcSsOLc6/YKDAM0zwSfWsYWZ9G1P126HP6D3ZZIbgh4lKhjduX44NLpvVg0NILY0Ss+TCQatiUBdpOqOBbcFCfn36Qn/Y01ltcNbw35tHUXLffcvpQI1XW9KRgoOCG4Pg6GtVz8Hk/rTHwc1hhkVVCEOQXreS19bQIMDfDBr5qtA4KGJXv7Tb3hWpwuQQbRk9dkkRfEqPYjU/sJyKiyrlcEc7pZzaEKoNeackvdGYH9cm4ZXdQy+mnGZFbl21SV31/eUlBiVUYvxEBLtdupiVm7h/cbetostTojlcQ1dM9MEQOY8GKIFhn3Xalzd25v5kVT6Rg/mBSNONJe4G0IvML8U/3Q9zCdbhwGy6JYEw3U301tLKA1j7gdeO5Cxp/FQmrsgvXVhde0TwXevGGFhEkgEA0PdgEluHPmT3x1crc8X2aplyEW7LgUtPHtv25gAW6rYTVxF3kDmvHYYf1SoJRKD/SD3v7TZKtp7F6N6hwG3EZF4oP3Dncx6CSqYKlyfZetfJBhAkJOsa8OJlSt46plVNxgbv6j+TrQLizVHpy/g752H3KVUiSKPjA/Fa81X69u4AzL85ldR962CVYyM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: yaz6JOTM/UXWJgSCClFS4uQSTZWHF5NZpa3Jbqo3gDoNDwXEzpozDDnB9/PmuuIxpqUIFHdUoOvNVjPjen6M4SOTMhAU4ziLzznIVN5OQJEFjU1WM+zhjWO4cFwLabMjPnjt4vV2O+BlLB6F3euV5NmOQI3rpPafiGEvIM0wXEnpMmdScatIwsWjVEc4hM2pHjxxn+OcXayn6iFPsktai/0PqLQzf+JzDJmHuvEfyX7rlKWvszU9p5TmXtPV6wjSxpU6eCl1Z8VD1Uo9NLc5qPxa4RfVpFYBOCFfPchXyYW/z9wq0X5ICT/49D5RtfM5pPOLZ5fU/jYHeTh2awo50x155VTlTxDgKCzQ8gy7XWvGvhvFJ1sU6oQbWj8XZ7C3RFHj8qvHVYdUhwOFD4/wZAoGzkVxGiIRRFHhPM5qakCf9pd3rox1fgtSy3Z4oEPC0wIhSrPSy9bS0hffHCPCb5C/ebLymz8USRlCPEFMeM/eWKBYbDea88nmgdXOrlHTYthU0O6d7UC93to3Jkt9WpMOgeCrHCbyGCQlP2Hal3qwK6+U8agRUXWfSZusRv0byTs6TyDwrV5N3olOgai+nywqS08s+HToq+YS2LE0Okiw0nydy2n1kjfO1Y0iaZYbdpxQUYGWz3TLlQv26fNClYPlZ8Q2GHjVMIS9sfmDK0irhvqNoO6yV+HHXIZRddO+IlHryy+fMWZcpBj7CYNCzHkSG75qP2N4iFVj5Rp85Z1c0ZXm2M4LzJ4UAlXy7MRI8TdzpirSJPaAZO281prYFOGbS5bDqTQ2AQn6SVtqUelTIrmrB0hDRxygyTOCCw7HsjpUNTPVX5ef67uyfSIc9fQnXjqhTzD8bm4GnZPWsaBYAZEkYa0m90YXaE6Psy/bn2sf9s+qAm8U6z8ko9sPJvBmu4YXXNVEFHmyBqt+CCaJIMJdlZT25xnRB9dd797geNXirWvepBP0iBlx478OOvTlH5KTp3zrnereEgwX9+HWHwOEzIAUdqmYir+cj1w1UVDWYQRqcWmd0kf1NvISpEoxTdmBgJ9joXleGnBaueRIh9l/rDw84+2aHo8/pn+9OsmC1hI1iupUFDNY0wmvoBoBDxfUydb3c7gKSHMHG3xEVzLykbos65RJeEhUgMC0+zufRrqdU9iiDZyj8Oa8b9W/L3GUPEMtCPWPAND4Jg8ew/icOjs1ZZ0W4xO9QtjNbNwoioEW/CWfl3QiRZ/o1FpWdzae+Go0aSiYbDCmtjwOEBqJcBskjYrAYhPLz4p62IH7LdVmy1ADO9uTlDuuQ87xPHsiEON7G3vmrgPXeKlp0p/vQOV+G/zX5WWxD4QSUUtOsaoLXtYKNBAdkHhmY1onW2OQlmKEB0d7zll+AworNFS3KMTXgscs1UkAWWIF34ZBjLuoTNl4HQEBElBFK/3cyAjGAPrUgQ2moNz8esk3hNZaLuI698Pcpgy4Tw754fy1ghFPEAFAPq71NyMj+u/ou5IHDK1U/zzJXZ/rfg9EUW6P7fTkbZHPbmBkMdctHuuGrICqwKDMD6V4I+rqClzRKipI5H0Yxc/cOBniG8F2uiLWm78DJeLyPS7JzJ7+aLyDuF8+u2g8qJe96zFqwWK9yQWi6DIPpqjd8qeq7DWBWnQnspWB0cO2EC9SESUlSicsBNbN9ay00P/Gs8MU98Ioy4wiv33RcsbObhtdT8rWz6DAaTxkwyWpAnW8JJ5nJ5WqEPg42LJ0dZ5Ud6+u4EZ924P1qPBFLsKOHkMX0Xc= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 508ba2e4-60b6-4f2d-8910-08de94b13945 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:22.5357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JfdIXHhVHdQkNWKNfkRVNjSYHjM9K1SRZu8Ke/JS7HZ8GMdH5m97VACtAjIzzyUtRkwQMBkbiZ5TIHRfiROrGeCblbllSt4JbBSmtaW4DUg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IqH2czxb; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We ensure that the sstate artifact is always generated for the correct rootfs directory by using the ROOTFSDIR variable instead of the assumption that it is in "rootfs". Further, we avoid file permission on unshare, as root inside the container maps to the caller outside of the container. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 440786b5..aa65cec4 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -665,11 +665,13 @@ rootfs_install_sstate_prepare() { mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro - lopts="--one-file-system --exclude=var/cache/apt/archives" - run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - run_privileged umount ${WORKDIR}/mnt/rootfs - run_privileged chown $(id -u):$(id -g) rootfs.tar + run_privileged_heredoc <<'EOF' + mount -o bind,private '${ROOTFSDIR}' '${WORKDIR}/mnt/rootfs' -o ro + lopts="--one-file-system --exclude=var/cache/apt/archives" + tar -C ${WORKDIR}/mnt/rootfs -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} . + umount -q ${WORKDIR}/mnt/rootfs +EOF + ${@ 'sudo chown $(id -u):$(id -g) rootfs.tar' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -678,7 +680,8 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + mkdir -p ${ROOTFSDIR} + run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar rm rootfs.tar fi } From patchwork Tue Apr 7 14:23:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5024 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:36:20 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oi1-f184.google.com (mail-oi1-f184.google.com [209.85.167.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637EaJtm016284 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:36:19 +0200 Received: by mail-oi1-f184.google.com with SMTP id 5614622812f47-46eeae14d8csf9353378b6e.2 for ; Tue, 07 Apr 2026 07:36:19 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775572573; cv=pass; d=google.com; s=arc-20240605; b=DThntBsoeacQRxNT8SOPJHFUEgmP9KNbPLOYfreW/7rItPyZlcPSmRZkiY0KvMWnSA Gs1pypPQ1khmM5tgK3gcERx63gwJTOxqDKHwXU7S04IhI3RsXjF6JI2IUjAu21NUzVkc PY+Lq3t0GktjJBnU8Omwx53mXQBceQQqC330E2hWwJATXLjXZxS+BMhqr636kZLiC9ZU Jrsx91VmGwaIfoyx8EJ5IS3Mf71J8OWtGN3OJxHX045OADa+j+ik3nhNPEnU9gTMFY1/ oG6rQNR7K1Z2MjqcRHiyPESfshd1rMYINVHAhlR4PGD4BxTm1ym+B0HHuVbJET68AUS9 fK9g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=MVeBd8Te4jNiWBCtLrz6269oceWQUhm3el+5MQSYJhk=; fh=k5lj97B1GMYIp20adQo/RQ7rewX9rPH5sea8awtGghA=; b=TAojpN4j7uI/HDKBr3My2QPWRTqyaFzFv40unxw51c+HR0JPM2UirqWN9TqgHPfc9g Ituqngwvc8za2JTEyvKPjW2R4i2R0kXxprH3Vn2sfxCttVKzQLqIayUISWLRNZy+pnrY VleBbhcb5lehX9cgkpQBkiH1Qmmq4Gyq7UuJwEwuaH4GkLxHSHbll95NmFKRX+JLd2oy 60HlBi5pBv256KntBSF+WVw0vpxmf2SQRQCrlA+UccZEG7B2/rE8zeGpRgotVubAo9I2 jKms+cWsP7pHEVQvTrdaQtmgfqcZz5F1UZ20C+9n2zN1il58N5d+4/fuxWZFoSYYrJNe gbAA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HabrOahw; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775572573; x=1776177373; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=MVeBd8Te4jNiWBCtLrz6269oceWQUhm3el+5MQSYJhk=; b=O6SqGiNjX5kMnYQP71AJQ4f0I0gX0zSGG/wwliW8Nke7S1EiSb8eU/T+Jl1PVAluZE Hv4Ug39pM6tSztUb2A1/fM+3q7mZU/vV7H65/zb2AWsIjnp0BONqxv/lHc4NccHrZQFS Is5mHp46QTrPSkEvm4gKIyNLLGCqJQsKPUDr8NzGhbbcGpulqF7EW1kNCuKu7AC5smjY eu3kDYvGIEEd86mq0iMKybNYO5tl5ojVTZum2sMr5FOny716JlSC+y3FWv2vZc1Zvr8/ Cajbkotzj/GZ0XYGeZjqFQWsUDdNgvBXc/3smR1aLS/sRTfJ43/dheHpfUXY+qgWexZK Pw8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775572573; x=1776177373; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MVeBd8Te4jNiWBCtLrz6269oceWQUhm3el+5MQSYJhk=; b=g58oY38aDUOi1PHmlT8t83+istwBrOWPS07r0UXex2HLLi3tZrou/mJjbfDoy/MGlk Wxy9935UeHE68wu5VUExWnS4/HjSNhfMwfwcNKz0raeSxWYHNaayZux4gAGuiGw3O/QG aI032uubOB7gVU0Uem0xXBol4xTQDYyusZtruNjdkUivIHDgvpGU12DbygXAA1Jtlkkv hzR2OejET+yeK6BRkuwLVkC2/1TkLMlI5a1dBTnn2oVGO9RRAu5QMOgZ630nkxEF5J2o HJYdyxlpDWFN42i3BWbbkm1sCowTYg0/+v8G1om11YcDZdBemzdTzTWXa4lZG1YZgAib cJpw== X-Forwarded-Encrypted: i=3; AJvYcCXzWi7cw2aBBfyr/ud+7SkEo0tMB0l0jXtCM6So6WhmJ7LTaS6AxifhiikAUwooOroSasAPnik=@isar-build.org X-Gm-Message-State: AOJu0YyGgXuGcJqpbl6M/d9d3mTEHoJamzq3JFH6N7NrKIaMs0FmpkQJ TbmgdMcq1x3pt1wc1IoI9JDGFwZ/OKx51PXNbKdRrRcARH6zSnkAjEsR X-Received: by 2002:a05:690e:4801:b0:63f:bc75:6ead with SMTP id 956f58d0204a3-650486bf2admr12880918d50.9.1775571807866; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiLEyr8TRqZ+uyyK9C7ivIt1hVMTUeR/k7iVFcxZUMJ2pA==" Received: by 2002:a05:690e:2104:b0:650:1ab5:bc3e with SMTP id 956f58d0204a3-6503b80864dls5764994d50.2.-pod-prod-01-us; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) X-Received: by 2002:a05:690c:e345:b0:79b:e24e:e2f0 with SMTP id 00721157ae682-7a4d90a2fc0mr173795147b3.47.1775571806899; Tue, 07 Apr 2026 07:23:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571806; cv=pass; d=google.com; s=arc-20240605; b=kNHInOqM5Dto+77rmwioAwiDb/SYGe8OXIgFDpLA764PYi7vgYG7JXHDHwH4jAFam2 qb8tQvdLgdNG7kgRedPVbqcVZoHmRdDZu7EwJYwLyNvsKwa3/zTMa16Cwwk73HNPYDZc 3Efjt3r9EBChUu+4fk2FGE5RTRso/fkUh94g1SjM9aIAhBz1C2ziqivkPzbyJjxAo8NB aT5vU8k7Uh/fLdxS/+Yl9W8pcrNg0MdY1AMmamIkx/06TKoH4J8d6YeNa8H4m5+FGTsm 79cx+KB7U7xuk0r9qyV27Xp8s5L+fD85GnltVykysrppa3x3WkoiqmOzlKcGN0wY+0GC 9s4w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=YC/NdYfSD8elRIvDjUSSFC/0i9dm52AM5fMff7xL5U4=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=VEGDN8bXdFsQ+0w/XwGe5jgPaf4G2exXU6rygBf/NF9I9IhZzYS4lAuPNwVynN9xzL deNXLH2VpeecajbBlfPlANg5uAQZjLxX2V8NoObHdETgzDCpXFwOmJYEJx5R7dsSmMLw WrvuFIMOjB70yF0D4F2mXWCTgFZyiqoWtTwD7ka63o9B6v5CUjloSDldqCVq5LYpG+io mT5h1snWWA/UV0HH4jBuTYEhYMvHQr+uAVnpW2XeiyrJpYdiEgX4dFfbLYz5TIv70qDM Bc8RSIzwiGo2+qTEVeY/e5AyIyPxqZ2VgtZjVvUKC9y6QPsHz177id+KTpBT+qBAK9xn utVQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HabrOahw; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 00721157ae682-7a36ea2ba0bsi5834917b3.2.2026.04.07.07.23.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:26 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yQnI6y87nTPmLMCirW2mPLcmH1khxj8H4ZDrbXap4kST1DeurauXMGDvb0XUMAhECGgYqINsscvM3S0BIX6GLGjHIut6eClWQDafcD/BmZp4t9/IIh/y6aEoceqcNHHWW2zMmT7joFb5BcGe4ze8lPSnBKTxGIelrMpgipXSQHqikTZWZVLskTHEEmPfjzYRzgjCbj1YNVZlRb/n5CMYkelJAaRDqgaYXIfkuw9Tp5BzkxLupPaHU88OOa3NhFoAasZij5yawkF1s5TaU4Zt0tSAOQ3nBg772HkAZJ9PFSGUxd24n79DVkPCQ3Kwf/il39dVOvyc1+LCk6S07apStA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YC/NdYfSD8elRIvDjUSSFC/0i9dm52AM5fMff7xL5U4=; b=qSbtRHn0fuh2DlF6oFl9DyM2VAhz41Yo2ztwIQnlsd6QitB3g8xqcdI4Mzlcua+VXyh6VkL9kTRiicxmHlSCoq9FZUQI2Ro2ay3YoLgotxyJwKJkm6HFzConeHr8NyYDM81//OW/k28pG319r4nCHFHLUUST3YjGnqrb0lpcejii+3SXNQVCcAUnN4IQbkyp6zGxD5Ik4Mx1s/RT7V2ggjFembz7vVirKpCisVArb4b0cEKdtb1Wekm9Y+IX6X74dQrRAqVqwRSigJOWL2i4m8nApnuPDFhTdoCz5an0+IeFxu/yt7TZwBTczsze1bkxPySClN1U6M5U6dqP7b4MXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:23 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:23 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 07/16] rootfs_generate_initramfs: rework deployment to avoid chowning Date: Tue, 7 Apr 2026 16:23:01 +0200 Message-ID: <20260407142310.2327696-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 9a3ebd28-e395-4a41-9a5b-08de94b1398f X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: FYXipcYtLH5fId71+Wtd7gRkqJzeWuL5hwRUsjrGTC8cAzmt5Wf3aGx/6TyzI3uxjOUeMZwD1FC6PL2EcBoJggk+ndPkENCm0XgJhDZnN55O8UrzudjSY9xm63MCh6iOuvyqVjFhYT3EjJZhWDpTsXhhTO91wNKipA6VU3qxoXGrFHxvpg/a7dJBtQryVBI1j9/vPlPzRumjq8eZMLI/F4NTCcZDurZOEk31SY0WI105Tu5vN4ImNbZIww3sBbyg8i9m9/ykf3fMt+xFOav/FzdTyDyT139NHbzJSiNvuJAyYvVgpL5g0cRQrM1saIrEab7DztwDiAXM/BnfvQubKzRpnqV+uf/EYpoX4oIcVHyx+OJhkdYCzMhkSUvGMWTC50E3dMSDP3QmsIN2QnkMtCbh1OhtsvqXd+cHr0ORmJ57sE1Vy4IMopcJ8w81NIYzYehG3G5s3ytsJ7L3FWlvwqXCKtQAXBxMas5z8NXdiqv8n2qIh6X5PC0f4PZq9mDbp2aCAf+Sa/S557Qjg6otIrFt/b5SyLSd+cmMSpmOgXCdBeSMfXF8k2L1X1paTkjbxgR/py4AqfqxjUd2dzugoCQLzID+7VXvTeyRemLKwMAhSkr/EGZDNsP8IWdwA0RP6m5COj2o9wL7Rh7k7NVg7KxMLNA3eBf1s1gF8cwZw8HtS9WI6zHNvxnEWep0MKPjvhkA1thguxS6R0quScFNvsh9xd+BZWTmogtaINE1A5s= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: q8ahVe9TUI5x88ZGyZ+KFir2Zmdfy4MBok/ufhFfhqTmTqDTg5Tliz85U8FZ2+AbVx00qROdpug5xmCmZ0iQor97Z1y5RIKk7St6tnqmUPfUQdPW6QRk5WskIYbj5fJ/PUoLwZ5KzLrGbSLb7Mu4hi3FFr7M6qJBE3Y4bYi3XaburLTkoUZGfHalayeczs824a1iw8bkLV0Z7aaudhUsiebPhIUyfexyNmt0PWtDnYdK2DmAO8uDh7KIBguDo2zA2cojgEstuPop+Ucw8C9K1arkumKy7gk07IMZlLlIlOGJNoH/vMmarBD/ck+QgPzFBTaC4UeLGKokwfUoPXXSVju7uD2wyKVKW3BktOPJPbNcMC31Kzpg2PMM+vqecsdGyEPwxH+EBa1WmVvXzD7tRwEDSOooV5rE1McNnpM7kpr6ohrihcnZj4LuRi5JRxTc1Aw7hdr/sMI0gHtJaysDFETLCIdOPh+iFJHtUWi9OpCr/s7k+yIz1UOfx+Ut+KCsx21Momaq7TTvOY/qbcIBRCscWstxeWawnD3B/3nsGF5ObYcCebR6+5KEi1bhXLt/LKCo4N6RZm+smPkU4ko2851UtSKeBg755ezlVzGaBi7C7nOiX+1XS+Y70C3zAwv5RWuRIWwwPzRTTWoCYORT9bFxSzOp4zo2dkkv4zieHuYcB40RBPpd+hdMIXcwGyYBDm+bYigJVK9pfy8/XQvy5T5zER41Z1dv8Xs05KkacyxfJSRQ9q47C1Qke+Ipf6tblt+Yswm6wXmMAoMcACtlb+F5atZGeHuiqdn+6MryMg2v6fbySIVAJBoqF0N6JpPoX0uiAhzDCwdglBwO1hlSnGn7tWHxsN9dSkpIpkiZjdT0CgubTb27jzEpYzAgJtfVPHJtSa4bvp2O4qWCX3ccNwCP0rrR1Zz9luexNNP/kqelGZru3KShgQULX7yc/EZ7Tp+rAVuLbmZz+eTrqxKxxuJZYBsQ7q7Ul+1US5hp8Of18xnuaoxWkfiq6rP5AuKmKq++LL5i//1S1ePNwumIf80/UP8CtTMJFZtiEdDfjybP/GlnsDMHgFPDSEfuMzNVmNvBiCBEGFhYtnDdHRFjViwc/80/TeaspL0p35x3kXTuzkoRDMu2qlsgBcuaMca92MMABZNfk2sdexkYsf6DqvXjvzxnxkfiLl8Lu3YcuNrlw53t9oNGMDvgeOSKwEqsDbCsS43ATZNCh6mJ1KONZBNN1bBBih7sKuI05C+M+kS2i10MSZB+agI5d1u9TkND+47mZ6vEH+OgcJne0p4TPZTNekdZq+UBdgJqnBHaMGjPEkeJhG+zqh/4R3zL2sZDf2IacyQqXoD0DCD0N0Xcge1MHfg0x5voUg/CxTJy69whghRwWjC6t1d/WSzQ9uDk7YmYNS8b3hkGDu4PUr2jieUDr9q5ArlgPj5KGlWuXPc8L/zUoc7bQeF/ssSPOKSC88C3hmM2upCdNvUhMP3QJaQXi8WlfXM4zFCCvUSGjf4vCmBh1EyRObG3T5YDrSaQQERgw3uVJiJUS1dVevrZd5JUnxnOBWHYkRnWb1aejKs4enVjbVIeWqUDNkfTo9paCJZoIsbGXIi5S/3Ta8VRFCEglhgB/ae/fqMfPsmwDdWf0MWW6+hb9r2B6YEqoakiiQ+/PWQf5N/BYsSDuA670czxxlDytZjcSTjJKk3ExrbPxKzLQbI4v8I56tMwU60n/OD02RNQWa0uFI7adWIAqxWM9coR9SL48CkJErG6RD4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a3ebd28-e395-4a41-9a5b-08de94b1398f X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:23.0295 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3uuAxa+dVGbCwTEiDeivxTvxm/OIHca72Iuopm7yKGQGgkGj4ay3KvAo33pwreD82Gv+YECGfb/WU840XyJ+nmBXMTf9RbFBOwZFf+V4lkw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HabrOahw; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Previously the initrd was deployed as root and later chowned in the deploy dir. This involves privileged operations which will no longer be possible when running rootless. To prepare for that, we deploy via a stdout and create the target file by the correct user. While doing this, we also remove a useless sudo invocation when listing the ROOTFS/boot dir, as this can be listed by all users. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index aa65cec4..60ea66ed 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -620,18 +620,16 @@ python do_generate_initramfs_setscene () { rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler" rootfs_generate_initramfs() { - if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then + if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do export kernel_version=$(basename $kernel | cut -d'-' -f2-) mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - run_in_chroot "${ROOTFSDIR}" sh -ec ' \ - ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ - find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ - ' + run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}' + find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \ + > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} done - install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} else echo "no kernel in this rootfs, do not generate initrd" fi From patchwork Tue Apr 7 14:23:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5016 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:37 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-yx1-f62.google.com (mail-yx1-f62.google.com [74.125.224.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENZS2015065 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:36 +0200 Received: by mail-yx1-f62.google.com with SMTP id 956f58d0204a3-65079af211asf2387703d50.3 for ; Tue, 07 Apr 2026 07:23:36 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571808; cv=pass; d=google.com; s=arc-20240605; b=R9iJPjQxwF0eINr0fksbzGvP6Kwoyp4Nhl7RUwzht5ELJms6M770h9tHs0Qd/FbsK4 2niQVHWYVas9/SR/MQHhI5juhCs/P5cZir5Uxz7Np9V7RJwWV4UZJthhaBA20W9I96tD c/0tV/DkGfwY9Z/i0Mpj/vosg78JPx8DsA8QWc2CAtfkGYmIBimMr2x7zl/l11PwM+5x I03seiVN+bHNO1AzTgAnlHDKArC5VifhTsaG4M4yojCcR1rvZf/L5ECjx0Wq/mla/i7B sC9hqFAsxBrH9thp9CO2/Dk0n2eHKdFaVHVUXaSSGRvuQNhIs8PMbjcDj/oC2T/sMXLm VZgw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=4HIu0nx9XDrWYpMb09P/AQkYOZ35jMeFc+FkqcPBlT4=; fh=q2oKcxNuZ8phyZu1ocib3jLBYKJiDHRv4BqLtPVRWaA=; b=eVzVV62hbEj81OjVRc4+0s1xOG5wFR/sgfDJ+3vTQOu5v8FfZCnMvIU6t7cS8ArmFO TAsm4sRc8+H3/Vy4JcvXjnjQupBBV7iJ6PjZxmGOHH1QT8RAfj3Z2JDA4mRMsLekn5J7 RD4LWfAE2GC2q5lMll/BtStwXEubA61dggSQ4D28LdlcDenNh4ljnollBCjsvL0Z5nMG zd9+ZRLRZkWQ0jxpULFXdNfSyyeQH+sfPl91XSR6i0l+ri3xyORQTXdXjWb1XAc8hdV6 OFIISV9/UEBelzLEv+meNreJCi22CgwMlnCAuKa5QxLanqjuv2aaUpKh3KUAFIXvh2e/ TAsA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=UL0+bf7J; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571808; x=1776176608; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=4HIu0nx9XDrWYpMb09P/AQkYOZ35jMeFc+FkqcPBlT4=; b=tQ+X1pfmsGjRYD7lYD6tTakPSKGMXzcNoOyfNyHnluOc79Tk7bShA54ZQMOsmGxC// T0kNQkKsv9NhoSnBf3ic8SGitv3KEL4wgEsIA59z/C0L00nK7YO6cXj3LGPe2DsxDGFw MXdU1tGy+p6fd2nf6TQXWXjG7x1sezHLQHRchlcyMQijE/JGYw+cix7ApCYdXhzY3jtP Qvz7HT8TFqgcjidRytNKNnfc52yAeFVyvxccCJm8AxCaNiwzcaobRplGHfi+U5C7VnjC CCjN7mFX1oUjRGAAk4ZKnFM7T32w+LCnSzN3frr4rXOAlRMJ5059cea3DgFZTANaROtL VV+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571808; x=1776176608; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4HIu0nx9XDrWYpMb09P/AQkYOZ35jMeFc+FkqcPBlT4=; b=ET5pzSfM/ApIXLgdnnS4WDWb256hithozk254gwQICqY/Y1XvI34PBb90CiGpkHd1Y c+WL0mjWs/Xo7GasXMXOMPnbDIreTSD/IiY6IuW6r8e8m/X6iK4xUWM6gh7obieRxX7I kk+smpkAj7+hBwEC/mGCCLegNNOiS6i9iqflkoy68rEcaGoQ8HbaiQ4cTS31UiCy7NkY i162+K7rl5b7FreI7lm+SBc0aPqAhCNByfi0E/gj/s1P1BUE0NrGM5Z6mg6nbr4X97tI y/WR0s+xgmUSd6tB0/QQZPccNETxWQf+ru35dIDChsvEltP4C8+3LmMG8CXeR0ed+zVE a5lw== X-Forwarded-Encrypted: i=3; AJvYcCWVqqNP1+6ammaIXkj1SknluvyoXhYMVntocb2PQ9eG9WiKK5nDkM0IcVGKE1E2zaE1++3voSg=@isar-build.org X-Gm-Message-State: AOJu0YyA8nxefObw2qXB1X5wqz91WmuhBAh5y9LwdqrC5KJ/UV9a0uAA msssaPtGfcTs/zHX56GF9tm8bbh9BxEB78pHfgHEkqQcyuy++YUG0+N8 X-Received: by 2002:a53:ac85:0:b0:650:5316:173d with SMTP id 956f58d0204a3-650531621cdmr13734973d50.42.1775571808295; Tue, 07 Apr 2026 07:23:28 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiLeh+S40dquKy1a13uBAV6EcxjytFKhC9kPU7v0mvEb0g==" Received: by 2002:a53:bb89:0:b0:650:1cdb:5f4d with SMTP id 956f58d0204a3-6503b805f55ls5782495d50.2.-pod-prod-02-us; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) X-Received: by 2002:a05:690c:e643:b0:7a0:afb5:6876 with SMTP id 00721157ae682-7a4d5371e84mr110332867b3.31.1775571807410; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571807; cv=pass; d=google.com; s=arc-20240605; b=bOc4dEA/bZsGtpjf/kpc1SLui6tMwcHhtJ99G+yEX9g7Mob4+FzJAGB3J7vca5pthX /ALf8MsMuaNq42QYTAxyLZ/Sf8KFpI0wIfUkpuzfxAgHP0kIA3JwGpe/DQDueOe6ukpe ZStkJQHi3lQKrNoi7QB5QwAh26zcEq4tBqXF9PkPmX5r34IG/ZiC8lLk2u+G4uleH8zk iGpPWMx+IVha905pQTuBB68m0Tt96mJq59E7BJjZfWfHBfgL6d+K/A7a1aDcncvHuxLB Shtwg13y0Zk3cIxQ1gznMy/hKkR8WhXG3O0kfcglScwaM3Uypf919ODF3wIS1WwgRTe0 rlfg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=kBfWAWGnjbGioxxz/IhtQ6sjjyrQF4un+XInRNViyKs=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=jcn/iqFR3B0IXNbzJ922LSKI9kN/RLT3VcptXTJa2p+vLyOvWLB1qvkqTViWORhV0s M8yJXn7v3OCB2CHlvMMf3NcIOjwqbQtGSwOxhbIP8qfHy3PAhlNfB6eSz+otKabn4pjx E0q/7INQx5CzsDTnckAtdOpS0k7e97qgvsQJ6KTNfSbxjhfUCNLe1SKQA4lvPCinP5p3 F5GkQKswq+xi1WKnMJBdXM/Ot13TRUYOORBETVu/6+4ml24BYaokCCX2qr9IcT0w6QTb GqTzoxVqD2uh9BL+qWNitKY9RH8KmazrqgtKHNOyW7e8ITPtK2Ip6LW3XEb7MSaz8jQ+ iQqQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=UL0+bf7J; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 00721157ae682-7a36ea2ba0bsi5834917b3.2.2026.04.07.07.23.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:27 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ECWm8CMxVjZBeMXX6L6iz+1gCRTsYS3cRUwEYOe7x4U31EzjAU1it0Gdg82N2Wersbxszqe24RISR0yMt6Vl9AKIiR31ZcQEtBoBi2suKOSHy/U+JUsLtxl7e17f8hQ0PUxX5hH1I2LupK98PT4N7RHCMe5A6O8xq1tXGmWLibBJpd9g8pb0Gvz6le1KbWKvA9Psv+pwO7r96I7TYQAbwwawqE1WyrY3/inGORjWnIN67FuJ4Upkp4fjJOc8OXIHRyEjL5Yi7SD3I4/vgjeMT0w1Vh1EzHfkEIAHQ4ebvyLMBqxDE7ByqDj8dPA/7DDOeHaRtwsiRTTd8PtdZm9rOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kBfWAWGnjbGioxxz/IhtQ6sjjyrQF4un+XInRNViyKs=; b=L2ix47q0HnanUfqbAehhQHSQJJPdGgen3s6xpnfIJHXR5vryffqT20hw7QCiT8i+zIci4pWTcCCiWw7TLgKpbaS/n2AjxPBq1uVc4XzL4Z9usY89QLs4+DqZUUY54iI9RlLWbAixl87Gr0ALlCqNYn2rK7i4p8R0ZWxpKOD6UQ78yn7vrHf8s+eYjgQdCfqJFnC3DT9X1fEP8C4OUtOt0safHxhe6w7T0Ls1WywhkAs9KkhJoTAQdR9K3+Ou6iPccf4IUlFTAxcExqxU/Rx2SLNwOHLzmMQZ8UO9j7+m+Z5g+n7Ygs1NBGuAJjPk63NuZLeRdgP2C+Br0y3fyGJBbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:25 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:25 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 08/16] use bitbake function to generate mounting scripts Date: Tue, 7 Apr 2026 16:23:02 +0200 Message-ID: <20260407142310.2327696-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: b10f2235-90fc-49a7-5de1-08de94b139e1 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: Q0Fx7aIblQ9Eo4mZeZpZ2qpjKz7OevcS1f2le+2g38SJ3yUOdpAN3QJd6u4/gx9lCDB8yRnMYyKM8JX2PMdACkRCkkcJ1s5ttc3klQ/MNkjsfVrOJVWfcJbc2VRF9ro1nIs9NZTQ8T9Gw6AvnNiFiJF0IIqnQ7vUD2pQQSPbaEDNW/xv4G7B0s2usVofcbANTU918BnIpelLhW6ElZWQlrS6S0vzObZ5XysTnlHaXV2/3Zqw8n1bB9LhOozYVTl7IyMKgU/i8c8M1XZi3pDqnFW2VZaAcdZuPdVk0TEzkqimTCleVB1eCNahO3PDC/Wr2zn8NpbvCKD2u2mZtx7QYHxuY2x+LxFGf5cUjhJP6krj0A9OK7i34KICfcfq0Dsz+j3dxfQunmywAwyWzvuguEhBoEb1qHQXqkzYkLeTF5pdBPf6srA6pJfYjQqSTOefJwuco/CIoK8jxQGv6aghxRGCafGGtKxXZe8jyz7m4j6zpvSGadoJN5d9GFkgz4a/4itP5UJVS9MoQAFSaZ5YxolJOm8fZbxKtk3REA3tWHi7JyD9vdBP6iz44oRe1yUVLubiWoRZ29Rsc+pfqs7l1GiaQKppXovCA9lhBEgfYuwskWED6mPqR0KwcxOW6OJ7INB146Mzb2JFPq2v7NJWuulOkfnT5f2J7QvCqC3TsoTSJwH6rIGxueYTYjZE1DuvQpejakwLrlu9vtH4wQ2RXbo3q9zC41uvSJ6WwTuLkzI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: txaNdZK2zaK9CJ/WhtL7DCcOMuBl2HC7vY5Rcs8kalTzzF4xr2ImM45bKRIvO6X7BhsgtHkxohVUUhpt8pYBlXyrrjba6DqzMUL2N6eEjS6Ytb3m0WutsbEbkserjY4mCwXpPE074AJ0L3oXgjd9uduOiZXOsUg7Cjk95NXBPTbwCl1H8wBfEz8+sjczv18/xqzZaOpj1mJgWB0wBc5t0jsMEXohG5Oyi84t51zdxBX9qrxNOLRKAHkbc9dI8KDraSzSSl4ZsEPr3GzTEXSdAFY9m0n1U/RoXAhiOHR0+d1V6yA1WSKKdrl80eXMkfoGrjGyNFpwDZfMP2EO3r758k8jwerxOya9vmLnzCMx89VCkwxjUEHVnQGZdFj2eumKhfWpS2aQSjvHyi71U98o35od7LTJo6ssX4imeWGTkJLI4ibXLGe8U+5dud2JHULhyiHIw0YjbYpJuCJJGY8qSrlUcBMFuA4NZo0i9tYlxbBZDN/KxZyF2n8QyrnCHA0PxGiOFS4l1k4nj5UaPCeWlLfb8xLJzhF14FeFndKvT4Iu61Cm6gZUL6wFVCPZR7GCIUxiTOEbNrQXY1g8ZvJ/24K99/XNRL13I9/fgx3Z0jSky4i7Pcf/BnYK7On43Ey7NPRljosZHprKj8wCPvIO++8pMAU+awD9OfEnd72278pC/+PKHVX+ggfDEIXU+aSd5sZir6bLYQmQtHCA+mW8A8Vfo+2k59u1LTvXF6lFkdLdyOletYbohbMZN6GHy3kA3gFwaNxXn9JHyLADhk72x+pU9YGEIZBmUbywOL2t+xyHMg+fxbarJsAkjfYYr0QsfguF/0oUQp4iu9E+tPhRIMyjyy6LMsw9YQpOGcTRcId4K1BnBpDWWZM5Gv/XnES61NK2SVVl81cGKqfpP0rawBI+dyWW/6fiYm5Sw0kM5IYCZj1uMn9dxOTMtJ86HGiSxVkEgdqr7WoAHuGQ1B+0OBnw8N+0/fqi0w2cVvOEtrJ5zTwYCGapVNOMzJ/WPdQVWJSV+oF6A4n7VmdSsuTyNRlnau+1h45X7Y+DXT570+yeYvU2KpQPh7hmfy1cWL6LseSRpYsyGTWuN7RC+HvlmQaJHWgu3rNFl0jBWXgJRMPxZwhmtDQfY5qOmCmoyMY90pxy4LTLbXSRpTvCRMp7IfqufchYivjVwb43HaccBHCVXyJ6Qqy2GK3yrT1v9jZTK3KwjXmgPWcv8fVTdZuT0WrlrIJWozLfNTuefeiNuIgb85zPBqSsi8cWsUxUgZH2O5bz0e6jXSpJonfpNBMsbRMLqMaOch0cLgHnzgJsW5ITjXD/FoDfJ1oTz7a3AdGvFakcQWfOo7OdDkI+d/YHnpJZhzaSyrH29vqPUPrEafm/8AKDyN+UII6XfhP983ZAwWe5htJBu4yde38B66HsdoAEKL9rOI6vmBiW2oRbEwr/zPPigP25EyU+CmDEhH/xgXQzA8FXbQUYf2A7WBNAQHhE+JS7LvjeH8POgpydayHCMqE7940gMPXgCx3ue1Cp8XRTZU+Nz7YDt8oyXiVB/3UyceWlEN+5m4m3EwMTrevKEsXbko6kMXahujNbnS0re47zHajlU1GhN+DM/B6OZrOQ6j3ll5LR0+tDpVoi7uIOZm3OQ8/j5mBzUwrzaUBy8zwV6RHgbaxWwoytOalrDghgi94Sq1V+qzadPKJ8lW0i0pPtxiv6KC9FU5qpEI1oOfvsu3IRf/vjt6DZT7wslseQbpA4kVk7RAsvX/lJVtc= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: b10f2235-90fc-49a7-5de1-08de94b139e1 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:23.5769 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IPzqnpA6sWRxyGopr8O1RxOZYdvldWmDRpKkeqUVGvZtjwRKoOpxfzPuhAsnCdJ9JqMRKd+5QlIgB8cli04FPN2+RIHLZGDlyyLbw2T4MJM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=UL0+bf7J; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By introducing a bitbake python function (a code generator) to generate the mount shell code, we make it reusable within here documents where external shell functions cannot be called. Signed-off-by: Felix Moessbauer --- meta/classes-global/base.bbclass | 18 +++++++++++ meta/classes-recipe/rootfs.bbclass | 49 ++++++++---------------------- 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index d4dbbc3a..90e4525e 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -379,6 +379,24 @@ def deb_list_beautify(d, varname): # Helpers for privileged execution. Only the non-underscore functions # shall be used outside of this class. +def insert_isar_mounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + inner_full = os.path.join(rootfs, inner[1:]) + lines.append('mkdir -p {}'.format(inner_full)) + lines.append('mount -o bind,private {} {}'.format(host, inner_full)) + return '\n'.join(lines) + +def insert_isar_umounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + mp = '{}/{}'.format(rootfs, inner) + lines.append('mountpoint -q {} && umount {}'.format(mp, mp)) + lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) + return '\n'.join(lines) + def run_privileged_cmd(d): cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 60ea66ed..7352a87c 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -49,6 +49,16 @@ ROOTFS_PACKAGE_SUFFIX ?= "${PN}-${DISTRO}-${DISTRO_ARCH}" # path to deploy stubbed versions of initrd update scripts during do_rootfs_install ROOTFS_STUBS_DIR = "/usr/local/isar-sbin" +# list of : or mount entries +ROOTFS_MOUNTS ??= "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt ${WORKDIR}:/isar-work" + +python () { + mounts = d.getVar('ROOTFS_MOUNTS', False) + if d.getVar('ISAR_USE_CACHED_BASE_REPO') and not ':/base-apt' in mounts: + base_apt = '{}:/base-apt'.format(d.getVar('REPO_BASE_DIR')) + d.setVar('ROOTFS_MOUNTS', '{} {}'.format(mounts, base_apt)) +} + # helper to compute the rootfs distro also under cross building def get_rootfs_distro(d): host_arch = d.getVar('HOST_ARCH') @@ -154,50 +164,15 @@ rootfs_do_mounts() { mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' fi - # Mount isar-apt if the directory does not exist or if it is empty - # This prevents overwriting something that was copied there - if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ - [ "$(find '${ROOTFSDIR}/isar-apt' -maxdepth 1 -mindepth 1 | wc -l)" = "0" ] - then - mkdir -p '${ROOTFSDIR}/isar-apt' - mountpoint -q '${ROOTFSDIR}/isar-apt' || \ - mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' - fi - - if [ ! -e '$ROOTFSDIR'/isar-work ]; then - mkdir -p '${ROOTFSDIR}/isar-work' - mountpoint -q '${ROOTFSDIR}/isar-work' || \ - mount -o bind,private '${WORKDIR}' '${ROOTFSDIR}/isar-work' - fi - - # Mount base-apt if 'ISAR_USE_CACHED_BASE_REPO' is set - if [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')))}" = 'True' ] - then - mkdir -p '${ROOTFSDIR}/base-apt' - mountpoint -q '${ROOTFSDIR}/base-apt' || \ - mount -o bind,private '${REPO_BASE_DIR}' '${ROOTFSDIR}/base-apt' - fi - + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} EOSUDO } rootfs_do_umounts() { run_privileged_heredoc <<'EOSUDO' set -e - if mountpoint -q '${ROOTFSDIR}/isar-apt'; then - umount '${ROOTFSDIR}/isar-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-apt - fi - if mountpoint -q '${ROOTFSDIR}/base-apt'; then - umount '${ROOTFSDIR}/base-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt - fi - - if mountpoint -q '${ROOTFSDIR}/isar-work'; then - umount '${ROOTFSDIR}/isar-work' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-work - fi + ${@insert_isar_umounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} if mountpoint -q '${ROOTFSDIR}/dev/pts'; then umount '${ROOTFSDIR}/dev/pts' From patchwork Tue Apr 7 14:23:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5015 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:37 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-yx1-f60.google.com (mail-yx1-f60.google.com [74.125.224.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENZ4G015060 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:36 +0200 Received: by mail-yx1-f60.google.com with SMTP id 956f58d0204a3-6505ef16c28sf5817939d50.2 for ; Tue, 07 Apr 2026 07:23:36 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571809; cv=pass; d=google.com; s=arc-20240605; b=FYzimuEOoF5QE2xlP9uP+CxuAAvlu5aTsfMlKwcW9fB/fBbO32AKVW0/yFRal23FmD ARY68OTvv3KDqaxaLXD0QOGIoSjbRf2QfFbo3BbhaFQJIvXIyvO8KhyDB6WCEuNL6PAo Vw/q0zCL5xyk7fmbYlTdWYXnrtR1zZPQ1UKbhxCGF6PI6X40boUXQiegxiFYbXbyRvYJ lcebnxhnq5tN0mUzRg37Sy1qoQVdkL1wrgwyApChY7MJFOl78hov4ErijVay5VH2wGLt xSkwvQpnDm7ZGVOVOKCvEFrW027R2aKvwXWm5t8bkqVhCdMGOfMl/BMhvfEBBhxsWNCT dJTw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=woJT7jmwoxJ4VjP6ekk087fq708BTfOnoM/td00h5lQ=; fh=pMYLw1GFn9oyhQkT8PJtk2VmSqAYADR5B9luZ8Aia4g=; b=AZsLgKZ1T8ALxm05BXp2+CcZ2SOoA3T+Rt+nYwP/RILTKWliCvG/9Y8c6+j0I2hNZv WRStWroEgb9OWZ5EKXVi650v4dCrkizg79yU3eZGHeX7IHKFXDoWX5kpIVztKmItRafH M0XUGKszt6ypTQWJSc595SysnSqsywVU+3dDkkAuaQrpSas9kqiLrxLvzLRE/r+kGSHG YepEzeOr5HPn+GBrwpbEiXbz4tWQlrxKFSEJXxRa+VqH04+Aw37iAKjAT3dsqyVsMf6j FGX9Df01fpf06eMQPnD9pHwkar/1iL8DUif6p747d7WDMjp5j6AiiSHHGSXlKvB7wPsI 4fNA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=dHXK5SUz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571809; x=1776176609; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=woJT7jmwoxJ4VjP6ekk087fq708BTfOnoM/td00h5lQ=; b=a6W4RL6kMfOOS4WbE3Zg8tnJrnMPZ2kT0qAYK1xoDF2y15f4GCaDefDcfPVnDC6MjQ RNnYf62IBrnRdjHgDJcYY7ycDwmBtXRggIUsZLANcxbqJtZAR7WX09w7oxW9yVi6xXAL hpgHxwgfOZuclcNJ++P6ze4MYQNLYF4CnS7TN8jNrx+K6+vWoOZ5f7PHgih6D5irnjNf PldegpDoXRFQ5s7oZHRaP2GozvSQ71dsafpD2oTCvH7gqVv0nqApI+WFw9irxBIyk0Kp LVfhNAreDq5NDUYpCW+Nj7AhG3RUNrJ4L4ejk1M+eFiGafYrKIkJsJUTkgiQCpqcyqdh HsWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571809; x=1776176609; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=woJT7jmwoxJ4VjP6ekk087fq708BTfOnoM/td00h5lQ=; b=XfNEkNwXRlx/kY3kyLYHCyF8LOHYWy9H4i0AX1j31WKHQkErQ5+6R3o6FC1/UiNxD+ 3Ihz8SOoqxKIE/asyd8fciAw7i4GJMFkIufI1u/VZyG4JJH7GtGY+Yfz7NB/7pUxyG6U 285VTaiQ4PTvGVrtsWIWYmSZOg+CEPZn6qD2WrJy3cLD4sZ3IwsRT0vB/EkzLQ0Ln8wv GV99Cbfqtt1K7BOi55Ls6yTamKy0eHgHyNjiXTLzkC56h3Glp/NcCU8DYFVfv8P7nDHM BpJs7JopIhLwH4tWL4Y5DTZOz8/OOSK/1q8rAjcz7SAjGBu+Vo+kA+f/rTciE+WuCOFM 2PbA== X-Forwarded-Encrypted: i=3; AJvYcCXugH8sLD/wzkg8OjSg0P6auPvtwhty2xVfFUVP7wjjvHiSGo/Sp+h9D1t0zQpXAz7PF0MnZkQ=@isar-build.org X-Gm-Message-State: AOJu0YzB8/B9HmJEbkRTgpJaHZ/Gnls9L+dkkosZAnHaVa3RjyHIm4Q9 J6E4yHNxpoZx5OtOiIkzjvHxnWE599YkhYF6D7D2Ys+UGHY6qCOSw8JO X-Received: by 2002:a53:c445:0:b0:64d:5742:5ab0 with SMTP id 956f58d0204a3-65048814cf0mr12127115d50.43.1775571809057; Tue, 07 Apr 2026 07:23:29 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiIBKkbmUpe+TPQWV58QHSd2bQzwp3OmQNRzYUHRAv4q1w==" Received: by 2002:a53:bc11:0:b0:650:73c9:4f25 with SMTP id 956f58d0204a3-65073c954cels1756841d50.0.-pod-prod-06-us; Tue, 07 Apr 2026 07:23:28 -0700 (PDT) X-Received: by 2002:a05:690c:83:b0:79f:3715:1980 with SMTP id 00721157ae682-7a4d31e8531mr177190587b3.12.1775571807927; Tue, 07 Apr 2026 07:23:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571807; cv=pass; d=google.com; s=arc-20240605; b=FgDFA1XVrW62LEIlBXUqDvY9rD4LxeYZIQ5Cv11tz9NtYL6+62HeYdwI2V0sdCUiAR DCMz5BuLD+XhP17MLHuwY5gVZ+t4+BWm4Cb9J9HFk5kteSnzduwG4t64VgGrhlYiQM5V SlidZ/C5So5dgHw3xcNwWAtSCLM4Y87K71JWIy1H7h3sQTHh2CUMPU8P8XesVMYpHLk0 KCbzO4WvmPXfAnPrJpHcdyHTaKjD78oyDjgedrELjF6yedFnvRaxub2ecXzmNv1RAv72 pB5w86ERT6qmavs1nBkGoR+IvLav0s9N3CkEvedLKp6UFeqZMAvOz8r3TNR3VMqRfCWX dIcw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Js3FfYkNMPYiyBwRXmAgwLDtJkDmbK4hz2AkYnRTib7CQDxpFMy3GYLhgjpND+iMfe 6Pof3iaulhhXkB5BBYzjfOXQsrKQ6l4idh5vIKrPJ/Ntol8Trz5MSTWLHB/YrXt5+mwj gezqTaBC/0ui+oFyscwLB4R48WcEoSEVdk+iux5Hi09VAK75qw+o88lm7/tHniJ9Jlny V+L0ly4g2Evsxdg9rvFkg8tPQoTbu1fzBw+QV/kBILiJlEkK5524dqkV+xBh03bPSBVT +7luo6Co104XVwBKd0CciKCsBv5O2Cni8HHDyONc78i8WWHIqmu8RC7PgcykONr2u9Pf tJfQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=dHXK5SUz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 00721157ae682-7a36ea2ba0bsi5834917b3.2.2026.04.07.07.23.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:27 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Dw9P74jkCo6i7lwa78Y8Uj4UhUzxiprpnR517q+Obnh+BfnRyIvOBoGWpCQsRMXvZnEm7NqjcEDl0R2FiCiL8aNk2sQ/SR2pty1veZ1T05YjGGdCQMCpsXWoI/A52UGyTmOffDn4TM8nSyJ7l04hhWyy7yWKjUjAjIf3TjTjXghRvKfBoF2zhu9Xmr8tIQBz1oiaP6x1Cm7euEOSCBj9WuAKAniS9CPj771i8GS1u/BiuW/D0ob9kg095Yg7Pp9kkIbYg6y+F+QosCdTPAfEgA8scvZv1djYNlvXEvpNLAzFs1jSjKSVlwUfv68DiNaMyD0Dza1fNO1cR3uu6Yj/Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; b=lCdjuDOMLL6D3siozJOm+gbSIzAjSGLV6RvYTHAtmYYm9Xjxm06TgWgvecJFcTkh/kROHBakJ3QIz3fQ4dHaswvQd9Ag5N8xKhhFifsxs7kHeNq+FhsoETu0lrBtoZRx5y4LOiwP68HQ8x8uapA2jCDKNWkB2ShdNiO+KmapjJ5a+UvhHTcqo64IZ1pXTjBGgk9RPQDSBWcJOrNh4GkzL+IHPHKSAdH9NeOVOGTqmHqvN3czjwe44OgR2jR4aT2xQQ4jS5Z0pYa20C+0OG7KvERH79de0dt7urK7OwqMEPUdMuNF7NoEyNuRiMUCAu7m2pE44p2r48mmlwd5AXZ3hg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:25 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:25 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 09/16] apt-fetcher: prepare for chroot specific fetching Date: Tue, 7 Apr 2026 16:23:03 +0200 Message-ID: <20260407142310.2327696-10-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 3d4f2a1a-0684-4b84-fd6a-08de94b13a34 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: WdEgLNJt6VFc/ag3dSkvsFpDMbfjDlpRLQJmzhiCS2O7hfS6HxBUrRM9LFO1UsD38MS6uXNWR4f+xlBRx4zp0PhP+r8zYb3HNjrznwVLVCP3KqcA8wR463UGLvJu9dFDfgUmxpkJHQWIWoOqRsCjllIdhDHCwIRAUSRwNUOIC8iNBbLO6NzHBXoaeIBqPdl9i5awy0/X/VVH8Yb+o+jIeHI+smACTZyaC1PQmrpjDPpUm8wRgnNmtGuQQ4FSYWvHEI0tIE9ryhSPSEJeN89h8qbYUD5rOHS3xo+aaqXAypXnqJSKSwjxWOUx/rsL+sjhSqCxgRS+aTg1fOjSusf5TBBsJ/KdpwEweJAJzTcko+t3mWg6+w+lpFb6xgsgnhnJNdP8g8X4Pta87nsGDU3Y2c0WTUW01Qguu+ywCG8nvCFtt1Paw9NUhw/KptNOINGy/8uTiYkn0NCp4AMwQQ/nH75Lqovn1GLuD57zmhMMDhqqfrq/ZTHnXnGZ9NKGCCuG3STX/Ps6uXZNW7IZsMJEHiUktGhbR9T+SqlX3Qdq0mByPdUmbpkMR84MCxcf820jHrB8Sr0D9FT8RusaA4TLfViHXWwYe3hEzPDPfqdDUdv2S8G7p5bUYllo+hLOzf4tYNvRiUcS0vaC24xbZB12RFOlE1WIQ26LnZe8aOWtoxG3uz0Rga3nXAjx5Dl40R2i/b/6H4wtFfiwSdjgBYxU6qgWSU+4bXmKrJZ8XS0O2Yw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 1WtogwpKm+2LY7rT/HRKY7eDo+jwfCpZ3Z6rR2ujiIP4HUhAQzlK6wZ7SYTcALZg9kUyD80JWdAVzFOvj3QdtJUj+3gJO92AYh6ZD1nFx2D4p5GOoqpJoKZnMw7PC2j+oa9ZzTnQDaYYhs40CxS5YJyzI3LuC9gHGA0SI/7H/+HU2X5Gdjq4WgNWfuiJZmx4DxYnqF5FsLag7tXC/20f5R/YW5UpQzShyUGJnkL2ZAH7n2z+ytSruP/Dp/McOioY9CE9J0wq07gsS+VIH63/dDaAAzLLoXncm9P7pxBUww+3y4w2+vIASnkYeio+XIpB4H+TyxpOIkkTSjmgNNydAQnLVLICRyji78+6b3l/JAULSgL50N44C9mpGcxMfws6DdXIEc3ilwbu/STtit1vAYUWLxLbZFJ0ZzdygTUVYgTtMd5ZZ4ypPio3JkLDHRbcG2I3Wolo2/XBCadMeSxhub2zgSgUvBuLCvb+HcqTWdMCw3ACQ5C0utSNqVStOlOx0KuOf0i+4df3rUsrH7CpkzBT2UUwl/kfgwfabIesOze7henp6SV6Rwb8oz3CfGZ3CbaYYqeRS75Ine6bHMdw0D3jiE+vzRs3L90H7/bUaHNclcQRsbCDQN4wiAG3wY0tysNrbZT6aq6VAmqORUtgnuVMRs0riuNNFMghqiquyQh7FuH3gCfHGMvHSrAVGfShYMQQVDPm92S/owY1IzOHoAcrnb/6O7Kco5jElqxO/DsMd117yvBSV44IC/xKo2+qVscnVi0U5ftDg3GLAJ+kj3mGcCwCu4KA70JLpj8LI4SuEbsnKC8wJBuTjZthZi1QEYYof2/oIHEQ/EytJ3e8MOv4ANkhDxlNAAO3HVhSdeQrW0IMPxkZk/NDuD9AB4z4UdEvwCXIIPNQt3Jz+PQX4GRollb+Vg2hRODSVTSzpBqo1t5A7ePdN8X2BEAhHYXv/VOMfbcBFbuLkMRiQhOTnOxgQPWUDsxRU9avVYcsYknByUE+CXZiI9bRNPka/q1H2wcMSkD+xTQsOPn3MSQ/+13GXNPrRrCPT4Dsl9OwMszZ9D3KsMy6yaIBfymg9CIASPcDPJNy2Es4xAWBtKHzZ26OQ+0l3ScKmtxT22QFajMLGp1KC0sfwoOk4HAMSIBylsJCoNIsmhTPDyHTV2T7m+tkgw6H0rgnuXZmjFKJykNtO0nqflMKU1UQpH4fXYQ1vVeDTfe4M1LGdE1iW+8pMiDu/2J+fkNPtRbgpvGxQ9UmX7abF4z8RmBprfzG6Ekuwce94nsPTlsNzsz/BBEUbeC5FOnA5i8CNVdARo0nk8huER23VN5bDe3WPVUWNVX6FyVt1YV00eijuChUOKaZzPsZ0cWsET6O6u2nXlZ7mHmei2f9YlntXuDKbSK3gG/eVyht+zB7shgQxF8DKVDF+KOJgt+s+ac/ZGuVCpjwNkGWa8B5ltGfd1IEClGygs+FaBWyyb4szZJldV0T4dwOoA9HK8u2gqLhGmRz9/lMY2pmnUIHed/cDus2fXVdueoPSRZELP2OKVZpMDqvmezGcpcli1KqbcYDMVyAFkzDlv5cEOqBVw3csgsMLtspF4UWQCP55CnoObcAKzavIjUNyVH4u3q5HkThAwKeT8PnECA/cAago+45mqwYFDIDR1hUQgvCQxOgTSoUz+y5jUEAn8AfRItMyEt155BdKUFkyGko3Vm8Ka7RcjURkhd6IVs3qw8eqQyRW5XXTB9CIzX5qgJI3DiR6sz21DElJ9JLCs4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3d4f2a1a-0684-4b84-fd6a-08de94b13a34 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:24.1193 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mmuXyYferoZu71oh9yf4h/LNcfJ5VUTI4verk2ygXN4LLQx2CXgbz57bw740ROPa+3I98agK85JSNyxQRC5xYntS95JDJa5VWR9pP3tw77Y= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=dHXK5SUz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The implementation of the fetching depends on the chroot mode (e.g. schroot or unshare). As a preparation for the unshare mode, we hide the concrete fetcher implementation behind a factory, so that we will be able to dispatch based on the mode. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/lib/aptsrc_fetcher.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e5987554..e8721c79 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -84,7 +84,7 @@ python() { # apt-src fetcher import aptsrc_fetcher - methods.append(aptsrc_fetcher.AptSrc()) + methods.append(aptsrc_fetcher.AptSrc.create(d)) src_uri = (d.getVar('SRC_URI', False) or "").split() for u in src_uri: diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index da2d94c2..1d133aae 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -9,6 +9,10 @@ from bb.fetch2 import logger from bb.fetch2 import runfetchcmd class AptSrc(FetchMethod): + @classmethod + def create(cls, d): + return AptSrcSchroot() + def supports(self, ud, d): return ud.type in ['apt'] @@ -20,6 +24,11 @@ class AptSrc(FetchMethod): codename = d.getVar('BASE_DISTRO_CODENAME') ud.localfile='deb-src/' + base_distro + '-' + codename + '/' + ud.host + def clean(self, ud, d): + bb.utils.remove(ud.localpath, recurse=True) + + +class AptSrcSchroot(AptSrc): def download(self, ud, d): bb.utils.exec_flat_python_func('isar_export_proxies', d) bb.build.exec_func('schroot_create_configs', d) @@ -83,6 +92,3 @@ class AptSrc(FetchMethod): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) - - def clean(self, ud, d): - bb.utils.remove(ud.localpath, recurse=True) From patchwork Tue Apr 7 14:23:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5018 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f63.google.com (mail-oo1-f63.google.com [209.85.161.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENd3T015393 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:40 +0200 Received: by mail-oo1-f63.google.com with SMTP id 006d021491bc7-67a1e063795sf13497214eaf.1 for ; Tue, 07 Apr 2026 07:23:39 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571814; cv=pass; d=google.com; s=arc-20240605; b=BRBFACN3eRBL6VRotpZbtJXj4fRoZOEBlQv+kmYkNbtfOG8fuYLPg7VKJ5IfNpRicb YYzBK9BRtwNfohyrCnR3+113aWz3i3WChPTltbHZk+9sYtN0v9T+FX78C82tZ80hf3/f WM8gh1tJV6RqR2DCeoi123tWqKFtUxWRw1Q3WHHbfCmTWB3TjKp7a+mchE7YtRPZmDdC lymaka4ZT9ibFe/3Ujl+ZkRNfhfoDXXf7tvzsAC2swPDNOc3+qhyok4V7wl/d6XMV2BK DzH3AK+IXUGwsJ2RmTKz3FhOWy9EIfwFavivVqMcb4yMmyG0dDE1kNQU4heRkmY7PUvd aTgA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=wBAU5d+h88nr5R2U/QbZO53d6U+3FNxdDieHt7UHdf4=; fh=FfV2gL3vPBnbmRmAkDgyQCGNgv7ICMqep46XM+a/pwk=; b=dR1hdpmt37HGrSqj5UF1IU7Q46YY4PfZTS28j7c/HqL3pDtf7qN5tpoAfz56jXRTAR lS0vWBpdg7H3lTeVseg8U3eJiFTAp54FgcsoRkV8cF8F6bt/USfQDMl7nXQ+MYI/lJo7 E+dmZ808HwB+4rD8Cc4Q5/L9Rrpn7u8fQ9OQQ2BPj+St1ABUcii3gK37DnfUK0L8xQN+ tdxuBZUm3Sms/5uznlU7v2O+OCZ2AMUIXeQVS5tXTA0A4xKc35x6+KSlLWxeGUIW9YUT 6cVBdRKHsiLv1H9RHlCXgCEgsXbAePJX+rJOK7VqGhGN6GXuc22W7rbbrIeTFVCPZwDJ 0HsA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MWPIrwtf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571814; x=1776176614; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=wBAU5d+h88nr5R2U/QbZO53d6U+3FNxdDieHt7UHdf4=; b=JKxc5+fYbGabxd9tXlyeqmSIVS1nGzW8BTqGbEWI8izIToqY4fjpWk7jRUk5pY1Yrq 6GkED9Tlihe+tQ3EB5+4BKZc/PzpIpzniAXq4wNkpgMxRbDO1KvamgmRIz6SHZ4GUZKf bdMTq0r0ab4YBE1FtHQQnOx6l2Igujr2i/ys+CsOHEjvd91VBxOVdn4nlzT+9BmI9uiT TIMl4EA5TgeJvQnFPWE9a0dnznFaivLcF4D1aGRWvi2pnsmfZaw7vJ07Vb55m7wIqPW+ H6BPh8qWiLzdlKMTKYADJFxN5mr4ykR2tJNC90oN7hv0pkuPq9+vgjOwhSf6mC+XDvOe skYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571814; x=1776176614; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wBAU5d+h88nr5R2U/QbZO53d6U+3FNxdDieHt7UHdf4=; b=nJhNUsIM9MRfnQ/ZYQzUp0uZ5OMDXYxQPj5dpBeKfn2roAXl6Huc+2YG2hQROzeoZC d5+Lq7EiWPA9Kvtrgu6IOcy+FDmxyP7nmSy+8e2+8BEexQYx73DgMGAulvxc0r1Pj9gg KPZMxpPVS2OSE0lyzyku0vXlPVW67ZhKfYI7ypmdAgfW+LTwpdOdzRdodErslge8EbjE GEdieC5/Tlv+iC64HVtM07XpcRNf2JIPqMK4gcGJH1APMXDsDOv90Qs5I34Ymss00luw XrW13Yd8fa1fL+RwSeZBqM/qYA5mkuDVy52sqrmg01y/jiEALepvoaolFrwSkBFqiRoa 8wcg== X-Forwarded-Encrypted: i=3; AJvYcCV1wuVFz2DqisI+ivRtahVTllW3TgkHwGRkKdoLMk/rSBnv24cBm3JglmnXvwK8PNAqEL0ElCQ=@isar-build.org X-Gm-Message-State: AOJu0YynjaOWYr9MRzGLOXK5Mr+xyWjV3byqrzaSsf4HJ1Y6rgUW75le dEQUtun3gx65/Euvc0pnZKuZoKZRvH6KhkuHCD87GBePA3Cf2hk+tv0D X-Received: by 2002:a05:6820:1ca2:b0:687:2d4e:8500 with SMTP id 006d021491bc7-6872d4e9619mr2378428eaf.14.1775571813632; Tue, 07 Apr 2026 07:23:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiJ/JlTI8ZpP2kDH4pevxvuQNCOjzWI6uOC9aOwPo6QgAA==" Received: by 2002:a05:6870:d69f:b0:41c:3f51:3b83 with SMTP id 586e51a60fabf-423307d36dals644996fac.0.-pod-prod-00-us-canary; Tue, 07 Apr 2026 07:23:32 -0700 (PDT) X-Received: by 2002:a05:6808:10ca:b0:472:8b95:f516 with SMTP id 5614622812f47-4728b95f6fdmr3711576b6e.3.1775571812711; Tue, 07 Apr 2026 07:23:32 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571812; cv=pass; d=google.com; s=arc-20240605; b=dEZlploefe9TB0xNYWNQ46F9hWGEana4EM5L80tVx8qblz5o/SsHpYsazJHBCzwER9 8Ctq5OVuLBPVYbwLQbVMguMEy3TdpnA/kFv+3ZTJuf4jr1LMkfw01MEkzqf0t5QP/HbV ErRNaILpF//on5PLenspRV/dZ6ZXbxmowuBmk+lw7UKUsTH1/O3R9Yx0U//GWnKsEZJW 4JyPI/M9c6QbkGm8MreqHWNS8WDm/5SA0h3OmH2uWbYXJX58jzjWr2usbryAFdNkL1dp RQh5+DNuYfLLKZg7dWERN0iCkOGXFb60mdSOtxn7nXkZxvTE1BL0eMghZPhFUuruV7Oi cedg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=EqH6sREdX7byMOIkrAnha5MlYZz/tUgeyHbyVb8R4Z4=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=jXE/jUCXCG3oZ24iEIa+acIWyuPEzJXzJaLDNnzr+OarwpRhxe2QmtVlqILX2hdm2h uSLpDV6n/odOik/oSkTuJAU/pPGzsAP99NLrtMaysCFT2Pp6c4JnIQxREzsMxKIGZiW+ 3Au8BmF5Kx54zlyHX1J6TO2k1HCNrcnCk0+CYe1FHUONNDjFfZZ5wL0MFukA9pIDm912 44DMzJxk4hn8PSzhoHtWkvFHtqBRlQydLMa5wvtmar7nyg3tZCXMYvPFy6cx6yIcrcc4 /yA341ByCCj5h2lUUVxnVpEpD0SK27ohrdpUHzTTCok5PlYUtHU5hgLxXwazGPcvhnzO W6Ow==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MWPIrwtf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazlp170130006.outbound.protection.outlook.com. [2a01:111:f403:c201::6]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-422eb1b0825si579808fac.4.2026.04.07.07.23.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:32 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) client-ip=2a01:111:f403:c201::6; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OkHdDEAfB/u7QLPWWsyDwsPgongTSoylM5UHqLmqh3eg/Oh59jXwelTig0CW+cCemGb+SsH3CU46BNcqOMHzhEZdulnrd2z1WCrLbT1FA4/X+c3y3iw82jabFE55bKpu86vcKe28Rtm5OUe71Tnz+pI3eHqehKv0PpOT9bt0mPjJh3FNHWxh95x/7zuWc+6r8aRasDtoDbXC2d9H9DPzam27Jn2UPsjtkh9Smos3ic5ONpPPlpzisPKv8/rZEeCzRhYVDjsnK3hbTIXf+EVTB4AGkhHYlKPvz9LQh++lrcTeD1HD1++Dk0C/37NQHlIMsOLmwL8i4bfI6ukxdM/0Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EqH6sREdX7byMOIkrAnha5MlYZz/tUgeyHbyVb8R4Z4=; b=E3x1ZGTRgzBOIq9vGXMfmom5H4oLfpF09lY4XxUBPFJsu4Kn/UYtc3cv4yhm9lYHFKBXrmYWgVEH5BxjWIVh2QA8skuKWOYRV8gjEuJ+NLjQMw1nyUFX/Kak15lX4bso6znPambyWykA7ophcvafsQ5G86f2U88F4nEJLud1aiVbp2MH62o9IXcWjvZL2PcEoFsQG4isWg/5a+cVFjMzGm9n73lu69YIEJbBCrvM0O0Q/hSk7OugZgM3bjb8qPaO6BgMxRYq5NxftnhlEbpEX/c1VnsOW94WLmctcxtj/Sdt+0HqdB9EKk2Sp+5yzvdokd01IL4aTL9x3FRGfOj0Ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:25 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:25 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 10/16] add support for fully rootless builds Date: Tue, 7 Apr 2026 16:23:04 +0200 Message-ID: <20260407142310.2327696-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 5e641c51-9046-4774-718d-08de94b13a89 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: 5kbbwLofsMWUcMe9qcn4ROkGca48pUQMkVIM3KnJX3fintLGLa4uqJVG8in9UEf7NEwCNtOryE6y+M9Mh0YVhAk8gIRrs5IhFtOVw9356t+/Lv7Ar1+4mDIuBrdDnb5ei8oOcpbhsrM5TPhjaHtdUCjw2XfH3ZsiW3+qxr2bEKBRs02oWDfiRAScvPnU7VkXyDSpoBuKeV2+0alnfdJQb4vk6T393NznQkDpY3lLSU/+YkGDyPGfinXhWtzL0LCtsLd4KEy2gWYvSpSE1UD8DMtZnmj3n/xaifyotyDOWL0ryMMjIlThdAdk/f7z54C8H7Ch6DhV50qTpUi/k6kAhfbUHiJSRVpp/S79H54xVBn0e2/aYJaUW6v/JKZ7ksdoKpphaHo1Xm+tpEERuFNRWfe/FTRjDW1OH+EHWAQtXmEPL6cZYVo2fhMYVtGIFKsMXkZjzArU8kl9MWDkgT8ZN2bSNrBErD4a4pc2NbRozFArYBKNivhg/7uNHvKRIhdO9XGWGdHUOX7Z698hMu6dpsMNo97tbsmqP2Yq2YBIPmRQZqRRF/T6dg0V8RAZoLZl2qSYKkh/cum+pyy+EJUbSk0fvgFQRCndgMBTh8qhQd3CtJEPYOZfaGAfDh14VPbmirKEeegeimaoRr7vDVrxbJpwOiRbOjDuxJWTqR0AtMRnNxjxmRoKnrWySjU8DcRy+/pKQXldmh9/lY73qFS7CKrRzgVQB2Iw0cjmNCtWeUg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: J4oTJcYGequhcU5jL2Uq3jhNb5eambgCgCOdLv8YAZmL3YVEz6pTiEyOTr5CHadIDy6aud54SwRP36io92ao8uQKHsN5wMREqp2zetrCkOJurF2lrf82NqvFDLNm5S5fftJvQNSez7YwwmOZhA8J2CX7u9vbR7riZeI17mFFRtCKiL9BQUZ7//YnMJmlDxmCc80i9ZJqrz1iwLCsOLOMl27Xc2+MzCNNNI8Lfc+smiYbib7SNtQV7FZDMQGCwWLHSE/qq3XBuc52MfID2wyREIY2bUCFNEVzxHbYCeRF/f9ohTmHd6SbEvc7jGAYiZKCo4s6BOnwHT/Pco/JcO9UHzMnsucTaZ6dRgmYYqPGrzl8WWrXLHNZ8yW2H3YNxijN9Fco9efgooYYyB/cJGfqyqqgvJ47Ox8VwkLo/p9SejR1LbVxRCEloz0MfUYq/1fN/X80dadJuw+lLTvRp1JMMAGTa2YAt2jMmpA5Pu6NLsOfBB76t0nKQ4Jl8W6YG+MBQ9bgbi/Kp71CXfX73EZC/2zx99fjq/yRUwPzfSYZFaHgdruiiX4Wz4yCF0hpmgGOPq247La3KlhqkZU6P8LpBsFvEQrQRKqQbOwl3/92/aZfh3qOa6hd7tVTZd4c32kxrB+rbW3auos6bI4NA6BAY8ocITIRK7f6ZlRsmv4ZWsQuEODFS2sIim71cpRQg9og3FcZ5xSUpZMT5mZGtWlIrC7ncMR99JVIt+Jq6iF2CuIsLbJv8fbLdqWDcOxvUIGHjlxvzF8xSRpMOOFfeOfv9viJoXfvUCcUEOwHOP97bd3j/s4Zyxj1LTP8BXZE8lSlgmF26V/cfYmm50gYBJ9+dx1xST2kyK+QKUYrbgzZPA/beC58NjwxJVwKDmnWXA7RNJJC7SAjE68ooR772y47P6PKXZyWmPx2oVw6j7iWdBq4Ht2HxeYF5y1afMOKQrE9QX92JqKSyCsPjlFISdgzQj5a/eEtUixCCWLJageFiWx4fKTCbS5MSjNieOMdeehkW3/l8t2bF7inhpPBpM4FFUCuIcWbvj/xGJlqgmxJY1Kjt3IBDlD1vlLFy+MIBly68bxbGbZWrf/WZKr/SEAyltsKahKpw7gCCCJr/oT87EDOnYeAXYoWZ+tikk02U4x6P+5NepPcY+YejgizTv9gQBoz3K63MDwWNEtF9rrsd8Vl2AdrxAwG+mJ2QxFXaSDcIbIwKi6cbgRFaPYGlVw1qQKiO1xl7w/e4eTC/+zt/mDeJ7qbqOMR5BDx12DwgNXkibZnmcTlYQMwHSYFXHYvLFRs7Mbjruyy3SgWaSK531AX/mqFwsWobCaptQ4zZ1PuORdIgDpQpUv/iF9OjPrCPIT2NNJ8t6jJBSmYkCnN+Z1XtqLNUFTuX4A+94BolJ5z5LeD94FPQBTA06RCUnoTY5wB/N8y1lbyQ5kDjmUs9/TUUHQb4jQRQopROkGcnpuqr/3tPvjBX+Cug6z6TJR25LLguHTQZXzhcPUYEGfHR4EC+ghyNiOqWkhL+wCxW5SGn6HnrALksfCbl6cR5Cq7Cp+P2GY+6PxhRQtmrr9xEc8P7Oe2wHfwr+BxRUk4OWgxfAWmiFY/DpJAHrAMuSY0rkjVYWkhbu9Ct6HARzGeuzEhgh50itamM2fQxaAi35R0ateAfkQkjYQCkzalSqMzXaVDiIJlEBNd7llR0ZrYNHbesExuaJlFtBX3YVQ8bF8JjZ6wHlJnrhkVTls4XGJEeJ9FxJgM002T2XhSVinsvl8= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5e641c51-9046-4774-718d-08de94b13a89 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:24.8046 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BPUjCou8XBVESeBrzS3WH9AsjgM0u1DoeM3oXVCY8Fy0xfGPfBgJ8m/dGAPjiABT2fv65Q2PKSf6qQ7pPiBGM/jFwpdb8797213YIyXMvAE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MWPIrwtf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Currently isar requires passwordless sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). Signed-off-by: Felix Moessbauer --- Kconfig | 2 +- RECIPE-API-CHANGELOG.md | 21 +++++ doc/user_manual.md | 2 + kas/isar.yaml | 2 +- meta/classes-global/base.bbclass | 86 ++++++++++++++++++- meta/classes-recipe/deb-dl-dir.bbclass | 9 +- meta/classes-recipe/dpkg-base.bbclass | 22 ++++- meta/classes-recipe/dpkg.bbclass | 17 ++-- .../image-locales-extension.bbclass | 9 +- .../image-tools-extension.bbclass | 84 ++++++++++++++++++ meta/classes-recipe/image.bbclass | 7 +- .../imagetypes_container.bbclass | 4 +- meta/classes-recipe/imagetypes_wic.bbclass | 6 +- meta/classes-recipe/rootfs.bbclass | 52 ++++++++--- meta/classes-recipe/sbuild.bbclass | 24 +++++- meta/classes-recipe/sdk.bbclass | 10 ++- meta/conf/bitbake.conf | 7 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 18 ++-- .../sbuild-chroot/sbuild-chroot.inc | 24 +++++- 19 files changed, 362 insertions(+), 44 deletions(-) diff --git a/Kconfig b/Kconfig index 86a4aac3..66dd4112 100644 --- a/Kconfig +++ b/Kconfig @@ -14,7 +14,7 @@ config KAS_INCLUDE_MAIN config KAS_BUILD_SYSTEM string - default "isar" + default "isar-rootless" source "kas/machine/Kconfig" source "kas/distro/Kconfig" diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index d0aa6e1a..27d14dc4 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1077,3 +1077,24 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Rootless isar execution + +Isar is able to run without the need for `sudo` in an environment that +allows unprivileged users to unshare the kernels `user namespace`. Further, +a sufficiently large set of sub ids needs to be configured in `/etc/subuid` / `etc/subgid`. +This range should be `> 65536`, but smaller ranges might work as well, depending on the +ids used in the rootfs. + +A simple check if rootless is supported can be done by running: + +```bash +mmdebstrap --unshare-helper /bin/echo "rootless supported" || echo "rootless not supported" +``` + +To enable rootless builds, set the bitbake variable `ISAR_ROOTLESS = "1"`. +This internally switches the chroot mode from `schroot` to `unshare`. + +When using kas, the `build_system` needs to be set to `isar-rootless`, but the final +interfaces still need to be clarified. Further, kas patches are needed (for details, +check the kas mailing list). diff --git a/doc/user_manual.md b/doc/user_manual.md index 69e8dfef..26041f9a 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -74,6 +74,7 @@ Building `debian-trixie` requires host system >= bookworm. Install the following packages: ``` apt install \ + acl \ binfmt-support \ bubblewrap \ bzip2 \ @@ -88,6 +89,7 @@ apt install \ qemu-user-static \ reprepro \ sudo \ + uidmap \ unzip \ xz-utils \ git-buildpackage \ diff --git a/kas/isar.yaml b/kas/isar.yaml index 16ce8b42..3cfc4f96 100644 --- a/kas/isar.yaml +++ b/kas/isar.yaml @@ -4,7 +4,7 @@ header: version: 14 -build_system: isar +build_system: isar-rootless repos: isar: diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 90e4525e..7167cbb1 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,9 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - run_privileged rm -rf --one-file-system "$TMPDIR$i" + [ -d "$TMPDIR$i" ] || continue + find "$TMPDIR$i" \( ! -user "$(whoami)" -type d -prune \) -exec ${RUN_PRIVILEGED_CMD} rm -rf --one-file-system {} \; + rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -380,7 +382,28 @@ def deb_list_beautify(d, varname): # shall be used outside of this class. def insert_isar_mounts(d, rootfs, mounts): + """ + In unshare mode, all mounts must be created after unsharing the + mount namespace. As needs to happen within the unshared session, + we implement it as a code generator. Note, that the random and urandom + mounts are needed for DDI images. + """ lines = [] + to_touch = ['/dev/null', '/dev/random', '/dev/urandom'] + to_mkdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('touch ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_touch])) + lines.append('mkdir -p ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_mkdir])) + lines.append('mount -o bind,private,mode=666 /dev/null {}/dev/null'.format(rootfs)) + lines.append('mount -t devpts -o noexec,nosuid,uid=5,mode=620,ptmxmode=666 none {}/dev/pts'.format(rootfs)) + lines.append('( cd {}/dev; ln -sf pts/ptmx . )'.format(rootfs)) + lines.append('mount -t tmpfs none {}/dev/shm'.format(rootfs)) + lines.append('mount -o bind /dev/random {}/dev/random'.format(rootfs)) + lines.append('mount -o bind /dev/urandom {}/dev/urandom'.format(rootfs)) + lines.append('mount -t proc none {}/proc'.format(rootfs)) + # we do not unshare the network namespace, so we cannot create a sysfs, hence bind-mount + lines.append('mount -o rbind /sys {}/sys'.format(rootfs)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) inner_full = os.path.join(rootfs, inner[1:]) @@ -389,7 +412,18 @@ def insert_isar_mounts(d, rootfs, mounts): return '\n'.join(lines) def insert_isar_umounts(d, rootfs, mounts): + """ + In unshare mount we don't unmount the system mounts but just + remove the mountpoints. + """ lines = [] + to_unlink = ['/dev/null', '/dev/random', '/dev/urandom', '/dev/ptmx'] + to_rmdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('rm -f ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_unlink])) + for d in ['{}/{}'.format(rootfs, _d) for _d in to_rmdir]: + lines.append('[ -d {} ] && rmdir {}'.format(d, d)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) mp = '{}/{}'.format(rootfs, inner) @@ -397,11 +431,52 @@ def insert_isar_umounts(d, rootfs, mounts): lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) return '\n'.join(lines) +def get_subid_range(idmap, d): + import getpass + with open(idmap, 'r') as f: + entries = f.readlines() + for e in entries: + user, base, cnt = e.split(':') + if user == os.getuid() or user == getpass.getuser(): + return int(base), int(cnt) + bb.error("No sub-id range specified in %s" % idmap) + def run_privileged_cmd(d): - cmd = 'sudo -E' + """ + In unshare mode we need to map the rootfs uid/gid range into the + subuid/subgid range of the parent namespace. As we usually only + get 65534 ids, we cannot map the whole range, as two ids are already + used by the calling environment (root and builder user). Hence, map + as much as we can but also map the highest id (nobody / nogroup) as + these are used within the rootfs. It would be easier to use + mmdebstrap --unshare-helper as command (which is also internally used + by sbuild), but this only maps linear ranges, hence it cannot map the + nobody / nogroup on the default subid range. By that, we have to avoid + the nobody / nogroup when building packages in this case. + """ + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + nobody_id = 65534 + uid_base, uid_cnt = get_subid_range('/etc/subuid', d) + nobody_subid = uid_base + uid_cnt - 1 + gid_base, gid_cnt = get_subid_range('/etc/subgid', d) + nogroup_subid = gid_base + gid_cnt - 1 + cmd = 'unshare --mount --pid --uts --ipc --user' \ + ' --kill-child' \ + ' --setuid 0 --setgid 0 --fork' \ + f' --map-users 1:{uid_base+1}:{uid_cnt-2}' \ + f' --map-groups 1:{gid_base+1}:{gid_cnt-2}' + if uid_cnt < nobody_id: + cmd += f' --map-users {nobody_id}:{nobody_subid}:1' + if gid_cnt < nobody_id: + cmd += f' --map-groups {nobody_id}:{nogroup_subid}:1' + cmd += " --map-root-user" + else: + cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) return cmd +UNSHARE_SUBUID_BASE := "${@get_subid_range('/etc/subuid', d)[0] if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '0'}" +# store in variable to only compute once and make available to fetcher RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" run_privileged() { @@ -415,5 +490,10 @@ run_privileged_heredoc() { run_in_chroot() { rootfs="$1" shift - ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" + + rootfs=$rootfs run_privileged_heredoc <<'EORIC' "$@" + set -e + ${@insert_isar_mounts(d, '$rootfs', '')} + chroot "$rootfs" "$@" +EORIC } diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 04fd6414..0e268f06 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -123,8 +123,13 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ run_privileged_heredoc << ' EOSUDO' - mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + mkdir -p "${rootfs}"/var/cache/apt/archives + chmod 777 "${rootfs}"/var/cache/apt/archives + else + mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + fi EOSUDO # nothing to copy if download directory does not exist just yet diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e8721c79..a0d4fd05 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -168,12 +168,30 @@ dpkg_schroot_create_configs() { EOSUDO } +dpkg_chroot_prepare() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + dpkg_schroot_create_configs + fi +} + +dpkg_chroot_finalize() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + schroot_delete_configs + fi +} + +dpkg_prepare_unshare_ccache() { + mkdir -p "${CCACHE_DIR}" + # sbuild id from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110942 + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX -m u:${@int(d.getVar('UNSHARE_SUBUID_BASE')) + 999}:rwx "${CCACHE_DIR}" +} + python do_dpkg_build() { - bb.build.exec_func('dpkg_schroot_create_configs', d) + bb.build.exec_func('dpkg_chroot_prepare', d) try: bb.build.exec_func("dpkg_runbuild", d) finally: - bb.build.exec_func('schroot_delete_configs', d) + bb.build.exec_func('dpkg_chroot_finalize', d) } do_dpkg_build[network] = "${TASK_USE_NETWORK_AND_SUDO}" diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index dcdef487..57fe042b 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -85,7 +85,10 @@ dpkg_runbuild() { ext_deb_dir="${ext_root}${deb_dir}" if [ ${USE_CCACHE} -eq 1 ]; then - schroot_configure_ccache + ${ISAR_CHROOT_MODE}_configure_ccache + fi + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + sbuild_add_unshare_mounts fi profiles="${@ isar_deb_build_profiles(d)}" @@ -109,23 +112,27 @@ dpkg_runbuild() { DSC_FILE=$(find ${WORKDIR} -maxdepth 1 -name "${DEBIAN_SOURCE}_*.dsc" -print) - sbuild -A -n -c ${SBUILD_CHROOT} --chroot-mode=schroot \ + sbuild -A -n -c ${SBUILD_CHROOT} \ + --chroot-mode=${ISAR_CHROOT_MODE} \ --host=${PACKAGE_ARCH} --build=${BUILD_ARCH} ${profiles} \ --no-run-lintian --no-run-piuparts --no-run-autopkgtest --resolve-alternatives \ --bd-uninstallable-explainer=apt \ --no-apt-update --apt-distupgrade \ --chroot-setup-commands="echo \"Package: *\nPin: release n=${DEBDISTRONAME}\nPin-Priority: 1000\" > /etc/apt/preferences.d/isar-apt" \ - --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;\" > /etc/apt/apt.conf.d/50isar-apt" \ + --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;${@'\nAPT::Sandbox::User root;' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''}\" > /etc/apt/apt.conf.d/50isar-apt" \ --chroot-setup-commands="rm -f /var/log/dpkg.log" \ --chroot-setup-commands="mkdir -p ${deb_dir}" \ --chroot-setup-commands="find ${ext_deb_dir} -maxdepth 1 -name '*.deb' -exec ln -t ${deb_dir}/ -sf {} +" \ --chroot-setup-commands="apt-get update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"" \ --finished-build-commands="rm -f ${deb_dir}/sbuild-build-depends-*-dummy_*.deb" \ --finished-build-commands="find ${deb_dir} -maxdepth 1 -type f -name '*.deb' -print -exec cp ${CP_FLAGS} -t ${ext_deb_dir}/ {} +" \ - --finished-build-commands="cp /var/log/dpkg.log ${ext_root}/dpkg_partial.log" \ + ${@ '--finished-build-commands="cp /var/log/dpkg.log $ext_root/dpkg_partial.log"' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } \ --build-path="" --build-dir=${WORKDIR} --dist="${DEBDISTRONAME}" ${DSC_FILE} - sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + # TODO: port to unshare backend + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + fi deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 029caec7..9bb43a8d 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,8 +29,12 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - run_in_chroot '${ROOTFSDIR}' \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS') if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '')} + chroot ${ROOTFSDIR} \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge +EOF } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" @@ -62,6 +66,9 @@ __EOF__ # Install configuration into image: run_privileged_heredoc <<'EOSUDO' set -e + + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), '')} + localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 then diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index 766f386d..cc046fdb 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -16,7 +16,14 @@ do_image_tools[depends] += " \ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DIR_IMAGE}:${PP_DEPLOY}" SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" +# only used on unshare +ROOTFS_IMAGETOOLS ?= "${WORKDIR}/rootfs-imgtools-${BB_CURRENTTASK}" + imager_run() { + imager_run_${ISAR_CHROOT_MODE} "$@" +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" @@ -103,3 +110,80 @@ generate_imager_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} \ < ${WORKDIR}/imager.manifest } + +imager_run_unshare() { + exec 3<&0 + + # ignore everything before '--'. If the remaining list is empty, + # assume a here document is passed via stdin + while [ "$#" -gt 0 ]; do + case "$1" in + --) shift 1; break ;; + *) shift 1 ;; + esac + done + + if [ "$#" -eq 0 ]; then + set -- "$@" '/bin/bash' '-s' + fi + + local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${ROOTFS_IMAGETOOLS} + tar -xf "${SBUILD_CHROOT}" -C "${ROOTFS_IMAGETOOLS}" + mkdir -p ${ROOTFS_IMAGETOOLS}/isar-apt + cp -rL /etc/resolv.conf "${ROOTFS_IMAGETOOLS}/etc" +EOF + + # setting up error handler + imager_cleanup() { + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} + } + trap 'exit 1' INT HUP QUIT TERM ALRM USR1 + trap 'imager_cleanup' EXIT + + if [ -n "${local_install}" ]; then + echo "Installing imager deps: ${local_install}" + + distro="${BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + if [ ${ISAR_CROSS_COMPILE} -eq 1 ]; then + distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + fi + + E="${@ isar_export_proxies(d)}" + deb_dl_dir_import ${ROOTFS_IMAGETOOLS} ${distro} + ${SCRIPTSDIR}/lockrun.py -r -f "${REPO_ISAR_DIR}/isar.lock" -s <<'EOAPT' + local_install=$local_install ${@run_privileged_cmd(d)} /bin/bash -s <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get update \ + -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ + -o Dir::Etc::SourceParts='-' \ + -o APT::Get::List-Cleanup='0' + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades --download-only install \ + $local_install +EOF +EOAPT + + deb_dl_dir_export ${ROOTFS_IMAGETOOLS} ${distro} + local_install=$local_install run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades install \ + $local_install +EOF + fi + + run_privileged_heredoc <<'EOF' "$@" + set -e + mkdir -p ${ROOTFS_IMAGETOOLS}/${SCRIPTSDIR} + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 +EOF + + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} +} diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index 9fcdda48..0fa15a87 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -189,6 +189,7 @@ SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" python() { image_types = (d.getVar('IMAGE_FSTYPES') or '').split() conversions = set(d.getVar('IMAGE_CONVERSIONS').split()) + chroot_mode = d.getVar('ISAR_CHROOT_MODE') basetypes = {} typedeps = {} @@ -264,7 +265,8 @@ python() { if image_cmd: localdata.setVar('type', bt) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -294,7 +296,8 @@ python() { cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index fb1d0cdf..a68438e9 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -68,7 +68,9 @@ do_containerize() { run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + fi } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 8b048dc7..3e261622 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,10 @@ generate_wic_image() { fi EOIMAGER - run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + fi rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 7352a87c..f31964db 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -145,7 +145,12 @@ rootfs_cmd() { } rootfs_do_mounts[weight] = "3" -rootfs_do_mounts() { +python rootfs_do_mounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_mounts_priv', d) +} + +rootfs_do_mounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ @@ -168,7 +173,13 @@ rootfs_do_mounts() { EOSUDO } -rootfs_do_umounts() { +python rootfs_do_umounts() { + # unconditionally run the unmount code as this ignores missing + # mountpoints but also does the cleanup of the directories + bb.build.exec_func('rootfs_do_umounts_priv', d) +} + +rootfs_do_umounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e @@ -215,7 +226,11 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + rm -rf ${ROOTFSDIR} + run_privileged_heredoc << 'EOF' + mkdir -p ${ROOTFSDIR} + tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" +EOF # setup chroot run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" @@ -285,10 +300,14 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ - -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ - -o Dir::Etc::SourceParts="-" \ - -o APT::Get::List-Cleanup="0" + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_install_resolvconf" @@ -316,9 +335,12 @@ rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { # download packages using apt in a non-privileged namespace - rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot ${ROOTFSDIR} \ + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" @@ -345,8 +367,12 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - run_in_chroot "${ROOTFSDIR}" \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" @@ -653,8 +679,10 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then + run_privileged_heredoc <<'EOF' mkdir -p ${ROOTFSDIR} - run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar + tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} -f rootfs.tar +EOF rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index d9ccce7f..8ca66138 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -7,7 +7,8 @@ SCHROOT_MOUNTS ?= "" inherit crossvars -SBUILD_CHROOT ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" +SBUILD_CHROOT:unshare ?= "${SCHROOT_DIR}.tar.zst" +SBUILD_CHROOT:schroot ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" SBUILD_CONF_DIR ?= "${SCHROOT_CONF}/${SBUILD_CHROOT}" SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}" @@ -144,6 +145,13 @@ END EOSUDO } +unshare_configure_ccache() { + # ccache must be below /build for file permissions to work properly + cat <<'EOF' >> ${SBUILD_CONFIG} +$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"; +EOF +} + sbuild_dpkg_log_export() { export dpkg_partial_log="${1}" @@ -152,3 +160,17 @@ sbuild_dpkg_log_export() { cat ${dpkg_partial_log} >> ${SCHROOT_DIR}/tmp/dpkg_common.log ) 9>"${SCHROOT_DIR}/tmp/dpkg_common.log.lock" } + +# additional mounts managed by sbuild +sbuild_add_unshare_mounts() { + dpkg_prepare_unshare_ccache + + cat <<'EOF' >> ${SBUILD_CONFIG} +$unshare_bind_mounts = [ + { directory => '${WORKDIR}/rootfs', mountpoint => '${PP}/rootfs' }, + { directory => '${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO}', mountpoint => '/isar-apt' }, + { directory => '${REPO_BASE_DIR}', mountpoint => '/base-apt' }, + { directory => "${CCACHE_DIR}", mountpoint => "/ccache" } +]; +EOF +} diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 16165792..7a8d5ff4 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -74,13 +74,17 @@ rootfs_configure_isar_apt_dir() { ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} +EOF } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" sdkchroot_finalize() { - - rootfs_do_umounts + rootfs_do_umounts_priv # Remove setup scripts run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 5f339d40..4d3fd62e 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -73,7 +73,7 @@ KERNEL_FILE:arm64 ?= "vmlinux" MACHINEOVERRIDES ?= "${MACHINE}" DISTROOVERRIDES ?= "${DISTRO}" -OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:forcevariable" +OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:${ISAR_CHROOT_MODE}:forcevariable" FILESOVERRIDES = "${PACKAGE_ARCH}:${MACHINE}" # Setting default QEMU_ARCH variables for different DISTRO_ARCH: @@ -152,6 +152,10 @@ ISAR_APT_RETRIES ??= "${@'10' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAP ISAR_APT_DELAY_MAX ??= "${@'600' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAPSHOT')) else ''}" ISAR_APT_SNAPSHOT_TIMESTAMP ??= "${SOURCE_DATE_EPOCH}" +# Rootless build execution +ISAR_ROOTLESS ??= "0" +ISAR_CHROOT_MODE ??= "${@'unshare' if bb.utils.to_boolean(d.getVar('ISAR_ROOTLESS')) else 'schroot'}" + # Default parallelism and resource usage for xz XZ_MEMLIMIT ?= "50%" XZ_THREADS ?= "${@oe.utils.cpu_count(at_least=2)}" @@ -207,6 +211,7 @@ CCACHE_DEBUG ?= "0" # Variables for tasks marking # Long term TODO: get rid of sudo marked tasks TASK_USE_NETWORK = "1" +# nested namespacing requires this as well TASK_USE_SUDO = "1" TASK_USE_NETWORK_AND_SUDO = "1" diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index cf6c355c..4d102ed6 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -161,6 +161,8 @@ do_bootstrap() { line="[trusted=yes] ${line}" fi echo "deb-src ${line}" >> "${WORKDIR}/sources.list.d/base-apt.list" + echo > ${WORKDIR}/mmtmpdir + chmod 666 ${WORKDIR}/mmtmpdir # no need to sync /var/cache/apt/archives if base-apt used syncin='echo skip sync-in' @@ -177,12 +179,14 @@ do_bootstrap() { mkdir -p \$1/base-apt && \ mount -o bind,private '${REPO_BASE_DIR}' \$1/base-apt && \ chroot \$1 apt-get update -y \ - -o APT::Update::Error-Mode=any && \ + -o APT::Update::Error-Mode=any \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} && \ chroot \$1 apt-get install -y dpkg && \ umount \$1/base-apt && \ - umount \$1/$base_apt_tmp && rm ${WORKDIR}/mmtmpdir && \ - umount $base_apt_tmp && rm -rf --one-file-system $base_apt_tmp" + umount \$1/$base_apt_tmp && \ + umount $base_apt_tmp && rmdir \$1/$base_apt_tmp" else + # prepare dl_dir for access from both sides (local and rootfs) deb_dl_dir_import "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" bootstrap_list="${WORKDIR}/sources.list.d/bootstrap.list" @@ -202,6 +206,7 @@ do_bootstrap() { -o Dir::State="$1/var/lib/apt" \ -o Dir::Etc="$1/etc/apt" \ -o Dir::Cache="$1/var/cache/apt" \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ -o Apt::Architecture="${BOOTSTRAP_DISTRO_ARCH}" \ ${@get_apt_opts(d, '-o')}' extra_essential="$extra_essential && $syncout" @@ -225,7 +230,8 @@ do_bootstrap() { mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + ${@'' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'run_privileged'} \ + TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -244,6 +250,7 @@ do_bootstrap() { --customize-hook='sed -i "/en_US.UTF-8 UTF-8/s/^#//g" "$1/etc/locale.gen"' \ --customize-hook='chroot "$1" /usr/sbin/locale-gen' \ --customize-hook='chroot "$1" /usr/bin/apt-get -y clean' \ + ${@'--skip=output/dev' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --skip=cleanup/apt \ --skip=download/empty \ ${MMOPTS} \ @@ -258,7 +265,8 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged find ${WORKDIR}/dl_dir -maxdepth 1 -mindepth 1 -exec rm -rf --one-file-system "{}" \; + rmdir ${WORKDIR}/dl_dir fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc index aa62b324..054d7fc2 100644 --- a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc +++ b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc @@ -66,8 +66,28 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "rootfs_cleanup_base_apt" DEPLOY_SCHROOT = "${@d.getVar('SCHROOT_' + d.getVar('SBUILD_VARIANT').upper() + '_DIR')}${SBUILD_SCHROOT_SUFFIX}" -do_sbuildchroot_deploy[dirs] = "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" -do_sbuildchroot_deploy() { +sbuildchroot_deploy_tree() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_SCHROOT}" } +sbuildchroot_deploy_tar() { + lopts="--one-file-system --exclude=var/cache/apt/archives --exclude=isar-apt" + # we cannot use pzstd, as this results in a different magic + # (zstd skippable frame) which is not detected by sbuild + # https://salsa.debian.org/debian/sbuild/-/blob/d975d388a98627a0d7d112791e441c27a6d529df/lib/Sbuild/ChrootUnshare.pm#L608 + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${DEPLOY_SCHROOT}.tar.zst + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} +} + +do_sbuildchroot_deploy[network] = "${TASK_USE_SUDO}" +do_sbuildchroot_deploy[dirs] += "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" +python do_sbuildchroot_deploy() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('sbuildchroot_deploy_tar', d) + else: + bb.build.exec_func('sbuildchroot_deploy_tree', d) +} addtask sbuildchroot_deploy before do_build after do_rootfs From patchwork Tue Apr 7 14:23:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5017 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:40 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f55.google.com (mail-oo1-f55.google.com [209.85.161.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENcuk015352 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:39 +0200 Received: by mail-oo1-f55.google.com with SMTP id 006d021491bc7-67e0d0907a7sf13225400eaf.1 for ; Tue, 07 Apr 2026 07:23:39 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571813; cv=pass; d=google.com; s=arc-20240605; b=ZcKMSC3TEbYQ+tx0fUzp86f5rFBL29OYVFdNLJbzqHugJIlc81WOlKRx5sWJFkIa4w 5KXfDoLH3nASpGEssDCLhBHNushy69isU4CGJmYmSA308n+eAe1YAh44p7c+sRxrqPnA wg3E09YdH90S7l0D73eO33CY8oy24BZAtUdrFdGRfW+ejls5qNGYYFb+1Y+WsTSzXl1S 4XZaQHOmFsGBjKN1UrbIdaE0ZXPQetgdlRwXJ+y8kNxStaI6q59ZLurLsolHdXlUTcV2 dR6n5wEJJPMJbu1GQ5mZ0EMrC1sbpISNwt2veInQmDaYaQ7G4zU72ce82DRpg5Y0u6zA v+sg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=8Wv177HExh1qCCTf2TbemYhyTAeLj03avQEN7Juf0QA=; fh=rEezaUZVlq3Z5FPY5DCuVN6Yc1MFDAavDqh88ZBWNMI=; b=hs4U7pZ+5KJlFY+PP+/oJrt88e5Vf6k5EC/SxopSp6swxc9EjxZ3pfXYeD7yiFA9lJ fptSQlBWtqeQr0HHC33LwIwaqfaDkDsllGbz1PIZHQJlWbYkyUZi7WV9tgDWl3CV/o7Y rehEUWlzTYyr4QJyXbIJ+ZtZFmRopcFsRrlNm97I2XvWZxlQO4K/lV1KqHW6UtI0SS12 2dyLqrmxz4U1W8prZIULVHa0kuA2upIgvG60xrg+ACxULCNVhKwXCtz+LE6x1H+zCTz7 VUBF+hc38yZdwbM+52MlEn6lnzWU07Tfl1lkHJVGVUl9xyVl0joVxEQ4dG1kDmlulJcP Qp+g==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yvNzczAO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571813; x=1776176613; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=8Wv177HExh1qCCTf2TbemYhyTAeLj03avQEN7Juf0QA=; b=WV5nREb+xPNkWZQfsxV4BxbyXhNZE2E4zQXRzzVMzHwKRj4oZ8gq8rt4oelHN0QYeu aCZnr2H3lvMWytkydKhDcfIRfj+n13ZCFqgkc4E3d6SRayPuu/tB2TjVc4ZmyzIHH7PQ 68n+q53ewRTNXkWrXUm7kWocOsB8elK83FLTmswrMkapF8R73FCncj8ZAl5d4BMmHehO +TkgnIU9KRawiFkYWRHZXKQmwVO6TS7hQ69a7FT+6+2QbaDz+2E7B8qd7XcDC8TNr+Pl 3L08gHA1wZB68Wy9HZVtRenqoEPG+8e2jk6IISKUGGikkyLDPtI0LsQpAJtV6DlMoPaL fDoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571813; x=1776176613; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8Wv177HExh1qCCTf2TbemYhyTAeLj03avQEN7Juf0QA=; b=glGiPUnMnFW6pW6ZMTwyDeBW9zvNHxoof2VutAXZfCFpDt7NA6oDVnpoZuNNrnnfzQ yaES39BjwLdS76Fna4JDVphc0eraT0+BVGDOndfVPxR2n0/NcrBd7lbzK7SzKoN9ZE07 DcWDmuAvg+bxu1efqHGXJFaoHZ7lz7bD06Zx8VYbe981t1mCt1vg5AoFn5oGsXICL9ya +Nufld/QuUfPceWQ7dYjj4L4mBK7J77KuOoVSsYu0PPPAdV5auQDNu+wAF6s3LvPk9E8 MS8uqUq6PzAuGj1rEpjG7jy6wHVs+d/71jMDzNi626vbOX4jPp0sDFHo4AzMQFeYtx8z tF1Q== X-Forwarded-Encrypted: i=3; AJvYcCW6NULSnxw44L4LdnQwZEoHrl4eLlVQAiBJOw28wzmW2tdk064atKBKO+ODxsYPzcDEUz6l+Y8=@isar-build.org X-Gm-Message-State: AOJu0YwK8c65a/+5/3orehSWW7NHsSIiZMtaSOV9X29b8FGZt/FrCgsn DeC8LtBt6NvVjji3LE5j/laB2ty4e+ZcPrUNn1c8hMVHvXxUNOYY4x4Y X-Received: by 2002:a05:6820:1a07:b0:67c:28d6:430e with SMTP id 006d021491bc7-68220c420bcmr8282529eaf.28.1775571812971; Tue, 07 Apr 2026 07:23:32 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiIsJHpFpBeF4VcsCNkwXK7PNQMNeTdkPapHanbpzIftxw==" Received: by 2002:a05:6820:2e47:b0:683:ccc8:9be7 with SMTP id 006d021491bc7-683ccc8a29als478219eaf.0.-pod-prod-00-us; Tue, 07 Apr 2026 07:23:31 -0700 (PDT) X-Received: by 2002:a05:6820:751b:b0:67c:186a:c7c3 with SMTP id 006d021491bc7-680f9fee02bmr6347898eaf.21.1775571811237; Tue, 07 Apr 2026 07:23:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571811; cv=pass; d=google.com; s=arc-20240605; b=dXU2hlHaYqzeZ8OleLE4gUJ2M1z0V9dA13thDSsm2wTZLUUU+gshaBEKw+qFNTxpyJ NM1H2FW/nYNFaH50eYwIq35Jbf9Ao4f7QyIt6UfZ3HWhMsquzyMY43ryZky+WcnY9tlk RVDJRCvM+1Dpx8TYAOgwRI0a17CtCMkiOZijZ3yKuLmJrdjIIpuXiIqmoGHA0isZqAwc 49rb+cvzQ9ZTsqUcwZCA8cYpxXG85IyxENxvpjE04rsK8dKgZej/NgvsLGaNrBjNichQ 513jm7eNy0VANGHrqEH41RQGkOqcaJW1TCQ+pdG/SfxpNfPSsRoWB2PQtevEOemO+BBz Y6kA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=IeSbdrC7FSSjyIhbIRbQ2mHs6+Ji4/sSMab9vkW7pKE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=NJSGe4YWZlY0824nIxaDqPOiyDDoF+ue9xhpO8WCBRQbEBz4vQpeaw5QhrwsPRkjjS 7XUlPG00k3wBNHeh/d60tr4CC2IlTQ2p52de+eoHJdhHF6PLv8ZcYfwqG+nl5fasMy2U V2lcd2PjyDTTXiswsOQnz4jpey4zEaed/9+v/YiKkeAFt1zHpBnnBuaGd4+uhX5yLrUg SeL5AWGbLz8A+8dwtpd3ELosOuIVqf3rytNsq4oxa8BNivxrLDzlhnyFyVPVIxEG/BQ5 G3EzjXmtzXzNY7c58WQ3YX5hpvoyT+faNFAHfazaJ22N+l3YOdByxEZ1kqVYgZHdh5VW qxeA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yvNzczAO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazlp170130006.outbound.protection.outlook.com. [2a01:111:f403:c201::6]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-422eb1b0825si579808fac.4.2026.04.07.07.23.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:31 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) client-ip=2a01:111:f403:c201::6; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rnD45g8h/kKG5nvbMKE4v1GzzqeKsASF1It3Wzp/cssPec/nNbKlOFQSpZYo81ieo7aZ0NZ4J3q/0E3v17NAbNa0VTRVSt07N1dG+8LMYpRhfKIrnZcSXOdfie4E+81fbsX77V1QPzTT0GtWpvx9xvgBOUILnGEG3n8Ymobuc7wxfRSUuYN0XAV9IW8gIP3TUMlyss8VPQA/Xfo6YfJ7oA38FNxYJlfBRD9AlvPAzBDFq7KqwCqyRjBtJLOc90KFcqiOueCWWi5Jng2IyRx2iCrmdco9hGpGkqHLRxDmiq5wZUQZzmfh531P3tAPkZTB8kCkMzqz1gBYmrcQl9ZTxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IeSbdrC7FSSjyIhbIRbQ2mHs6+Ji4/sSMab9vkW7pKE=; b=XWRzEpBMI2Jgx/Bz9SjYmfQdS2sUPZYL1YaALW5fOVEhsdZPfsZU4pghFDD9TeLRat8BgUg4EAMkOvoQK8Py6lXoHUsPy17iaZqdz7W75t99BgaHNzXLxLtWjVnemowZ6KbnYaQQZtBnLKxl7IxL/7Tde/hmWEabVnX1FfiZ6rMTbAW04eYhPw/mhvJr7C6bQqtTiuqAHQZ32PPFhsPyB6Xxk8apqglPRM9Q3nAaTPdVlm3pfjFEF27DyN0KKkkipSxlsmcQO1/W79fwxEh8F+2AuIKHwsqe9uniy7XOhwoHGeOIDLWHb+CS1/X3B7Z38/Tnxc19mgpg3uVWkHxXTw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:27 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:27 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 11/16] add helper script to clean artifacts in build dir Date: Tue, 7 Apr 2026 16:23:05 +0200 Message-ID: <20260407142310.2327696-12-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 117127dd-c641-4c02-4b78-08de94b13b06 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: 1llTMZqTFfeftco4Chkej3e4kb5sbHbIMX5FnvprvTMICilF1nEa//l7X5/jCVwqx4mu1Xu/wBG+H5Ww7z4cuv5+yIUmvKGomMU60oLIOkLf8uYfsS8q1jrZWH9feVFMHgT9s6AGTqg3K5v2PJS9R8wDfCt3syp9Pfl828HKX218AALUHnFty9Qlzdc36/dNSW6zzKRAFA2l9GIWo+47hV6fnplD95u+1R3mlOf6639M/KL6oPETF9G5RZvDF+rpF0P7VzE93ffCUjB4qTjTViiOhbyyjdRkAYaCxGqs+mviCNy+Tf734+hcmnswrpyiBDmVMYSXmIq7CSQC4W0MfCra9w2jUvMyeIETtCbk0srwHHDKrA3ztYrntQkOLTma6LN3SwxZAksVYR/EgHVfD5jLOgfaBRAotXbi5YtpdAPEcvAtiPr8iX17VTv8wyuPR85p0HJwC2xkNxRyW1uDBIRvFx4JEBtz7zc+VBlNtQzgWmEwr1nPSHBtCp2PlFr0YLeKVrL563b2x/9AtxNsLlWTxrHCxbxW1JO6edqxCJTtUwYjXaKsPEjz2FTGXFPLHPP5wI1YLQhWr5IMx9yZROPrPXds53ysk6SoE6pIhhL36RYJszLbdCGK2tOf73H//MWzwWDcNyavNd8Prczle/uTt8OUj45PsmCEH9wPuAMajlm5Sb3nZ3iuTZc639ZaP7ksa/tblyx7UGfo3iJ6LOhsc/oUbov0c6Y+9T/C/5U= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 3peGtwRcnpqqsztxnBEX4A7pW9QBi4TKGxb56ETg4DcuajWIPj3PkQNEr0SyPY4hzJ9MJ/G6J2igyiPG7cAyR+WJt7RNo6zOfRlXrZPCvETO9FO8nGF3BhQf6uqP6Zg3CXvx85sIvNItsf2k2MLL9boK8t/vul1d0HrQYEYdzuSZYeSBygFwLvvq4XfZzGiyNrXsJbF5UmX92u4aioY0GSHIKmCXPros64q0ZL1eSE3BMrl1GftbOHr6NrxAoAWBRoOLTHvLsdmhQy/4FIv92km++3BETacw3HWx7segfxq9oxNQ14ZeY40T1rNll+/vNClyaTH5JtcKo5crUaba1kOALBGjReUWp4KHBxVzIwl5y4cfdnYVNXBu2zl8URuKZFHKy4k9kPvNsDzW3RCMz7g2JG8vnlmO+49YEyDTx11KOdrpiZ23w0oDNzk2hcIDMPAAtYNxkXNp7MOBkgi0tC6j6NUlOnkZt8oS0TA5WgEX7mnkzuiXTCfL3GOvhpY+m6bLG5ahhNXWzIlHfsxgMY5OGpaEUstfuUzU56krcQU4Ue4ebkmDU4h2wb8LDn1PGrWjDrxCePoJioDJT4j+HZK+mlfNpWrE8Y1wS+vNYj3ATQF20/EE1omQevQmWxkUaGPe3dSVnvIF2zkHire8E3a9wV2HM2cANKX6IcYLgSal590secdXQ+v9ofASbiU3eaFnleVDOZw0Y8KugxwwDfM1p0EGJFyZHUkcrcZcPffbxtboSo4N44ZjCoUEzovtTrfmz8KPWvVNwQRbCGzOnFemMRoZmNP8b9t84+ys/zDQ8b05Vn2711ukHHRTuVAM8kuKq7aASiW63o96iIbor5bnDOW4B/hDzqvcfuXE/1ASZbQevBi1zn8JLQZ+1kzHMx4snYVmbuNLaYhHQlCjna63yiSLdmAZQ5p/dsQqwT119NMSfOU9BDiTZoHs8SM2PdRWi8NDvqemkpdFA5b0iINUZEX9F8s4JKQnE9M1TRn28rto5zMkEPI/Opzabv2nFmRdd6/JUuAP9YvIk7UAgFN6TDtBHq9LjnFy58M3el81Mhlv4XIXpmPuT9kXAsaYO3lCFU5gXcNq/m9DWXZ/F8EAxq+RTGPJSZYPRRLNz+WlomYo91lppCkzXZkTDvGxdEooR6jmlcTGahhO0MuYXBtht/IInWBx6K/cjArIiTFBf5EPeX7AYjYWRmkrQU05MaxwGU2+IEVmzGi47dT5p4dZAiVLa9tqLeXxwYIOGlXBp17LfUM4D81E2LbZDD46y6Z32Dg+3XICXJEnxb0Wg+j8sfKa+XYP+pX9bzo9FdKoLo59k3QqxuYv01MIz5V5OPD/AXxaVhy/6s51wpok7bgpMu1f10VtYNOapK+Y+YH5pv20NsrTcm8SInLJdzAP2K0xCL9YrqF7Uo13MROp6OeSOtuc1eRORDhpO3H964jNXwx3AJBgosmrREVUNroaOu9wbkisH9T3pUGRB839xZU3dEYvTgt+OGy80KWWTKZimHM7FK1PxBQbO52pfHtRVrjiSAz66mf8yODT4pqspfK4fbjgSftGnxc4T3dxNBZ4Bpa9S0bO3zTfBrLbCOtIXSXVGR820NE6BKfErS61yRGobiS2Tb0wJFFzyNB/GdIuD4jpIrg/cCdcEZqW6t8zrMC9q0BBDoG3lt6EZe+TluGlwVdBHZphyrZbO3xWG24m5WmNXsG4mYwTkut8CTP/Xsolz6dbmrtEzY1TRuTfZi816/IyGyfbilhF+X2rwnk= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 117127dd-c641-4c02-4b78-08de94b13b06 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:25.5614 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: R0Cdoyfp4nxJrGsjaVPlZlPxn0Ge6/njIy7Bu5M7rCnnxYHIBMVnZD459XH2PMbGw9Gpdd//MtxtE6kWlenvQk/ac4OOn3q3N1Yn5HpBNXQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yvNzczAO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When running in rootless mode, cleaning the build directory from outside the build environment is a non trivial task due to mixed file ownerships. To simplify this, we introduce the isar-clean-builddir script that can perform the cleanup without requiring root privileges. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 5 +++ scripts/isar-clean-builddir | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 scripts/isar-clean-builddir diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 27d14dc4..26a4c084 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1098,3 +1098,8 @@ This internally switches the chroot mode from `schroot` to `unshare`. When using kas, the `build_system` needs to be set to `isar-rootless`, but the final interfaces still need to be clarified. Further, kas patches are needed (for details, check the kas mailing list). + +Note, that the build dir may contain files that were generated within the rootless +environment and cannot be deleted from the outside by the calling user. To simplify +the cleanup, we provide the `isar-clean-builddir` script that helps purging +directories with mixed ownerships (without requiring root privileges). diff --git a/scripts/isar-clean-builddir b/scripts/isar-clean-builddir new file mode 100755 index 00000000..6bc90b1d --- /dev/null +++ b/scripts/isar-clean-builddir @@ -0,0 +1,73 @@ +#!/bin/sh +# isar-clean-builddir - Clean the build/tmp directory +# +# This script removes all files from the specified directory, including those +# owned by other users (which requires elevated privileges). +# +# Rootless Mode: +# When --rootless is specified, no privileged commands are executed. This +# requires that the UID namespace where files were generated matches the +# cleanup environment. When running from a container, this script must be +# called from within the same container. +# +# Part of the Isar API. External tools may call this script for cleanup. +# +# Copyright (c) Siemens AG, 2026 +# SPDX-License-Identifier: MIT + +DRY_RUN=0 +ROOTLESS=0 + +usage() +{ + EXIT_CODE="$1" + SELF="isar-clean-builddir" + printf "%b" "Usage: ${SELF} [--rootless] [--dry-run] [dir]\n" + + exit "${EXIT_CODE:-1}" +} + +while [ $# -gt 0 ]; do + case "$1" in + --dry-run) + DRY_RUN=1 + shift 1 + ;; + -h | --help) + usage 0 + ;; + --rootless) + ROOTLESS=1 + shift 1 + ;; + --*) + usage 1 + ;; + *) + break + ;; + esac +done + +[ $# -eq 1 ] || usage 1 +if ! [ -d "$1" ]; then + echo "error: \"$1\" is not a directory" + exit 1 +fi + +if [ $ROOTLESS -eq 1 ]; then + PRIVILEGED_CMD="unshare --map-auto --map-root-user --keep-caps" +else + PRIVILEGED_CMD="sudo" +fi + +if [ $DRY_RUN -eq 1 ]; then + echo "dry-run, not executing" + DRY_RUN_PREFIX="/bin/echo" +fi + +# clean all files that do not belong to us +# shellcheck disable=2086 +find "$1" \( ! -user "$(whoami)" -type d -prune \) -exec $DRY_RUN_PREFIX $PRIVILEGED_CMD rm -rf {} \; +# clean remaining files +$DRY_RUN_PREFIX rm -rf "$1" From patchwork Tue Apr 7 14:23:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5019 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f55.google.com (mail-oa1-f55.google.com [209.85.160.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENexh015474 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:41 +0200 Received: by mail-oa1-f55.google.com with SMTP id 586e51a60fabf-409037c3f0bsf5893467fac.1 for ; Tue, 07 Apr 2026 07:23:41 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571815; cv=pass; d=google.com; s=arc-20240605; b=Fq7OPjWDAVKZG2LoMK6Yn8lSl7ICrLi3jRZGcKzHC3uCaIU8RCun1wnrqLDW4d0fqs Nu8Z5LoX0UgHgkUm+TUfaS8EZwAQh5eC/ubypAGgeM33XhDxtmAtKm5ZoGRl7H3VuNFD jmNGvbc7jzgoF04vo1f5UiuQxToXLcY3k0LwnDinjdH3KW5K6miWs/2/yIOj6sAlh+b4 WmiBEtBxe7t2zI0ZkIo4J7tOxRl9bcFcZIsTb/A91V2nwYSNPj/BMKL4nc2kVK3c0Fdk Vl0eiViqcbqmmKfE8MNFzRRNHZH/NydoQwGIRTuufo3aHQk51vgleZ217A/Kl5LnP4eD Ufow== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=W7lS5g6wphklzFzpeBDJIOtG9dOHBFLVgVtdtFPjblY=; fh=T7Z0fS3gEQauForPMGOsX0jtZn8lXWA6UKPCcI7nsoE=; b=WzluKQAqWKFM7RLKU+zeq2DuplXJHuM3A1chc969AvZ3ETMjG70ScdXtq7V/gij4xg LrtPaCnHRjvzb6GVx5FqTfN6tk6ft+dnUTgwuRi2BRD/jV4Mpd5lCBvu1i27gG8BqnFn qyDyzTl4213UBpH4XFnRqWGNMBYH91SDyFxzpwho1/Sj2ilI0lZ0gcjqETf6byHpfAcD 74Sg5u275hCmTGR4faQU0i8eWwZIW2DHuXbHkv5+AMOzc7ODtAEm8NVr8Mrs36/tQNkd fuFfpOpz6vrlMEzDJ6aemrLFmWYVs9mk97Vok2IRtZhpDGz+uTWKatmNvIFTlYlJuw1f f4MQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Pvhq5gRn; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571815; x=1776176615; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=W7lS5g6wphklzFzpeBDJIOtG9dOHBFLVgVtdtFPjblY=; b=YztHU4A9s+7mZbytwxwEnGT/vZ+v7OqCJo9NTjLKPt+XQIwRWmFqadVdjjnGDMw6Yl p/7Ew92QjtQkRzugf4J9PXpU+MO6Yzk7kQJV361dACPvNK8vitslHgdR/3w6+V7UK2kJ DEIT/dszN2R11H5fseOkpKkntxfeXl9m8+Khyh+iGHKeKQv0SRCybtq/TwTPJCWyR8ip mQY8ORDPVt5WWg0TrgI7sXOEQiduMLHhApEjryL/IvHoe4Qfq0KYLqBH8HAa9tiBSmpP NViLhyke+VpWd8C3Ez9hcdjgaN4rnFzGUniBmZGjU17cSQKCRSB7GHxBAx7/34DFDcvp TRsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571815; x=1776176615; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=W7lS5g6wphklzFzpeBDJIOtG9dOHBFLVgVtdtFPjblY=; b=rmoHyJIIMYmC5q2iqXGNE56/4UqGV4VbTWjQNPAyDDSJv5Nk+PeSnW2j6ZT/RGssvk GiEsCzyQd788fA/f7Ga6oM3AzzbqWT3sCWB3sWIBERUGJ9yEby6KQpRQgvaufNgV9CF9 7Mtpk8N6zrZ8fhrwJE+X0gEqwEq7l6d9/PUMp8M/UBg4C6H79B11n4b2JyOghkuiXBBP We4PjKZFRJrvRKSodFm3s3HHooP+ptkpcRzbSyM5myEMbkwFzX3oeqJ5cLOtHuKeufPn bivH87KcAOUoU/7LCBcjjRV8LOFQdoM1mYDNL8B6VLf0v08ds4b/QKzSm6xM7V5R/i1u ASwg== X-Forwarded-Encrypted: i=3; AJvYcCWNsDLSYLy5GtJiN81wwsfC7gF0O1J+CPGikOvFrFJppe7qDn9PUBEzQ2DAU6mEfBvFtiLK5l0=@isar-build.org X-Gm-Message-State: AOJu0YwBsPLuT+DlnKWgg/c95VLc1k8LUDw6kdbhDIjMwM0vhscTqio4 RgaqdwOvLP8oFVQBJwGGs4aOKq/bnICA1TJkhCUK+OYUumoU/NPrM5lx X-Received: by 2002:a05:6870:5e54:b0:417:15c:796a with SMTP id 586e51a60fabf-4230ffe0e1cmr9985206fac.26.1775571814707; Tue, 07 Apr 2026 07:23:34 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiIj6YX8s9TzI7bKZ108V7ktE1GPp3eohag2Yf/yzs8pqw==" Received: by 2002:a05:6870:63a8:b0:41c:24d9:eb8b with SMTP id 586e51a60fabf-422ee09828dls1809906fac.0.-pod-prod-02-us; Tue, 07 Apr 2026 07:23:32 -0700 (PDT) X-Received: by 2002:a05:6808:13cf:b0:466:ecc2:6f47 with SMTP id 5614622812f47-46ef7502d9fmr7783744b6e.31.1775571811910; Tue, 07 Apr 2026 07:23:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571811; cv=pass; d=google.com; s=arc-20240605; b=WsPByK98GxMHUi4Tj3QyWLtW55lZPCGiXmAG5srKpR9i19T33WkQr604jtg98niy/Z 9cvRoITLI0fKgqtzrBo2fY20UAEDEifh3SGJuX6ZAof/8q3n3Xb5vNPdDjfldmfAmztN 26bFiHOpuaHQFEJNSPkSkx3ko397QaD4RfZCB5lvyn/2EcF2Ll/XHSSrU453If3H9r8z UQuaaCSyjCYPkaTXrGcz0UxN2ajx3hDxESMvw63pRCbFm7fnGun2MLTZoW0CSm6GQq5j G0/CrCXRPbwXoSo8XX9zX5orlCyvLXsTb+pdHL3Ho7jzMMx8UCN08qfzCQFtOHGZguN+ bAgA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=YzCtfJJQhh1PrTTMQnjV4gX87BVeGH+WBeJw8v3bK5rSCmPglym32DmIwUhqALoJHZ 1nOJwAb16XD9JHrqPJ4zYMSv01KY9dCQJLH36lIeJQq9nAXOXCBOnUor3SaKaSojcA7+ VuYQ+J8knVpmsdscsMF3CsE3BWULGZ5MgQhFEqH3TfhJEzkvYI+SA/OSqXhKrYgDIBvP R7k92bSIiRxYqnPNh4v8M/y08OUtn0pso0uSI15paczKq1m5HYyjySLafQ1jqpFgWetF bh9UsdhKoiY19mRYMS2LoicMryJlUrYTueTj4kTy0MC62yYO5XMSe63A1f/XK2nxCxQt FWrg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Pvhq5gRn; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazlp170130006.outbound.protection.outlook.com. [2a01:111:f403:c201::6]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-422eb1b0825si579808fac.4.2026.04.07.07.23.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:31 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) client-ip=2a01:111:f403:c201::6; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ES5xFUflYMjaG1dCoRbdwfchYexcB/YiRKRGOsqbczPGcqr0TTgYfQP1jh8vTO4x/DiTuK/xFgYnoETgSU5WfZbNN/3crvMLmNk0rFQFFDaBRgmomVeLaZGlnt0aT9gHuIuIYUtiU+A5ZoMMzOejnJ5kwxWuSw75mJqqF9+bZDfH0BRnSkF1fLpgqyRKYchDJIesHC6j+zK0YOvCjlSMfi6vBtuO89CeEqTyT/huVeQPW0aLeYluKWF//d0+VmUwLkilVo3p+ax/btI+ARQ79AiMOaREkfV1TNxDhHLCvNU80YO7OXFFNjVjeuMy3datzb6eFkrQogzMB5nNzZ1LpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; b=nDwcRdaGpfrxW9cO0BBgoPu5d09AeWimrseCbrmPT2i995q5H8S034Dv4hrGFa3OFbcIQ1h5kh++OkIFMeyruG+P637342+XSF75MUuRfacX/QzMtCSkzb7QTPMGcMTbYXewhzz2SOhfAecMebLk7cOfC+vjXM6JJ87FaNh6qtz99RcAf3zXrNRL7aTZxYfhbt3bsgwjvOhKREbLpon3hJERk/yDgAOB3WRiOaOY2DIBIO2w18/Zdss4TsS3hi17nANYmFWsKfCUs2DwomeQZPhyU1ojVJzEUjfh356eSujXXmquytYp9cCNjtB91E9hAN8OR7A04ZjJkzpfYICH3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:28 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:28 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 12/16] apt-fetcher: implement support for unshare backend Date: Tue, 7 Apr 2026 16:23:06 +0200 Message-ID: <20260407142310.2327696-13-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 60d9bfc8-5011-4aba-e6d9-08de94b13b75 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: vLsgpVPfP5K867wWoDcvwnhJqpTtlSEOYw1yj3cGwFRXo/6QON58/+JLDc9SCVugMqTPjYNft/8aUb7p1FwLCDvrRuBSbMzx98OgrOFQ8AegLjvPX9Zq7VWi/28pztTLxwIPelKrx8zunCCz5KbCzvfsWo5eM4i1ZhxaElv7/ir9o7GeGVg46lbKow+Q1Uh+g0wn6MTWKUrERc+D5ENgoYc0vHYNpS4/MhfzSDRp/v1uLGO/+lEu3DHrCasiG+/aav+9xYll4M22IuPgRkQSq1kkFpCZMJPlF4ciuEIuH8Ns/UT/wRUsqh57KfTM5yFZmTmknyZfFKECutrtLUfwCQ4/DdL6p2GMKUDbn9wAYsWXw3LvikYKCTXVa5KRRKtiA13R4BhUjDQzy2gPW0pXxpJnexnE1tlFEik6sxPA5YMRd/TsWXcHd2r4nMApIdUbzLhZ9qQZky6zc0jX9jMdgKdNcIrAFIW1cnUKMeJPjYxYZwH94us/QyaN9yWAcarSKLPGZKLRWQpkr7074yDPrJ8tCXl3WN+jCO5b5/S+QqEzuMDXvYgWWOlk7HAiIYbDpSgeb61sJbIImF7/1KJbLXpQ7PHFqQqmo4jy67osIUVlFymSHEyrw8BuqAN6AuJdyzzjWXyoccWPaIn0j+Lzri5Zdy8ZNf4SryqwdrEF5mTHhyZ/nyOThz9Rz9igEM4IS2hxs73NzGZ7/T/bLmQ/MHodtkHSYjAoKMCjE2qw7os= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VDqGiQLUk41F6+1jO1KpD0Hnc3TYOYAPmMbFMce//+t66+9SsbYzVywa1B7EyqYnHo1GCru2TCtoQQ+PUUY0CeaCGF70uHfdFyuwlT/TLVPaUbWPsLPmjY8JOI4D7e9ZNKdeQcukiySgoq8zZQN8m/ZT4RBaDTR8CVlM6xOiHDYJ2b3vJR0YBPC0y3MZBcVA+faF+/sZmPboFBr2jVw2Wqu89xxwA4CdDRDQvpcSV8WtktoVKpSilJcxRfBk3aC2dyHwLWpuYvYrxJrilywsEGRKpqmwbLetHQeik+QykKgn8fe8hbi1ypztIoBHbIKxjDmaURz0aYKvmld44n7M13r8Q3Gfa4uqK/ngNunOWD9gI3sVh3GeRwh119PrZ3ywHrAo0J+etH+sC4HWzRGa94eU6TMG5dzlFDXxZwyswHFMqXddoxP189GwF4qwTT1DN7ILeKKXfuXKyfF96W3hJsV5mO5kQGV3V4stalxcSo8DyZK4UN4mhXubDoAFyv7WPt7VOEjx1vE0zxhSGJzWWXkuIj68wEEo7IqYOX6NWTivG46iV9IySF9NI0v1OXt1Guhnj8f81gOOdm7di3/Rzn9Rc1ONk/VLFyXeun4WFCiLYWfljjVlJZgtHk+/2wU6Bz7VYCjIU2KEAX1DhexCi6HnvdLob09O6awldQhSrQX/9hGBTJU7aN9O054G2A6KX3INyHpPEYG5M90sI2sUBf7179VthSjni/p9NL4DaIoQgTeoWFvDvm+qXEY8wxneGTggrPMd1TJTtyp2xJBKs2Hw2h5AvxPkukNlW3cIVWZtfDBDVyh3/+Zenyr2Z3+AYbcaduXjY7Laz25UrawWOkqMa5LKHSepO8cv9MjjSra/4C0070bt/SY7i+Z0WUAN46U1bX+ty66hHzW36eQEVR7ULSz9a/iKtx6j9jvtjKqjnHT97RdwXyK8+zf4LkytAsqNRfpuJX0foR4DTKyo1HxhyVwx3Wa+o3gx+b+CzldnTZ+H8EupKa/ocJ9sJSizWhWXUKJxVR1/BtNWZ+K0KPifs8F68CTk0CjesYEkrb911EkneDvi0PEsRkB7oTOsj09aRTO/C9ldscqhP9h71pMeMziNz0WHAQ4H6Ufh+/HPjB3mxNg6lm3DSA2IYhnKmYgmOO7MlVZxO+ppGpd1SdIuxVR1PJ+TO40cMbE/FfdEwCD2/p/4+We2yTXO/vwTF/Ws62PdIMmxzmscruNCp946kvl/+Et0HfJu4NFc2cl31OwiWMEr/AJMEcNdjjGEEl1xAlft9u3sBKeg2NoUPEZYh7TcJIa6nLecletD5TAQB/4HHlNySqRJ3xaYNb8OYl5tw2IAFAF/zGf5BPC/k1NB9K6gotAu1ZfDyyUG0S7r5BAwg8iNHe3gz8834exuPFXUF5of7bVHhwI39q2YmFw/Leb4D0dT0K4ZHmZ58n/rpZgPkm2nbbm1NXjzYdhsU28ovGuINBrXgV6YYl9lVnw0FGcH6/uSMg2hoiPYmg1hLWxmUCdVl4Ak+i5nrcaLy/fRAs0xVV5dIOYajlO/537ncj/XzFSq2qgdN7y0bFioA3uwTj2KEJtAZ3EAdrwBvyP//X+p4UG2v/ZOTRasiND9gG9PzC7yH56utf7BEkpye07bdXsk5aHeruIYUfpJ/kJiAJWT7x2Wquly3Hx828OVbxJfXaDg2TaE6S37x7iwi+AmDKBRLXDlcYEYMRwX50xLgAM45cURDOCslcmwI0vYt1U8XxEp2qX/wNQ223g= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 60d9bfc8-5011-4aba-e6d9-08de94b13b75 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:26.3120 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZHaOCWKrh4R9r3t3887X7dOJq7m8tEANITsti4zrgxHhiv6t8SI4q79e4IxsMOtKBRe29RV3dDooSxnZb1zpxieBDBElMG+5/s5v7CsehJE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Pvhq5gRn; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/lib/aptsrc_fetcher.py | 75 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 1d133aae..933480ea 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -7,10 +7,13 @@ from bb.fetch2 import FetchError from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import runfetchcmd +import os class AptSrc(FetchMethod): @classmethod def create(cls, d): + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + return AptSrcUnshare() return AptSrcSchroot() def supports(self, ud, d): @@ -92,3 +95,75 @@ class AptSrcSchroot(AptSrc): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) + + +class AptSrcUnshare(AptSrc): + def _setup_chroot(self, rootfsdir, d): + sbuild_chroot = d.getVar('SBUILD_CHROOT') + unshare_cmd = d.getVar('RUN_PRIVILEGED_CMD') + + runfetchcmd( + f''' +{unshare_cmd} /bin/bash -s </dev/null; + tar -c --owner=0 --group=0 --numeric-owner . + ' +EOF + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.unlockfile(lockfile) + self._teardown_chroot(rootfsdir, d) + + def unpack(self, ud, rootdir, d): + workdir = d.getVar('WORKDIR') + rootfsdir = os.path.join(workdir, 'rootfs-fetcher') + extractto = f'{d.getVar("S")}.dpkg' + bb.utils.remove(extractto, recurse=True) + + try: + runfetchcmd(f''' + set -e + find {self.localpath(ud, d)} -print -type f -name '*.dsc' -exec dpkg-source -su -x {{}} {extractto} \\; + find {extractto} -mindepth 1 -maxdepth 1 -exec mv {{}} {d.getVar('S')}/ \\; + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.remove(extractto, recurse=True) + self._teardown_chroot(rootfsdir, d) From patchwork Tue Apr 7 14:23:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5020 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:43 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f63.google.com (mail-oa1-f63.google.com [209.85.160.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENewA015547 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:41 +0200 Received: by mail-oa1-f63.google.com with SMTP id 586e51a60fabf-40450320b4fsf6732795fac.0 for ; Tue, 07 Apr 2026 07:23:41 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571815; cv=pass; d=google.com; s=arc-20240605; b=lsas0v6ivqQqC3NIVgUQtyt++cQ6yZAl0AO/fDrsx75tEzDsRlU0DuzpuNK+Man/40 UvR7uOUntJk9t7F3X3gpOBCrAV7jl3WVk9dR5qREtJIzUbgplf0QoKtbUps2e2uc/KWd ECcJKyUeP5U07BlRZUI5U4O5MFQOJQYP9xpit6xE5fegpFgmbVRzKXgce6ac+muRYx0k PROUxDCj1vGJNfaBf6TvG1ZnaPrtIYFGZHiyhCfYga+Ce5cgP+S7bJbVvdwGrGzk95S9 3UyvW35bpqZQMUa0kcwphSD2/OOgRzCoRLm36kAS6tzSV8ZzzTADQGnLb2ubVy7X9JgN yTag== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=mfNmewnzJ3XQDSrLnaDa4vTuBvFc6HaKFHHT8JYEiA4=; fh=+LAbyF6f9s+Ky3uOzAGiHYefqLDG0Y8LnT1cSG9y81k=; b=X8Ve832uMCoCvgjJcBndYbBZ4e65typGroI4H66cam++A4z/eiZfsyunSHxiGqVepm tlMbWQ+HJ3c/t5dk0WO0LUSBr0VK9lUI0Rn7258cPH3CZtVvhnRmHDi9MaEb6BbtdtQu plwXKogagvOohQw0GH98UEGbWL084EJm0MfzVX2eptkfYQ4j0Wd22L4pqFKX3MtUlGId T295p4nm2pSFWN1XS/1AT4eVpEgHHx4rHiXwegLWwrjbQvc4qlpRvzWHuMct4vLUImRw m5+5t0iVUzywnuq0dd0iKK7Cxd+NYudHaFh4ns8ypfRus8oE+1mrg0ruNMarpY2+Mhym czgQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=aiLSgfSf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571815; x=1776176615; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=mfNmewnzJ3XQDSrLnaDa4vTuBvFc6HaKFHHT8JYEiA4=; b=RtcmO/pfEnNDPvqZraiom7vw2J5o2XRBRYaSzZYY1jtq34CB/j4xgRGasQmgORnjf0 s+pCkN3JIiFHklWG5lBkD6czlaUq5bSX0gE2GeL68qgx3JDvRyQOvtSPsKg/tbEfueCn hW3S8OGHbQBJ01H8SHCh9O/bIuYzIP1S1vN256b2fdWH8rzVyGOf9lfp09syNByak0s7 LzMysIj70+lK42srCdf1LWHk9iLuYNy7J/PQFG32K6dcIVGNhFiZgVoV1q58/NAONWKj lyrmlA+cyudv04j5AV/oXCFsU77JHEjyflMU3QljWK1nKsCUZnIEzulpsbUN+Kwx0s46 yqWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571815; x=1776176615; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mfNmewnzJ3XQDSrLnaDa4vTuBvFc6HaKFHHT8JYEiA4=; b=UGoNZs/yF5I6RgT4cf5SeBkBmq+GvOyClW+qJIdfHUAsjquvt9t4daBP/pAf0IYqfP sSu0sNXx53Et51W13R7DX0c8w1HmTey8v0qVBeSqZuH6bVylDPKVurxzcC7aek4UQtZg oEFcTUuWv22SdqP6Puo9pgIojn6JCOQO8Lh5KNwbkZvBe9GX9AFs5FYdqorJiwFp/5yS 1VsOTixkg/IQ0+hvI3rhh7s/pnWuKtgMcjllG99A24EyszrTi244/Dl7CdbUcFfUZxrY sGUJZz9kBH7MQ3NsZb7Bxf8wmeIFtwW6X2aSIEfP/4m0dUiOdMG/rq7mdIlF9Y77qmAz AWhA== X-Forwarded-Encrypted: i=3; AJvYcCWgIAlZa/SIsPTnZWq7CG0wS2AsPA3g/HUarBW6Jxb/1u+crtrRjuihWcSG7S+tmvBBFIFrKL8=@isar-build.org X-Gm-Message-State: AOJu0YzPwTEDJLUGc9X/Nu3gNttyJM+ulaMo8w4I9gJ1MwvMsMNLdzqr bq7wXpwKWK28IncmnWVRfBPqGwEFWuwpv7T5ODqPBmA0Y3qWDi5ao2Z2 X-Received: by 2002:a05:6871:210d:b0:417:359c:292e with SMTP id 586e51a60fabf-4230fd52b22mr10427650fac.12.1775571815326; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiLEUrVeUN/kcpo6jRlSHutG038Tlg5Pw7/5F2DoxHd/Cg==" Received: by 2002:a05:6870:b009:b0:40e:b5a8:d871 with SMTP id 586e51a60fabf-422ee637091ls1744841fac.2.-pod-prod-02-us; Tue, 07 Apr 2026 07:23:34 -0700 (PDT) X-Received: by 2002:a05:6808:1910:b0:467:2926:1228 with SMTP id 5614622812f47-46ef841ab3fmr9277328b6e.49.1775571814453; Tue, 07 Apr 2026 07:23:34 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571814; cv=pass; d=google.com; s=arc-20240605; b=cO0he6rDnHogheUoApNImBPUAiBjIofddRZXdiTtg6aWNOl50rqW8Nm7qDd8Kn49zp X85QDyHSVIgLoWbPSW/bpu5fCIGtYPf37ITzqxMfCA8TjBTI7uiMQs11MpcZ8Wt9s7AO U7t5CUhqER//kWP7pqmNn4zeNDtCXFPJI6dcXJQF4eCmqpVU3n7xlbwKZiiJszYKlvJ+ QZSzbDRZB0BMbY7fJHN7iR2vz9AmNaHeDyD37HE8VyK15+q85hRC7ZvTfGoBgfzCGKYS r0OuCUwNVRgYAGFuik1jzSsFZ3IJtTRY3z13EsWSYP2Tsfc0JdJeKiytsU1sbOw1+30v jGhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=gH4knNvAjieiANpbRCiYmj+OZdNNGHCFEPsIMrxOweX/+kqcVLK6pcRMEk/zICToFM WFZCf/hrZ3gLAhTY010nigl0Jta+G6upi5M/a7Pam2TtjPTGf4j6yCsWyG8kH5CmKbtk jrO0bsNs4p/WKpqod52EoKYXW+fcX0qBGnVdFlisKoE2oiYVg54s7wuP7TFlTjdPJh9q 6+27tIsDWzRNmgRFD0hNN7QvROhVUVfjgTjiftXkIX2IZbQOLB3sFgKKEPa9olKUvFKn x7Lm/4oghtuA2UfIAHkKACUIJqD79RQ5kp4DcKLyHPfN1Ompuj2skxOZ3cKjcSGEdpJH FjSA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=aiLSgfSf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id 5614622812f47-472a0d2c4f5si241333b6e.2.2026.04.07.07.23.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:34 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=svFcquCM9hS5+0nzIPJu5TGrt9vhYDGLUjp3b16F3tp2p41GPHKAHQ/i6avMyrnzElh8i7On7mVB8vj1p6g5k4pfiHGTwY3iu58cNn/tHGaoxIdIo2wz7MrXMInsdqCNsMYhyHLfPCoUgiJKmjjI9lIiLap9lkmgBoT0WqBPbah2yXMtIZkOzIX++IEx4b2aDCr2RUqIEIn0m/WkEJTtC9m7cnoF6LM11QAR/x2YxE9ij7RaZyWqIPw4M5UrCZVcJrKGnNp9BDelzF8AT/kb/oEfLROjMApHwkRqfC2UMVq1QjI6WefUHhtLWupfUsck9YQKUGCIV4rUfSEtG0e5RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; b=Ge1IjoCM6wQSuZluogYdMx+Q8qSsyjq0Bl2b84HOJ+DlrCLY5UBZ/tgubUQfjv6GLMEYYI2f+grteyY4CfAcmdovmPVz18lNoEZb6r/PWxG0A4zcMFx4yIskfzS1UvRfCXBUU0U/Frozumcs08FFr9PVNeRDFz6sHJh+yxYgF3+mbbY36J7YGZ/m1MH+nx3igJeHEoYkhDmowzItdeaiFJKgT2kxUaGy6iYvxCcYGfYs3vVs/oiKccWnr8H+Vci9aagpcE9CKUm2qWjB9yUv2MYZGmFV1YTAxI6NLbGy97DXXvsR/RSxTyrk3odKN8pEpxJFF65LyoadOswlRm2oIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:28 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:28 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 13/16] dpkg-source: implement multiarch support for unshare backend Date: Tue, 7 Apr 2026 16:23:07 +0200 Message-ID: <20260407142310.2327696-14-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: f388a9c7-71f7-42e1-2fe6-08de94b13be7 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: 30ACHDDEm4Fw8phYYh59/yoCA7EC8wOG/x1q6aEHuuHTH3Lb1tGDogdos7jgix8akvpDn28/2+Umz6T5D12gIcffBZ5TIANOuaFOO00IBtM2qN0MC41lJa3x56K+YH/wx9EYU8cqeanzW+O9/qx6wBEVrvnKzL0ahFP26twqHWBLpE7CL99o7duv8MfSs+Yonhs/YpGc8k3ztDRrSY/UxGitXQ9QYFaRiohLlnRFoUspGk5jVTCpj9/hmFlb4qRMSkTxMpvkC/E0wt8t+wxRioN9Wr8QT+a1ubi41on13pBj0dc5r/+ULPAPKdabsvm4/pBXLhnv9E/bd7/aq15zVKpAFDLL3rBmHw7eB4DS3Vup2hOK1tO2lm2FNnOZECOCZWwIC6YyOQhBMRCKzX+9Og8w0qwUeD9lR/LxgDRw1qnmZu0cr6mh2KfzHsba/PCkKUcZmjDJQh/AkfUphNz8c+yOOT+bxTe4scVNelJlaNs1JPr3yc+ck9629628TRJG387ARnuP19eAFRSz6g73gU3U/8xtkMKTVJvtTAH7VKxea2hsa8GQjQsUPDShy9H9ssABQty4upd0HyrvnLAxa6tSFQcx74RzuSBTtpxzzzx1iX66U+ZtdlIjoFUkdozsBRHlbP6TpIBEkjOs9btQj41yalcjNiWmPLzOEMiBZ1XAqgNwLotxV32cCswLG5W3yZsY5iIjuzETwxXghDUVMeAv52M2NDHgCStsJFTgXQo= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: SEUngt9jynf+KA6lYQTKh6V43bVCarExHDNrVN4sSHu0I2Zvmrl5csnP05mtt1cNzEOZCPMF4ykLo7ujNDGsQhJE/xCt69C6OSiS05AahF497pasxmUp6uWhHuqOXxJOp/kPmdBFnCHMmaybT7+axDRZxOiU4fGbFBmY1cYOQFqjyYvOtQWLnGlA63UdcmeRiaAxXBU/KeCjvLOq2jbvDz3SaQk18wgFLMxaBOto3BcHE7MNg9VXiagNQP34L9/ZdQutVSNDFDpVfC6jDa8VuYMSlAQpYXHDl9xBE61fU6qA27sVBobGcTtQuuTtJjsL3spY0MMtH/PoH78c3I+c0d/7KUWcoukzUh3SWHX8i240TcRoo8EvqSAbJjMIWZJnIPvvWDw50+3eBjtO9GHxvHPUwlUxEH8GbyTyfnasD9oq45u/kuVZevSFE58jHxMK8MD4TfIwNqBybyM/fZUCTKE2ujxEj1g4U9YqtapYLC6CZREdpatuIvWp6jookxl7eSLwvhCgU2YAGimosiMFZuZSTWng0KtL2I3Dtd6mTGh2wfD191fy7LpeUEl8D+rwPflUE1OMnGZ8FK4qqWonZZe4xIV6gZiOMzCc2s5z4fg6hiYR5ZDostFScTwqVlGCwMjeSUXMEwWePkD/b8VOl+z/sIbGGRx6W/ZTYPpOTKulH6ohT8dEAPXGRCcpmDfL9hvVTyHudeTCVb/mpN9OpC/aPq4UYx4vvQlzvTI7IbDi9EQcGXFEEFzXlBvIr4pLnAOK2nxx8LzzZBP1yYVbdr5rqNRX3Zu2vwayOBDXFYa5GzxdDyWssX3dJ5d5jBE+HcJc5n3AuA2+o+ZimJqzCdEoI981V8CrVS2lZxIgaqW2GSnxfRC2OOd6ap0Rv8IOqnfKZUlaArifWkpYnInPL9qV2+k2LBFOgMudlAMNRxY3LyniY6qsqWJFZzsZeFbwkyIGvj8LSyWw/pmOnyy3dYd3g5m5d9CM9QxRePDFXEVM4vamkMpq1gVYuigFOMwtGEshj2epCZOtnKcn4seLxI2R/Ql4yTDjnfDOJ0WdkvTKFlS/vRh9rggoZqDzjgFYbFJQGO68/919nYZm5Hb7sBVd86ee5RKr69JVUAUS2Q7jWi4gvs94ocpaJJZlS7nKdkeuQH9zhbhyLEKfhZx0296IBkWHCl4Q305DYE6VeTDlo7bhiP/HNSodWhsiUHaMag1mFB8BCUcvJ8ZPVNqEACoWsc5fsePywDp0UDYI/eNtXK8Wq8KthqQRVjXqZ0EeVMv38v0T4kVr1y+PYB0ZG5PoBopU1EIg8i5lyoaZxEjGEyX5O8jcK8TqY192gSmMTYd0ckdYHKEd3vt737/8270VzTDyNBSTRaU/LPIzP0x4MyJO/jfLz4CNcrwqgLWE/vr3vSe82PmZIyFXp3UIS1IjOVN+EWQDF4DZBfvzyOmYP9D7dZyqZYKZZkoEEhkPzpTTsegiU1Otw16djC+OM5jzlu2FEfHenWkdM9qXt1SdUpccO5S72EmXmkqlQu0GnfsllrC9swkWY6QRz2fq84i1kauGpzDjzcWLsi/WZPnBg4mn8lDPWbabfj0z1LQp4V9Ec7z6yO+VAWwhBtPIPhVDCQF4kYiytzRgJCHTIzvZJlbRTeNK44yzvi+UZARTaS6He66b1VQUcbPqs13QiJSc4tlEGnxSdkoA7U7IxCMKSh+dVdEChEEA1+cJaRW3nFfF+DkWjz1hrQyJD1hxdL22AyX1oUuZsOo7om97Rcs= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: f388a9c7-71f7-42e1-2fe6-08de94b13be7 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:27.0907 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8sh+0bhdRShOOk8avt6jXpa8hvBL0eRX2DNhfPzmBuz9gjQKmAo74I/7fH6uRsrUCm4Ca8bsqXCAkZd47tY1CUozUFO3h4oF3nGjnCKNks0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=aiLSgfSf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The fetching of a common source package needs to happen in the chroot. Previously we only had an implementation for the schroot backend, but we also need one for unshare, which is added here. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-source.bbclass | 38 ++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index 629796d6..a1848473 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -52,10 +52,7 @@ do_dpkg_build[depends] += "${BPN}:do_deploy_source" SCHROOT_MOUNTS = "${WORKDIR}:/work ${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" -do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" -do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" -do_fetch_common_source[network] = "${TASK_USE_SUDO}" -do_fetch_common_source() { +fetch_common_source_schroot() { schroot_create_configs insert_mounts @@ -83,6 +80,39 @@ do_fetch_common_source() { remove_mounts schroot_delete_configs } + +UNSHARE_DPKG_SOURCE_CHROOT = "${WORKDIR}/dpkg-source-chroot" +fetch_common_source_unshare() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${UNSHARE_DPKG_SOURCE_CHROOT} + tar -xf "${SBUILD_CHROOT}" -C ${UNSHARE_DPKG_SOURCE_CHROOT} + + ${@insert_isar_mounts(d, d.getVar('UNSHARE_DPKG_SOURCE_CHROOT'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${UNSHARE_DPKG_SOURCE_CHROOT} /bin/bash -s <<'EOAPT' + set -e + apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" + + cd /work + apt-get -y --download-only --only-source \ + -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" \ + source ${DEBIAN_SOURCE} +EOAPT +EOF + + # run cleanup in separate session to ensure nothing is mounted + run_privileged rm -rf ${UNSHARE_DPKG_SOURCE_CHROOT} +} + +do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" +do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" +do_fetch_common_source[network] = "${TASK_USE_SUDO}" +do_fetch_common_source() { + fetch_common_source_${ISAR_CHROOT_MODE} +} addtask fetch_common_source do_dpkg_build[depends] += "${@'${PN}:do_dpkg_source' if '${PN}' == '${BPN}' else '${PN}:do_fetch_common_source'}" From patchwork Tue Apr 7 14:23:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5021 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:44 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f59.google.com (mail-oa1-f59.google.com [209.85.160.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENfhV015612 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:42 +0200 Received: by mail-oa1-f59.google.com with SMTP id 586e51a60fabf-415e1e9aa5dsf10122952fac.0 for ; Tue, 07 Apr 2026 07:23:42 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571816; cv=pass; d=google.com; s=arc-20240605; b=XVRkaWTMNq8cSEnJ/MgeA9KjT1pENS8kObmB93hSB3is15ViXAxF1gyiE9YpBN54SP YZdpBxA1ghaZTgHfUAlrgm0t9+t7FaP3mKQLCJxZBNQaItejrCPQQiwWK+2K34OrzIoB FWeU6Yg00cfjqA6OeMPw2EIcM21oCa0B/6foWtXyT7Inb3O2bYxA92355iAvjX2q2fDE Zjpq+rvEvpBv+aYnIAOyXCI23MfHdcIC5Pa6xkw+r92MwYfVwqZEm6ODga0rKk3WRH+l EkXI5Vd867TXHPr56uYd6G4B4hCeUyrasGkN3+yzu4T+t0+KowdAHj9zezQChUZRQRSe tq5g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; fh=u8WBQyXW2V7R8XpzxRyPdpiKSj+6tncDprnmP1fgnpo=; b=bL5YfNb4HHGk/cMQpwNEEqHPTEnGUdabxoB3dt9cpEPrh+1UwBqTOJOU9DX2JJY45z oO9cjh9aGrHyLX271qw/svWLhgCsYMnTMNO0bmbbc84wz8dNFwZAwMBbZlSsaaerbXdk bZkzSkBEdQSP/Ovr4D2zT+hAZlQ0OMRPfwRUnAuJebKCjL0X48zdPTW/fraHxGkWPFtB 3pAo1flkUdsw/fiMTxHsu1DFAq5S2e1huc83nWIYFWfVjVVfWIsl/6LDw6YqQLxBCI/c 8Kw8JkvyrYeskax8PCbh67NXB7Tbt/GU3GpfgfIBr8mZjYcZ0DcIZTCYOsp/J5dMr0nN jWUA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571816; x=1776176616; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; b=noYFgGWfhtIu/PSPCDlm3bYrByQfkXZJqVk/+wA+5h4L1VwQtICUPhlVF/clHxkdbP LpcvP/eiBF3RBMsV/tmsLNY7QOUMCLPdYLHBe4sThZglFwhgw0ItN4rv3FZ0Yvx0Zdf4 HlKcJrWntC46NwCFZQoNJvKqiDnnxgVcj4q7DbQ5pJk/llg6FbE0RlpqRoQTfKRYCNsw QuVMSYbpYkiPrCjOZ/+9wqIJUoqfUC09c1EviUJRX5q6SX4T0CTIoOqD9I0wn4jF66GT 7yefH6NHfi0FLuJX4bWvaeJPsWNagQljyPVjZVigAs85yIivRxoeTmJP7Mb7u6SSpK1k Iu/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571816; x=1776176616; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; b=PwR1ervPwAIGvpGqUK7jmTgYbpegBBKkDxuuIh6H3cdQG+8Dyqco0xZD26DMuPgiaJ Ke6FhZYXwtNoP0LFsuhULpsv9dsyIaFRuZzbTHsqq4qFeJuBWiDqaDHNOM8uHPTHghFJ M8M63Edc9RMiXEkSiS5Pgp3KYkPpb58XMd3ur5PO8QKHNv0l5ygoonWJxqrOqlZKc5C3 MQ0J8bVU0MlBWVTxfG+IWGxjYNVYm341Uda2sYMdjbXCvogCR6b6buWo1LnSrNpwU33b HjReuAahXWPO0usO1MMTEGicM/8kTcJp8FpCmkBdET3/veZzzlQjLLWzuTx2EyLh1y2q YPxw== X-Forwarded-Encrypted: i=3; AJvYcCU6biXsw8G3vonUtGhjEldvwKFL+oT/9uABeDEk3DJGR043dMUONfbySxZj9kxHk2kH1hWsMgI=@isar-build.org X-Gm-Message-State: AOJu0YxZG2sRsSCQ4CsaeUa/Xh8wJ4zOYwT2meS89th6S/ZgdJiua9Xj Gp9yTuZ77rwhw0aUVtlgNUxi47QTuCqUZKSw/gV0gTIeY9BMv8RA0OHB X-Received: by 2002:a05:6870:bb0d:b0:40e:dcc9:c3a9 with SMTP id 586e51a60fabf-4230fc10eadmr8665201fac.3.1775571816199; Tue, 07 Apr 2026 07:23:36 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiLCK3FVJwhmsmTlfoLhMwYz3NJ9dvxHi7uUkgFo79TqcA==" Received: by 2002:a05:6871:c91f:b0:409:4c04:fab5 with SMTP id 586e51a60fabf-422ee61aaa7ls2936972fac.2.-pod-prod-05-us; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) X-Received: by 2002:a05:6808:3185:b0:469:fc59:b128 with SMTP id 5614622812f47-46efadbb119mr9280777b6e.25.1775571815108; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571815; cv=pass; d=google.com; s=arc-20240605; b=idqTQHbiqLeaXpQ3kfJFlWr1CFKzChlIyMfdWK2dSDN7zkvc+bp98VNZ7dql9rwO5b ShMNzCPZGTkMJ3PlSkdU5p/Ij3p3BUqKQL5X5xovpipXs24jhjcbGBy0Q+vKaAo07iZn TIPGeLLVyuuBL/avEwI+SKb245Lh0K88f4OD8cWhidBVAVjQQGlxhtDc/CStnJhx4qat KFPU8Vda4O/fIvQ27AGH1SFt17VK/aGnh0HZPHNABD8lLEovqifh/QjqgZSMKMwPIjLM jZVGfyLuzCSdJViaQXaIEbV/8FUpaFanMGTHp9QPrFeICoiF0DLfcqSF469Oh0Xvt89S AS5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=JiGTJ01jF3C3O/p61b8QVBnkgiSSE/iszvBpcPBUjjrrw9l8GrHP1hLiiVPs4V+SWb CTMkO6kOnJvf+fZupn5CenTFLpeqqX9gBrmsqmM6flk5bHLmlqKGI1LyX6yqiGOIspDt +GspFz5v7FskTtTsHjPNjAVufYgaqEVE10saIXv4VzI9GKUQU7pNtlYGfK86BUJjK9Rr XIcWREjbKB6hpgy+EK01wnvk/lbzX2t1a1njswEx25+M4toT0AuT1Kiwv0+UmkdsDRqK +PAUNkRFoyAYBDk54pKM35fz5yrvPnTgYuK6CGNKG9OyMhrKtmNRRYNRe+PyanE4MDiv FrzQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id 5614622812f47-472a0d2c4f5si241333b6e.2.2026.04.07.07.23.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:35 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mJeoY6xqiTY3b7mcOn446tSoSPIx15+Qn8GMMROZ1kbkZ+rPtXmK6YaotuMkAS9yYPHJWftkh9johAcqz55Y4QcQy30d+SILh3xXgkbPTMzx8m0rjJV5sp9eGQJPYvbyUXWUvVyPOwFd4WVvmxZWP39TKTq/3ibh4zsAg2D0WYfCvT284CoXyYP/w6VrzKD0zxufFFIF/DBHEjkR16i67TqO3ceP+ntVJtFHQ+Q+9/GWSF9OKvgXmir27zrA0gJOIhTBojOnzfMSU2eNZEcMrmVvsJMSNRQ+m7j9cGttuj0f5gkvx44M36QdUMy/Uga0a8lAWs4Ci7HXwLtbM8Lm1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=MyTcI8nhv7deZ/oesLvwoK0JCYOxZNagRgLMSYo/vGygo5EtLdxN1IfqCJJm3AKMEt/h7Xs3j3h9TFAn2FsM7XGFbXyfXN92NSGcu4BNE/sur2eaV45qLT/j+DHBrcwEOTTaAq8IRnquRtf2oiox5xjENiYA0Bf5l8I5pc+3lKKTsMTXHLfY22PkHEZso8jOO2kyFU48y/09JfSlQvN3ibYOuPpK7UCxsqwXCNb0bhDOI0yy6QOuT/b6K1hn5AoEc4PoCmEtLhWoIobjbPYyiia7cJ7Dbd2MlsBFBvZn//BXkPtjlXuTApcIVLBCgpdv+YSs9MA9UEoSkkXJcx7mFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:30 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:29 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 14/16] use copy of sbom-chroot for sbom creation Date: Tue, 7 Apr 2026 16:23:08 +0200 Message-ID: <20260407142310.2327696-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: e2c7cf3b-44f6-4bff-0b3b-08de94b13c5e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: ZNhT6pPxmo9BuxTEclfFG2CCPfqvi6PkZqwnH24u5HMLuLYw7xYON1pOLFYPK1pfgzwZmHGaK46jgrbA9Fp9c9b8shIzvmzh9bNH+s/H8q+i5T/79Koftrma6+jjI3SDSDEHqvbL52qxQ2EouqY4l+yrYflkXdLBXuAlIQOrP2muKKvbB7OoBkU9UtL8VHC2uw4EN3JpFWjahvvlEAPntepDK+aGJntMoq8jFuRovSJf10oz0H5mKXv5tMsPqOCX4XvVcNG4BlDcNFg2tp3RXlvuXZsuu3aWp4kcqzGimVrE+6nRD0p5dUoZctIFVcdKOvnfZfcZ/+7DRsBPh2h+GOsPgs76/l20n2oHn2b0BIQz4jIq+QJ1XjjdAzh1YdCHwuD7wi3w/DAGHFvIUOtjA98byxBc+otDppF6RLgshesWoA79cFKNIjR/pywEEEzZWYQAheMg+LXquJ4Ntn/wIBIbZIwU7HR7iqyYMES3XXtMhwqYBeo9hKQ3nIVed+chJolYAdXvSboO7IibA7laZBa3aWyfohG0Rl/YQ1OTHSjqTQW0Mvp76S7ZTs9fyMai58OzRX/+hPtxRMdRTk27xbEK7B9y06yH4EuZVz3FF6F5iM/HR9cNBnwlvZWHFoDTxRzMhow+FOfG6PTE1qlhQqFZBj3tlxSI+AwpH0ajHuQW4OVe7Z9PhIM/ZvIq/JUw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Wcg6ARCt9zQeyZm8P0sE30DrhqwU6etqBR3nA+eNCviaB/sWsIdu5sda/02QB2/VzBWrPcwNFyd8NxxsjQxe3vP4nFWWgt+L87e4LVLlXfNsko8bvV7JqmPQUJ0fzJ/PySEeEvwEWeWluROPeCOArs6tCief8rCCm7dqznvSyfwKORVeP3irR/jzkqJDEqMSX/dRIjq+oRXbkgIvIPc08RAVK1lXvAW3GSPrXAWnV5l984h0eik7JdDEisHZLnBhsureNFzCmUk2QxzTSeqSNIFHqolMHeD6y0//cjUTcFXYn6jEmNYtBmNsidotDV1G6mlJkEIkS3y1pTq0QXTAnIyDHP2EE/Ru42Yol1eiAoJkw2k/0hw86m8mhXBKnVO8TqDN2GTHNBdwxLJPP8pZNZXhsNsGA5xUDAxScc/usHOgBFi3dy7ZTMC1FHZnu72hi9Yl3VKrwZKXRgZL0WY72CuzXZjCLpjoSoVKU2G4cpWml0M27qYQBo6nM22UV6iMXX1uSaFcX5plpAmQdopuoFlqi4cRgZRIs3NqW14IDvAFgWBuMJGaIwzfWQKKe+/6Z5XjjFxZFK91gJCtKUlK0hI6cKnLo9hsodEARiiiJvbsF8WkKTaLqwHldiPxmbXIqjz2MvxK+wT10ht92SDzB8J6n4IVcnh9OCycTM6wSySKqYmkkghlGZajSyTKQkeW5SWAwsgf7UmHTwx7eDBpv8Zr59ZqgaPmmbrTj7O7q6bGA3aePVHgMpdZF6GYRCLtnIHtACZWhu8Ac+DxIjClTyahm5CfuLXdc1lgiYBO2YOP/g6NOn9t/giLIHgOvtuYZeMIX+FbC44Fneyq0z+0dssoIIb65HPI4/oCDm1KWQFV+jTJgqBJsmVlIthxgZ35YDNGr0P5gXzFNPK/vQ0K6uncloaA8avmhast74h/elY+Q24gk4VmlFyEGKGNhtX3qYDclPBUJv/Mxmp5rP3Do3X5XnjBISBYgMcHjYCr4K2j2NP4CUDLD9g8zyOBmVMLwEJOrQpNrv1zBQuGdJ8GOyI49xEJ6pipx11rkQKVZ0MoBGaF4ndbi4ayy3wMMUWbgQdqIn5l/w7RzniMBx4yYi0UlKrFZIB0wuD71jqcSAq/NNYMcaiUuNjSBgU9Pba3Pta5Ojq5OIbZoPaujkE1MJ/ml+3QI8SyqY+ljd4OGmHyFBrz2aMnC5EKWqypurJ3CYJeaH+dXEiyKYn/1Mf5RH+7b+jwFcVXkPZn2TEO560bcfpJy/qWxLu8erq5Tw/Yo1VfK2ZEG2jrq3XF+sBrLvfG/KWhy97VU4vVfd5fhbl92JawffaUanA4dqQ38DkZLcueNG7cqSC+1xSG3ZKGTn3t8Et1cZVFZz6DXqdyCqR+x+bp3yg+d6n/iZW0BEBqqgcxMOfB7EwzzxnldWNd6lVu52120JXS1vcbNO5c1eJpI9yIcbfVJVciRW9CFgtjKhgbDipkS9dteNQz4eXUdO+IkdqFp2rNKaeFiK+AOsCI3Jmq+xuH9Vt8cxb5a/8Bgq+QtHE5rsc5o3+wDx5R1Y3rfTUo41yURgQBXdiS1v0kLELoAbdpaK3N07Zm+r9YPFB9p76NXtZrJwsPStvU/P4g1JAJCm/weRoTd4+Ym4ot8y951p/mN+zXzyQsTXDMUCvqPDBW9FE+Z/iuW6z5aYMZLSiLxk489wS6IGSYFX1qzhgV1MYL0qDSGCYFPNSckobGBcD4f1ZhWW/v7aPsZwAGYX3hCA5iPLYOXv8XQMU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2c7cf3b-44f6-4bff-0b3b-08de94b13c5e X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:27.7970 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Xru3U90XvDeD0FqhKfgugq6cxxeurd+KIN0U6+8bZusApcd+Xes5Prw35qDWYLX71HZC6ds4BYXKFcb5ZpBVIEp2MWkKSV+T4o1ym5PFLLs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs From patchwork Tue Apr 7 14:23:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5022 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:24:49 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-dl1-f56.google.com (mail-dl1-f56.google.com [74.125.82.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637EOlws016008 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:24:48 +0200 Received: by mail-dl1-f56.google.com with SMTP id a92af1059eb24-1279caef718sf7955145c88.1 for ; Tue, 07 Apr 2026 07:24:48 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571882; cv=pass; d=google.com; s=arc-20240605; b=MYrBS+oS5+jAYlkwWJU0SAh6zPCNW5CEcA+NwhgAZ6UP9jC653nRicLzqLCoVuEFuB co0GInF5RjMS5m+NbotlNCelUDxzHkGJXJZ9mm0eEYVm9rFSaJG8mT/S1RQr0bhKGLGq zOH/CldhYBcGi5gE9qs5hyWKW7AgdgmREZUg3Kn0WEvPr4BDrCd940aO6rQByTeFoFrR IzUb33vRGMHGUDFinWKlgdWEV99Wq5CDBEJxfs4zrm9jS4AowBIHRiZcFRtsEfBqM3zw 4ELobdQRpsX+34RNVY49H4wadake7MS+jmilM+sNsTQfTzeRRXrdUOa59/y5EwgTTctc Mhow== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=nyxPnBv3GbnwiWmEE+qoiczEJ6kLRSeZR8/RSN/YszQ=; fh=tWAxi7xL/tbILitb3q3RGzRMB8NJFuRektTYOYq5vIA=; b=J0aZp8nCcLmxABRXuDOPHpELilQzqBcxMXrBp+ltlxoxAfyKXFKmQIiWcxJGKU4gGH BJPTpc/DJ/5WGy6YyOEwgwUNntCeJqTh6/AyMi2JGPBN4G74gKZ5RQbWYaFTnka6omgx TOcbnA4NKD0eKG3cm6zmz0i7yChW3Xo0gBqktQ0HqE3/VapyUa3CvkMvv60kim0nEP50 MJMgAURD2f1UNCgGjgzdRUTY39KbiDuO2gn3vgc8DhPfsk/Qfv0fYN06y0s1yGGsVVwU ZjWmp7AEreqLDV2+Lh+3I+Wt1sWw43ULq4q1pEbz7KVIQTd3eQi91Jd5ihVP19jVtv0K BPvg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RwUxf1sC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571882; x=1776176682; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=nyxPnBv3GbnwiWmEE+qoiczEJ6kLRSeZR8/RSN/YszQ=; b=X0MzKFY2O/aS4j15RS39O/B0IOccXEID91uuIp66xAvISXEJCCPz6gXgT6bFI0CRzU r6PJzOrwTWN0TsRcUsN3wpxGWpwvW4xbWj/keU2799OkmVQxTv09K10dDoToOhWpz08r 5m8t81xgF+Cn0d7rdb7qEcEZcB0PNdHC6ZQF04mdheQX4DYpKJbjrj75eQSD305DDeHB a96EepK8cIOYFHDBvgLm/hN+aWNKUeNuAv0Qguzq7woYBsTJOCWyB+NptjDYEe8i4Kw4 dQy/ASConIF6Kw4a5DuQsqyauzIYsaczcwl7GGrAA1qiSYDgsTva/1UHe/3x4yAqIn1L WGig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571882; x=1776176682; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nyxPnBv3GbnwiWmEE+qoiczEJ6kLRSeZR8/RSN/YszQ=; b=rgN9zxzbbwjFY5pKzmNqu0TN3JrmOhaKa6fZ++Hsgj6Q2yOKza9pujuM9+22lQPluI e6sxBPHvwAkPDzZNiw1eOt0O4AeL6yPN2h97IRAw6kMhp6LN7eiu0fjtkgat14lkj3K7 m1LlZuqGjDeh3HV1+geQ8VjdznenFqfhI7asRq5q4Vh5aMJJSemWVykhrSDF7fqfu/gd i5nMdiSu9AHv6soxpC8alnUa3ukEYhmARkLAltBYUuU0XKTvNrqDgNDiVWdgln5x5m95 Y1Q0AuZqxV3oMFRDrkG/Cv+YMYqd3PEB4X28H18UHSO/TLEowBCSJfEkBdriacZxIbuq TYhg== X-Forwarded-Encrypted: i=3; AJvYcCVs1vwiuyNBX+VgBFg52v9G3IYhA3CjCEYCHwAdEcBsXavNi4nxLjEfovXpAkHxhoT+daHIQPs=@isar-build.org X-Gm-Message-State: AOJu0YzUn2KBpwwHne1jpKfzR4FGBDLbLo4QBGmMoMWv2rcaUp3lKpiW Mpk3E5l+UHLMFABJs2yWWl3hCg3DB4oIKXvKK+yc3YK3hz17SQlU5svE X-Received: by 2002:a05:7022:6725:b0:128:d23d:81a7 with SMTP id a92af1059eb24-12bfb6ec516mr8127300c88.6.1775571881900; Tue, 07 Apr 2026 07:24:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiKKGO10S1AckRkW8SRnkUotNa+uCyybMyrpaCJBShMalQ==" Received: by 2002:a05:7022:b93:b0:128:bb7e:b610 with SMTP id a92af1059eb24-12beeaf83c4ls2706755c88.1.-pod-prod-09-us; Tue, 07 Apr 2026 07:24:40 -0700 (PDT) X-Received: by 2002:a05:7022:41f:b0:12a:6a64:81d9 with SMTP id a92af1059eb24-12bfb6fba60mr7959116c88.13.1775571880034; Tue, 07 Apr 2026 07:24:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571880; cv=pass; d=google.com; s=arc-20240605; b=iWzFiNjBIEbBTYvcankyUhV09WLWrrwBIakXis0pq02AYz6RWrFv1tF2vrDR6T1GUC KH9WnzoWXBuIi6DtgNd4l5Vd52mmKw0Pnf0SI3CiB5sNJS21O4R/S/ru676HfSJr0Hj/ cl3gqPp7IFfK69hTRLHTwes9mABxKzPn1TroGhlQthwLJDUJOT8ZkdsJ0ISman4QnTvN Es9941yXVTr0cyb4GvyrqLZ0jZ6FtT6hF+B2ToAzueLJmR0cidu3NONtHG5C1aSC8JGV swaRzmbgZoHOlU7/Zw1jqcIjTpGZTT7EnZUe4FuTQn1ojbg2e7YOgHUwVbKIodFfYbRo 3nZg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=dHVS7zBluohsUxQYwXM9axQ8MNKXTC+6TLkCkFYnwE7RDCn8mgBA/XYrUrYSSoTsZs XZ5bvlgNsg216ZQk9GVdxIr0UBlYnF3qjO3mIJZqFNPbiywQiJKc5kic+h2lJw1z7fqL 6imSgaBv/MNs0dtPAtI0t2ZNukHQLkNisCdAyHxKMnJ8KPKz7OTpCGhHxjYgweG1FA1O IIAvduERGWDokJdqdtwXVC4usrSUtm3roF1TzKT3kCsyMcBEyCquI+zVbPZXX4E4U9Vj 1f6RreM8bBzz/o20/rWOXERsDeSywbyYXnwl/NCvk/P4ulL0BZBod9f8yLDZhNqFL+cV Dwiw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RwUxf1sC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id a92af1059eb24-12c15a67792si106541c88.7.2026.04.07.07.24.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:24:39 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HpmgVMm0QQMdIY+qyZfb0uw9aOyb6S7IPwZLH71FlTvyBjjo4Fo6gcu87lhGp8/AFxSOKg6sp+m3FL7lwptA9BQ+L8fkSbekTYx4PrVDkgRDdDnWFodaniKRHGCj5YVhjwBEwDOJeRchvOe1atZs0rT9cjmFOWTAKYinpw05rrH8ShAIiByYry45ogVKsgUOCuo6yU+ptDI1cyBExcCba24PHyDH2+bT+rVqD1WPEQ0xO1ZwuLhWcix2tYWcOGLVKdFPoVFva7lkuhz/1A69VQVk7CJdpWuKpzBd9IngGjwd68cZJfvVk1AIv6XkmCI9Bh/YNodsX5WAQscXxopPtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; b=UkZieilANf8rXCVlZKpZW95LlWjAyemwFdGktzFIHELsdl79RB+dAjgNw02BeybrbJFhAVbH16olpeAEl3VVcX93xc1uFVnzNMGpH1StfcM8+XCeq+vp8dhjRLONeDSASAbzuG8Ujm5nTv+KaRfc3CbXQ1NTQUis5pbOefhf+0MiIXRGv1iMZKIRdq0Bhk8NjRS5KesyhMhv9LkfwobtSMNwDNcY2+t4RzuyMO6xZKNnQ62FK56G25928DDEXgOZViyrTksQzs8hKj1MyvGQrYWjh8WaxC8141+YmNRq6hHeITObR9/xPqa5UCkJ+pN/Gv/xlndj/9odrJAklTqkWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:24:34 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:24:34 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 15/16] add support for devshell on unshare backend Date: Tue, 7 Apr 2026 16:23:09 +0200 Message-ID: <20260407142310.2327696-16-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: PR1P264CA0018.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:19e::23) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 99f96a46-ac0f-42bf-8f32-08de94b16433 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: sJlrcyrmS0rLQ02T8yadRA2ieXSR4btV7Pggym6pUWB00wIrvPM9A4yrfx8SL62PR4krRd5obUeCt9CPNvKuAiKbH7UlD5uBvAsBDKVdLTigr4eCxrfNZxMo4h15rk/UXcl/FN9NSG+XI6ADSMVojADWY8oYgvZcd7DVANqEA+8Zg3g+KGlGiOBI+BtwYddCNkuT5qe8H2o6lJKx+cXh5+9oHOmgSnMHmDAjv4LPaddwfaXJ1ig89I1I3h2h8YzQPYoiaxRPEBrieIT1D7ki0TVfkEnPU2vkRRJ2204z9j3H+xQ8JVALaIw12WbyAbWmhztgGJD8t6rx5jaVv/p7pvSA2rtuXOVRWEuuZwMkm0q6oL71CT5d+9bp1g9vBUvuCfBlCe9ynt5C22Ip2TLyrU4MOXaj+jP9MOiKJng3hTlemJMdA+9pjYbjlXcQErv7XoL/cCyWOrrn7TWvM1+Xys7S7vCdQJbR5MmvnMEQ/g66KSO8EIOndmj5Px1nRFYivbWwS2KyehtVexGaY4dhdERierVsJtgkozcALaZg9NxyGU7y2ozQiklKRRnM1WueMgkFSm3nQz02I4qVNgY0FBCkVIOVEpHAHTouEuPgEaZ64zphy+5q/MbgjowTUpC9AaIbPRQPnX8B4PDxoe57rQtcywVE/bXCMYe2Q2zLooKfIM0vgJeYmSrqbacOgIDebObuapcTXQ77lUSMyBS5h81P2GiY6XZIpcWjFAx3zxY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: EKF4XkXsYbsuKbnMT1164yDfD7lK763zUYI1rRl8fcdiScIgSAt5fegDHcpOOxl8gg9RKCNbs9Yr37FFSxJK3gCBimiDYIHnRKVxcaXLG+/XpssqrRtxQntha0NtAwKWuU8ljWKpylUCXv/Ri7pMw9KB4lJl/F9RhCf5Wo3OwS7DC4P8wCSecTTI0iDMNnYZ7TRAUEJgyf9fHI4rRut7LzaETRc6uzZEk4P1FQxY6p8CfdANOoN9bTdAtNGrO7gH/Rqvb8/Z4xcxyEtrQrwgrMw2pJVQraJAt+5E0TyuAjdYU1hGFY6GGRmR1X9EfGITYym0QRy+/Uc/ePVn2Bo0EEancXNS7Zbs4UIP01TGP7LcgLjYwxV2hbjzDmy4K3qNJJ1BkQzeY+VcSApcVm846ltwsy8GQMgIPt+kJ+/ywmyW10VH10PZsyswQ196E08+iWKAhNud55Q3plZdAyZmKswQROkUb5CuvVBxn0zhhRqeFmAThmC4P0RoBuxZVaqXSH0dcAftbumaK0pu19RZ7Vsj+igjV29QB9w9qD8E4YMnxKta5J5d6dsADrN8/CBWh0Zt1psWvrsa1lfzrNvPC/wO7k9YceSzIZDJcyduhrs8XOYHCPE/yZCbt6dCeti8aZeYdtjWvn2DYd7UPzwcqeCCAMVexuAD8e2hFfvcmhrJk0h7gD752GksKxA6YrM5sj6QkCyt6YHMkYnSzu9DKiGWka75SCuMSc7eA6X34wREAbKFPkxGnBI6Fi6Z5qBbN+IcDwWiW0XUJx+FsgMy5Z7HPbnv3FDc9m3OW/8/n0pvTbgmiCrEAjJ+dM9iFB9H5/qAbxWEMfLXxOaV1kJpIzgytW+BL2tOIUW80plzWzXxKxbbXqS43qbkiRlZpSu4JxbotxRBHLKu3+hTsFWSGXivsFVXkngy/ZOaMfjhZEzHta1dXfd1NNhkxvI1D0H+0aWl4udtnIpjlv3Gq6JJgeLCoW+kSCNnmU/nKlWD5j5fmUdnM2riy11aAV5+LX+2CZCh6SpyJeLgcG+wZyynseavN/cQjJL+sstSsDF3JKsbzGSAiY3p8NY0xAeuCbfR8VFU4ul0or0Fw1hTSUQPwEDDBF9VmBi3W5aKBMH1PSNzA3lK4+khvk1CBWI6J8jpUuegrch7/P7x7unU151c92SKC+P2hSSD+CikgaXMs2n0/DOqkH26NhDpsaYvC+2wTi+2rX/hRM7H1rH9Vj76yPv+sLOyd8UC/ayHI78VQjajxxnyXlmD0CCdb/5rNGAmoRIwAyz8AbNmTqvEQRohWXEdTPx92Ng+OaVx1yhJZtyJMUL0Ung1MwshvVVZBymSR9mZGC5EB7+cC/xpXCtbOga9T1BZmVZL0SpDTgsRuZ+eqPjdJ8Kkh/WfL6TFWgrC7LLmlkRkdsddJGD9sGoF3m5Z2OG3JQuKZ22iC79SV0vB60ezmONJsLk9c2PscGwHKaRlg9U0ZFl6s5c1bEJtNM4HbpwJUyaL3Bdwc3jq8Bc3+PbpFZlQhij0mXN91RnVzr5om0XoVmuKP+ggmySjKBI3E5LHJ6hRgMKD7yV2uomA7nsgzk8O8wUpo3ouK/MqQN12q0sTx1ohY248SRhcbEcZmWllU6dhh0O1Gls9K2ZMA665BM8qSDngPJdYlCNJ/eVKMh2BjZSMIvKlPY8/PMfpXnS/kVh3uM99QFc1z/g0Br4rgKVuVxrFe+JKsyW1mlBcwht239uzt3GNyy9a/44lpXsPz5T0D9CPmy24onk= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 99f96a46-ac0f-42bf-8f32-08de94b16433 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:24:34.6457 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: b6LL40zYISbsRaFpcWws/ZLnKPpEBs3bCmTvajOvvzwLGDnO6QBv0A+/5DHWb1AhWX/kpkA7D23X9rQi58nzYh2/cRWlzhg5ii0kE5v5clI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RwUxf1sC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 68 ++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 12 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index a0d4fd05..b3583373 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -253,13 +253,11 @@ do_deploy_deb[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" do_deploy_deb[dirs] = "${S}" python do_devshell() { - bb.build.exec_func('dpkg_schroot_create_configs', d) - isar_export_proxies(d) isar_export_ccache(d) isar_export_build_settings(d) - if bb.utils.to_boolean(d.getVar('USE_CCACHE')): - bb.build.exec_func('schroot_configure_ccache', d) + + bb.build.exec_func('devshell_chroot_prepare', d) schroot = d.getVar('SBUILD_CHROOT') pkg_arch = d.getVar('PACKAGE_ARCH') @@ -271,21 +269,39 @@ python do_devshell() { -t \"apt-get -y -q -o Debug::pkgProblemResolver=yes --no-install-recommends --allow-downgrades\" \ debian/control" - termcmd = "schroot -d / -c {0} -u root -- sh -c ' \ - cd {1}; \ + termcmd = "cd {0}; \ apt-get -y -q update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"; \ apt-get -y upgrade; \ - {2}; \ + {1}; \ if [ -n \"$PATH_PREPEND\" ]; then export PATH=$PATH_PREPEND:$PATH; fi; \ - $SHELL -i \ - '" - oe_terminal(termcmd.format(schroot, pp_pps, install_deps), "Isar devshell", d) - - bb.build.exec_func('schroot_delete_configs', d) + $SHELL -i".format(pp_pps, install_deps) + + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + mounts = d.getVar('SCHROOT_MOUNTS') + mounts += ' {}:/home/builder/{}'.format(d.getVar('WORKDIR'), d.getVar('BPN')) + + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('dpkg_prepare_unshare_ccache', d) + mounts += ' {}:/ccache'.format(d.getVar('CCACHE_DIR')) + + termcmd = """{0} \ +sh -c "{1};cp /etc/resolv.conf {2}/etc;chroot {2} sh -c '{3}'" +""".format( + run_privileged_cmd(d), + insert_isar_mounts(d, d.getVar('DEVSHELL_UNSHARE_ROOTFS'), mounts), + d.getVar('DEVSHELL_UNSHARE_ROOTFS'), + termcmd.replace('"', "\\\"")) + else: + termcmd = "schroot -d / -c {0} -u root -- sh -c '{1}'".format(schroot, termcmd) + bb.warn(termcmd) + oe_terminal(termcmd, "Isar devshell", d) + + bb.build.exec_func('devshell_chroot_finalize', d) } addtask devshell after do_local_isarapt do_prepare_build DEVSHELL_STARTDIR ?= "${S}" +DEVSHELL_UNSHARE_ROOTFS ?= "${WORKDIR}/rootfs-devshell" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" do_devshell[network] = "${TASK_USE_SUDO}" @@ -299,3 +315,31 @@ addtask devshell_nodeps after do_local_isarapt do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" do_devshell_nodeps[network] = "${TASK_USE_SUDO}" + +devshell_prepare_unshare_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${DEVSHELL_UNSHARE_ROOTFS} + tar -xf ${SBUILD_CHROOT} -C ${DEVSHELL_UNSHARE_ROOTFS} +EOF +} + +devshell_cleanup_unshare_chroot() { + run_privileged rm -rf ${DEVSHELL_UNSHARE_ROOTFS} +} + +python devshell_chroot_prepare() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_prepare_unshare_chroot', d) + else: + bb.build.exec_func('dpkg_schroot_create_configs', d) + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('schroot_configure_ccache', d) +} + +python devshell_chroot_finalize() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_cleanup_unshare_chroot', d) + else: + bb.build.exec_func('schroot_delete_configs', d) +} From patchwork Tue Apr 7 14:23:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5023 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:24:50 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-dl1-f56.google.com (mail-dl1-f56.google.com [74.125.82.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637EOmiS016026 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:24:49 +0200 Received: by mail-dl1-f56.google.com with SMTP id a92af1059eb24-12bfa367189sf28576136c88.0 for ; Tue, 07 Apr 2026 07:24:49 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571883; cv=pass; d=google.com; s=arc-20240605; b=Z13rgoxNcXQBb99wEW48oCbPjKpMQ/H4bYe0uX/b7NQnXrNeX1KF6jGpHjuHJTgHkJ W9I6H0GTn4DO1Dw3FroaZ5rm5PZriZfp1rIPWjz++XDutduVddum6cGZhzxueZSJs9o1 TGDdHeXKwftYwS80UJnFw9jbCddU/DG3bYMb1fjX9xKH3XUeQ0rf3rXHVQU7+p4BMtnd WchAV92bjQoeLXKE9XxTEi81w4b0iQszH6HqM1Bdl1E/nvNyShmzvy32U69graguUF1r PFc7aZ7B++v4EpH1FGCtga44ERDxlGIZFB69Ml7LV0+lkLaASrNCeTGviRz5cC9WYOCP vWuQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=1vIjJSY4eVVXR4u+LO9/DRzq7Sm7FJ0ISiYJUUdVSAs=; fh=bRhzzvrucy1KKu18VsumYhG2fdLtfdr1CCokLRfF52o=; b=YRg0BJwQ1s6pvBFBP5ycarbheOJmV91xE6RUsN1ZqQD3mceKi5rF5RLhcp1hhmdBBS EyD1Rw4AaaJSo4YuvXsPo92SgEz06TdivwCo7Hn4GpKKtNbJvdocfM+vyFiWiqfwgjPT AbRO1sTWF+PbxoMimKjeyPB1Lsy+K2z91fFYyHrsNZltGQIG/bJ6KTjKU6N55psxvFPu iu1rFXkQ2LGDHghdisP9mmR2aKoh+pyyeElYhz1ntQlCfW/cL0174BfX43bJcQlIoEOI KaLwTaKUhpxj7AlYVvjmBMzJCJUH6VTeoNg6MruYAsq8DXuPCNcZnnQR3JNp5eZ1dif4 OYRw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=oGDMCI9G; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571883; x=1776176683; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=1vIjJSY4eVVXR4u+LO9/DRzq7Sm7FJ0ISiYJUUdVSAs=; b=l5eaW4b/jmG1nRunetH9ox9NtH9qztsQAtiu1ztwoC7GZqZ59Wv+iG/GrOmME34D7e qykYlj6trmSTjJMfddUHzuMGbsVEttcz98CNSWZx9Hhu5fs+lWlRUlmdgxplKBIoPUgw CtJuPOVuPM75d2Ag2aGhQrKLdkTOlwpVjWv8+kM2XygsLW/CDRD3PP2niuPOvtygAMGl hG5gyahqxRDe9rBWLMuUrlXeBF+CkypFuyeImg7oFisY6epb8149bgBLxmOMcolMw15r +3VqVa7Es0o+c89I6ASZU6BAgnOtVx+mVR0vt6KHxLiqIlNaqK3UyqJtOC8C+7WoIoZ8 r5/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571883; x=1776176683; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1vIjJSY4eVVXR4u+LO9/DRzq7Sm7FJ0ISiYJUUdVSAs=; b=mWIgf2l1Mh7KrgJgq7r0ZVepa11cexAiMZBwF2IRPyjvPED3OW6cICZkzxdv98f63L hVfCVBS3PNZ6BXETyiB22GUtM1OENRUALsw5i7dA31v2uuU42MhmGBUigwJ5DEykVttw 62oJww/v/xF4lTTil1sV2Wsz165kUKXXVvTyw2y9/kDCotcgwC8jklPQ+H8Ci/3Avklk cBcnUe7oVJ02DGtAMkVd2KsTmbwVmbUQacPtiYztFLUvJS0e8+jueIC+HeyzDmMhYRtp w1nwDtBQACyxDv+hXCKR8bHNEPisL36JQ+5WkuaESLSeXYY9gyBrXtajvmlSWVTyLLW3 QbBg== X-Forwarded-Encrypted: i=3; AJvYcCVdLKvYC8ROC2kO4y90xz4SXz45QIJCz5iutc0UnMymmbUdqxQ3nWdBqIloW38Fw45foYQcvzY=@isar-build.org X-Gm-Message-State: AOJu0YzSUehUa9k9FYDue3f4FaQMSCG9Xvps5Wmg74DbHDit+E/bzqKf jbMaHEkq8U1IjdshY6iKo3BcALj6hMtVnE80LCUWyhq5e9r9LfRvsmkX X-Received: by 2002:a05:7022:41a3:b0:12b:f881:d8fb with SMTP id a92af1059eb24-12bfb6ec86fmr9376847c88.3.1775571882777; Tue, 07 Apr 2026 07:24:42 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiL840tywkOZb8MA5wUrYLRKkUBlNpN4HvzG3q3Yc+n2NQ==" Received: by 2002:a05:7022:c49:b0:12b:fdbf:2833 with SMTP id a92af1059eb24-12bfdbf2d89ls2180917c88.1.-pod-prod-01-us; Tue, 07 Apr 2026 07:24:41 -0700 (PDT) X-Received: by 2002:a05:7022:45a6:b0:11e:163:be60 with SMTP id a92af1059eb24-12bfb76609amr9000704c88.31.1775571880711; Tue, 07 Apr 2026 07:24:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571880; cv=pass; d=google.com; s=arc-20240605; b=crU767Q7cAg+GVC2bS9HIDj6iAANbK+X6q4h006yzkXxI0+k1y0co0wJAcgVAPQlY+ v9y1GeUIuC/5CfruL60f5ORPYZUoeVdyVjF2GoMVWmA2sC/BMvWBVY2tcjRK5fw4e9IU PnyNsdhnbWppOzqNG33jd/+WD/NJ+jcVApXzp9uacTlTIpEPo4LyhUL980x1NXd/YplQ HJjFzziTYNMkyQwjDPs77x/5rIFZqCr2fbE3VgX7g98xZP4s9hZgdqDVmR58bOZbmX5F s3s5aE/ZvMPd2MBs7EWjdYxM2t4ry0fbovwWLqNodvyyOHmEbA2ENb1VFCqcmqGsYPWt EDzw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=kigPgxeElQ4kjkiSGXfCyeuJLD3yEnDRTrIGmtTZlR0=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=FohQmxe7YVVDfRtzeRiQeRTbWu7kVDZhVCI+uyPNKD2zzI2fdIKDq+qYWjzmxHIyRo 0pbkZ22iGivEAR6omcKxjvA2NZjQB1IVZ5S0AgujRI4SlDWmXlXYxUb+kY6wUftwERJq 2hZGJbEN4JlCBcFEHiTyh5mUAfQ/6e6Y3BuGqoJJEo1KdrYw/8DUq9Lj33iYZu03hwb0 e5fKpZueRpLYI20sgzmjijCDJeUOA83TAE49nnWptURQiCKBNdG+VH611kqIGKkVSt+n pSm4La8trgG+PesQPDYoOKBH75yq7rYc7Uot0IVuXtU7gqbxqW3c/pTUi+1kJDOqTJLL F4Gw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=oGDMCI9G; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id a92af1059eb24-12c15a67792si106541c88.7.2026.04.07.07.24.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:24:40 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NM2srrZt7Ni+md/eAnPDraVFRLnqutF+DFuFvyINvgYjqdDS/Qznxt6z8vfYrMGJWTzVC6CGZMcAkuenY3ZCkaOMhZPJ7/zCXNBPAbStVwdP8+nfc7O8xSikbHhTvqaUQ5eNhLAu3nM1zNfvXIqrEdIpNgcZEA8qhbUcipWeEgfJ4rmAROekcmbTTIbycUu/rLxx/C5MdFRUQ4zEBxSWi2nIk0b6/m9AjWLucgYSoddE8+ksA/LTm8XRoBFFY+jHJ4jwxpGpgNQdG1soCh89r8ozK7/GISQg8/ChoH9qoLp+QAFhGCfF7oQGJb10XYjZyKMAG/MpFOA4EcNj3X2WoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kigPgxeElQ4kjkiSGXfCyeuJLD3yEnDRTrIGmtTZlR0=; b=wAvSbaLb1re3wloVxDvODfcRqBNiIwUO+f2qn7Arw+0BMFlaOV+fA66UgZu6ZfEgC+FuhEaBMs7JbbwAsrWVGFzivN89JBv2+HieuGQplJx73why0WA2R7Q6AbZ2TjcpwxBDS7D0OT32sD5+6Sr53t/xBJREMQdQhyBrs2x+zXI9I/1uedwKT5fUuU6h070RG1qNikW+UHCwKWkcHT1jEOqhtl1rjBARGm4ZS9mJcqUJWUNO3I9Yn0MLXsrVcIEpGIp1nYKSuDAdt93ixPzev4Pe4MAX68cVyaJb/r4yf3UOdTbxQJdC+vUFCXtmgZBUh3lvVo+toH3x2e+MSQokzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU0PR10MB6367.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:40d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:24:35 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:24:35 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 16/16] testsuite: add parameter to run tests in rootless mode Date: Tue, 7 Apr 2026 16:23:10 +0200 Message-ID: <20260407142310.2327696-17-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: PR1P264CA0018.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:19e::23) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU0PR10MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 18b1bc83-96fa-4547-0af3-08de94b16491 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|55112099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: ueJd6V3wJ1vpknJ00NzLCwxoCgxMOwh3BaN3Hm3hU4hik5m8i8Ix0yOf1Rao6M54aZLrOrBjI3dG0rUeuxVjhAqvcKQ0ehuKXM3YGC206TMitVjuXpG8XfrvZZbQIzxekfPWmElcmfe0GL8yrRshbKUDno0eJpctWaaTkqg73dglvJ88kf9TtV2/DI3WM2Sz/8w7+dbYjyU3Fisvn5fPnUzyKGxOOgnQ2uRralBFUHx/o94gI3lPSNEKS011r//WYY4GuvgSbga3u+Cv7zJjBHWIbvdgPigE59xGWHcGQ6aIrvlaXN+YcUL98gRXAcF58fUZ9r9WoV+DAU61hVSXBwcMipaGlbF71ypWktG8Wq+yALETLmKv+ytiyEKviWi00jUq5deMqBHpQFzBaVsy6lAAz3OUy+R76ThWsMEAzVedLt7/ZwhLJe+vqYgOidYrGcj7WNd5TQ78xFbM2A+uXYkTWFGRVl3EJwN3EfPWjG8H99Ey1wf3REdABda8VujLtP4W2aVueoV7L7KmCxfvt8g1HYGBl8mNIfNJvOkTz+3tMbDTSvN6JTsefSBYqZqSf0bqhelPWelJWSejYTFg6rp5oRhns4Y4ay8xTGYZRSheXux/eBpHVkQo65CO4w4o1gU3/MWl8KjasXKbVR6LChlwQhuIbIxZFSkH2+O8iGmR3MZlMYutc6TKRXK6EC/zI+LWl/DiCR3ev5Se++Bdi+oAeXQlfC5LqioYeWb/XEY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(55112099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: xPrDDJNsZ4sSNjhu3TaGpnK5hFn+jRXHKYaOehY82eJil1dVV3cBGYu01f3+RKbZAa4dRu/HUHldk0gyAYZ5avyddnI/HIm7KCZTPNBO5xvp8BQPYl7zYzxXCJxCKfVOX7la5uOEl0lCYIF7crLsAUZ/FYM7cnuola0PIDnJe3kz/CDVusDfXL/+gQEGJtUEGsH0ed8ukEr5myeh9Gu+meduunGaNmbbWfkdSWfXgbcJajdjYID8u8JTCfrEtTSTWAG52v3R86gwgHR6J4ZA9yCbO9CWkCKeOfyUcFTGtsRhVXd2fO9GBLn7CQjG0lnEPVvNCVtRexjE5utrtbzMblJrpng1ZRsb7gc633/xeCW9YL/Y6VK5FJrP/YJaCawa3ZfxOiC2b3REkNYOuJdI08rFY/jGqZoMGBjnp6ETMMP31GRyj1eluyF4qWfSTO1eI15R0l4WL7mEaQFcNA34ys6J9YNxoh/njZ/J+i6TXVZS5NjyXv+NyQUOHei+XHQb+KV8vQyJtWqP0GWFVJoZOO+XgThDUcp4iPkFCRrzLEnxpAtB9UdiPMpATk+Bcmav4REj6Ij8a0V0B3zD3RbdJH2tBlDwrupW1nG0c/hRWWiwAFWC/TaIIVr4tQC8D2OPGxCY+3mN5CGrvAAJKR0zvHtCspOWBuHnRYTGpZ783M7HwecS/Wr/LTnn2z28WEJs3suhSce6DNrIcwNnwpiuoZ++Lj90Nj6l+qddV+j6KGbZjJhgdmmpsRGgd79bDR+BFICSRw3f58Aga0Np2LCvq1PcdSW6sDhtIB4MVvPLS6DGbRqP6DkK+c4/oq3vblS689jtyGUKLKp6pDT4m5MgqmQxFxo9vYKgJB0BdcztnpnJC10agXZN5sg03o2KpQo7SWJVHO6xK26/BVZHXuhG90Qk7qtkFpSqOrI2VC+QHgyCYQ/CrfE8mdA91UYJHtenkYRFMMPrIszSUJCeZz1dgGWPKL1KGT+hg5yXvmHfJr39GRxE8ILQ16+pNmTyaXWVPEBkQKmGKGcwWIPc1DKEsjYV7As103d4Uh+XMRvGUe5Kxk17ICojEqhVbzvJU+iYU92zT4TW6WYOR+x7J4uzYkFD9mAyBjeOT912Tckvqcxj9N3f7EmFpOTLYeO+TYVPjcoyzPdGLIdZsbGJN4q3EJik+8BIwhMqoczOLYXH09JZ1Ono9ndjOeE1hj6xpVkdPMohBVX9/YvwWYAtY4MuMh6BBsPMb1r8Gx+tnHQWVhavE6dp2KQ4u2QuBvgfGgl/9R26RCW0cQDfPiMIHSG1mvhfIK2cZvKccIHumtVGfG4NtlKPOt86bj2YnBa/5RHwR9qD4weRlooKs7+FobULOCuSmuBdnpcRed+/kWi6KUpa1Rv4XG/euPTvxugYTnZv1QLTWCEZotGIPRNxods9HpQIz9ArQ0Ovtyoet18ZOU7cWllJbiLerOVPzlZ6ZcSCzNoYGKrJYxqxmSomNF5wF33MKpi74b8UPE3f2eZr46wfaY5PSVLK4QYj2Bs5gnBW4F4dhuc1I3C6G6wqkTW4OzC7ennEGh5oPf8xrfl//v8/IAnG7Myz92wjG53+K1nM72SVQPme+cDwoRbDuNL57qOITBSiiXYu5NHC51dIT6rquvPkLg/MO8B2kajI7aGJ8phu+5xzl1271Q5ac+XcLUaguncFgiUdH8eWb0qDS5FmPwx3E/oflcZc1Cv87UBSMffG/NKpvStwxNuNIHYj3GxNgphDpwdI9+Gl+Q+zBCs= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 18b1bc83-96fa-4547-0af3-08de94b16491 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:24:35.2084 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IHOc+g8EuzrtJDgCcf54ta33U/YOKYAb4iHRg56BEO1MoWuwabuDwOumS0sSIAnLXJOtlJ2GBKA3RKyu8vQRwjCtuz+hHhUIE6CsIlVusA0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6367 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=oGDMCI9G; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= While the build mode (schroot or unshare) should be transparent for the user, we need to test both cases. For that, we add a parameter to the testsuite to select which mode to test. Later on, more fine-grained control over which tests run in which mode can be introduced. For now it is important to get an overview at which things break and where code or tests need to be adjusted. Signed-off-by: Felix Moessbauer --- testsuite/cibuilder.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py index f9cca0c7..bdfcbeed 100755 --- a/testsuite/cibuilder.py +++ b/testsuite/cibuilder.py @@ -128,6 +128,7 @@ class CIBuilder(Test): customizations=None, generate_sbom=False, lines=None, + rootless=False, **kwargs, ): # write configuration file and set bitbake_args @@ -140,6 +141,9 @@ class CIBuilder(Test): if not sstate: sstate = bool(int(self.params.get('sstate', default=0))) + if not rootless: + rootless = bool(int(self.params.get('rootless', default=0))) + # set those to "" to not set dir value but use system default if dl_dir is None: dl_dir = os.getenv('DL_DIR') @@ -279,6 +283,8 @@ class CIBuilder(Test): ) if generate_sbom is False: f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n') + if rootless: + f.write('ISAR_ROOTLESS = "1"') if lines is not None: f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines)