From patchwork Mon Jun 1 11:34:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5091 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:29 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f186.google.com (mail-qk1-f186.google.com [209.85.222.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZRdi024516 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:27 +0200 Received: by mail-qk1-f186.google.com with SMTP id af79cd13be357-9156398570dsf145564385a.3 for ; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313722; cv=pass; d=google.com; s=arc-20240605; b=NOMpQM65Pxj7BYlxcuCU54Nj2tJ3DfXYR/SCx82UqJdH0x+nTNhnDj7EB5nm2R32yr X9O+8kv700HZXljaTQEVVtJfe/bRsxr1n6RTcQvAK2Xv16dj9yW2Ix+7oaJqM3cXcTCw tiKpMXnBbbRe9eJuHOjVWgOJdEaisO/yWlMXrNj0nWqLsgE+2l25p1q0+CJP4qQr23FI Tv5vbjmCzKK405uQFAWGflOGuPFW2BN9pyAxyA2rAQbgBFvdKUzQ37voJwrNZQ1pVmCJ 5nbhj6EDDWGqmmq0fGPqowPyahgj/JEPdQgj9FY/OIAfL/JIJBQa6l3iGmAshM9/IqeA OeeQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=yE3RNPjCJ/sGjzEKINXgTJgX09TkG9v0PcAZR14JOr4=; fh=0dmgb4rZIsRVOfbNjNRVW49e1Og1oU96SwPST9UeWb8=; b=FvKRyjfsPviBA9SKwlZQENvuy3Dzv1Z9SCqNPvyxaQaVz+PYLteWTLDT5SgW5RWXxu 0bN8GeWnanwCXrysVq/A02z3fcEqugl576jMeWGtHird4sAr5r8LAHUwRM5/xxll37+X Ti2QnS4MMgcJvUaVsVbF6IgOiwxmmb/363B4aqLLscGs0HGfcBv7AWji5k/GQ9UB3yUW 6I4DqMsnZ8J2214dvwhgVvwFBtsf0cCCXbpZgs3+kFsyCOcf/aCS/W4IdNIW24Ndy2oa BYFE6kP5eKYscfqZ+xRurWOAyIEr63igH5viiQbPnHBBxlfidztgKE9jxCKmIBr9Jf1c rHew==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EKeMm2W2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313722; x=1780918522; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=yE3RNPjCJ/sGjzEKINXgTJgX09TkG9v0PcAZR14JOr4=; b=N5MJ/HsFIAn+aobwMlBwGw1inQKi+gky3D29JRZ70FoHsQ503Tz+H6nCd/QH1dBt4A EXKYMeQP9SJPOe29y5j3u6Q7bNCGm0b3Qnqhx3VF0CEZuUji2MFFFMppTU2N7//bXntP ApD70fuaYG31f2Oa8h1US1bRhKB5eN/Sqg+6wifOwZq5RqOZherobfa7k+QLuLEJtq+r CfElCNYNnJH+PWaD9EH7NdXv7f/POWeT/GMDD+X14MydGix9irQpg+I3IbLTUzOt31XO jTJ1lGLyG+jEMXrgS/utSJHj+UYUhRkv9GiRYLpUpX5pAf3ZZQtwFw74K6Ro8KfBZ/ck mPdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313722; x=1780918522; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yE3RNPjCJ/sGjzEKINXgTJgX09TkG9v0PcAZR14JOr4=; b=BgZ6mJae+MhQHGmqTFeM8T9RDdkibzyWy5XoIx9I8HKFCmf7ZfT2Uydy0zn9Bbu30U L9287sUK6Fy2/yagasYdrMXi3zQQ9WF9mxVWBnyR4E4NLSrFAt+B+rOzOsl9dTutw5ch F+hawd3e9kknkmshHB5zCMq9Y934cb6QC0PKh15Zt00RfPLiPHuwV4n9toTEllm9kUEA YTkmQe73ygkwGhLgEVqHWetJtpdnKFF3URYehaRuoQmIfDiKI0TGNnz/34sR9l6bcDeu yAlOrFx3W3sZjMMlqAirEb4YISyiusCoLfcPXb42yt0O4Frg9cEM3hj3lWMJMjPuY7lr Xzcg== X-Forwarded-Encrypted: i=3; AFNElJ9fmmAa8tPiDcnjahmRNIs2BoNH4vo9O34aFMkt+4DauiHBqYhXHoQ1uco+o7CyFdNSfFhDwzE=@isar-build.org X-Gm-Message-State: AOJu0YydP9lwwXZSzAW8Toq1ESenGojiIWlLEt8uC9GR+l1jizKtNqSE h2cGdRaZ0I/zipro13iUBHtiKFL4OvsPg+lbzjK4+E8IqF08RUJgg+Ue X-Received: by 2002:a05:620a:28ce:b0:915:7326:977b with SMTP id af79cd13be357-9157326ba7amr98129685a.61.1780313721544; Mon, 01 Jun 2026 04:35:21 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMJK4UFJ5uGXnR4Yo3Wx9JFavw30HLI0/AgcACmT43t4Q==" Received: by 2002:a05:6214:6004:b0:8ac:a471:c7d8 with SMTP id 6a1803df08f44-8cea99fe5f9ls7695826d6.0.-pod-prod-06-us; Mon, 01 Jun 2026 04:35:20 -0700 (PDT) X-Received: by 2002:a05:620a:1999:b0:909:b1d5:7f63 with SMTP id af79cd13be357-9153d96b6c8mr1689207785a.3.1780313720562; Mon, 01 Jun 2026 04:35:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313720; cv=pass; d=google.com; s=arc-20240605; b=Y5SLckVEs6zozic4UKy4VYG6VcaAikOCeloVOOV8/aRVbgC9kIV9R14Nj2d0gwdo2V h1KPPMJJB0PYWT/UBfltWRt7hX6bhwfkejS4PD12TTmZiTK6F6dJKAm6XjeDHgXoHYOV ZJDkQhI4meggDVYkyLZzMXoEDotPXJwG8YiYZv1nVPirp7QznddUdT4E+OwIpvj7RVBq In1OUkUYWubumykhvQ+Tn7dpkIXaDZeCJA9Qu4T+o0YNERYz1kjt102S1R3d4rJv/L76 lsU7hnz+a6OZ8OmvF64Ks+WA4CrDsNS3OWmjEcykNYLxxYfeRnBWVbToIsVGNjU1Gd+k r/UA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=eZ5bSudR+ET4lbVc0yZnKYjHCHEH9qnzR8VGlS7PnGo=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=IVzbcRRpzfFiupfYgC7u098HJpW6ZXXbWyFjP9YFipqa38Fx/z1+kVrbIIOCjARzok Rf5QvHAni0PNQLB+aTKlW1pKrnKwRSuzVpTkWtaSKre5K52URH93XskijAabLhl3GL/Y YLHbwGGnS50Ggbv9QsTw3LXqo09F+ddumAwc8S1JaMxijFairq0WKNCWXfxXu8m+A0EY Ji4hwejnaV0M2h6IR1Uu71w3K6K8Rr0NIPlX3z0kHl7PtnUys/XYZkgHq2wIuhHW66KD DHOtDjcikYtOOMj0Bj4RTBQmBiv4ReHXoU018LMtF9p1JQrqAptw2SQfeP0epeUIZJW2 Y/rQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EKeMm2W2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id af79cd13be357-915322aab8csi35638585a.0.2026.06.01.04.35.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:20 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eyo2kMxMDf5rdK3WoVSeMkn2/WIV+Uv/4E9c/RT2M5Imvr8NWCgEhor2qLiwHe7OvB+0vOcGHKi4Pd/4gUMc7gQbuHCX3cHK53WeK/sEzXCr18bmZEnUcgCb0/OKo16RZo/ABtVzvYsCJvVgnYXI2IciZCMr6oi5O2hrIexZMfaSZzjsH3d+A6LaTQK0Kr4pypWQcN2MRmCNUYHNOP+WoqFblwcq3ARgAgj4lklbBuJ2WjiFElL0O+CfPAC8MTTRacr5zzBxKa/xB/X3/BBiKyWZxWFimD4yJ3yqzoLAKfKL+kVdGvD3QJgjCXmc5jNpUzY1R50mwvkjVsE+SO54sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eZ5bSudR+ET4lbVc0yZnKYjHCHEH9qnzR8VGlS7PnGo=; b=U9N4oGVdw5kz0u9rRn3KwrMPvKzGqpaASNHwWDkS+kG/Nv02I6JkI17Nmkpn4Jq6I+dBXmIbzYsaM3QYjUT8OP/BVvT5uqYQ4D1yZGMl/cJLNWuGMCS5R6dl9ndZ4MvoMc0xNLyBDF3OAu6mx7cRgXNyvbOieyqOnDYTYHq6oMdi56lLVvWk8ekd8PzHIre4qYYpaCD/8KmzQRcLoHc9Kg0v9JcyIf52Sq/dmmDhYP3sj7sk4zGEQFLAIdJVz9zNeZYnpSFvcZwzut37+M8eIzJ9CjgXKgCW0TeycGNeyc4Z/5LkNF3TyXhK7n/VaH5P5uptVw+mo8jUTE8K8iLKPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:16 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:15 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 01/17] refactor bootstrap: store rootfs tar with user permissions Date: Mon, 1 Jun 2026 13:34:48 +0200 Message-ID: <20260601113505.2898877-2-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 071d5040-5001-4b47-eafe-08debfd1d962 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|6133799003|11063799006; X-Microsoft-Antispam-Message-Info: K8WFHrS5HGtHqhBuxNZiYAUNxP3iHwt6jTYh2xQ9hluCusbLOuNKD69lUzlGT2smOLV3Zm9R6v4zS0B8hg54/JV5NbKKxshmyg27E/zTBTp9YQqI0Hq0GRHZrAdaXwhUvP79z8qHoM5V1UNVeOH2POuzRcq6DIMwY3IEZ9A8feCZyqqGtomvBl1RyAhbMAlJ7x2VIVzbgg5vCKdqAq9Xk1qF9hCUmCU+dKZWNpGvxVel0HOvcelkS/5Gddv2qxnlyJZj0wvEtIRLf/ugstx76I4BiiW4kjihNnZvMeK2cs9tfhzI/WuARE0PQZRNKrQmoLJLXl8BIyty8Zo+uuo3qJcBgjldQIKap3o3+fh+9oFyGIrJ5iWQ1f+C6OANb+UQ/vtV2Vka4OufLf7I5vpBnm9alrndCltz/2OKVi5VAedP5qhIEqi5zGllggWUYL+U6E0jcrX00KQlgSmihsCmL7i31Ndx3DesgOBLt+VD3bnixWJCTbT5+bAXL7tu6szdUx+MY384CUX3WNjVg2aqTsgP8cNclhmK1q5eB8t56uzWOlKecHPi9PkZflmStWhF08XoJn0dTBGq7hJi/MZ6j4QzGNll9NMbL86U+FQlgnFPFvv82g9BzueUXdni64ZMbdlgsWTaE9pfHq5xcYjZLwM1c5D7tra20YTLX5w39njCnlVO4OsarLxxUMvdb9ms X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(6133799003)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: +ABv4sXjPF+FZajcWfmr6eQ+uczP9Uzy23k8W/2ph0i3KbZ0Lk2R5Ba7R2NnM0C/MgW8SVgvmNbwuNXooKctxZf5rM1RB+z2bO4UWzoQ/bP/ERRRKrZmc2hy9WM0EVJmjmH8UD1SkpYJijD6RzC2lYUa+x2d4iWPM4EgQX83HxIycjo0atIkuuaPB4qkriHnkHqGyCFfuA+E1ESi+uayFAQXCB2gA6rjTFPfJQAKA/o2AQkahMcGOeRKxfKQ/npyhuipgBxjFvLI3mb/8lcj+9HyuOQFiC1hhQADUNsyR0azrDG2lTGKei/QA4u/vsIpdltYgwMvE5HFP1xRiuHe1GQ3RKe5IjvnQ44zA7genvU8njW6TQut+MQT40NIshD96jty5QA7DhHD2Wgqqp9ZB58vzRIT+5ioJw2N+wB7JhJpb/snY71LYOEtytb98bvveUKfJAZI1erwr6FjfV4RreILMX4XUOg8hjfJzjRvc//2S2c1BMCEIYy8zRRyWIY7IsqMsAeuTONauOquN2RQPsqjHXDthxzvh2aafutHYc0lGDH+A9XHddJGaycWjb5QMGYmUBftCRTgaMAiyGVJLGVijOMmHAb33s9MjTVfxu1evRqbDftBTmxeJQw8e4Qbolec92v0CH3GqdhXOPB/7RYMTF7l5Q2s0+FICRFnjkmHP2gDA1A1lOY/Q1jvFES1/OvE3HY8RuKkkybPRADVVCBdHecDiv80/Oyl3ywzsTGuPpG77d0lo6aLMzVcMVgcimWE01bOgH80EaCyrZMf/EXAWM3uy4a79NAa2xglgvaSN+KWSNJZthCJhBKav4fu64KQCo5+ziCEGuHWb1iUyqViUWPoqe/xwBG7ML+hVO8WPbJ7IVrL7toQvzFI8/Qi8rQ/pAuxXXqebquQTeEyNGRW9dx+eQspzuCmktDn3TkTjBq6ml/OKqVslsoNGGfMN2E2p7uPnfAsY/D2AlxDL3EYhhKOOHV+/Ji3Mj8/c7J96BWFjKPadRTrmX6+A2TPqLIFBCj3Deui3QMTU1IrXmANXPt7e00efnJWWRKEfFHXR/60fgNBCtDkfviJ00r3NYL9uz90uQcEzI+/OAbxQ1dpTlnmhi9bEAeq7nlZWm4LOUY4iwC+JgigEyJhRMgxXFdGyvLOhGgk1EU8Pqq9QaxE9LEwpNXLSwrU+KTmlv9/adj+3JiLbKxidwH9be/XCQn7PjCV2LBb57xVg5JgOehadf8KVHoUFVsgj3dTGBP1SfElfXL0O/a8hwDor14Ad+SVIpwKYklvC9N7rvI27VduQsEs8pPeoEAbYo2huskV6KYZ0qY9dG0seSa8LkU4HLTszcfrcu4fOWCPfj8GRLrp0Jn0Zk7e0CKx4RtF2/xUGyk8+jjr3xC9wTVlPR9oc+l33G7b+xar1vxi0P96XY0UTg1dffNxCdOODjviqoGksVDf1GvAnlcIxTh6pSBjsimO//IlBnqIzK09MIZkU3qGw3TdjamaLIwSthys1zO/VFEueRaFapJDGHHo0rBUxUyGTlC3ch39A66B50WtTDk36NBOuWhV0cn7eNq3iAv9aXSx+YSzQFfV/HF6vOd2chfw/I9RInp+dOusp455CCcj2+gA26+UgmxCGaN5VafUV5i/ffthiE/S2eQAX/SeUPKYGUxK4kK7FjmYW1432ESr/4JExdGXZX1Ymz2uT+MY0TSIgYHqwoAIAUV4BFYkfSuv47L98euinXWXL7+8ycR3JcymNFLjqNTcXHwdKSYawH29yD2nyGEoP9EZIBNSCtm8GFmF X-MS-Exchange-AntiSpam-MessageData-1: lzc/MoGtNy1Jg0Fbr/7LwKaXyUoUp1n1R5Q= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 071d5040-5001-4b47-eafe-08debfd1d962 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:15.0834 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: n+dHBnhvo8oP1y4qoKrf2UzgnL8voVUA7+ulDyjB4s230sEDYenvoAWqJtDc3tNNAiK1IgrfANVzg3Eaiswya/IiWyt8NF0ZxGmGzdhGjy4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EKeMm2W2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As the mmdebstrap itself is executed as root, the generated rootfs will also be owned by root when stored as file. To avoid this, we let mmdebstrap emit the rootfs on stdout and write it to a file outside of the sudo call. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 6c2cb170..f21a6164 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -246,11 +246,11 @@ do_bootstrap() { ${@get_apt_opts(d, '--aptopt')} \ ${@get_distro_components_argument(d)} \ "${@get_distro_suite(d)}" \ - "${WORKDIR}/rootfs.tar.zst" \ - "$bootstrap_list" + - \ + "$bootstrap_list" > ${WORKDIR}/rootfs.tar.zst # Finalize bootstrap by setting the link in deploy - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" @@ -265,8 +265,7 @@ SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize" bootstrap_sstate_prepare() { # this runs in SSTATE_BUILDDIR, which will be deleted automatically - sudo cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst - sudo chown $(id -u):$(id -g) bootstrap.tar.zst + cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst } bootstrap_sstate_finalize() { @@ -274,8 +273,8 @@ bootstrap_sstate_finalize() { # we should restore symlinks after using tar if [ -f bootstrap.tar.zst ]; then mv bootstrap.tar.zst "${WORKDIR}/rootfs.tar.zst" - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ - "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ + "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" fi } From patchwork Mon Jun 1 11:34:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5092 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:29 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f59.google.com (mail-qv1-f59.google.com [209.85.219.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZSiM024536 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:29 +0200 Received: by mail-qv1-f59.google.com with SMTP id 6a1803df08f44-8ccf62978bfsf44072936d6.1 for ; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313723; cv=pass; d=google.com; s=arc-20240605; b=kbiLH06nZuCJL2Qj6M5ZQq1RrSVtQVHYeDoxt/mx5Dg245zAzLvw7/Fn/FIJcjlg8Z H+pNpi/MqoqMZODBEd5pNM5y4uSDZ5kSINDm2mC1SqBHsNo+POt/zGTejUlzs6tkriFS XfDXoShI1SDxgy5lg+NS4NVAWdHvXrHyqKs2ifSBwjoZIMtXSdl3eM4BkUUReoLDL1Ng TSPMMQinOJjhbTe36GErzEFcf/DPy230MOkghscrjaSNJPF7COxFPX6ifGoIQmaSQl4c C06F4i6JRASgVcEaT3eKTEu4erm5yzcN3IOm2FLrBpjDkfoseuaozhQdU/h5pLvzLAmI jH9w== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=J8cxLbQp9TP9tvHYUqsw6G1WenniofXfDgLTCWoEuko=; fh=t5c228mTzs6rFey025JHGsgYAhYSEL3O3NyAs9j/bgw=; b=gmDc2/A6uKDLwB+i6XYl4WQ7Smrirv0nuCO9A3zbc8zEtTSf3G2LFJlxbPnJCj7EYZ eSxCI1tNbk5Lk6w0MCvPYtevOajfqA5X1qUfDeTm0KMcd1y227RS6Azs0gSdpzIN/A2b /gWv1uhoUgV4/dk8Rl15ZLaIb2DxGHUaTbbcVJOeGUPAXJCqodCoL/HYkyis32viIbVE ftZ11cisnVnFgU6vRaCOx1stvUlz5BJUfmGewJX6eL6BDD6pUCWbvBQbKJGsvXKUq+GP nZbXxh1XAL5WFKy0Ep4uqEx4yYMUVZMIxTphwQtlZ79zpcwPK8VjKm0KgBpqAoLbPhe5 LZzA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Ix9JE0V4; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313723; x=1780918523; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=J8cxLbQp9TP9tvHYUqsw6G1WenniofXfDgLTCWoEuko=; b=hbrlC8v4fOD4mLUaSCv+Ej3lSc6uSrmvOSWTotpl03joPLmZAfQLjzGOkUY38QLANo XnpvgGXqbdxHTCP8YHn79YcnVKmDJWuqnZYGmt8bZWcqFAzpSWFdsSBb3KzuWThFDEY5 SqLLzb5YAYC/16rRIg9ngI9v3ZLAMsgLKDTZ08UhyilSFYPt6BjpKi6HWq6dLh8+Y9MT gea2mF/zbPnryXfrPJAtUOWdJgB/utIjH9ELBZKl4EF6S3eDjW0s8761trIYNuOSUGJl i/7kmWgD1H1WO5l+aIXUMlGyK8sU6Bo2EJhIg+4N41/UFVA8TfE4N8SzeBWqzCzWkpRm AYRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313723; x=1780918523; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=J8cxLbQp9TP9tvHYUqsw6G1WenniofXfDgLTCWoEuko=; b=OFEB275Hgt7h3yEtWvyIu9XpcCFMfhXK6k3yAHk5RLWBabPPRuDq1zAySkhkoZFek3 0DcblPB2uM/bwXfjiJgTe0Ceundv+4r9j+81db84ilhMibZd2BIUddVxCd0ZGyVB7F8n maOI/dBkD7F93XvRFHUIlgjUqRr5MRZzjiITQoB+eSZ2xwAXSrNNi64BU3wG/u9n0vvM gatz9iXEWJ5wt8gRJtsG93JGlZ9naysOpjb6EK4r2DTcQS5OPg4mTbcx+pnG8OOJpPFz /LeWKbyxalRwST1EY9PnhnYzUZw78aCgLmntZzdGJUSnp54AXDWVnIUinVQs+CTNH7I7 ZpvQ== X-Forwarded-Encrypted: i=3; AFNElJ+7nA4Ool3YXTujKd6xTeUtBFG1tNGbumEcCxfXguAKQzQef9w4BoVTdI+KAypnrTu2dBux+qs=@isar-build.org X-Gm-Message-State: AOJu0Yz4NPVzILy/3+3gWOF4wPtaO0TbfkRZN2eyR5yVOsughcBE/3x5 JbEcu/3zLalag01S15v6QFfi0i6zHXWSF92HavTEJtzvkxLz35lCFrTd X-Received: by 2002:ad4:5ae6:0:b0:8ca:16a6:3d52 with SMTP id 6a1803df08f44-8ccefb40230mr191491986d6.13.1780313722560; Mon, 01 Jun 2026 04:35:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMNAdYFWZIlos2JVoCUZDIR6ayUlCHXx3dmTMwpLFAABYA==" Received: by 2002:a05:6214:5f81:b0:8c7:2c9d:13b with SMTP id 6a1803df08f44-8ceaf27ff24ls14768656d6.2.-pod-prod-03-us; Mon, 01 Jun 2026 04:35:21 -0700 (PDT) X-Received: by 2002:a05:620a:231a:20b0:914:e3dd:17e8 with SMTP id af79cd13be357-9153d938aa6mr1131879385a.8.1780313721260; Mon, 01 Jun 2026 04:35:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313721; cv=pass; d=google.com; s=arc-20240605; b=fyxDok+WOJF1+s73gCStTh8Tp19ymUC5y85uIxI2rhiGvinZAIn6XKS+zWB5Gyafd6 7XpT9PAOf8DDthnfF7EyrH3N3ru+m5ZNOZt5takTBMGg/z+2iJxoIBCYRusCuDDDLAxq iWLRaeGdjrUdiYORi1t9L0cohkEdf7sZU9YwdjH1Zv41EVCPNA5MxPVjnRUtUptQsnoq p2Zl/iEC0KMiJNo8LICGpiTBb0rICRVJkJrXdds5YPpd/Ed+6HgAnnXQWai046Mh/lJF HpoNx+GBj1BiadgJRYsqqzH+R15MsHzzMOj8v3d9Zx0EWSQ15qSSaehh/bhZrsij3Z/T 3GUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=4ZO/LhqIFEA6rIvNly8Z3oY3oFv/3yeLK8xdRRb7Vrg=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=YFzIBOH6Amn858eeodttV+wBTLI0v955BALUyOvRknnaeJ9cxdsbjt4N22kvBaZiCk 2JB4yMQyc7dYyyc7DFxljBnSofQO0LCbKwrZ/onB3z2mzZnwgztK9uvNys7cDJ1MEjY7 2mVkgjfj35Q2up+Sk2KST+Y/eRlGK7ji/dP6GINDq52XEhCtc5fqBjzG118ZAV++epT1 wBPQBdluxZmC2oVqz3U6k80lMcRB3Ce8L4afUh5Z1sUawcbtU80HesmIeYu/i8aN9DlN VlumwNxElYmlTcY9S1ze9GJ7DEfRtWAH98+Pmc8TLRI0ZmnBKVvcYN/tfDMPiAAcQsAm fR8A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Ix9JE0V4; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id af79cd13be357-915322aab8csi35638585a.0.2026.06.01.04.35.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:21 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=T8vnc+O0sxsU+1jCVWbOYPCq7XxbVlGpWPEL/VXqNm8y/zDVIU+RxQUTY26HtvWunPpGFDAPtIUJ/B3w2V5SQ+1pM3A4Ku6m2VJ1bhrcUHpKsDcKCvQgtHkTWpqlobqKJycFof/nyZSye6jLeVQSZ/eDQSuLmJ6fY5q3A/MS3h0auNlmzZwAa2WDNPP/ue239HLMApzCenXu3tfjANTKanDQhkjhMCPXDQfZPNXCiGKJTnOmMKhqjFbF5bJLIgwiFEBXFk4QmznMT7AYSOddX/DRDNtkrIAPwL0wfUE4TCKELftRMoMpcbtPIDgsFWLr4RCqKQAEo4+lC/fUdONxig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4ZO/LhqIFEA6rIvNly8Z3oY3oFv/3yeLK8xdRRb7Vrg=; b=pZ7VAaaQA0osDfJrUvB46nXbzLeVj1uYvdMHcEsniAFVWyxFYRVQh24VznhmkXigdbft7WQ9J/gondlbCVuldcmEK7q02zNneoy0qqTwEmboKcGfiswRLsTLq12Grv9c5+UPIS1no1WuU5BVSDaU2R5xo6xJCybELr7P0r+nbCUBP0tk7THInWuTLowDtbMYogSpmpZ92pmJGeBFc8Er5fCGYQuLvcBQhM6EhXxcQyZKTvG0BC20cmrkCLchkhuVtzQPrPIFQVmaF3+ksRj73E5WCUCODIjUUCB6BwvJHDEkQFufWMuCRt8dItccAZ+FIXLOEXB+OLPRTcuS6+l6Jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:17 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:17 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 02/17] deb-dl-dir: export without root privileges Date: Mon, 1 Jun 2026 13:34:49 +0200 Message-ID: <20260601113505.2898877-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 777a8686-472c-4a97-af87-08debfd1d9c2 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: o1xobyAAFF8g1DCuPILypNb+lFR/ed3SbNoblvGT07Us+4qOMHYV4eCEV9xGUHp3RCyfX4ruCyrh1t7IzwQ15co9vuOdek3yc0gEP9wmEymz7A4IBj59ECwLpzArnDMQ5YDLwcwyB7e17t3V7u0pOJDp4q8TSuu5Zokt+mrsUr2S2lCB+HYFp6iKRdphAKvb0eOVvtJe5FtTG6Hh9VrXQTnIcc6FQA+tDE/CpFcH3j3yYVVhz6JTFFDQFHYk49cFeJpd88S8GKqbJh28XLZFPvh8P3/jMUeU8Yf5v8MwBaUvXXaDGB+yuQns3AdEGpccptRrRfIQj0uMAuJ+vVkuKil5zQxhjG/sfnD6Vw2SxgbVmPojBEeC1cxvxy8MwEhxyeY4K3t8TWQo8VZxg0hXEMv0L0RAXuoIdXS/k71ste4Q+V4woIIDKkF/swFHJr55uAHSAw05xnSdtsKM3NUep6iyoKmNhMQS84NBAZAb95cRXyMfXUGVs9FrMW/oViLiFiR5nyOerEwZcLfuXloJekNy8DbAACeQD9oRClMw69xZXHZT7Ur7nJOOQzI19KAyHxVnOZPjW3Q6ZLeZwQAS/9QvScjc8QnB33fTWNGLy0Q7uEv7LIZG1RHo9ARJjN7cFIGzz1RoL6vEBpH4CbzIGaCwrsAzPjFxUCoJ6KEMHg3jujbPgzNvgQIWtzqyoXct X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: YYLq1oXyacIJ/2D9tlGBi3krnH4aqIKc7kN6OjZY/WD6SqIAhCsWrLn16oe6FW41YFZLsYHj+5R9596qVWueA2k2iu4zjQHH+W0bcFfJjz0wnze05cMedsiJr0tSaHhkQko/0+lM2JjfQgMPSePCtrYp7PURRILjqF5AQM5RprWKrgUYj9GNDari1dV/D2e1uhFie87+J/WTxXYUzL29xXcdP3wK1AlGIs8F+VL7d5ZY8G1OH/uaAq65rt86Au/HVZOnlsSLenEPPZOxZGBEVp+IJO1PbEV+rWk34qjtrxy2X1OLlJzXYZrPRzwnXmE8CgDppSBw2xBbt9aPUFAAETv18kY7eEOng7uAUJTggnysCxrtQQycxB/pWHINrPqHXmpFmsIvMk8THIBeAc/pC8O9O1JqJ5FtBpgegUKwN/AI82XxMmddiHNxEhq/cjtsETGsEKJ55w7TTZo2ADeyNeO2uIpo1akXP/bY0ALzxI1H65IvzY1dnxX0tNitqc9Jqq8kyjlS1m8lLdEtHxyWStrJaFoJfS2oxgaJz5ALxSK2/PlE2Lmqco+SzMGFpX/cMHgtKoCGFHW31B/hxgnNNnd7wxhAr9L+2sGlxkYvQ+66acHM1OFUNugeKcjDN3J87Reg0AeD+943H1kH2+KH6FEg3eWS+anRr2a1hbG7W+inxGfh19qyfMj0UzDqWnXJcj3cgl1XqR/9Lbl9UgvYo4Z6Cd8NXD8pmZhpqsbwfGz0HMaIUew5j7oWl0l1tRv5/jH3m1bylGrTX75aTkH0p44I+OyuaAXfQRn312JPde1NfR+RouuSEHxQJ+jdIuieiTNF3cYSwk91KNqUo47aKtg5/SHUmKkk79Kv8BZzbfE/pDcsrJCpRRJo2xr8dQUwED7HWXemUSq07jysd3KuGp3m4z00XzDUhsRyMUDt/H08U7sFyCciLwkSKyJKSTEMTYe2ota7eULMtIMoe55mnS5wLXv/d84WA2zwhu9pQPNo0EyH6TG7Uhfr0pTQ7wDWuV/Vw2dxgHpKkubvFctArsmxNJjn3HVOR2qE3kSwVpB/BEt98iHxG08kXJBDyYZD/S6tctK20iBiqIMSU54/jJEL2cR1T4ppsEKLR26HvwXPm6hQo4M0UCPKUWKf/8/wIOlEeYhroDUCZrqgJEVlJjNlWTSb5KUv7fhBjmYksExJmOnL3jQG7s6vIVQSd/bS8l+cxn6iabnI3haLSDO2l/dS/FZchoPoDkz6mvAhIUZaLUL8hxa4uep0Bte5ydDTs3wMkKNasYYZYJ9crXSIwXqHj7fn4abkj1tJKZ9sU39Zn2yoS6S2nvWMkRiWYw5rZKtDQJO9egsd95Dd46wIq+/Cho9mH5x1Dm09S50kC7GLJas+LGvZkDVXgwBvsVJcJw6R4IZxZ2lejbPFJ7gRUySATKM2Dau7rx0TGPGZ9dC5G2jVT0ucy7xIDWmyGVz+qX8gyVzV2aXtM8NEiG0eEZUrg+TqG0ADViJMSITMqBz4woBsewSNCf+ShXE4mXnC865NLS1pmU8IsvHPr4+AT7KyXLQ6FZq9N6UBrvGKwD3aTcLzeqVmbgPApGCQO4EP+JmkrT/CphWyKtug/uwB72DfTOCzbNmaCNPyFFmFcsFWTwGX07bZIuC4s5NhZU96Tq55EtnndBsHVld+YAGQxCb7AQBHIII2kXsbJOGcGK9wQ18YANyUXLeBVG4bq05zZo69bLVraVtYGAvOq6g3U50ZWoLKzRU5TsrrwO3z0xQDh87ozP6hnHhBCGT93W4MutpJvI9J X-MS-Exchange-AntiSpam-MessageData-1: p183EgwWQ43+yQjmLtYAaXb7h+/S+YW+N88= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 777a8686-472c-4a97-af87-08debfd1d9c2 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:15.7346 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vzXU2Q+ztDeN2Y28K+ZGIDTNC4R7eXLZqByDcLKZa4vmxpneNKrfvgf602WZVafQNa3toOlxw3edWFQHZg1JhV6XE1zeY8Kw3brLCSf9UrY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Ix9JE0V4; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 27d1fb24..3ea75996 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -153,7 +153,7 @@ deb_dl_dir_export() { isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -170,6 +170,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF } From patchwork Mon Jun 1 11:34:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5096 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:35 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f57.google.com (mail-oa1-f57.google.com [209.85.160.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZWkm024607 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:33 +0200 Received: by mail-oa1-f57.google.com with SMTP id 586e51a60fabf-43d1e4bca47sf20429fac.3 for ; Mon, 01 Jun 2026 04:35:33 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313727; cv=pass; d=google.com; s=arc-20240605; b=QMnPZeM+IEVU6P+4uPekEAq5YPONz6kil2gXbcS0SAAzbr5Jl6uSHE+MJ8mNj0PmzE Lb+rA63Nn0aNmJdsLpmeUP/nH5NZ2cUdYNbITjhjoIYe1pas0lC2flw2XVYQBauC46BE hbOSDfvcsTHqAZ3VTMCCPO/Pf96mLocY+fqcifd1oZCUAFSzfg0pOQC68Y14B7TWDCyS ko64aajPVF3eGcDIdy7SLU9VqGyrj7CSJm+AZtnPMck5jxiQ/VGekYBtWISosW48kMsV F51jI6/sHMhH+dWbl/QHXSP+mKyfCtAgkYDx0rjJ1PUqUlV7HHcZlRJYW0tjVEhXc1N4 LLAQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=yY+CW5nBJI949J+b+w/7TYnKxndtWjeUMZIBx7/k1wE=; fh=c0xCSRLkCg0UaLjNJYws8KzqsHCAzpW33K+N7SBMJgo=; b=cen0HGPjzgjZPZ06dEF5n2stAec3Jh2EKKaE0NDYzkD5+f5eI13OYMGfSiTdu/tDU0 TmPubhTZWJCu/fBnT0i08VePSSvPIBGpTMCte233uGD9XJr1UMTU6jfiOe+ldZSxS/iK 6It+XSG92GuqAscAwZfGQcJpqL0XPDqK6OMO6Ul0+IQB0Z4Nfe1RIji7gbPrPsa/obvW JmCYyzBQWPj9L1aWjsgFlIw9s8QqH9FHvWvlovBdBGdqMCQIWoMZAmH8dNacwMCHb/MT A1tllWmWOo0JxvPZbyTBV0RGPjhNfL7GgEQ90wEZC30GrH6VX8h1Y7zjz66/UBI9SYBr zHYA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=r+sa2WC2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313727; x=1780918527; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=yY+CW5nBJI949J+b+w/7TYnKxndtWjeUMZIBx7/k1wE=; b=SBZtplitbjYCuvuRxm7hmtk/IiKLMCq55LcVf97/3gXSoZTMjwo2loHCwmrrJymKTr ozmsrh2mlB03RHVhT0MNbGy2ZyhePtdd3t0eLyJc6sp5fiUUHP2m8zq6BnOOZoPMqyCi lMEGUiwRp3FQJbfllFITSpVjSJe3Eawecmg0ZyEx1sj0b8XLcemx7kLc2Xsd4CK+Mhga hec0EC1gof78PvK9K3RgEj1ZzNdUNbd1gl9NgRThpmG4qb9m1GUmlyCv7LLhEoq1XkOu HekePz+1lZBuHtMtQtWoFCOh/cr7EM3TSjjD5htNqd760r/Zp/1dl680LEjJXM97soop 5yhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313727; x=1780918527; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yY+CW5nBJI949J+b+w/7TYnKxndtWjeUMZIBx7/k1wE=; b=ACJIVywTnYkj+XmFexLbs1wu1H5j7/sOYe2TxDC4Ou/T4jiYzgPgYE3S63GtxfrHeC MAHyjMDBHYqiyYLPW5IKyLH31aC/jU/TzzcCqg8RpA4hbMWRgHsq/uRb2Dmi10gCMNuv ogZqvkZ9VUjZ7qKtMPFaNwD43Hx+l4lnzZJnovLHsqRy8g3PK1hGcZ9ueG90TK0sRPRw 1W7PS86yMqkzi+aigm6PpbNoZD9hIIwDWxBolCwJ6vGS+zUUr6YU0axhyIIm7PpHd4RT 2IFvbtyR9zxJA/6qvwfgcxkHn/E1rYAcYEad7bh0wnt3DYSe0sTvtZv7fsGT+InDkr9M KHew== X-Forwarded-Encrypted: i=3; AFNElJ+PYiGNa/D/quc+68iqQT6mfYv0A6VrcrBWlDXH3sM2oqS8RdXjd4hsI4iddEGgUtTx9ck9FsU=@isar-build.org X-Gm-Message-State: AOJu0Yz4zZtHuEV375zlUy5bq/pFUAx0Qxkmg0vNx3n4wgA2WNCDBlPk UMNaq655swjUITU5h/fOX6mXmrPLc/aSqPLa7Iin7cLIhJru4YO7JKZz X-Received: by 2002:a05:6820:4b89:b0:696:6585:a51 with SMTP id 006d021491bc7-69e102c8e4bmr4968474eaf.13.1780313726910; Mon, 01 Jun 2026 04:35:26 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMHRqYvxEhpqvpuDe9A0KWknTsA4k/VYZfzDhm285BQLA==" Received: by 2002:a05:6820:a24b:b0:696:1450:ff1c with SMTP id 006d021491bc7-69df4225157ls1833493eaf.0.-pod-prod-06-us; Mon, 01 Jun 2026 04:35:26 -0700 (PDT) X-Received: by 2002:a05:6830:4ac5:b0:7dc:c620:aa12 with SMTP id 46e09a7af769-7e6a1e3d453mr6016890a34.20.1780313725734; Mon, 01 Jun 2026 04:35:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313725; cv=pass; d=google.com; s=arc-20240605; b=JkRKZhw5pYwoBanhtL4bxVd9+zbehG3y3NoKbp22EVDjzl5QmLG9gEArhqMX6X1jXv kNY7L8xd6RRSeRhoNAW+oJiPpayIDxWkAeUzhWR+yrHpufC5p9JCUDUiWopaij/HVE0P nNlVVI9fnox3tAbJcf7iUhfTzv091TaRsJniAIIjTEQGXmm883tdFuujvQ3JSU1z6096 5VEZbh+a2xhuhLA8JTYezGlFWWGEs/L3JnKrkLXRRUCFV8PYTmXbPTHyqssUUCdunUID wLTXmVY6b3TTZvuAP9Nb9THHOn/1DQkVmvuUbqjizLyiBZCddauFnnAennHoAzKOjxnB qCgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=zdKmJqXzhwdLaym1Gpr/YM+FCjnwt2mdCRKdKUcCHWw=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=c6a9Vceygr2auNYdjOTLFKOQ2VHu2MZr3WCiYUCN1p0Jhx7ObxUr5Q+kLhAGZqy3a/ fWMr75PujzZCipd33zOaQqUFZAYdjZiZ9aETTE8NKl0PuTulOeUxtCSihAg722s183c/ o/Pj4OL2cFVsAZyFcX05pRXWJylYDmCY0q3BKdlWjFB76xJPVCwDmvgByTj+kXPEL4wP PUxLvGxbkjZ4hYDKSug85RW+k/gEmmOaNauddDZ5K+pAmFsJEsDlriebfadufM/KBcEc ywVyiFrdoPXpIFL6YFfSHIIt3Khf9QJUSzbpIDNcyt/4yLGxNAwvU6iKjuAUAuPiyQYy WOXA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=r+sa2WC2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:25 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CIwDDWncqTmgb+8nZUYwue1/l1tuMDpF+ttbsxN/9JZXukXHjukvGEfMYxRXqNoL98q15ZH+PYJKiUeh6CbeT2lmni8Huid9N72dJyJW+e+yJuxvXveDAtU7RKQZfuKRafqNj/XhY74svpMPmfXSzRHMWUOv3H3CNGiu7Ua5tpT884xLQna3LJXfFSRgX+WEvWAP80ah6f7H9T8cpI9ZmqQBk0kwEnC2/EZWTRYVsk1fBRY15YUQFm0uaG6cVIrW0KSN+fJYwQVdiE6Rp815c0lfROGZrj671xzXKuOfdrzpx4iQPANYNuXgSi3H1c33nCB5DzpbQrwDLlMCMZC61w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zdKmJqXzhwdLaym1Gpr/YM+FCjnwt2mdCRKdKUcCHWw=; b=zKBS0US0viTY7nsETMBirc0SJAVnvUf/eW6+9SxT4clTPOJuyp2DYoooAqUqsiZllLDta7dLLCViPzGqHXOInJlCmicgNTgOvRTx/KE57lkxhioDorIO9habtwQiglWVSFBYcmmFys6lRy5F37UnOFnmsONLXcwG8zZMwzgptENrcsNjZMANGoCRGcxrAkaXjhmI+T5WKm6pLwJn1M7ztLsjsfHetFvkBdxZpI3mq3RwwZxM2MFYWUg1qVJzh/Fm26C3vqcRSr3eoVb9oTJCCcp40KAA9vtreISh3ZViyqPPiYS4sr7g/ynYjdTiblcERmTwCYE772ZTNPqC2uBXLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:17 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:17 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 03/17] download debs without locking Date: Mon, 1 Jun 2026 13:34:50 +0200 Message-ID: <20260601113505.2898877-4-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: ecead5e4-1f2f-4b8f-e834-08debfd1da3e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|6133799003|11063799006; X-Microsoft-Antispam-Message-Info: d+u6VQtnVAZtNUdZY5V2CeG7HKqfzDfcpj/w1iaNafXW4JM6lRcark3FyEf1ZZjnz89bFsLIAlLqsArGxlZbw8GWYLebGoxhCNvXQ1G5hP2txsaxLfmcYcPPKk+jmcG64kWilrtEmEwfA40BUxNbQQiOD5zqBijDvwNL/EtUSAHT+CXdWkABLZL0lJfYzoRnXzii3rdbfTJxT1M8pziUSKWaO2oJ9AwU1//8fc+O2nfFahxoluk8FEFlLheukvIMAxoQLPSjXnqIc/0pZ3Q0mDVs4saPE4h4FoCwINy4UtOyQ4TZvuEgHdcWBFzl2CoNvolw4MwdUa91p5Pff2OLzVP5xM1hg+QGkwKXULyAIzSvbNI/WAq2ck4080CPuuG954ivZXH4+eD+vZMfnG/SKRz/KayxpKcnPoVf8AgthlCzboSfQd7SbtvBWaXexraLAOIYr71mpPddOyQGV8IZUK+TgfkVLPANTpnYEpynupz1NSQjr1LjvjUWF9eBAl/ek7K0AdPU3b7G+I0rXwKOm8Tzh02BnaEU0Prj7jtmzvpl+udyuEXRfsZn+GbgXNHdLlyeRws991So4z/G+sQrV69g51UpolLugYpiMye8hzrAMjhAgWWW6WY1ND2atpKGOMF/BgAIcVk89BdNkhEDGh6TRYLQoUVzOQnzE8baG4eXCuytSMUHLV9Ctk6NUeAb X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(6133799003)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: UOpTYhE9mgZyvU3ThozenQL6w2o6TsnrGJTOGU9Q16tQvnu+TC+bu5MR7vn+VYKjSJI7zm/mRmMZh5RL1TKfIfRE4UDwNuM7+PFCAX9luEa9F/ctH/JCV1S3jI4FcapbNDBnjjjVisQclS0DxqZ2pIeG7GDWXC2oOPzsmfS0QI+fkSsSMTluGYgVyZ9pULiyAvklDJXs/0FKgsc3CLdXBSfE/6dSHksS4AASX6TbU6gSqM+e11uFRaSVLkEOezo32BSND23MZMM/pybxpuPwVHKZLVSoJKefY18P3+x9H2Xue2k2IsyZP/v6pnqfRk3zG9VSGTXelw/XINclCmhTC5SR4JIs83w30aSHU/HNgAnm00hwz5ORyQjGhnH92fXEJ0QI/GkzQi19dR/XlP7nD+qMKj99r/guju/Bl+BjWOTd0X/D33NJEDBhHIctJTDDE7lE6v+CKc1ryhHy217dn/7eJXEcrKVaRC/eUBVmb8Ge/GGDz2K18WNiUB4rXBgOvWA5IffveZ8qViuZsRFgs0qn/4gdfGzbqVxVj7PZB3DLkezpeBIX/AHdZsUFZuKY5f/HlF4sH7EzhGTNMENM1cNZkEjyqc4LglWuJUIXX9iqqrwIJRx2Dg7t3DOZswdWLXaY3bpasYpVz3FPLDqfyTXXxoRl0v6mYEmxLbrl7L4P/8n6iJgrNGIUF3rYkrDtd52ydt5hPJ4Jzx5htG7Nk8+RZqF1WYpKmbgub/AW491fU3WqH+ifK6JF1/0H1qvt28+TErSKKtGUta+f1BnupWoPG80b2RGq2Nocgiu5AE3uOxYE9IaJMqNc0auTsWL3n0JaBQ//QoFUKkB0Yp318JT/lndDt7YRhRTmeZE24xekZJlGrYIp42WmMN4gQoM9KXCGtKpOp72HNUMBYuQAGzcMOmHyroKA838m6wr+O8fJx+yWdNGQiVG6io/gCwRFxZiTguGQFXCvYK2EqK0XHmSADqwCKEldcenaNK47Y1vQ1wW9gTB4RL1jj6BLYGWHFEb0jelE7AUmhUx5HmFqoJCY3JBxahdW0S1N7UXjRcPqr22/4Z4jIYg870g9EyE0xb0DPX6F1phzwFxpNAv1Nktc6KAvULZ+e+IIpwMp0eRgQRLczTxmsQr/jNP3DgbGzWk77Ht+bnAmpa0auSwJ8DwytcSnaH1V+aVq5O1HSyo1xWrREXcfonsx6ANdisCh6Z1KajqvhxvX6N7NU8423x1Dc6zFIR9kvQohKsSIDWyhZColMSVRidKf0WPdSDk8v+1p6NP1wYIRXdx4670J4TVmLwD5X92aYiiPiayWQFfkpNCK7m6d5pSzdAhgNA3diD6bjCN368upDGY07RZ02BmBmzmN03uBUM3a0M5wBmWNBPg6B/PU+vNCRJZEaIhFXNZ6jOZwVhLI26TzMwGyohc56tT3E6CMi1CxXvjz/qo/HrGybWd7paKn+8ivzqvuzJV4YTcwP04hUbYG5CzkZpDm7sQxOzoAW1HVZJeseGyOIFrQaqiqE/q5D8vltkb1SSTdyDjzGuFevfX/wftpGTeekQaR6ldVrj7XQo8rULbjoUbzFepJOkbwdhTy90wqf8+2SOFLU6sW4UOBMcOnnAbG/DalszRZyzvaBQ17VVT+0p8opPavHPgXB1Ns9Sm8kKD3+YOQPmnd6xBJfk6kXFj+I/9vnAuKzpVrB7lZZYAyS9k4wQ87alsDQsTn16PpYLn5tx+a+hylblDywGMT0XuY1V2/QGprYenO3LsWlXvMAThQqNGL4/f5yOc6icR/YxKuZwhI X-MS-Exchange-AntiSpam-MessageData-1: r+lZQf8zFzWnyZDNHxwbydWE4LikwQ6DKYo= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ecead5e4-1f2f-4b8f-e834-08debfd1da3e X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:16.5312 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LZZhJTd6Tiw+vB67cHNjtA0oF5HAQ3GZFYD1ZDd5BvEK1s2JfVbDAtvYZSc0GmaGVfLHC7smL1Ips/DdyXNFZLwagZrC4YYzEYVdxqA+2CE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=r+sa2WC2; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As we are only downloading and we are the only one acting on the rootfs, it is safe to not lock the apt cache. By that, we can avoid complex file ownerships in the tree. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 2 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/image-locales-extension.bbclass | 2 +- meta/classes-recipe/image-tools-extension.bbclass | 3 ++- meta/classes-recipe/rootfs.bbclass | 10 +--------- meta/lib/aptsrc_fetcher.py | 2 +- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 3ea75996..e3f055c5 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -80,6 +80,7 @@ debsrc_download() { --chdir "/deb-src/${rootfs_distro}/${src}" \ -- \ apt-get -o APT::Architecture=${DISTRO_ARCH} \ + -oDebug::NoLocking=1 \ -o Dir="${rootfs}" -y --download-only \ --only-source source "${src}=${version}" \ || echo "${src} ${version}" >> ${missing} @@ -121,7 +122,6 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ sudo -Es << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - touch "${rootfs}"/var/cache/apt/archives/lock chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index d14d56aa..629796d6 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -77,7 +77,7 @@ do_fetch_common_source() { schroot -r -c ${session_id} -d / -- \ sh -c ' cd /work - apt-get -y --download-only --only-source -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' + apt-get -y --download-only --only-source -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' schroot -e -c ${session_id} remove_mounts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 32666311..c90280aa 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -30,7 +30,7 @@ image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index ab616b7e..766f386d 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -54,7 +54,8 @@ imager_run() { apt-get update \ -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ -o Dir::Etc::SourceParts='-' \ - -o APT::Get::List-Cleanup='0' + -o APT::Get::List-Cleanup='0' \ + -o Debug::NoLocking=1 apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ --allow-unauthenticated --allow-downgrades --download-only install \ ${local_install}" diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 8b502a50..b201b97d 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -340,18 +340,10 @@ rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadPro rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - mkdir -p "${WORKDIR}/dpkg" - - # Use our own dpkg lock files rather than those in the rootfs since we are not root - # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) - touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" - # download packages using apt in a non-privileged namespace rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ - --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 4fe5a9ea..da2d94c2 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -41,7 +41,7 @@ class AptSrc(FetchMethod): set -e mkdir -p /downloads/{ud.localfile} cd /downloads/{ud.localfile} - apt-get -y --download-only --only-source source {ud.src_package} + apt-get -y -oDebug::NoLocking=1 --download-only --only-source source {ud.src_package} ' ''', d) except (OSError, FetchError): From patchwork Mon Jun 1 11:34:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5094 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:33 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f57.google.com (mail-oo1-f57.google.com [209.85.161.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZVoZ024550 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:31 +0200 Received: by mail-oo1-f57.google.com with SMTP id 006d021491bc7-69dffd47a37sf3624744eaf.0 for ; Mon, 01 Jun 2026 04:35:31 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313726; cv=pass; d=google.com; s=arc-20240605; b=M+rEC3qTE7oP0cxHDdSq/mF+AP14TSZbPBumqkik7EAS4VJDVj5b4KI8m9cTYsyRiQ fgJwjOAVRzEq6FfZbhhK06DH52AprCJZtwJHnb0CMqfSvw7rzkWXM8OVmD69wM5R8Kkf dTWpyb6zsjKee57JSND5rzSECaLAloeZbVMzG3/OiUBFwwBAqSnLRS8SCwt0c9h+0w9+ b7LzIgKIZEzTintTYQxd0W7iAVFBuG0DiEDlVmInT8L/Kvqk3XZSkzuEH90XK987MOLR 7v8EwD8smrw4eU2cGoizud0prS0DBBqNypYuoN0Bo0jol9Di54g5GWtiD1ySKiffarxK euhQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=rjWN4Y/cYSsspXBbmdD2mcYH5oh+z9qZioBDyRACjoU=; fh=RLeVf/Syfg4t6dByAgHW99X3mUkHSZTjUpmk/E3en+o=; b=S5o3a2JaWOkTsu6rs1toIevaBhLFEN2N1jmO3m/ZOQqR0QeYXQEX4QykXsJoPgRNOW jBHLhv8PbSdBpXWDztwlPRM0r409zaU7x/xZ0m7KSmcUkUtCLaUz2zPvviMbHgrRUcmi 1traFTgPblFYlmElXatDAnsvUEijmNW+/iiKpWASArM5PipTYz0bZsw+Bb+Ce10eDM4U zhSW9yYIp163zmBRbW/c0uoM/F9TA8aZzh9dlhYKwd/NAtVS6HOXl5lqRx6PmeLnNGxR WYIVney6QbDI7KMNPamiF11CT1yySKNEp0eQAQnC8W2v6h9G0eolibLtCL3xrHiwiwXq FZNg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=aZhp4QYY; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313726; x=1780918526; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=rjWN4Y/cYSsspXBbmdD2mcYH5oh+z9qZioBDyRACjoU=; b=JRLZ0ykPgE1QjieLtG8jPL/NGiH5IGLYdLjFsXZD/jJVBnz92UGYK7Cd4EW7CyDl41 tZ5GILCnxb6KhsQ5RbvUez5trSRXDbPnOV79ZHRLPBXPMBRdPv+5avZbuoYQcqqXefbB qH5jxAguJkTJWxua147960ww5Z/pFjEOoTiuPJ+qIWoN6HgExCVbw1bniVZ7pxHVVZRa zP3XTbzrvOyd+E1Nj/8C2lIwNirXeOjSy5pE0bZVnOOB4h1wQNwc6yGh+G2dMzhY2Dra wlzNBncmI5KbjDX0W/tW+Gf+1K4zTwUZqepPj9pWZpktQidnzobjFytcSXxW7HCpXs54 TrOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313726; x=1780918526; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rjWN4Y/cYSsspXBbmdD2mcYH5oh+z9qZioBDyRACjoU=; b=VH5I6M2lnoFs6ZCt7Po9IMMger2qCzSPAxftL5RYaHMa60JzL9dxzP/ssX1vVCoEK/ XL6Gxm9me6yZtIByg21kEKwDgcsj91anYpgAugSJvqD8kQifIbJlw3mvDvU8v5fprhWI V/AZYxBuaveEMPInxlMzsDAQaq/r5MWcO8KryUIVM9265ijRaa41z2U1wHs6kt/rqugB uFoMOg9oP3B7xAGcWXOTV9PnqzxmqLkrcCXICKL8Z5ZbYcXm6cl8jBhnvBELnQTKqEQy /Q1qGf9S7371935dyXsj+lyKmGP420SDgnmlnrFNc7ghUkAwA0JLKeFhQb/dJXd2PkPq iCrw== X-Forwarded-Encrypted: i=3; AFNElJ+Xc9ymIiMI56wn4zW3eeXKncZCcgruYyTv+uQ01tY6PBNM4LxaF+BNzstlIE0nQBhxPJpzlG4=@isar-build.org X-Gm-Message-State: AOJu0Yz7eMCL158bo8KoBFn3C6xhLSBIvmJa/O4KlPVB58QFsLBUQAhQ WFgxnAjn/YvyTDAOGpnrLRfiK/COEO4mlgCgZz6nbyeed/wUmRwAiiwD X-Received: by 2002:a05:6820:1527:b0:69d:521d:a4f1 with SMTP id 006d021491bc7-69e1044ceedmr5856721eaf.55.1780313725613; Mon, 01 Jun 2026 04:35:25 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMabsc+2lguEP7A+7aCjJZbosCGuwuwJh/COKs2eMbRgA==" Received: by 2002:a05:6820:6ae2:b0:67d:fa47:dad3 with SMTP id 006d021491bc7-69df445eeb7ls3056211eaf.2.-pod-prod-03-us; Mon, 01 Jun 2026 04:35:24 -0700 (PDT) X-Received: by 2002:a05:6830:6732:b0:7e5:68ca:892a with SMTP id 46e09a7af769-7e6a1e76b30mr6261994a34.20.1780313724636; Mon, 01 Jun 2026 04:35:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313724; cv=pass; d=google.com; s=arc-20240605; b=SMUoDca62ePKLeEemH4p7pQD69EBEwbqd2UGCCe0RcYAXMlOPteh8BT//52ykr1hn1 444+JHmTXFOgrhNoJVoWNaMkZYFVYtT8GHFfGYJe5JYYX+6IhjuZCC2C2iiMkz4EKukb ElMMEk4+d5b25/nK4baLDPAcTs20L0NxBc2iWDnRW7CatZtzWpo1oshpaNJYm3KlinJ6 +AK9VKdu8fT4dpb1KXc4+ASqu02R3Lp2kW0ytg6JDwua6b5SvU7uM850Vihq3I/PIuWf zKeX4V8jrUI/f558PMVp8QDB/GMwBp0bPZj1c6GrJ4Zj+DXt678gtrpQ2LDU+3KnIhjw awvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=D0GRWxrRuWBv9WfcmjR640ZoFkQvh7jkRJfEAanFNxA=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=jRWFEVqbFIMSdo2+ixg7JkUBCT9TnuhAHKzqyDyuj7kCMnFEw9tDMqq7Zehk9SfumY fhhBRTPX8fcYKJ7H1xRhFJfgq89X3xthEQt8tROueLBK7JP4WXWnnYLUafg1cNLz/RBq Pr3yK52l3AGiyBoOHpGCTpG0hrlZeHEaKmyP/jMazZYJcIrQz7G5qIUL9YNGIR4Okeg7 uLaYnHZjrBWUPGGPchVallmIxRULkxKyGg2eEtjBr1IjkTmrmaRmdeW7++bMrWCYa93m tx24dHmLW3fZSdatKM49BXkX7KS2r78E+ppTqd/BtF2ablIj0VF74J8JFJAObCxN8zgT ApcQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=aZhp4QYY; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:24 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mlR2FfMc8G6M1LonRqhOKdy6W5hBXhl0otWb60NEWD44tPpnMYmDCxQ4CO7Ie4xL7tdme2Bu7zEY6f0JQus17/uHQb5vRVQE3pUOLEtxlk2qiHUhbt7wDIpsCbHd1QjRTEmjtW+0QpSC+gkazl8FA1hjPPAjkhHURuV3yk132hdbAwD4XPJsMti00AN7KDZ4FhJ3nUV1gKtdhZAjI9er9281W7tMGVL9DzVLZB+6z4zntnaZi9PYZW+IPrdYRmnGUVpro1rKn11VPEGNFn2h81wR2c0DenhUiwGCXeNQ1S6Es+FnxRhJDRDAO6c0vq+iuWJg3e2083wRLDbz/A78pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D0GRWxrRuWBv9WfcmjR640ZoFkQvh7jkRJfEAanFNxA=; b=DiMN8SiV9v0YBIeDsej7B2qF8I6gteod2XML0Yfx5mNeosWBBMZ2khgztruSXx4LyMRmZnRVfrmK5znRLIpFZmJQqJR2fHYu32dWwslJ/0uro7FcF+l+lr8p9EYIyzNLtRMzfUkpWmqk5UHfKR2CQlUNaLx5byV5O80fwpBx1I9c51m9Fm341eRtiyzOpVIh64814sSKz9k1Hmn01Ee5AB3imgek32p4b4+89KtlRLrtjg5nX84xuAYknxMaC5ViSWXSdaaVd1NniQxQ9DlLarE1DwzDlU6HHeyaBrVVkhLn9tuGLNDJ3wWpoZr7+XBFR8jurm7C4C+yafPxlK5xTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:18 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:18 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 04/17] introduce wrappers for privileged execution Date: Mon, 1 Jun 2026 13:34:51 +0200 Message-ID: <20260601113505.2898877-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 54323644-f3d9-482c-c4bf-08debfd1da8d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|20052099010|55112099003|22082099003|18002099003|56012099006|6133799003|3023799007|11063799006; X-Microsoft-Antispam-Message-Info: iTPhJXzXqWE0v4Hy3oD9gOqlaCdZEsxOH93XQ6YZysGmO/lSiLdD7k2waQJ4X/28mTy4TjY8x1GsBUT/zyC59i/PT1nsYjZadmXYUG6f8v24+ZTnF6X5Z47cmAsr7R/XDkR584qTAw+QfxN6O65eMeLtEfZzqE6ZAcRhSoLaDCkJms+BeaUXKtw6W7s1pUrzaNgPz2fIw2NVvkcc4rsCLiy01SXXVHPLXdsMcUepCE2g3ZOHRbc10+8V2Fg+au562opuXdkAlAKLulQRKT1TJTsH/45CE+x74Q/uZnzdIMdULWlITdbbke4Nko7Qm8PX+9u3aO6vLhjSXWyxiRbNVN6IXfrk4N/Y7AVxvEOMOe4tURQtv9zdgSrM8tvjMJ4VJVBl8I8mwMeUOZwvR5Xj8GVB1M0DrqjtPnvTy6TecQdu6iDJ42fBPirg18huGqMwUzSA6tmhRrTTUDc9O6tlMqotRcjwHECyg0wHbiQFhFgS44np2TSdDF8yXiOEsTHYlUi7y3VyGTHr2gl+nEjgFzmyhDoiXNsN1JTjHEy//jXC1SOQe7xcNecYjrZIX3JCeJnCgEbN6AkV5nca60k51Y1yWUhiRHxQ3iTZs0mjpH6aQHABwzYgmm4DOOW7nv1cwlGxqsjodA2wB4+jx2Z54swrIdNowSk9RJEnKk1SfivngkAJuW/yglVMiSikrMlvKJKQoP7K2jY/NOv2nvsrEw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(20052099010)(55112099003)(22082099003)(18002099003)(56012099006)(6133799003)(3023799007)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: Fwnd1DpfbQp5/1FwUsyRx8pa2IPmUkCCMBwQZMAHTSlHHhnjMZAhfvtgUCTJopbGT/jfRp1C553oBpjavwSrdvSFEi39i1C3qUpZxXQiSzmykMOAVjZP+goc87psgvr+gxPVi4A2b1mv/n468kSES/COvKutx5thYRsJh5skF9zHuIfqEL3d3TUbkNwaufpoI+xBhAQVQDpMZQ99guhFAq0OBqa7WFNCxAtCBVCn14RHfqohFGnNiq5BrLbE3JruSlavmPrzdX43Lax9QZo6Syum5w2Vo1GSsQDWAp7nB041k1iwKocErKaOZ+pYjQ179C77FkPY5e7QYgloGfouGrMmK3yOgKqrzVq5gIscYY9ZcWWI1QfuvKCrJXbp3C3uFOL0n73RsWzFEW+dU1brDqzJFyv9YshlQpzz++uvd8JD7ZJFwv3ExdWPJckeA2ri7FuDR3VOktQQWCx7uNRpLHi1ku1yLYbfd1+4IM5fLf5Kcw9nv4gXDQ7S/0EsN7b7mf8DMNSHCpn9IzkXWvzz38zULWUPjMu/ycy1Gn+Cdv9bDLLltIARO8l+o3QoIriXaFk1GC4jRiIEzXX2KJztETmmMO8ZxKHcZwy7e5yEKY2A4uxP3Xqnc5XeJgpV0IL/sA7LpvgyTAjrG2yD0jf9aiN4OejWT9cvsbfNbpydbXXO9Cp/5Z4WPUjXgQuK2qSpIftqE47VpZ9edWMaKjmaWNIYEJZzKasb1wsZ/6dRy5SU2LJrhLNkbFwqaPdVziLXpawLQ84RWvpqt0QK4CQWW8t4HXWZxqM2kqCqgFOztskLC4uIOht9NOGbuiuORSdLwXCXqdBOtUoWDqDIdZQNU2V10py1K0qEOtfk7dil+O5T6nSNPXtWx0dV4Qqt1EVgyyAqDwwOsdbca1mUrxTzyHcpoKtcV34++HhDB6gqDeEsYdqi2UXccUYYs/g/JdMsVoOMrTULJFapaN2ob+nykhLmoSRlQsgiXp6GlrNqWqy5Itgojk8Bm5E35+DdsHouzHzDs9OKuwwxN7OdJ0wBHPRdcpEX2vv7BgmHQl/lz7E59zBCUwTQbV2IM+zvTY85dw2pXP42VgLKV7fLE0CouMYhOEQYNQR6N/Ad8znELiu+3LfiTRhCPyXTD5A2Oj37jm8dObgg52STmCnDJmckAJFtU7+RKkc2B4t3JQI0VgrjFMfesyJ1sRiM1Pzchcbdo/tAHqgCqepH6f/HFZJ9rAlyeebYPe9wwZdTxm4m3netU8/zE65B3lFWtVfxw7svLDtTGAyOG5wwnk6Qih0e6zD5wSYQx0nRF0gspaKNCvILoVPs23HITv0dwdXQBUnHHHuGFSBQRU+eGt+xvtVykcU6NRFC0NMGHWlo/HHG4hg1MAyvLl1WBxCw0x3LIb+GReRHGStJ5Ph/iWAAlu430y6p6xrKjii1QiyWQ5aB70KTOs2GKmRvem1jXZrT64R+BzLi3S3knrjk86KlUU89IH+8LqjFc0l5vgapHgdOpbgYTiVy5Ue3/6d70D/40uFg3GGFCAzxj7q96dagqCZ3wpUfeD/I3jlPRyjKAhCogG6Ab8ZE69XqlovQugY5sJpx1RHSz5BKSBxi7TrgoBDyAAU6gHb10cY7AxmjH46pwZp33VoONbDPpStW2r9OY2rC/8Xnx1K2PH5JsbAB8GqFVwVZNoeekxHuNBRndDVD53c0Vqh9oFXnsMNinHIXCsyQaLyfO1reB3V7qzzvuxdjqfYP7H7NxMeFf4TQbwXv4rhRyxPGXa9qM1J5H5xRX2guuw1oyifo X-MS-Exchange-AntiSpam-MessageData-1: CcvMBWt+ynwkU0nZvxXNJTsugavbQA3UzWw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 54323644-f3d9-482c-c4bf-08debfd1da8d X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:17.1408 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kAOuJmzI2hnEDisLAURwyCEjLbyRa+bUQMWYLtl35VMx/tgNqsnQWnObocBiyNmTRR8CHJN/vxOTiio+vCDkSLudZeNAqV5wHxzQkNyQrCU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=aZhp4QYY; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As a preparation to enable rootless builds, we introduce wrappers for common cases of privileged command execution. The wrappers are defined in the base class where later on the executor dispatching will be implemented as well. The wrappers are introduced throughout the whole codebase and downstream layers are also encouraged to use them to increase compatibility with upcoming API changes. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 16 ++++ meta/classes-global/base.bbclass | 26 +++++- meta/classes-recipe/deb-dl-dir.bbclass | 8 +- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 2 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 4 +- .../image-postproc-extension.bbclass | 30 +++---- meta/classes-recipe/image.bbclass | 14 +-- .../imagetypes_container.bbclass | 26 +++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 +- meta/classes-recipe/rootfs.bbclass | 89 ++++++++++--------- meta/classes-recipe/sbuild.bbclass | 10 +-- meta/classes-recipe/sdk.bbclass | 14 +-- meta/classes/sbom.bbclass | 2 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 +-- .../unittests/test_image_account_extension.py | 9 +- 17 files changed, 156 insertions(+), 116 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 5d2514c0..552051ad 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1087,3 +1087,19 @@ and `arch=all` binary packages). Recipes for such mixed packages should append `PROVIDES="foo-doc-archall"` for an `arch=all` binary package `foo-doc`). Consumers can then simply reference the package by its original name (e.g., `foo-doc`). + +### Execution of privileged commands + +When operations require higher privileges than those available to the build user, +the following helper functions shall be used: + +**run_privileged**: Run a command as root while preserving the environment. + +**run_privileged_heredoc**: Execute commands provided via stdin in a root shell. + +**run_in_chroot**: Run a command within a chroot environment. The first argument +specifies the rootfs path. + +Using these helpers instead of direct `sudo` invocations centralizes platform-specific +privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged +in downstream layers. diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 70b4565b..d4dbbc3a 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,7 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - sudo rm -rf --one-file-system "$TMPDIR$i" + run_privileged rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -375,3 +375,27 @@ def deb_list_beautify(d, varname): if stripped: var_list.append(stripped) return ', '.join(var_list) + +# Helpers for privileged execution. Only the non-underscore functions +# shall be used outside of this class. + +def run_privileged_cmd(d): + cmd = 'sudo -E' + bb.debug(1, "privileged cmd: %s" % cmd) + return cmd + +RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" + +run_privileged() { + ${RUN_PRIVILEGED_CMD} "$@" +} + +run_privileged_heredoc() { + ${RUN_PRIVILEGED_CMD} /bin/bash -s "$@" +} + +run_in_chroot() { + rootfs="$1" + shift + ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" +} diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index e3f055c5..04fd6414 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -98,7 +98,7 @@ debsrc_download() { dbg_pkgs_download() { export rootfs="$1" - apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ + dbg_pkgs=$(apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ -a "${DISTRO_ARCH}" packages \ "${rootfs}/var/cache/apt/archives" \ | awk '/^Package:/ {print $2}' \ @@ -110,7 +110,9 @@ dbg_pkgs_download() { | grep "${DISTRO_ARCH}" \ | awk '!/Binary:/ {print $1}' \ | sort -u - done | xargs -r sudo -E chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- + done) + + [ -z "${dbg_pkgs}" ] || run_in_chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install $@' -- ${dbg_pkgs} } deb_dl_dir_import() { @@ -120,7 +122,7 @@ deb_dl_dir_import() { export gid=$(id -g) # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ - sudo -Es << ' EOSUDO' + run_privileged_heredoc << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index f7a12302..e5987554 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -161,7 +161,7 @@ def isar_export_build_settings(d): dpkg_schroot_create_configs() { schroot_create_configs - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' sbuild_fstab="${SBUILD_CONF_DIR}/fstab" fstab_isarapt="${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO} /isar-apt none rw,bind 0 0" grep -qxF "${fstab_isarapt}" ${sbuild_fstab} || echo "${fstab_isarapt}" >> ${sbuild_fstab} diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index 500aaefe..e693800c 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -130,5 +130,5 @@ dpkg_runbuild() { deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts - sudo rm -rf ${WORKDIR}/rootfs + run_privileged rm -rf ${WORKDIR}/rootfs } diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index e874f3c7..de01484c 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -34,7 +34,7 @@ def image_create_groups(d: "DataSmart") -> None: """ entries = (d.getVar("GROUPS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] @@ -72,7 +72,7 @@ def image_create_users(d: "DataSmart") -> None: entries = (d.getVar("USERS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index c90280aa..029caec7 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,7 +29,7 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } @@ -60,7 +60,7 @@ ${@get_nopurge(d)} __EOF__ # Install configuration into image: - sudo -E -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 diff --git a/meta/classes-recipe/image-postproc-extension.bbclass b/meta/classes-recipe/image-postproc-extension.bbclass index 43ab750c..59128c2a 100644 --- a/meta/classes-recipe/image-postproc-extension.bbclass +++ b/meta/classes-recipe/image-postproc-extension.bbclass @@ -17,19 +17,19 @@ update_etc_os_release() { done if [ -n "${OS_RELEASE_BUILD_ID}" ]; then - sudo sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "BUILD_ID=\"${OS_RELEASE_BUILD_ID}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT}" ]; then - sudo sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT=\"${OS_RELEASE_VARIANT}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT_VERSION}" ]; then - sudo sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT_VERSION=\"${OS_RELEASE_VARIANT_VERSION}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi } @@ -37,11 +37,11 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_configure" image_postprocess_configure() { # Configure root filesystem if [ -n "${DISTRO_CONFIG_SCRIPT}" ]; then - sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" + run_privileged install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" TARGET_DISTRO_CONFIG_SCRIPT="$(basename ${DISTRO_CONFIG_SCRIPT})" - sudo chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ + run_in_chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ "${MACHINE_SERIAL}" "${BAUDRATE_TTY}" - sudo rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" + run_privileged rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" fi } @@ -58,13 +58,13 @@ image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( run_in_chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" fi - echo "$MACHINE_ID" | sudo chroot ${IMAGE_ROOTFS} tee /etc/machine-id - sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' + echo "$MACHINE_ID" | run_in_chroot ${IMAGE_ROOTFS} tee /etc/machine-id + run_privileged rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen" @@ -82,13 +82,13 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_disable_systemd_firstboot" image_postprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_VERSION=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${source:Upstream-Version}' \ --show systemd || echo "0" ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then - sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot - if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ + run_in_chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot + if ! cmd_output=$(run_in_chroot '${ROOTFSDIR}' systemd-firstboot \ --prompt --welcome=false /dev/null); then bbwarn "Your image is not configured completely according to systemd-firstboot." bbwarn "It prompted: \"${cmd_output}\"" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index 26a4ec06..bc3f2181 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -363,7 +363,7 @@ get_build_id() { ROOTFS_CONFIGURE_COMMAND += "image_configure_fstab" image_configure_fstab[weight] = "2" image_configure_fstab() { - sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF + run_privileged tee '${IMAGE_ROOTFS}/etc/fstab' << EOF # Begin /etc/fstab proc /proc proc nosuid,noexec,nodev 0 0 sysfs /sys sysfs nosuid,noexec,nodev 0 0 @@ -391,7 +391,7 @@ do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - sudo cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" + run_privileged cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" fi for file in ${DTB_FILES}; do @@ -447,7 +447,7 @@ def apt_list_files(d): IMAGE_LISTS = "${@ ' '.join(apt_list_files(d)) }" do_rootfs_finalize() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -e "${ROOTFSDIR}/chroot-setup.sh" ]; then @@ -473,14 +473,14 @@ EOSUDO # Sometimes qemu-user-static generates coredumps in chroot, move them # to work temporary directory and inform user about it. - for f in $(sudo find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do - sudo mv "${f}" "${WORKDIR}/temp/" + for f in $(run_privileged find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do + run_privileged mv "${f}" "${WORKDIR}/temp/" bbwarn "found core dump in rootfs, check it in ${WORKDIR}/temp/${f##*/}" done # Set same time-stamps to the newly generated file/folders in the # rootfs image for the purpose of reproducible builds. - sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + run_privileged find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' } do_rootfs_finalize[network] = "${TASK_USE_SUDO}" @@ -517,7 +517,7 @@ do_rootfs_quality_check() { ;; esac done - found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) + found=$( run_privileged find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) if [ -n "$found" ]; then bbwarn "Files changed after package install. The following files seem" bbwarn "to have changed where they probably should not have." diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index e07ce8e6..8d4f8050 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -37,38 +37,38 @@ do_containerize() { # prepare OCI container image skeleton bbdebug 1 "prepare OCI container image skeleton" - sudo rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" - sudo umoci init --layout "${oci_img_dir}" - sudo umoci new --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" + run_privileged umoci init --layout "${oci_img_dir}" + run_privileged umoci new --image "${oci_img_dir}:${empty_tag}" if [ -n "${cmd}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.cmd="${cmd}" fi if [ -n "${entrypoint}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.entrypoint="${entrypoint}" fi if [ -n "${path}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.env="PATH=${path}" fi - sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci unpack --image "${oci_img_dir}:${empty_tag}" \ "${oci_img_dir}_unpacked" # add root filesystem as the flesh of the skeleton - sudo cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + run_privileged cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" # clean-up temporary files - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + run_privileged find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete # pack container image bbdebug 1 "pack container image" - sudo umoci repack --image "${oci_img_dir}:${tag}" \ + run_privileged umoci repack --image "${oci_img_dir}:${tag}" \ "${oci_img_dir}_unpacked" - sudo umoci remove --image "${oci_img_dir}:${empty_tag}" - sudo rm -rf "${oci_img_dir}_unpacked" + run_privileged umoci remove --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index dd6c501d..8b048dc7 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,8 @@ generate_wic_image() { fi EOIMAGER - sudo chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - sudo chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index b201b97d..440786b5 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -136,7 +136,7 @@ rootfs_cmd() { rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ ( mount -o bind,private /dev '${ROOTFSDIR}/dev' && @@ -182,7 +182,7 @@ EOSUDO } rootfs_do_umounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if mountpoint -q '${ROOTFSDIR}/isar-apt'; then umount '${ROOTFSDIR}/isar-apt' @@ -225,7 +225,7 @@ rootfs_do_qemu() { if [ '${@repr(d.getVar('ROOTFS_ARCH') == d.getVar('HOST_ARCH'))}' = 'False' ] then test -e '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' || \ - sudo cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' + run_privileged cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' fi } @@ -240,16 +240,16 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - sudo tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" # setup chroot - sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" + run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" } ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_isar_apt" rootfs_configure_isar_apt[weight] = "2" rootfs_configure_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/sources.list.d' @@ -270,7 +270,7 @@ EOSUDO ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_apt" rootfs_configure_apt[weight] = "2" rootfs_configure_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' @@ -293,7 +293,7 @@ ROOTFS_CONFIGURE_COMMAND += "rootfs_disable_initrd_generation" rootfs_disable_initrd_generation[weight] = "1" rootfs_disable_initrd_generation() { # fully disable initrd generation - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -310,7 +310,7 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ -o Dir::Etc::SourceParts="-" \ -o APT::Get::List-Cleanup="0" @@ -322,9 +322,9 @@ rootfs_install_resolvconf() { if [ "${@repr(bb.utils.to_boolean(d.getVar('BB_NO_NETWORK')))}" != "True" ] then if [ -L "${ROOTFSDIR}/etc/resolv.conf" ]; then - sudo unlink "${ROOTFSDIR}/etc/resolv.conf" + run_privileged unlink "${ROOTFSDIR}/etc/resolv.conf" fi - sudo cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + run_privileged cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' fi } @@ -358,7 +358,7 @@ rootfs_export_package_cache() { ROOTFS_INSTALL_COMMAND += "${@ 'rootfs_install_clean_files' if (d.getVar('ROOTFS_CLEAN_FILES') or '').strip() else ''}" rootfs_install_clean_files[weight] = "2" rootfs_install_clean_files() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' for clean_file in ${ROOTFS_CLEAN_FILES}; do rm -f "${ROOTFSDIR}/$clean_file" done @@ -370,14 +370,14 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - sudo -E chroot "${ROOTFSDIR}" \ + run_in_chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" rootfs_restore_initrd_tooling[weight] = "1" rootfs_restore_initrd_tooling() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar-stubs" rm -rf "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -386,8 +386,8 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-initrd', '', 'rootfs_clear_initrd_symlinks', d)}" rootfs_clear_initrd_symlinks() { - sudo rm -f ${ROOTFSDIR}/initrd.img - sudo rm -f ${ROOTFSDIR}/initrd.img.old + run_privileged rm -f ${ROOTFSDIR}/initrd.img + run_privileged rm -f ${ROOTFSDIR}/initrd.img.old } do_rootfs_install[root_cleandirs] = "${ROOTFSDIR}" @@ -437,21 +437,21 @@ do_cache_deb_src[network] = "${TASK_USE_SUDO}" do_cache_deb_src() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} debsrc_download ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -459,21 +459,21 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('BASE_REPO_FEATURES', 'cache cache_dbg_pkgs() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} dbg_pkgs_download ${ROOTFSDIR} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -482,17 +482,17 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get clean - sudo rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* + run_privileged rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* # remove apt-cache folder itself (required in case rootfs is provided by sstate cache) - sudo rm -rf "${ROOTFSDIR}/var/cache/apt/archives" + run_privileged rm -rf "${ROOTFSDIR}/var/cache/apt/archives" } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-log-files', 'rootfs_postprocess_clean_log_files', '', d)}" rootfs_postprocess_clean_log_files() { # Delete log files that are not owned by packages - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/find /var/log/ -type f \ -exec sh -c '! dpkg -S {} > /dev/null 2>&1' ';' \ -exec rm -f {} ';' @@ -501,32 +501,32 @@ rootfs_postprocess_clean_log_files() { ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-debconf-cache', 'rootfs_postprocess_clean_debconf_cache', '', d)}" rootfs_postprocess_clean_debconf_cache() { # Delete debconf cache files - sudo rm -rf "${ROOTFSDIR}/var/cache/debconf/"* + run_privileged rm -rf "${ROOTFSDIR}/var/cache/debconf/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-pycache', 'rootfs_postprocess_clean_pycache', '', d)}" rootfs_postprocess_clean_pycache() { - sudo find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print - sudo find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_ldconfig_cache" rootfs_postprocess_clean_ldconfig_cache() { # the ldconfig aux-cache is not portable and breaks reproducability # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034#49 - sudo rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache + run_privileged rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_tmp" rootfs_postprocess_clean_tmp() { # /tmp is by definition non persistent across boots - sudo rm -rf "${ROOTFSDIR}/tmp/"* + run_privileged rm -rf "${ROOTFSDIR}/tmp/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" rootfs_generate_manifest () { mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} - sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ dpkg-query -W -f \ '${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' > \ '${ROOTFS_MANIFEST_DEPLOY_DIR}'/'${ROOTFS_PACKAGE_SUFFIX}'.manifest @@ -542,7 +542,7 @@ rootfs_export_dpkg_status() { ROOTFS_POSTPROCESS_COMMAND += "rootfs_cleanup_isar_apt" rootfs_cleanup_isar_apt[weight] = "2" rootfs_cleanup_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/isar-apt.list" rm -f "${ROOTFSDIR}/etc/apt/preferences.d/isar-apt" @@ -553,7 +553,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@'rootfs_cleanup_base_apt' if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else ''}" rootfs_cleanup_base_apt[weight] = "2" rootfs_cleanup_base_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/"*base-apt.list EOSUDO @@ -561,12 +561,12 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'populate-systemd-preset', 'image_postprocess_populate_systemd_preset', '', d)}" image_postprocess_populate_systemd_preset() { - SYSTEMD_INSTALLED=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_INSTALLED=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${db:Status-Status}' \ --show systemd || echo "" ) if (test "$SYSTEMD_INSTALLED" = "installed"); then - sudo chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" + run_in_chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" fi } @@ -626,7 +626,7 @@ rootfs_generate_initramfs() { mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - sudo -E chroot "${ROOTFSDIR}" sh -ec ' \ + run_in_chroot "${ROOTFSDIR}" sh -ec ' \ ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ ' @@ -664,11 +664,12 @@ rootfs_install_sstate_prepare() { # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - sudo mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro + + run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro lopts="--one-file-system --exclude=var/cache/apt/archives" - sudo tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - sudo umount ${WORKDIR}/mnt/rootfs - sudo chown $(id -u):$(id -g) rootfs.tar + run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs + run_privileged umount ${WORKDIR}/mnt/rootfs + run_privileged chown $(id -u):$(id -g) rootfs.tar } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -677,7 +678,7 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - sudo tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index 95dadee3..d9ccce7f 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -20,7 +20,7 @@ SCHROOT_LOCKFILE = "/tmp/schroot.lock" schroot_create_configs() { mkdir -p "${TMPDIR}/schroot-overlay" echo "Creating ${SCHROOT_CONF_FILE}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e cat << EOF > "${SCHROOT_CONF_FILE}" @@ -59,7 +59,7 @@ EOSUDO schroot_delete_configs() { (flock -x 9 set -e - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -d "${SBUILD_CONF_DIR}" ]; then echo "Removing ${SBUILD_CONF_DIR}" @@ -101,7 +101,7 @@ sbuild_export() { } insert_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -112,7 +112,7 @@ EOSUDO } remove_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -123,7 +123,7 @@ EOSUDO schroot_configure_ccache() { mkdir -p "${CCACHE_DIR}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e sbuild_fstab="${SBUILD_CONF_DIR}/fstab" diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 6f09b5f6..16165792 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -69,12 +69,12 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "${@'rootfs_cleanup_isar_apt' if bb.utils.to ROOTFS_CONFIGURE_COMMAND:append:class-sdk = " ${@'rootfs_configure_isar_apt_dir' if bb.utils.to_boolean(d.getVar('SDK_INCLUDE_ISAR_APT')) else ''}" rootfs_configure_isar_apt_dir() { # Copy isar-apt instead of mounting: - sudo cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt + run_privileged cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt } ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - sudo chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" @@ -83,7 +83,7 @@ sdkchroot_finalize() { rootfs_do_umounts # Remove setup scripts - sudo rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh + run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh # Make all links relative for link in $(find ${ROOTFSDIR}/ -type l); do @@ -95,16 +95,16 @@ sdkchroot_finalize() { new_target=$(realpath --no-symlinks -m --relative-to=$basedir ${ROOTFSDIR}${target}) # remove first to allow rewriting directory links - sudo rm $link - sudo ln -s $new_target $link + run_privileged rm $link + run_privileged ln -s $new_target $link fi done # Set up sysroot wrapper for tool_pattern in "gcc-[0-9]*" "g++-[0-9]*" "cpp-[0-9]*" "ld.bfd" "ld.gold"; do for tool in $(find ${ROOTFSDIR}/usr/bin -type f -name "*-linux-gnu*-${tool_pattern}"); do - sudo mv "${tool}" "${tool}.bin" - sudo ln -sf gcc-sysroot-wrapper.sh ${tool} + run_privileged mv "${tool}" "${tool}.bin" + run_privileged ln -sf gcc-sysroot-wrapper.sh ${tool} done done } diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b220f3d9..b4fcddaa 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -41,7 +41,7 @@ def sbom_doc_uuid(d): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) generate_sbom() { - sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index f21a6164..da8bc52d 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -209,19 +209,19 @@ do_bootstrap() { trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ && rm "${WORKDIR}/mmtmpdir"; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && sudo umount $tmpdir/$base_apt_tmp; \ + && run_privileged umount $tmpdir/$base_apt_tmp; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && sudo umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && sudo rm -rf --one-file-system $tmpdir; \ + && run_privileged umount $tmpdir/base-apt; \ + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && sudo umount $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -254,7 +254,7 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - sudo rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/testsuite/unittests/test_image_account_extension.py b/testsuite/unittests/test_image_account_extension.py index f78aa7f8..ff0e47e0 100644 --- a/testsuite/unittests/test_image_account_extension.py +++ b/testsuite/unittests/test_image_account_extension.py @@ -54,9 +54,8 @@ class TestImageAccountExtensionImageCreateUsers( image_create_users(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/useradd', @@ -136,9 +135,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupadd', @@ -164,9 +162,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupmod', From patchwork Mon Jun 1 11:34:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5093 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:31 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f62.google.com (mail-oa1-f62.google.com [209.85.160.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZUdY024548 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:30 +0200 Received: by mail-oa1-f62.google.com with SMTP id 586e51a60fabf-43d10d3f8c7sf396187fac.0 for ; Mon, 01 Jun 2026 04:35:30 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313724; cv=pass; d=google.com; s=arc-20240605; b=NQCGRa/aYmgA68fD95z4XZl89GZYxEHzTxkDYdBkYc2JNQtM2RL2QdgDRQvxe3A7GX F55yavFn93Z/32S4uDohf5Di3TvNbA0YttWAKsSkXotR4yIlSWvcbWx7/Vb8tXrZEZTi ScdunpcVvv/FZZkQqKCVDyNnDzRkesP1LSINLbHDXXdYr8ixwJZqQLg0pFVClnlUL2bI OdLdfxUehW1L0Lx6Cc5clnyQqrshUfej3c9TmMxKK1AquarbNrFLb/NX7EomT/bz9H8L +br5oK/M7PlrYc/O15qctK8ned9AdUrIbg37dt34s8Oijq1BN4+Zih2A2El+zk7Ak0UR Tw4w== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=9QTm4aIgEUZ0Eq45EdOeiQ/+knjxH6PgyqxSIMOBvV0=; fh=Hl/j8dqgj5/6jhy82DuPISBJEAaDwqTJftmBD2KzdEo=; b=VARkfckW6+KudeoRVXX29o4+0ShbyJNMzMsiXzJ530EtmhtSPlhrOmfqqqHRUtJpqk Cxr4iDTrwiz02qxO6VChly3T8Ju2+vgaiGsuQAVlU/YZm3SL4xFNEuTQHNqKfhKbpFmm 5Fu1nibPiG0zDFLkPdi92VGRtUJjPEiED8ptpBS2kxl4RXpuvCQ6ryTvg7h4IM0QDJXz 2F4uRDDCwPq5GGm7nqoqy0EkcEn3E6EPAsR1nQTxTrGQB3PKUE+blf29HTr632OZRfz3 QRCrPb/8aZRwzFhBBd0WnNTWVrzPizsl6IwjKrkBfzteJWkljUmxPAKZDZov+I4RjSeP O20A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=AZhgOY5p; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313724; x=1780918524; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=9QTm4aIgEUZ0Eq45EdOeiQ/+knjxH6PgyqxSIMOBvV0=; b=kduvqhewfXptGz0xrczEk6jkKWqAervRX6QyevW9tMRdoBognN1IZPt8Aeqb1ztUan uJoQFbkOByo/LRjQvR98C1ILWLcXDBp4L1CYYPK+BTAZYHwaweyGqY10GwKH51aX4cew MPKMoOB3kqbz2OInQzaGtUK0HUD3aqoATH0o5lCGZiHhY2dAr9snq1R7MkqrmtXlpvem 4gFUQcOs1QPouTDC7Idme13+rwZ7k8APv0pWHWNBrjxRaxRMR9fUWVimGjn/nCzUFy1r SZ2pRspxjc0J+MLeXgj3LrDPwq5nrFh8ybV32gPy7gL28zLmRAjtQ+xpFUR3srpLQ5W+ +7Qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313724; x=1780918524; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9QTm4aIgEUZ0Eq45EdOeiQ/+knjxH6PgyqxSIMOBvV0=; b=ihzuwQgCw1GUH+Y2ooUSIKt927zK+MluLsAx2QSuusCvRYMmdyRjio4Dhx5pX0LyKR vbutElX3wN0qRHLOKC7PNOEqs2pYGkX0bnWlvdf2LG8enyY+MD2R5rS96SSpC69xPdoh Bm/o9d/9PLQe+pUA7gaa+oK48fDhhlmSYJ+yUzUEYODxMBS28t7/AWMNfLGMvNZ4uNVP DmJfJeJmNPv/Q1IKJjauoPaPAhtZ86i+gRw8abMaJmPol32l9eYGkl5BazZ6K4iHf91+ BZQ5w2gd5VHFeOC/iZeqEi5iuBzBrRayQjx78DxBA9pNu+Dm/swQ0qBPha2JUWQmihtv 9sQg== X-Forwarded-Encrypted: i=3; AFNElJ9w6FigEPWWEAMyz6KG10ntzSK/miaD+/90TwlkN448k+eW08puYtjBQ4gBKEzaN1a2YB+C40s=@isar-build.org X-Gm-Message-State: AOJu0YzcZHG2ecit1KfNU3QPoAVbhsOA2H7DLWp2ygqaVehvvdgN9gx/ ssV30V9xmRyMcjFqdaXGjqjdq1xORAZeyQAj1ERoxxZEJGsRewTemKkC X-Received: by 2002:a05:6820:2219:b0:69d:9547:c963 with SMTP id 006d021491bc7-69e102e3a3fmr5864194eaf.27.1780313724079; Mon, 01 Jun 2026 04:35:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMPb51qB2ITCCGSFqMc3xFB39xan/zajpw67wW2lf8PCrA==" Received: by 2002:a05:6820:a205:b0:69d:97bd:3588 with SMTP id 006d021491bc7-69df447cb70ls2155988eaf.2.-pod-prod-01-us; Mon, 01 Jun 2026 04:35:23 -0700 (PDT) X-Received: by 2002:a05:6830:3814:b0:7dc:1615:7b52 with SMTP id 46e09a7af769-7e6a1e7b15dmr6596981a34.26.1780313723041; Mon, 01 Jun 2026 04:35:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313723; cv=pass; d=google.com; s=arc-20240605; b=bM3xFjq9VyqWHUNFCoKorwgeCiXpHcUVByq/3UcKL2RbqymV7wj2RGUgo41DEDOGvi cBHvwRuP/4qzsrY0njF3Y/xmHqL2uTd+CxwyNdmAulML51/czfC7GiaERMSf6ewSpg1C 6eidd19AQnMm6Dyho8DY2kEtpLZrRtiAyP3AQuN8YmGJmHWeeaerdtIpBT4u7c38uryg 6AwvUdiloU/9XAPWEuqCzjujz79/hbUM5Hp1KQNFIaQEcACyPAgrMj2c1vKYaJNG623M 6O16NkEFnnktPO3S3LsU3ao4Gv8XWUGSNI750o3KfVqnPHcN1JPV3BDfo/CqCHqEEbWF UuPA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=eLjm3fVFi2E+spo+Jm3IBFrrpOBotY5SRT27nuVLz6I=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=L1jYI/3I0Te0qJtksTmVa1TtxQ/rKjxMSHkiA8xsp7GHhEwRU4s962Gh9VRUeI2119 6UB4xFGS5Jjbw+gC9gxpJBZqbm0cmhyF+oB45ITUNoiUiRQuAXh7YFPeFkhHx8Bdk1vu TyQq4j/EK2fqDlXIPtRFTCvfiqg66xFVWB7Rfl7huVHpRFe6PTEydme233I9q6jieVLZ kJY8XG/jfBWWnIqEyQBvuYhk2jEkhcNMbyak1Hc2fEW0dh3L35Ph/TFfcjtxnzXqLWDR Ska0cJFR6kSne1oT0CDuXjnvt6C+V2BgF6UIrbmx9l/LmetHhOGBMGMLiwwgEqUYV864 FczQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=AZhgOY5p; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:22 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=awigZs8PIRwTz6l8PT5JRXNHHdxk0GpiBBjKciXSOWAD6OU5AIqZWbqyCBshiAR+2uVx6yO6UF55gio628fCHAREzFSU1l+j/te6etlH3ve8WZmYu9ywDb5dbWislB2ftl0JJtkJ5W4NN5q4rDWdLksO7ZHIYRyZk+PiivLxk7c3grRQ+71luFGOlhD30A5u3NR9I7+OuKaDBjZll5CmFEVcURbp+kj97jSfJBOrlEhF4lxHeob38rsgs2hGnEshESHFshcrygm8M3yv+bNBXwfDsAXQvdC3glIcF0VY4L2i+lA8uaYxg4PB0rxiRZp98Z2NYFj+UFImj5Q5nrogcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eLjm3fVFi2E+spo+Jm3IBFrrpOBotY5SRT27nuVLz6I=; b=v/A7Dhg6YQVfaEQPTy7+BO5X2gDrWjZYCXm/1FlobvZGE7px1Aha7mVOLm/RfaurCs9ctIEg5boUnL6y/OCRi2yQ/vo/ZMD21bpgVIopPd2WaR2Y6JS4tRPUaL0kTBTBzDJv474iqDP++gViGFEvZcC3gOmxYIVc0+j/8CPjhLc06HoHabvBDSk+puPJmYfKa1iRVOqJT+Uuas/soRGnWfYStcMpMiwPjOrkmv1aiDZrU85D2tlstrpnFCS5AnMwpW4x1tsd4M1JaiMWVu43I+sqy+ljJnTW55hnG5G6AhkGhgKYAjrHmt613yTZA+T56yNlbxrfHoiWtBTMX6erkA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:18 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:18 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 05/17] bootstrap: move cleanup trap to function Date: Mon, 1 Jun 2026 13:34:52 +0200 Message-ID: <20260601113505.2898877-6-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 1e3867b6-3785-46fa-dbca-08debfd1db1b X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: BOD6aR8VTtE0N1qrbi4jDNRReEQviWkp2y6JWdZkZrRf9qqbnpHF3kdVReQaGVGEUmVIgb102XxksaXd8PRjGi7Tvs9bvbmd3F0yLfpc8hKPAqi3XC0TDKCW7G2xZeWD3I7WINev0k9nfMp3fhBe0faUeHxMGWbcFxtJJfEeR8BimOJVoruvUglOeaGRRs4w++H4HrODkLNLzUz97B9Rc67yAtRFnGSV4TRoLcEBEUCq1pjS2ggNKegl3TNf0/oi8cgl/fvy+n2r84RNfXvs2L6ASfdQ8P7OfHogXX679quJHl9ZFi3KOm5KCmbfpygfToqO+oY1OFqfWxU4+AY9Yw97kzceXDP+OWedUwnnxxVSLIq4Z1s6uldpLihAD9kBbiJsbqg4eDdAfx/QeY3SA8rt6zL17bJTh4qVDOPqNJgcnosVlU/maxsFHjcl2GENmyXr8d1hsdCqxJfFxma1rGz507OYldX7aGk+cMtUKAnBHmMMHgQ01esxPmTAmlB68D/aZ6ofe5yR9tTIjq+Ed7hmQwWsyD1pmu8xm9bGYSDBNUqn0/gdm/vmLtecrBJuQPmFi0chMzULOFOhZF0a8mej8+7nzy6IYsSgqaE9tQbwY9dOhJoD9Sq+424mPfi1sdFEDE8jtNaie1RWhgp6T4NDwNDkmrZMPGfe0FFYv5USlDoHve6Vz1JC3ZEEo+Hb X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 02YHKMjiX7zfgN210sL2R6NET44HEoMDo+YlrC49jlDUCV1Qkfy2QRrNlmqR41YkGPw1oA21U+iboKiPYYfAMIRpqJQ84NfnE4k3B74GSJ+Fb+NRSwLs3Ao0z3qg6INuCh9CglM5kgYSJkCJwLGTqSppBIEYaGiPyIc6W6m7/Hc7kklqF1Pc0rJrW/TVRzGjMQ8ijUmN7HfS5bR1l2/TlXP4MIqesMqrlIHHBbSoAAqg6802Rj8YyPK0u2t30HWZEBhXYNxwgMsiKcgk+kUVgV0vHxuVXuipHAQw+749Pb0n8u2zny8JthpKf1edYop8iuIgaYrPUyfJpny4d6y+nuXw5g59AEwLsgn7Y9zXiSRaDxo0zEvVtiMnMdq0gVt5+df2pmsLsCpdJOxD8Qg7UlxkYFJW+btPNRfIqdw3XGlUee5d8bxsVBOD9uc45T3BlZZA0P0EEerKS76kRp5tnA3ynphqcxEojnYZNnXaiZCrZ0bvVz7piDpYZLSnVS9pst0ZkiHNUqAb4FaXFa5B21DAHroH0AtTwP71coYkUqWX57mT9XykLQXC03/BFaMzd4yEnrgJok32+WHQWAgHEAmTVCGcIHSBsKI/b50fxMm6iXI9x0luNgxGMcTEukYVp9/7UKWcWjiAeVuGXA1wnflYbnFayVvJzVpkjjQbQcLXhH958cBMh5tJkzOcKm1acH7aRN7F8TTJl0LcHSfBVb5CsFj6FETu5oF1/I7y/Hd0cUlSKgm0/V1r7Qu+uzPVXlALEu98mU/8ITP1LGza/Pims/Hqat+MAN2TSFtn4JN/FVpoEXT+pX7hNSSZeQf8SkVvtnmDqkB/fUnE0awcNpgKzE3eXQdIBCtB3KVkSGp53K9MeTLHP24U3MBg8oa+lHJglvSk15OBAuQQyfbtkstnOzo8FyWPw4CHg29Ox2TEcz7cCPZqVfK7NRQdiUJ0Z9oc3pSoRaFZDA6Tg1mF+2UpeiVOwktSWQuavNWGVV7v9B1ix/fqlyumLTayU+hUPLvU5l6IVQqThgh7uDxGjTQAmuYoGXS1aI4AQyovzR3o7OnclVxWjMUKFMU05VpGMAKiy+7RGuB6dgjS6qsaUB+gWMOgBJM/30QghM4U2FBqnrdnGrf7zm1JGYbSH2hBPMlY7/I80RO3KAKoF2prcsfp0cPoSO2+qp5iokHt486EsOOyXgB2MNfPpZXi4T+YkZLrytbYIptZqYzAf4Wi/7A5r56RBwe0Mcjo+WnqINWCyPNHxq27F6v7UCZA3RQ0Ga5X9Q6kjigA39qFUtMCnxEj4Jf5HrabMIHwebTcl4ZDuHj59zWz6URqPrWk9TiHSPfAPI4A0hcxUUPwADUHwS2sqqasW2T/piWMkvVSNSA8ALDwMHe0la0w3Tp2rUCEi3EVOrGJe7WP2sD5AXCWkOpfyYmYFBs89SVWBALXf1N8g5P5+lZ6RSzV2ABwXsZM7FYd7aDPIkZ7LGhgih7rcp5T8jdWIQpvYIbaNWhnCBOKQtDVkBWNaQxnXgxLsw3lvFh+TQ+fU6N0vDEzkdUecRT0bpRzBziyW8qAD7e6h28sTOs+kukG8AOMXJc9Dm4GvcydKb47pPFdLGFKNXE7CD/icwX6BkLF+pHABI2n+vtUjPqpF7a1F23uxKiF2x5QkHE53L0ZfkjxINwnt3Hd0CkrdXK3cWxFki/CYMDSrL5yfeDCIZQuyPKyYvCu3OYzhOeBrjdUL9hgwIcSHVd8G74QR3uoy8zxMv9STFw+F7BPjfy26LeEG3PIP60+jQAQ2INA8eDr X-MS-Exchange-AntiSpam-MessageData-1: ejwvfw0kVRzQA/lDerTn0bkBI9uFp8GbW/Y= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1e3867b6-3785-46fa-dbca-08debfd1db1b X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:17.9531 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7IEPZF/ZTIKveFYIAa5IPqPPnrD8bVC/bVlz+qKS2CVVT0rmQEZtvxSEnRT3gSurjzP9a86Qc3fHS6UxmTixwNv/qx98SNAXpNQUvhHVg/Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=AZhgOY5p; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By that, we can make the trap more easily conditional. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index da8bc52d..cf6c355c 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -110,6 +110,19 @@ def get_apt_auth_opts(d): f"--setup-hook='upload \"{workdir}/apt-auth\" /etc/apt/auth.conf.d/isar.conf'" return '' +bootstrap_cleanup() { + [ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ + && rm "${WORKDIR}/mmtmpdir" + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ + && run_privileged umount $tmpdir/$base_apt_tmp + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ + && run_privileged umount $tmpdir/base-apt + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir + [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ + && rm -rf --one-file-system $base_apt_tmp +} + do_bootstrap[vardeps] += " \ DISTRO_APT_PREMIRRORS \ ISAR_ENABLE_COMPAT_ARCH \ @@ -206,16 +219,7 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ - && rm "${WORKDIR}/mmtmpdir"; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && run_privileged umount $tmpdir/$base_apt_tmp; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && run_privileged umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ - [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && run_privileged umount $base_apt_tmp \ - && rm -rf --one-file-system $base_apt_tmp' EXIT + trap 'bootstrap_cleanup' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} From patchwork Mon Jun 1 11:34:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5095 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:35 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ot1-f62.google.com (mail-ot1-f62.google.com [209.85.210.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZVpo024564 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:32 +0200 Received: by mail-ot1-f62.google.com with SMTP id 46e09a7af769-7e60b15b7dbsf16755420a34.1 for ; Mon, 01 Jun 2026 04:35:32 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313726; cv=pass; d=google.com; s=arc-20240605; b=VlUPexreWg6RT5WL1bbfNWyfEKDMoXm0e3PcaGGEpZUziXJ9/KC+7na9jtCovBL0nH UhvAUpXVhpTZeOUIhmUf4ERy0lmJHsQZ3zP0cy26+lW3D/OzdxfZdTtuh1McKQw5UUj+ rk8bTJma578T3qIGsl1+s3Zte67wSKY7tqa0LbHfUvDDC1oHS9rUWPOkDt20vb77JZwb 9MbqAcClmBHZSGwZwu7X8/crKhTte/wUza/jR3RxvkIQl5/MRNjlxtZL1kG31iMEfNOv F/fyG/bKDdnixghaYtZFlq/NLMOJoV59IQR6lfod6P5bauVXUr1WuPb76IivXT0Kv1+G SVqQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=O4LIZH/tHtMoU/THVQF9qnLXLsdCIw+RcoXvkYhVQM0=; fh=Azywd0UdnrBaEN2TvE5vWKjzs4ikQl5jorVB/eZt0J0=; b=RVDHIBnQFlnVFzs4VCq3vUteLjLWjV+5321hSymkMqqCeV2Cv6ZfkB6beStfbcw36S +3eTNsvTbCbRNafwC2nEhDGn8ey+x77Gu/LVVOK2+L65ziOi0A/lUrQXFLVyPQx+uefz Nl/v1hvEtlOBM2pqpCb+eB8ifHk5vmAs/yHl8jFXUHv6Chd4OSnX60SPhMsTeTkJiGe/ fRVPY0ju61+lIXiqirUx9XakGF2e1pyYpynM9ctWLFs5ACgkdQnMNoGEoVUxtHmkdKyB kpJN029xUST5xJPPVWDlcUTz1JimAwd0x4Lqssvc3BxX/HaLlozLPstANVSmZxSi1DHy Iw+w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=akRwL+3e; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313726; x=1780918526; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=O4LIZH/tHtMoU/THVQF9qnLXLsdCIw+RcoXvkYhVQM0=; b=SNnnYktxARf7L0H5ALLT7Tf9oUCQC3DuVqPgrFxZi047xNKiMrwhQyVCgqMUCS/WX8 XeUAkOa2o37tctGgV3SOFcCfyd5+rnHuCJ4AgX8ZBlu8NecpUd2bV44gl6Xh02kc4Mvx fLQpelxaRlP7oZ1sKpCqIY+4brMdjwelUQsx9Ux8GCF2uK1eYZNkyUahn0kOzCstGUzo HdLKUyh2hkJokvScu0bPzn1fkzqB6zDNock2pb3my9smB3gsj3M/j5HzM2oyHaesoGXc gQ2+9bMBPpNHJKuM9eOeLX8VpIfzKKr58+gmmw4pKJ0akMAldqqxOovUgWxWfLV/KYaf YUkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313726; x=1780918526; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O4LIZH/tHtMoU/THVQF9qnLXLsdCIw+RcoXvkYhVQM0=; b=IUVWOeiOSyeBuQiDCIGO8/jlu46amGVuTEYEuM4SjbxQwVn9YZfreObqcdy1AtfeKM oTraBwKXjyxomzLvZh28WyH4VEZk6gX47jJDVBz1RVl+G5pF2tHIfDdCgC5q1Ul2Uzrl LHb2gjvzvfbjGcIwfhWlUyiklBG6CFttXY6o6Br9EyEY5ZLgpYQdEfNPcmJ/G1EHpF21 vXnj+MPBMG9x32yIOKoXBAy3ecYKYdBHdOxyUswoYKjG4IK5WR6f/3QPQkMMcFD/Psd0 toBWenOp8Ju/BW/bErBPE6qW1GNpMq7rm0kshtqQZSKcsdQgnpB3l41H/GOFay9ocmQm ezjA== X-Forwarded-Encrypted: i=3; AFNElJ+f37hhqDubpjpga7qOUA0nqz5oi/HQiGoD2DyhpUcWQYG1RoT36E5vAN03jeLS7/tFJJGgvGA=@isar-build.org X-Gm-Message-State: AOJu0YwZL6NNDmclp8M7xTzwJWaFCiELb256nHfhn68nuxjEjEbfBHW3 KiizPL6zUpjm3tIaZOCo5f0wwJ9ioZ23BGSIMfMa/Mun9cL46sXU+x/O X-Received: by 2002:a05:6820:3403:10b0:69e:2c57:4a1a with SMTP id 006d021491bc7-69e2c574c69mr575277eaf.8.1780313726189; Mon, 01 Jun 2026 04:35:26 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMNpvK/iirgCf5pXgG5kfCQmpwR+hUw8xUQhUM6W4Anew==" Received: by 2002:a05:6820:1689:b0:69d:a1d0:26f5 with SMTP id 006d021491bc7-69e0dd80273ls1098437eaf.1.-pod-prod-00-us; Mon, 01 Jun 2026 04:35:25 -0700 (PDT) X-Received: by 2002:a05:6830:155:b0:7e6:cccf:ff7e with SMTP id 46e09a7af769-7e6ccd00536mr274917a34.14.1780313725178; Mon, 01 Jun 2026 04:35:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313725; cv=pass; d=google.com; s=arc-20240605; b=EszQUHIMygHtP6zC8fGboIWoXlav5tf6q2uDbRJRlNqlbSAszZ1vh85Yq9tonZiqUS OaG5spNsJ7DOoly/EjjHsmkumstHkDYdS1Et2lrFi9S57iX3PxzwgqWAs55bQGTgo0ZI W1GwXvWxHWao7ccc6SjZxmOsnU0VQxUUYUIZrcLLJiJkDsqE/MR8+NsZlri6SfUcZdFZ 0XtDPYtNBo5lUCuvIQJGGQTEHf86/sVXJT53jUu7ki3hcFH1UZjBpIbnytu83e1jjagK RxuNpYDAMQ9+DLK14SWw0vHx+ALlKVA6Xfg/a4ID/m2etnGvBT89J4EHfBNuHIDgU1q4 JQXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=HY6F2LWPZSzWZnysI/leSk+SaIU04Ft5g8SPyfiGVfM=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=k4Gzmv1uApwM9Ck9/w2tmh2CBJjWSYD7UX5UP37dc+3ruXBJIQN1kDExuEq8aI4/Cl RYghMV29kuqag9d6WQwAh8HyommEYSCIucqCFsTvXjuIAkDi3RIJgBBpXCZkAw1YPhu+ /HiXbVAtyh+aFHmL3b7XSpkv12J8H+8JvUXSWJkDm5D7U2kTDKtPLmELOrqesAozuZSd iMC9KNjMrogUPqZDmMz7fwRic4KbsZv9zIUVbtvEkwh6ca6MSd223txTl0j5gtyP8c+s W9tPY6frydbAiHdhz/uiUyB1/wuwz6CBWFbrVmM5+7rBtZXD6YxdFPxsM5wnPzXB8HGL f1Mw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=akRwL+3e; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:25 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Z88v7y+2UAZg3N+0Zh5QDur2jRhVCAsQmw1MQSRxT8wjoYlTJgrvhkH3pkxuip6DxX3rEU1lqJ/Ci8p78cvmpmfRPhZQGtByttTbMeu90Rih0riANxhU34BdYf6w3p6VE0DfRkYf+fuYgpfQkXuVJVfcVwiBK2VA2zBc8I0gmu2RcV1Pmc75m08aYfYZCob0UfhSl+e5FJiralDG3Jr5Sx8FSW08jDUQoE3tFDu74fQbZqPB2fZv+jKu7+c1owIZ7b5RlENIbl8KVI92LXUhL8mLiurd4Tj9JcXC8pVpwcIMYmxdRNcFVzQk53QEKQqarRklM1PcMIG1Owz5TAZltg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HY6F2LWPZSzWZnysI/leSk+SaIU04Ft5g8SPyfiGVfM=; b=hXAeYwb2AVGe1y4MQl+pLen24Mj2WaLa5uSxGaBGnqXrVuDuc0WssZj7G2ATfqyEVqQg62cBy/n+JvWiATXguso/XeRQaPNOOhLU5Q0QQr0vcz5aRcsEf4neX6ctOt5wDstB1Np2XiDODIfXsk530lmmFvJxc1KGe9RiejHI+DWyvaF7nWK8BSgbkyQI8Ghy5yekPVNBrkYRYgkvCOD9F2xriSDctZnsVLTltHRUFyuI+JBd79hYK0cag981hve+29XZEo16qbKWCYtbte6M19wqtT80/cONehrJHUdF2VTI/j9jtXxHiHaqbWZr04utjT9CEg83TyjIqEvZ/BNzZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:19 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 06/17] rootfs: rework sstate caching of rootfs artifact Date: Mon, 1 Jun 2026 13:34:53 +0200 Message-ID: <20260601113505.2898877-7-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: f271b9b9-ccbc-40fb-69a7-08debfd1db61 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: rsHuBCLYTuFi4s8/IRlcrAB2kWQaRICbxNgVzMxVdp49NeJdvu39Gqus09jrt1tDXkiwr7dMb6JcByqssZktj+Q9woOkblst+6iXON0vNMukgEKFlqXb76HowYVP06i1S1Oksm87tGIe7cS/VXmpR8zvqnLOUQGBp6dPmFAfadi1bxAjO0ZJQycmJC9Ax4L6BgK3YJbL4Y2r6LwC9gYtHNXZoOUrr8JpStyMv0QNuZD/hWf0+tSnFHxoBPuVj+XCDbQUfhDHPjcUWtk1sSltzRmw19SHuTAETrJiNC2M7u7EHyVjFHH8UhnrYgImjNzc+vTiz1CxbuyGi4eHWg5t/FWN4YmlphRN9O13mdf9dFagk5yvZfw14IEZU8Psv7K8lXNfO56OleulI8Aip6bi0gZIIWQ5KDTeT/8C26WS9kFiPBOpA0TNNfk9mSTjhIk0pobwB5Yk4YwtAXSMkiwk9OwPnnxLQ1hg57U6GV/FDCwxkwV55FDVipGA9XS/Mjw5eMXmLZtsy4PMVQW+2uIEMbOsceE5L5/Ng3jbFCYk6fFzfu4CJFYhD0HU1e4lKHjFaerFghfDDfBcmU2P1MQcOZ5LxHuaDP2m/mb31TAwICLmYz62wmbeVLHc4KY2wrT90Q1pL907n/QU8lVglObcT3unISD4uCfIxej0c7qxbwsHDw6GUU/znT2dp1Ru6zm0 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: CYyFGB5pNd9l5hhUF1pO/o9ZYwZZuky/TNIIR0l5FckFOcBPA9FeI9kV7zSLiEPEpV2C+fKDWxIxVPfqQTGtNPKAKz3EEpPd4stGDEdJop4cbU08xQgCmb5OJtKEt5NWgCBWQ0zrUimoT3qorHR/K525WSekJZIRuLyaBsJwikgAI7BsfQLsE0FD0WWj78vxs6uubtekuzQc1xfoLEnFUH9X0MG0ACIndjYDQUObqVa5bnWfwGSttdv18VbnnsYhnPASlusuacshh59rr0NV6vSQy+RMb+DV9ahCZ6zWWEsB5Hvy1kXKxrc3ssPy4Bg5I7SQ8o3QRtl8ongafSeNbsREWdgkepUIQou54U7WNWfC9wOiSJ8JoYGD8U/K6Jjc+mtuZ6AraZEUvG7XrsXZMb+Wzo3vW6IIsDkUD2jSHzlS6XfugATCBGzFDzziFWLouUQId0dHZOHgU2QI+TV3m8zGN9kJTXZjlStwQF6Jt4MA5pWQlU+oaq2dVF4sSBbsoDUPRetA2FPpiWecZ1k/WdNQbL1TgQgZQIPj9Lh4fq7kjoQJdCnpO7YnLy9rG1zL79wsIN+hJQgtLEYYHX7X8eBNSi6gMNVqSaERtyz8nxgYDGgOc+dnvF8Hd1vf4+XSj/uOl5vnyU/Ms/v/vuTdd3kxThIS+dmIInJqbZvVRn1VyEDPQbWwgSMjBIsY6jtzaCshEshd5EzuN6naFCyjkIDk2uvKWUQEqXCSIZkHsFErvbp9+I0SfcXkKfEz5/vXcAOEZ4AAv+gQ/QN+Hrsg8CsHiPgKBc78Dex10KuxcBv4E5QB8iDkviaNfuCbYe8sE+mb1wq1VxBbtQvxzQ1kBkQPGLGU6m9lln97r+/udLhqJniq54Ace5LE8AlKhZUjE3KMtDB6EhYx0imN9kYiZ7MPrc4ID5vzsMqYKIWts4je4EXnrzVKI4VOR+Fcs5d8+r/aLtoD8MZ+dhn7BXwtuf/ojbMEZjVuevD5Z55vdqJZ6a7eIDddJr5qMBmGz4WLQwsdgbQGA0ngdCukeRGEqTFOOl9FcWvDkknOyVi2sOr5CWR6da8leX+4+G0LhbxQmfSwG34bQNk3bT6g5W4dfLKtxVJVGu+4xGD3X/+lbVW4yC2N8UYzAXZWG4uLavmLuPU9zKTQAKCvYDwFjaqvqJ0v4B6GIzo9JauF8aTESGflGAmJuW3ykbs1nUnV4BYn5N8rtj1XcqG+lzScRfEplH7VQs6Qa7Uo0JyvpMjlHPkWMCXM9D4LuaLVGthjdBSmFNfPCj6WNXhkJptOUUHxr0vok8Ofy9/gnzmwWW1/ITUIFi6OaVwh4TN/1kAnDKBdwbxFkOXXUjx4PiCm0Y7fLwW5qMxIvry9+yjhb3Z1Nu/C4s1H2F8o69Zwlzoc525C4qLTrO5I4xRE0inImK68VxLvTQOQetUO8gO1P1M4+8Ei7qwNJYsHt8jZDj/xsQy8aiA2xm8WEOQUpeJ5FzqK3yYa8rZcw/cY0PDM8ArMdDL3h9afXXuU3vsySajdUB74cXgAzH+VIt7QEJfNTS4/3eJihK+RX1VxAhJ3I/Czd7tU2mQ2hJ0XohJQeJLzTIWaALSJ9XFBJvxJ+/SAj5saSA4zUnopEPi1G+7u4VgV6QtNECu10Mb+/8ZjbEl22/Si/bAmp8/Y7otpV+JOvXt5A1hedyeXho3wmst+GNNaplyoy+jg5sSnqTngRNUsUXN0NjZRU4cuBWDmybKJlL7kQVId1qzrBxQp1K89fYKDNbzUfi5rrj3eccqIjBJTUrpFIEJ9AQqO X-MS-Exchange-AntiSpam-MessageData-1: Inoo2cDRcts97FClw8peXwJHZB7mQBhuNPw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: f271b9b9-ccbc-40fb-69a7-08debfd1db61 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:18.5814 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kSUDaMl7xLb08ZrTQWBnOfl1n6GLnVRmCqZUMTbHERERIcNQfnOh1G9dVeR/oq80GP4xV8bJnHjfSNZuPg6Q1snkRUqUYVSO6PHASZu9QlE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=akRwL+3e; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We ensure that the sstate artifact is always generated for the correct rootfs directory by using the ROOTFSDIR variable instead of the assumption that it is in "rootfs". Further, we avoid file permission on unshare, as root inside the container maps to the caller outside of the container. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 440786b5..aa65cec4 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -665,11 +665,13 @@ rootfs_install_sstate_prepare() { mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro - lopts="--one-file-system --exclude=var/cache/apt/archives" - run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - run_privileged umount ${WORKDIR}/mnt/rootfs - run_privileged chown $(id -u):$(id -g) rootfs.tar + run_privileged_heredoc <<'EOF' + mount -o bind,private '${ROOTFSDIR}' '${WORKDIR}/mnt/rootfs' -o ro + lopts="--one-file-system --exclude=var/cache/apt/archives" + tar -C ${WORKDIR}/mnt/rootfs -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} . + umount -q ${WORKDIR}/mnt/rootfs +EOF + ${@ 'sudo chown $(id -u):$(id -g) rootfs.tar' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -678,7 +680,8 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + mkdir -p ${ROOTFSDIR} + run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar rm rootfs.tar fi } From patchwork Mon Jun 1 11:34:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5098 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:37 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f62.google.com (mail-oo1-f62.google.com [209.85.161.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZXWK024709 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:34 +0200 Received: by mail-oo1-f62.google.com with SMTP id 006d021491bc7-69d932fb253sf10379551eaf.3 for ; Mon, 01 Jun 2026 04:35:34 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313727; cv=pass; d=google.com; s=arc-20240605; b=ZIpJejP7wic5qG7y5siNsm7gorLqqYcWI0I5zdhWyWCJo2B4T3O3dxYlM4rsiDhnqc 2V75SsR7pVHy4PEPf7mHmox6P78Zn/MxEX232rZwYkUHCpdxxwQX1VgrbNWBiI1UjaWo /806nxuDeMkxpo5/z2YPaHofIiYl5BqFIQJaRfPdMfLifslcuwtnGOIA6wFU9P3CVX5v iYsM5Cy8ZQGxxti+d/fSmG54eJFsFVObmc+J5wXHsK4l45eMPd6d1sYtuFBITYWwejNJ OOPm5xl1uSnZuiQwx4nOA4NhYDRITfyQ1PafmsZtd98nFuhv9L6n6ZrYJlGrEP900fCf TtpA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=SSDfdZ6BClQUJD6sH0WmVrzg/PfNoyhhif7ttUcsOGg=; fh=Qiy/MfjTTkxO5yavoUv8fsvI/3dIOoV1l5YwVExe5O4=; b=WUMIXmfQOpjm5cTG7PXQhGklqwu8QH4OqOrrG5JBhYVNt5OHXwrmlRdaFit51P3nV3 Vh8u3zTxg797HvH+WcxbwtOJgjvDxi0lWiMn3IZOIR+Q7Okhm6AZFu6/M6waku3almQS +pGHthxkAM3O5ejOVVsqpCt9xLSWp4e6xAHXTh8AHtKH5lgQ+VorD0mMlZOQmxUfl7oQ kX3E+OkbWYFxH8D6aIE/G+zFS3AQi3gIuoh3LsflQSaeGs8ooC8iGdPqtgHSrJgwjAcP oRSAwXlExb9czQOrzCXlG0TmwzjjT1UMAWXGSrGkYiTY7BKT0FCPnLsQQ5sxI52KDbfy C4JQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Mnhbvu0I; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313727; x=1780918527; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=SSDfdZ6BClQUJD6sH0WmVrzg/PfNoyhhif7ttUcsOGg=; b=Ozh2NsdhrCn1UUDAO+qyGOMOZfLLOd43x7Nn8l5u1GXaYguQdOvWtb4vniaAEaWcSP o3cq92RpiPq3Fklc1NvAyJpIVegHIAsOFEx1elHi8Pu6k6DuvR8iL36DNXSEEhM4fXWU Jj6/kStzzicUtUDeY69oAEEe+TjTJK1HYpjMz88bQd0TRlT6bcm9fcMCQNj4rORslq/E 2SwlbXFMyWistE/1G5SyP/hdI0hwup4wCY9DLXaC0sQnBoyuoSigETG0lugQZB26zWpA VrRQHAdNQ5tKtNugOiy60i2+zX0fu4QhPgyvceXEoBVrrWxv76rhFHP5UuRDWgrG5Z05 51HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313727; x=1780918527; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SSDfdZ6BClQUJD6sH0WmVrzg/PfNoyhhif7ttUcsOGg=; b=fJJ+RAtEVgDv+bLESIkot2dv5nadz2tXPDums56DDFTnzi3GzCD7CeC1eJPI/uxgxo /UYvpJS3FfsXJqdp+0ZIcxoCeDBo9WvljFniE02raYE7CVHELSxxvl/iQBdTV55oMdI8 B+P/9WEjb8dNLlZ8yi2Dpa100VCKj2bRAF/P5qaeICoCMbmAx7zkZMrKVemkSpV0no3H oUMXbgwaZ8p8+GvbRwqW/l6Z5T4iYTXwgQg5KxNBWfI/yUiLPdfbqvMlLYNEUDu42C2U U2kcRh/qZcnjWas7/pM6jdKpfbHXbfXsEVweuEcgvG4OGFFPh+YlnqIzUkGrPScK1yxi O2Iw== X-Forwarded-Encrypted: i=3; AFNElJ9exbzxRDtqDwOpjo9ZfNXfRIn28STCaW12lPoVlpFHZ3srbX88Qh70Sf9DGB0Bhi0mvkp79sI=@isar-build.org X-Gm-Message-State: AOJu0Yzgp8XE4crZKK3Ts5vlzZ8EbzOrmc/ntNUaLSxhKV10LBufwbJ/ pB3jrk5NBX2CRq30a/YsUwt6aWQ0HXXJIzyNW56r+RHaPAB1KuZHAzRV X-Received: by 2002:a05:6820:338b:10b0:69e:158c:8998 with SMTP id 006d021491bc7-69e158c8cb6mr3216997eaf.38.1780313727305; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMbsBhg9HGPgLNXq97VxCkQBRpDWJS02obTZ95jC2VJNg==" Received: by 2002:a05:6820:f028:b0:69d:8cbe:f3d6 with SMTP id 006d021491bc7-69e301bf1eals170816eaf.0.-pod-prod-03-us; Mon, 01 Jun 2026 04:35:26 -0700 (PDT) X-Received: by 2002:a05:6830:668b:b0:7de:51f3:e7ed with SMTP id 46e09a7af769-7e6a1ef4ed0mr7099519a34.26.1780313726494; Mon, 01 Jun 2026 04:35:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313726; cv=pass; d=google.com; s=arc-20240605; b=ZL8lEh3lGkFceugD0ob8fR+JnEbjrlAGFARiCXHeVKGQQxC7RBNr/EcVg+egWLJ4R4 L1yt/cHqyPfliCehgA5cB/pBWjvV5frGUtiS+hzt5mCWYGrQTUKbyZY9SnPxX1yNV5Uz 4dJLeXFztDbpemqXOwtrWKLwms6Sopg/7IiA+HtSOTPQ2U23TuBU03ZbPdZ5elqkHXr/ TdZVGa+J90wCk7ZmFnj0AbiCgUmwyKFe6SZIVeu3C3UO7RrQoNoCu/f/RYjxeG2TgYHM cJKwOSam3OM89tmwEdtTSt+CKSZY2v1PFgnFrs46zErjuh1p0eKo1Mo8CbrLHi1b3dDU XxTg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=AuKM/jNER/k0+A1zkGa6kDQoxALDuCYcpRjFjAo2MfE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Ogk5Ow5hSeDyaa6RRepi9QueTrsf6A4liPSPq6GmpiOrhUuF+v7nYalMzAedzscOaL rn1i6VAv5PJdg+ayRNYl1j+xKvOmo/G89eYCKqPkgy1nH3gdQgLOzcv2FVzPbTO88kEA m9Kkk++QsjjRU4vVZWHmCTTPi4zgisn5eNJ1Cr2GC61kf26SKm6sSTGRVAS3yrf3VC9+ d732YSxRi/OBcHOmBXdtLF7edP0vHhTO8UwaBc1VB4n37+CFyipfXIo9P15zXtb9SbZK 8+TeICqSLV4MZiuAnC5g6RrQHcVqIXbDeRHJdjp8apMJzOmOMxRhq6dA4s/KFA9WaU0p jdqQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Mnhbvu0I; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:26 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pjbkooxd856hDAZXsw2zDZfVTVFv+eOxENbAWTrZsJFH/Zy0W9m5Bm118L3IMb+fx0N044TSdVCruNpDxRR2UlpQJtMXWg7ifICwWnjmnLsf4v9nz247Yp8O2PpZH4AThBsc7qQqwe5jDwYH1CmDzjdcGNyFo9qJUpGHYNEkoJMZyVmJX1vbgWHmw+3hkBkDgE3kmF42Ty80zTRofX/ugh6e1JnUIXHue1IzxnTkgdQlVQ5XaqsuDSbDlV9HqD5YdDcjAI+Xfu4nYkx5DEHvFanjIs+rXFQTWrx5Ux6K9Lg8UhVWfXDU2q7jjr1S4NeFz9vdblDtJ7qrPH6+zpj/og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AuKM/jNER/k0+A1zkGa6kDQoxALDuCYcpRjFjAo2MfE=; b=YDaeI2O8nWTitt1/1JjkpeABiHpr/oW0OLig0nBxf0sqpTMH0CgiGX3F1I0d+P7Fbo8XOraOHJOyt4daZgCn7reXir+167YKNHmftSOQVET+Z+m6i9fW2F7GTWNFy4wzDF6idDShWPBYblwsa3rP4CvVORzREdyS8vFXJ8KHqlu6+4VdyaNANxuMvoG8wfRGawta2NOV3qGR/edh4U8firvwldc35e5J75QWe9vh32P2l79uqt9rhfTc6ggwD+70NpqTmwv7bjF3FOafacnA++XQw54R+Q7V7gf3QkZb9S22hJBh10wygHm/U2gaIN5Xpl8pgIaNzgSIaCQ5Fy9CbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:20 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:20 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 07/17] rootfs_generate_initramfs: rework deployment to avoid chowning Date: Mon, 1 Jun 2026 13:34:54 +0200 Message-ID: <20260601113505.2898877-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 9a4623ea-a0f3-4c7a-3fef-08debfd1dbf7 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: JZJL3a7C0tkavPdghQ6JlYsLJBbukALyuPdeg7e9SvSnDW/rY7fOXGgkpKPXiSJzCYsBSyXmZJ7h0dcqHm2/4RcVmOx3CmLBBqLRH+dDxW1SunLvTost0Xi7V6hdidC86cKPi69/fLg884gGwI9Fg6gSJmAEWLEs8aTV7akC4VwaQU6Ozz2CkNZWuSc4ByfhgQzsZYU8cVciSS+7faFH2alOPvWFefLiYD0Sa2nb5CYSDEjEVpuyNpXcUJxBv6hU/MjNt0h1Ib6paqDcvcyGATZPQZKgxodK4dhQR0CkMULYzC0Jfc+TLgSEvTezBQX4SCWT7bn6FlpSfFSsa/hoqlugB07T6FkXyEHv+5g7dkTvA2XjJUb8sZrBT/onmzdsBT4C9bgNJ/jjeg7WEdHDenTaGs/Bro75mKwmcVEJoS38BFtDLp3NzD5fee/BVqgltweYOAskapwZoNlQelj5KkkOK6omSiTC2Jk/vpdcOowLbj1GPVPg+NTgyP4CukxCCSA0o15sMv5CuCc861TEabeze15XQruyQCChfsI+J0lyC7DxCOk603rE2vEV7wQlTKeg8xtCXntB1QjEzjjMWqbO0l9CvRNUiGo53xw6kgjfFwCj6DR7w+JoxKooX7gI0z6MwT2bOtuP6UmWr66fFB4r0WtT5qRm4VpJtl9YQoPSYdgDtBJ9jmY5UUfOdH9h X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: eyjTyOWFeU6bvZUssAP9NY5AorS/h1I48iGxYEM6ZvtHpflUrYmrP7xY0uHqlQITGRGTwEmQQvzup9Ku0yUtElYxKBWYyM/qfu7yCjoFDMumHw+3PNKVjh1St+TGgIDe7otV3n8/D+WTXfXa/sk8X/H0Z7UQYXqgn75EWjWA1OOPBd7p2iR7SVp8fjtBxf75hlqak1jd60BFKgu00RvIsL51/yd+0s9ZEx7D0Ytf0NNXVqwI0w+MIZnErjM0d4GatqFUA51w4mmP1Dgf0zT1pntdv3M63IqEWZT+3td8TGpGwx99Nfh2/glKmSJ/q1n0gZXFK+poPhbsmPecxfpbFjjivIwquxhbhk/xAHLWDcSXeHW2BnhdXX/hAZkeOI9fqe7rdz6tc8Fx+ZXsyl9dWFUzlYh6BeW0UqxxcjVCkpRa+BBSvtuYFEOXGLje9LwxxWrgKLLseS1aBFw04FQXOr23Kipt0szTuCaFufIvEhZ8x1DDisGScngNdvi361THZ9Ap/ODixwAOLR44nfnX9FFFTLnRtt2QzrjuqPJCW0lVQLcYvozAjVlOU949d306kSK4V++8xZjBaLTcaiGCOQPlcQAUKLP+Fj+LARNHxYMVdRGt6wwZXn6vfDItFPmEBSYElDiF7mbveP+LGtMOULqK/VFhMbjHGXhb8Jol9JHYW2fCj3SCQpfpRNTa9u6diYlWYeyL+G/nRJLc31Pr72Q0kltPBm57k9X01Aea0QIKMdyQuajRtgT8undoCr1Ex+FdXp/6rvTqwF0Vyr78M0RPiT0dG5+aG3zRno/nMFg+tE0rdrMofpgVEQ8b0lbb51VJIdGO9HXq+bW/U9Doez/A0GvKWLxFfUK8iHkUHu8rHCZw8tBbO4ZH6LJxN4RqeZFhitaiOI/z9a2qME7kbLXeiUJ7raTd93mrpsuP+j0OqTJR8VkD8lqqTOrAR+VQLhkjGB1hT32ue2j5bocbZFNio4/vUaYnGnYQ5dqTRmClXsVoK+aTms30yJON1pP/wq0HcxU3SLiFc1YD8L0mmPxXt8ing45XqtgTnhJN+60vGdNnempNyMkqEdRFik9ZB2xlZLiHCchqpN8wdyM++dBZTf/kH0olHYn3XaswpD7EtbUe9puGdc4HENZdXLa4j7wKSY74skoPQNn6LwB5XnUd4TnCYxkZGAW3RPQvFVAKaJr5igV4/XcWTrRiOnNu6+dB7KvG83WMVg4FbloklLAt4oUWMq+ddWC3UJuc+b/Y7yGqHnYgiY6qj5BMqa5JKTQj1/60hMv36e90RYVAPSZs7wbY+tUHNr7O1l4lygNGIxgfN51wSA9qzSyaadJRfjSAKBWas0VnTQW6RZ4VxNrv0go0is/anDy5ZD1VuWxNhtCcFfnvN3eWlq/GiBiF7EpSEEmnKp9nC+i0/tQmFPr/NoDgDn7cLVsjGgq/X0JQqnszvsQyhusWufIvRqcqIGzBCS/7pX5kPB4AzAgNrbMl+6k3z/LuuPi7PQDkBK0wRzjlOh7mTDp1T7n2iJO8eQ4VnS8vxx4f/FAtGvFWp6Zw8KcYCGYNw0AmpducNcRggzmh+vo0AjW9T0DJuztnZv+1eZhpo5LO3novNUurXEvxUnKPPwdvrWMHrYyECcE/jgDyG1XCXEmIAcyZgdF1qVLBHQaBcnGdrBMl0FV6FTtDGgsw0lDhcZrTJxGDOmL4cQYOeP9ckDWLEmecIg5rdx3tiYmUeev4AIgDl1x7bCiaeZ6WygVp445k75v/orXRj2VrnPoIwAF/s+n8efhr/d9uheg3 X-MS-Exchange-AntiSpam-MessageData-1: Kr6Dz2jofDysCgQUTfiQdStE5YL5g+DZA5I= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a4623ea-a0f3-4c7a-3fef-08debfd1dbf7 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:19.4066 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /ZXEai/3ie/IMCKP2mmzyAFCELjKiUcQk7isZdLIfiHh+zl7PY8zmnAOMQEBQB+RPKTWCCfGG7aEfwd8ghiTzBI1IU3hmq8Wqxd4KDS2ClU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Mnhbvu0I; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Previously the initrd was deployed as root and later chowned in the deploy dir. This involves privileged operations which will no longer be possible when running rootless. To prepare for that, we deploy via a stdout and create the target file by the correct user. While doing this, we also remove a useless sudo invocation when listing the ROOTFS/boot dir, as this can be listed by all users. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index aa65cec4..ca179392 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -620,18 +620,17 @@ python do_generate_initramfs_setscene () { rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler" rootfs_generate_initramfs() { - if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then + if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do export kernel_version=$(basename $kernel | cut -d'-' -f2-) mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - run_in_chroot "${ROOTFSDIR}" sh -ec ' \ - ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ - find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ - ' + run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}' + # on dracut, the initrd is not world-readable + run_privileged find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \ + > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} done - install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} else echo "no kernel in this rootfs, do not generate initrd" fi From patchwork Mon Jun 1 11:34:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5097 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:36 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ot1-f58.google.com (mail-ot1-f58.google.com [209.85.210.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZXJS024657 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:34 +0200 Received: by mail-ot1-f58.google.com with SMTP id 46e09a7af769-7e6b5ea69f7sf2328563a34.2 for ; Mon, 01 Jun 2026 04:35:34 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313728; cv=pass; d=google.com; s=arc-20240605; b=ZcZxkdv95ABHhRnjTXarvdQKGvn6QEgzaWSvaELRHr6Bhdx9JjJGA80LHRJ55Rzsfd QB4l007iT0efocDEzmk+5i0h3xZBdxIlDmTJKqNueQ/A6D3ACjhdu4QMr/AX2iCD9ejM xHKj/mg+sRC3Zt1w11n/AtKt24S6k5ofBJEQafhy3mxV+eSbtD7vgjzPz1gTnJ1fKIhc XFFTDWFYdL+peIUiUQCJP5SNh0HcKocDsAmUzYqyqRm6uwxyz34P2r0qVbSIqq+sjVpg 10bduBe+N22w5GNTRhrfTUwQ+8ZHKGC9DaUUc2Oy4hqk6uqqRCvztuGCq/RfxThntr+M 5EFg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=K6hdFx/+yyWhcMQrLo8aYga/sVFU7M+zGd3lXYwv4fo=; fh=jPD2sMEKcEZiWnMgHYnx+xIMJeFaVxSZOY15l871oFg=; b=DThAM2ImSBvur4+Su3BUHFjtK23YF4ye9N9ae/EmABSneUd6fN6ZNMf1qMLM6Nd28f Y4j5gpps1H6GJJX3/y52mjFOQObx7NbB9IUuzSKrtl/RolLxuKx3mIczC7FalMosj8Cb 97nSv29j8AxO7HKxtmBMgDUiBzUrdrW72XIzokv0oaCNh7RhfE5S7gfRl4cCzNF1mAQH yIDO9+zvRaCyBVozrm30qHEtR6Ix1+GGiRH3MIp2uci9RVf9XrkAiI087XUYAwT6aA9Q IQEQYyOehPTpQmCSXVw6foWWC2qcmqznZTocqaEj0VYEhkoH0FxTceb7tr6F1csuYkie QcWw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JO0r3CxK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313728; x=1780918528; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=K6hdFx/+yyWhcMQrLo8aYga/sVFU7M+zGd3lXYwv4fo=; b=rWsQ4VLTjsB8+xGc/3WliwSY+eyZLJkM3r4sZIiINvvdAFl0X+sMHoZN2ogj3UApbO EECoXUxNw486P3vt2TB+g8XcaqnE90RiBQTjIvTa0shSBkmcLrxSfZSnTlhndvmzSD+B 3mgi3PJw24neMPkXxuJr7wAmdcnbuQ7hVfhb+s7zf2I2Di3zqJ2naKidxnhFiz2Za5hk uYfJncK2VV290qE2hjvWAAWgS7xMjBaeUGndpeQu3ybTREJXcMjesLZ08m4Lh6E0ZFr1 kU5PDeGQPlsFRMVXdALqI30ljqVYS8r5KrPKFhf/rOC1DJ9ADYBU9bb4rQ6KnRHEaM7/ 7zeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313728; x=1780918528; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=K6hdFx/+yyWhcMQrLo8aYga/sVFU7M+zGd3lXYwv4fo=; b=r1P1UI04G424JscaM93Bd/9+ZDC3OjA283y4YqC/N+SIKL7oxB9+WS0pakM28Du5SF jYrojr3ezvQMRLTAaDs1Sre62ewCH0EmdbkeVzwdKnnjEsuBEDga+BwXUKF4vKnwKFhL RylskUyO1XJ9rV4bxGfmlLqjKtUXniytpr5kPXtslQ84fj5DR3wgKv71NQiJ9REXHpnH 2wuJ2/ge7zuNwoZYjHeOq59Yxue8RD+kOZvsjXTahA0xf3ZxtpzmKPOcIqszGbrx3BwH 1hl2ZGqDfd4N4UIw8vSZeWXPj1xRmbHcNJ4lfQGUe5P8d4UJ/eDAjXfz5QASxUKkJp6L t8gQ== X-Forwarded-Encrypted: i=3; AFNElJ+e1j7+VgE7//yFKGRycTasif6I3vwvN9Wua698zsWqzJO7YqHTgH+huUKZzBB/GG3XtTbFY5Y=@isar-build.org X-Gm-Message-State: AOJu0YwP5vwSngN/glTTix1dpn1E/uwMZjcvsc84LHBNlynAdEmc6Vx2 x+DQcgqfKTNqR8OUP4P84RBLWuWzXBeOxme28Zr7NseVS5lg6/mEbzXp X-Received: by 2002:a05:6820:8188:b0:69e:283:abaf with SMTP id 006d021491bc7-69e1039dbe6mr5282208eaf.32.1780313727947; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMO7SO5oD6mI+sNkkEsp4XDf3FRTBiG4lIbqelwt7mZUlg==" Received: by 2002:a05:6820:7149:b0:696:15d2:5cf3 with SMTP id 006d021491bc7-69df441bc31ls2789259eaf.1.-pod-prod-07-us; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) X-Received: by 2002:a05:6830:6209:b0:7dc:d0e3:5bc1 with SMTP id 46e09a7af769-7e6a1daf750mr7193019a34.13.1780313727031; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313727; cv=pass; d=google.com; s=arc-20240605; b=iVcc4UQQ8iYXxBdq0NCdzSTX/pA1je1IkIi+ijPNgnxb1W8oNPhXAcVtjX0mlAPbOG RUQCtGmtqmlLxLGpkjzgQhtL6jO9/wD0C4/ZThjagxKiXIZOxt+P6AUEZS1nKbveCJEK cm8A9DwN3wiHYFCITLvKNoBnwY21FZDRaWSClJrrK8vNPdk654YABAW3zCDR+oHYaAGp 1tlQ30j4tQNUiMtNlyD8wwMXrB5nUvHJ26fG74ZoUcwxS0PnSFn3xd5nFn+1u/nlkZMI ygkw6PH9vHynUtEfwBY0A1aTZmEuUVqQeyJx+SpdlnnTrkOdq9Os4C7f4wvBdj7V5fqr c5Cg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=9CQMpHOsvmt8WJ9kExrr1xaWDFcIcWcoyUEm4IVdolw=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=X8dqi+P/M6mIQznPqMyzGTokFMVORv61wdvWapBCcwMADY/IlRgH53NwT9dgv1zxq+ 6QL8RCGAH4JE/TU2PLvH6ZRql/WoaIIz7rneBzHqbq6mG/HpT4A/rhJjFmiKUagNLzIJ TidswpiGSYOq/5a+866cC4DDIBppD/ApYI6B1ltNrjif8GiC5NWOxQBU+8Wa0wOelY9A 6cUEMBKZUoNHf4LIedXooctIdJG1L97UxzwwuV2Hc5eM/HvkV9LbYjxd4jroo4QvV7L5 7QUhjsKA+hPeNGoIncRM+e4w+gMGljV5o78g1k2k8JNHHy5FkAbvkG9hmngmwDRVirlA 0fRg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JO0r3CxK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:27 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g1CDJiOqHYuM4I9vvnSgzSPenj4M5rU8w+mvUMakkyx5wTxDKIXhkRYEh4qdMva/8TZVdG7WszHf4jdLD4uiLCyo33dx07rc2NyrSnvIVMLxoxLBQjvqVZqKMYPQWuQGOqoZA9xL3ArGOU3PiHiSaSGlP5KOGrhrUiEH0fef+6UOglgcwCZZcvGWqOmMEiB5SeryPI/NtkMzrjipInq1RmS4RmhIAY5umZKPGK0YRicsoqy0d65hoNVDbdHmAT5MDkvDc6fTELd7WIe/u8UerbkPzlVA5kzqcn3gXAiven5++acvDlD7HEYT3xonVsnbS9wjk7dxerlkVk29DoA5cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9CQMpHOsvmt8WJ9kExrr1xaWDFcIcWcoyUEm4IVdolw=; b=UJk3uMWAgfKbeUvrAn8c9EpZ7W1jxAK9dYJf41l6mknrxyBULeJ5aTkJxCC0t1AiXZHKFSc090CjU4EnkkDJGK4YP30Ct/gNzHl4py7Of4zwKxDxg0whb1XqxeBsDfPykbO0s00KLt8bdObuGZ5MiJGxMI2N0KZST2uNB6EcPF9Bqe+/Nt5mHYzr0hYOfqAN1xOeHy2EhFf5WJ3tpau8LBaJkdoMKSZhRQ+2MURFoa/wSyhHpR28LDC24CMtnfLctZndKf2eueUkyw+/ZcfIFvGFgx2csm0U6WsLkAvxcoxPzuFcYXfkecp8bswzMWKHCvPDwPN4DTEeerci4rQcHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:20 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:20 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 08/17] use bitbake function to generate mounting scripts Date: Mon, 1 Jun 2026 13:34:55 +0200 Message-ID: <20260601113505.2898877-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: a36e4ea6-3a5f-412e-ed98-08debfd1dc56 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|6133799003|11063799006; X-Microsoft-Antispam-Message-Info: bYh0YxpYm+97yL9jeAlOH6xeHryqNZ1oPQi9mKPyAgw3/LkrHkT+Ky69Zlbm/8QYhhwU3QY+zTFfZRzpWTBsLdzsHiVlKT4Z35h5Y3LqQOroj13WxmiZwo8JZqBrsjqJm4jtlRxre9VpdSF8He1S6eLvMyCSyQEstv9iWes/tlsZVkA/sxu8yVoJxC1YTvmCPau3OuotmcF0YFoShKUc22w3itMCyrYvOnPSjwAOPKYJcVa1MbsgKpld/YgsRUZyFxjz6P5TnbawLst/ySGvf8PSvur6q4rJDGY+tA24PUmWDJ48M1c81R+t1tH/ehsSJSd269CglLLwnh/IdZkTLA0rfMfYALI5ffqEkDBK/kIzX1n0DXuvryie5OKy4gU91wQrTJiL+7DhN1lSV9brJYXMmFoaValA0rmSZIF5p6OBbZr+u6WlUtgCLU1WzClmuXerID0phOvJ5Si70bWuy8pHskmAu59b+UW6EjSd2PfvTGoxljaW/sDQAYuaOnSUy9hUuronMHuMRj01mp9F+18jpe0OHwXa6yS9fESv8BSFwe0vtiwcIgK6cfb/pFUWpalTMGDXi1qP5Y6XDJ8XTpcEo/26Ai6WfVQZE+XJ++gv6bpXHF933ULB7biiLckgyJ5t8TI/auLniO7dhtg3GqF/sKjtxKaP1YRjHpwpbIvkIGGjB6W2QGcIsDIlK4Fc X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(6133799003)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: yt2yHB4hkS70wuz7FRphjgav2CUiSInd0nvYxWntqeWLOfaQY46jQgQY8Wuywg2bFhYY4Cju1kqw5STdws3wVH+tslfP9vu2SRO7+bG1OoetZkinZURR8mTEr+Dg79bqBji2cFFPnBOXIixYxrGYhvd6z+Ic1cZC4Eyt99c3Qu7H7cQTK0eKS7Wy/B/yacCT2e+RWSrxtt7lxNvvKMg/UJT3VLm1E/VoJW1302AQ/TJ9L9aPUqINaOqT/ZEpustn5KqX9HbkfVI9G40V5ifpO34WPsF4EAgQcG+FkMi+Oko2Vp3wV/BDPwuuHw+MvfzN81u16FWpMWQhxip7LpdvVNBcMZBS349F2SmsLJPRpPSFUXseSt+ufg82L9uBKCOE2CaZV9W+PgplJ4jq2CXLSqQMcnVtGVvZXP3FW8mHqtUzEMxDXwsNeFtvA57B9VB5ppyr/aZfnUaGd8IXcRlKJancq1IIc0rMc7bRNfvAcBtWH09sf6HEvfcEpNMmrvqQEsJjy98gzs2FNf49Mzwply6/h/CfCfYfGV9TSkzSA/kZ+p/AgR7DiFoE1O4ZEQdyemxhwPWbwpA5/BQeP1TIvVbxVzOS66YsLJfsVykG+lvTqYoemFWofoFNJPqM0P6NLNvyVdFIw0Vukq8PvVxlT9qAY1Uo6EPDV9fRL+hZhgwbVZT0sVKcZQ5WkifQT048+saP0c4UzT8c5MKV4sHpesf40ZCooD172w+/O+yOgWxzCNBmV2uYrzbh3FztchbbmAgZiUb2DcLpzIV4zxqVT8TYNwFFpgjpQL1AbH6gT2sgP02jQyFAZQJH4+s3fpFoq8Sul6gKCymXXZ87l7DOCGqCpogS15BkWS2bOplhH47WyQSdQDosc2u8XSe5FbJPrtExiTGdxzdCbQjcllCkThvFYcfzpVw1LAg3ntX6tCa2DKSyRWwgboPb1oSo1Ls6vuFyo5W0R2+kCEtj5bX27hA8UHBp3JBaUXA9Z0lPiqJqOWQqLNFts8YJ4qNpQPcHGv3SYaoUvYG8awFAoIWPJ7eeHD/ge2BOBLnTnPT+OiLhHnQBHMhuCzQZOhVoemaFk+qr1x1nRx+khE92yb0CBGATDHST77a/Q89nXwtc2ombtFZwyawQ/Leajn0z/OcuzHxbCKqQkSFmDMomwQ9Dc9hKyEtI0bXuYyvzZkbdjhinZ83TMXm6/Vku31TWCn96Cz35FVgwk88EB3hpbMDolW27CWj6kBVivcREWfSxX7RN8/tnRxgHvMynJTU2pgH6anxDWd1nlHqn7jAOtOtdLvvTv2U+UyRcTK1sKhR1G5ET7VsvqgG81x2Jwmy4331B23wTRIfA9XsEJU3IuiuNncGo69gM7V2ykyYdyiz3uDLsug0Epgh1v5GTFj2M3mOgS1gCdBR2LD09XWBYcl41VKBJi/HGaoo2LT0jUb6McBScUi5maEOxPB8+M7E64Oy/qZf3tTMyN88crF16S3GLRhPK6JjprN9Z8zcfTpBd8vi6mTDkILDCWzPCkxhPI8hjXJ193l2vg98YBgEfZtmYDeKdXWKyjOYiShRCyOI5/vl24OB9W5EhKoJ76R1kyzQ1sJlmy1Me0sU9FX7pU46cxLpG5luWCklU9ku2f8AU8vxbP/CrS7I0hTWbbVc/mK5DPeqyNi9MiZUISbKRKC5xMXUwQcdN5O5CTK5GjYFlAkqsd2rh2oRJE3i+FSrMcDmlp5cl2dYKBoWbv9WdiPTnIM1ny24MaS+scNgJ552k2NFuUyNSKBl45kEEl1qQDNcOjX4p3lej X-MS-Exchange-AntiSpam-MessageData-1: uv4WUJtUZbo20AWrSh7o3bkIkG6arUqeVrU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a36e4ea6-3a5f-412e-ed98-08debfd1dc56 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:20.0410 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CB7gYW51q/rIvvcP8PtpoM5rTQQlp6uAqjXBBAdfjGHWYzRupb8UjKHvfT/K2PTTeVRWcQ5gvPKg0anhVer8UJLdGHi79IrfJYOp8TmqPZY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JO0r3CxK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By introducing a bitbake python function (a code generator) to generate the mount shell code, we make it reusable within here documents where external shell functions cannot be called. Signed-off-by: Felix Moessbauer --- meta/classes-global/base.bbclass | 18 +++++++++++ meta/classes-recipe/rootfs.bbclass | 49 ++++++++---------------------- 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index d4dbbc3a..90e4525e 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -379,6 +379,24 @@ def deb_list_beautify(d, varname): # Helpers for privileged execution. Only the non-underscore functions # shall be used outside of this class. +def insert_isar_mounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + inner_full = os.path.join(rootfs, inner[1:]) + lines.append('mkdir -p {}'.format(inner_full)) + lines.append('mount -o bind,private {} {}'.format(host, inner_full)) + return '\n'.join(lines) + +def insert_isar_umounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + mp = '{}/{}'.format(rootfs, inner) + lines.append('mountpoint -q {} && umount {}'.format(mp, mp)) + lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) + return '\n'.join(lines) + def run_privileged_cmd(d): cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index ca179392..00d71195 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -49,6 +49,16 @@ ROOTFS_PACKAGE_SUFFIX ?= "${PN}-${DISTRO}-${DISTRO_ARCH}" # path to deploy stubbed versions of initrd update scripts during do_rootfs_install ROOTFS_STUBS_DIR = "/usr/local/isar-sbin" +# list of : or mount entries +ROOTFS_MOUNTS ??= "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt ${WORKDIR}:/isar-work" + +python () { + mounts = d.getVar('ROOTFS_MOUNTS', False) + if d.getVar('ISAR_USE_CACHED_BASE_REPO') and not ':/base-apt' in mounts: + base_apt = '{}:/base-apt'.format(d.getVar('REPO_BASE_DIR')) + d.setVar('ROOTFS_MOUNTS', '{} {}'.format(mounts, base_apt)) +} + # helper to compute the rootfs distro also under cross building def get_rootfs_distro(d): host_arch = d.getVar('HOST_ARCH') @@ -154,50 +164,15 @@ rootfs_do_mounts() { mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' fi - # Mount isar-apt if the directory does not exist or if it is empty - # This prevents overwriting something that was copied there - if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ - [ "$(find '${ROOTFSDIR}/isar-apt' -maxdepth 1 -mindepth 1 | wc -l)" = "0" ] - then - mkdir -p '${ROOTFSDIR}/isar-apt' - mountpoint -q '${ROOTFSDIR}/isar-apt' || \ - mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' - fi - - if [ ! -e '$ROOTFSDIR'/isar-work ]; then - mkdir -p '${ROOTFSDIR}/isar-work' - mountpoint -q '${ROOTFSDIR}/isar-work' || \ - mount -o bind,private '${WORKDIR}' '${ROOTFSDIR}/isar-work' - fi - - # Mount base-apt if 'ISAR_USE_CACHED_BASE_REPO' is set - if [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')))}" = 'True' ] - then - mkdir -p '${ROOTFSDIR}/base-apt' - mountpoint -q '${ROOTFSDIR}/base-apt' || \ - mount -o bind,private '${REPO_BASE_DIR}' '${ROOTFSDIR}/base-apt' - fi - + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} EOSUDO } rootfs_do_umounts() { run_privileged_heredoc <<'EOSUDO' set -e - if mountpoint -q '${ROOTFSDIR}/isar-apt'; then - umount '${ROOTFSDIR}/isar-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-apt - fi - if mountpoint -q '${ROOTFSDIR}/base-apt'; then - umount '${ROOTFSDIR}/base-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt - fi - - if mountpoint -q '${ROOTFSDIR}/isar-work'; then - umount '${ROOTFSDIR}/isar-work' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-work - fi + ${@insert_isar_umounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} if mountpoint -q '${ROOTFSDIR}/dev/pts'; then umount '${ROOTFSDIR}/dev/pts' From patchwork Mon Jun 1 11:34:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5100 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:38 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ot1-f61.google.com (mail-ot1-f61.google.com [209.85.210.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZZnO024812 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:35 +0200 Received: by mail-ot1-f61.google.com with SMTP id 46e09a7af769-7e60308f6b9sf6716594a34.1 for ; Mon, 01 Jun 2026 04:35:35 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313728; cv=pass; d=google.com; s=arc-20240605; b=ae7/ExnECw619vt5Ob8+RhQSSdhnoWN/2dCJZG6eqaLlta1/BFAW7mxMHq1sOleP1q QJDugDdjO43TVV1SJUyklAyuTgv1WInMdx7qp1H9s9xjD0Cs2HnfaU8g/JsVvOguST9q lS2uzn5QVOesg99g3ly4Irw4XB97880vuvW4smphlYKh1oHwclDEbc1lxnn2PSRRxvAK VAqVH6ChTyN6UBo50gPO4/C0Scft7Q01mtsKrZYwSJ4xGtxLcx++iSf2tkWDprsbPoUk wDOduI0KnADXojuk1+GOoTi1cqjhsQOt2yvYRF/fJ+emcBMUxxHlPSXuoWxYZXJkaXVk YkQA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=tf9762R1zZCAD5MBq1moIi8af94vT/OGW+zbHXtbVhY=; fh=xWAdauOwqFbNsaEzyzDyb3NL3Iu5EUyQ2/0MVjR9gKw=; b=bQ0WUFzwC+QHppPntuUuMv1sdUri+FkUxZ98q406L2DhaNibjkbmRnrfqnJbUO0nsB D17Qg3b/NJsvNTzlEqeUvvmn/vApNvb/5OuMBwXuhy0+Yd5YEiHutjPY6MFIgnBA5PZV 5r9/5yVtCmQ/fMJi3rL2NFaRzXzJFt8hmdmZf8uhIkdk8l30vmylozpJT22Chtb188TE aEzefagB46S+dmRFGq9BSE4V5a0jKUnewO7G5qV5cO7ID6Iz18MDJmteoZ9lnxwQ1yTO 309U2YVe5ppQp3twNMmbYgdMEecm0KKBx/rhNo/hNj9bi9mrOtg0cikQTxDa6KxOSUHu EcGw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KsVlGHcL; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313728; x=1780918528; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=tf9762R1zZCAD5MBq1moIi8af94vT/OGW+zbHXtbVhY=; b=Ro0pJ0+AaV4KkS1WhkV760+olJbtrtyc/4kvW1FMEYqPLu+IwS4yi7J8SL/0+y0kZ0 efes/Yt8/SFYpib2xzKEW+wDG8woWiz2OJnSC5LOza36ssnaNfzdw0gqtuGmCGaHOTDD zlP3TGRiPXo/C4bR3OTpENkz256xF7XMhtKt15CP6+H46g7w7Yy2vhQSoF9puj7QW/4/ 7mXvqtGEfEB49qrf6j4lC6BOAgcOCW8Yi1WSGA8YBjtXFKDs9ETeTOXwy2S0BnRqTWcq rrbO2zQfoFhBDE0WeYAoAA9yPfZLi6N6v9MMyEm8FsQ0ZhEC5LEfbVvBzYEyiMQcRrjq ebOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313728; x=1780918528; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tf9762R1zZCAD5MBq1moIi8af94vT/OGW+zbHXtbVhY=; b=fKB2Epx73URtGXOrJYMDJXyROYKK1ekaivEwIVCJPiLi7yOaz+BqzHfwLRK+qaM/Zm C/cNyBUrW1jxsaoF44D0cwY8RTmRgAPkUWwwST7dvQCKT+2HMUjwDV4cvKxPc7fdYy/a l+ph7JVuU882qlE9VyHSaXqTJRjnR1wymAsy8AdE/EySRBcZqZqOJZHeZJku+HWdeRUa 0hRQ9JDEVflAV4Tg1TGA4kz1ltOZgDSLGrC1DX5XE3yqo1K3whFVUXfRO45zMXB9CKqp j7Su/u9hCMY+7i12NdLWQXk5C67zqfFcy1dz8JSFkSWBZnkmK4u1rXVnpnKZStIHLBBJ KqUA== X-Forwarded-Encrypted: i=3; AFNElJ+tgNY3QuHkO6ocvvA46/EgJeufr4TP5i39l0sZ6Dmd20pbgCeIpp6cCut3GTKMQDXIv1xo+J8=@isar-build.org X-Gm-Message-State: AOJu0YxTodPofGui5zwDQwiH/cQVau589TJ20u2uYIZDUKsN8CFSuoOk ilP5YZd6y41P3kY57oFiuH0Pi33EdbQoDRP3y4qZsI5kHa8WpZ9e8Y4Y X-Received: by 2002:a05:6820:1897:b0:69e:32b:3313 with SMTP id 006d021491bc7-69e102e6319mr5746808eaf.17.1780313728545; Mon, 01 Jun 2026 04:35:28 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMM8Vkp6zn5fMz7ssbTFndAWonN0Ck1JekpsuQFbPoVZVw==" Received: by 2002:a05:6820:168c:b0:696:77d2:4757 with SMTP id 006d021491bc7-69e2e4f0acels193758eaf.1.-pod-prod-06-us; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) X-Received: by 2002:a05:6830:6181:b0:7e6:7dc7:4542 with SMTP id 46e09a7af769-7e6a1dc4c4bmr6856867a34.16.1780313727600; Mon, 01 Jun 2026 04:35:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313727; cv=pass; d=google.com; s=arc-20240605; b=lGRTX+gOKsekPYDmPgfobpjviHCNrAkqwTbwGsjILc2KUcDcVBhhpS2ghfvL8OI5b5 /zPoVzT2yWERL1dsqdibHlh/fCH2ryX+DwzwOx0B4IAM9KZLWOp8GweQeeoLWXmoSd6H 2F8NmwYL/eoNE1xOW5E7tGRdfFjCUWscpWZMKMbZzLBk3DBTzTQnA1yUNF1ALUdt3w4X i87glWB3UgvIqnsZnIgaTjVdD+s7cOlZ5ehNClQ+J1pVSi4sMHUqbe5PSGG1tlXDXKUN rjxbGRm3U+SFS9V8/qOI6qR/Vm3zptGPwKsZNrLaHYifVXrWc9H+wWnHEtnQuJcOnNsg 0VrA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=FETrSihCPjQLKXSpplYs/IdUv8R04K/U2cEar6zKVCby7M/HDyGksmGtL5b4cDQNuV aH9avDo+zilwNJtJeqP+x9H/Orc70k26mcvh/BSqnuNrh7kEgRlVgXYa6ytYHSFtZRRf QW+oYGdEKzXjtnLRpabBxTaRClr/Xwp3fQv4cgbjofP+gEg2PNLe4XP6xPRb8JldETd8 L9EREF55Mz1eg6mBaUVwtZia5jGUxQy2vdER3whNPZn1rjjaA0A9tirDFCLCNW1tUVqm oVJ/tw088DlTkV9YsqpRPqgyL6KbG8zjAORgapWT9OKaC510T1fUypWAO+hh+ddm25nM U3QQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KsVlGHcL; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:27 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qzrQ+ocmfqh5rNvbGWWOn7TU5dlJVj/0S+6+JDU4qgUO2pXH1Scyf/4bYzy1EFzX5Pl2jo1XtgnSsvHW8L4oJ7t+CQ+3u5wORjrWgbmFSBu7xS0yvC4iJwKV4Daj+DYE6APmZrFRxdN7ykH2hx3BKhzL7K/I0Ef47kEipdrCTdqQwZFl1Gitxs9LQYOIeJIpyGZ/+dEGVerYIXaqekrnYJtDlB0Aa5flFsASkYnB9eW9UYzdrsoKzzi6cLPWzkSYUju40z+34AdsNLehu1asdL/Tno/yqi0yHzGn2EsuBf65m7c0nbgE7H7h6b3uRqleGBJhi0jXl/qq34ffOz1XaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; b=umJbTQnuN7iWzQ6P3oHwPaUsnDPYIj3A03Ev5x2CbYslZp8bbPr6U/Y/cs3/PQSGp+zxmj0v13sZcm6GVI5Rd4CLO1ytiu//qa95ChetdsqYDBNFL/aBZsRMOMCHfXQArZL9JmjKsarZIxy/cjxJaaLPegmBNKi2QjUvOxVK32zkMgq9SsI35gMbT5WuK5AjtUdCajSRYJTvlkzrhUoY6RJ/+xw6HAgNlWnfVewqf/aWd2QJmLhw3cd3fu+aHuNmC+3oEDVum/zZoznwK+XRFrPyroF/XcU+rrVDyXuUNlVS0+DfhG0YBhCS2qkO2V/nEWVKkIA1L8Uts5WykBFEoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:21 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:21 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 09/17] apt-fetcher: prepare for chroot specific fetching Date: Mon, 1 Jun 2026 13:34:56 +0200 Message-ID: <20260601113505.2898877-10-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 0a629c3b-f18e-4fff-0d3e-08debfd1dcb3 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: K/DFEk7kJBXv+cJyRWby2q6+5ixu5I0LXc7Wedn/Ox5bV2S44VTm3dXLwP464PAfTesAurAAPhpK32q+Spt17z0Eydw3lkvpGXb2MocBTV1O55p4r9XrWrgc5mjQdznJS6e+B8YZR4R/JfEEDVU0io3HzyXl/qbPolRJZrf1EWyVDSQWNDzCNO5PLRjgPmklqr6i4AnxGcoAHo7ahdCNM9T/EsKva260qgEntWN9b/HaiKhnfyzA2YfsoP6jidRN4+AmLkdTFwe14j2Q0LNSj6XiwUuI3iosRq1NmShBbQyZIiL/cSutLEzFjevcRf2D3OH9CmDIfxoPqSAcS87tCrQ/QTJvh89m/BFzRCRyZY9G/jdGPxl/Z0lymunmenBCKJ8RO2RuXKMIeIl3KHZNmCO6ONpdWJSAzsGA7OnaF8BPl74eIRbBaLOMs+20jvqfLRK8T8E1aZIfMeeREmX/ggNncHuX7Rb8ouIAcI+ZuKFyJBywUBxARpipocaAsrxoC8EskAX03+aSodR3GpmPrq040/oOO2B0EdfMQlPguUTw2rb7pVDTdN8mZBTJViNhzWVQoDvahedFH9ISbPJBVD1E/VyUkDouzf65RqfrwbCJOFGIM0M/OpS4THYCmPYWSuJRQLX9Xp8qGUj1ZhVUgQFrU4AWEn4myIBWw9EejDxCnQLhSmEwGrcR3Rqnlmsw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: h9xCSMIAvzgQ38Oke4zwQxNTQDlPhiFyMWVPY/NylyUOXLoUiLZw2QvZrBnNIewUED1HGQIBq1klLuRvUkkrNTtu8JK1dwoc4TashIuvXTF5N5BfK/tG1SBv19hVazeNoHzp3Usk279Q/7SUQCup58YI0Yt4VY6wZ+FJc2iKaGBy+tGviWhAB6KXJYCHBWVcD6XCFja0JNz2fFA/plvW1tJm/NfuUnI0LOdysWm4WnK6puZXDW8vjSjJPOnoccf01Im+72DcMtM28NJ+vB77rSACVSdzYake7lxlWLyWuUsF3wKdcFBXst+f82GVlnLQuPPiGNQM5od/HzLbrwCzj8kHhOZUzOahu99w+balz9qf/f86OxdokQqoV5WOWRwN0cxBHC5+4iTttHshQ2YRt8a20dvh1I/OkjPx2nlV1Wremvcl3y1hWYDBxyFfEh0amrowsnJhIeY0j/x+z63yYIMLpDK6uu9x/FdO24TSupmpoTdeBB9GgqGN8ub8lho60d3gcLHsMmRhlmdV251jdwbSM6qrFW9r25jqbvlBIr9LCjAqAdkY9aVGb7XiIsm6KjP+5XfKmecgnkk3Ro8oqOWyt3vgvtLzb545B+Qf7rkh1/kRUr2vkG3KUBOXSIWiXJRhIYqmxDSArrFHFDFevSFkqOcE/WP3HmqpeWKAzOYkNzD182O4ChEuah/bOZ1JX1huN+dNBS1YQYasBslvZAHhCR8vuwmYk02FgRGZlQ6Jvoe0+xxiipdpi6t5g3qkb/tDQOoXg2HDp2Nkwh3NiYfWZJ+tSA+bOHDJe+U8N4q5GHxH3MZKKCkDy0GzG0mJdQAjhsaz60r4M2699alQh4zc3Cgjl+tRfWtpy2BWQXkeV00oS9F2R9FI76fnuEYU1lfGWl7fhpExNyqBlgHffpILUFkV+1dAGHKQ5yAIJXOSj0AMH65+AGnnS/K+20Tos4ai5zhZ5n2ZR9pNY06Bsv3tAWVAs05Ap/c4sIjlruuETFYqPKDWOOK4QH6MzSsSphDKP1HtSJgbcr4wTToovjD08IRsEWXjhaugeo0AK0osDoykO7i++ZqSWMXJL8Gyvoxm+agPGpAaY3pE5H7mzFIXzfCPn8n+OZrgBMVvGdzbmO2uCeOCZibgCur2VwChhF+ZDQYonLY1vsBl49dh2d6rOcL5yb3h5Vlh2XMpfkMiqW/J3n4uKDMO3iE8uQCAMRqEPbZYc89cR7UZlyXp+tfpriCZeivys3v3s+IItP7xmTkvTgvIGqz0WSDsgDelCT06Xqe3BwqbBYqJ+SG5HMx/XfkFhf643ZzShg5YYtdWK7iw/S+4C6BSdj4Bm7dGYerrXRdbRRceRhIrJEqj/0SIffvnbEQ3CsFMC3cLQZCQ7gPvot1nGMdPxzXba3VzEC0lN2YTmPVkq9u8wCz2LROTdVl6kUxCujLcCLRtPNkorIY0cnbwLbEbCHjIFoHjhhO480e6aEf7S6gjfY7NgfAlNbDdSX/oB2YtRsDCGK4PDnhPH1Q9n5JggOfoy4o67AztMSCCH5nZa+3MyPAvDWNgj0hLhjZv7H84DJF6Nb2YKtYLubHRzQdCJslOMKkj6M1vQre3onlw14t7xZp0oAJMsY7eMolybHWZLlLNrlDhsJptX1Dh2saMnD28eqT/44eCbesZl5EYXHfaHyE+GPq4pRgamDcaw+RmSqOPn5/gxuNkVf0y6fNsQklP/dfaB0HEozvRhtVTV34yDbhp+YXVDKRbvw7oKyljqZVbGxc/I3aPwigNR73IoA0h+XChlpLp5SBk X-MS-Exchange-AntiSpam-MessageData-1: 5iUBHt5szMjIP/5Y2cYxShzBZPm8hm4t1os= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0a629c3b-f18e-4fff-0d3e-08debfd1dcb3 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:20.7202 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Ck/PEw4L+YeLjSxdC/N6F+gV9wEu+o9QRT6KYL6uC3q/+ENN05baoNsGm701Vv8NlOLjYmlR99AufrL5XbYScRn+OqTYQIprAQRrUK6JU34= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KsVlGHcL; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The implementation of the fetching depends on the chroot mode (e.g. schroot or unshare). As a preparation for the unshare mode, we hide the concrete fetcher implementation behind a factory, so that we will be able to dispatch based on the mode. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/lib/aptsrc_fetcher.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e5987554..e8721c79 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -84,7 +84,7 @@ python() { # apt-src fetcher import aptsrc_fetcher - methods.append(aptsrc_fetcher.AptSrc()) + methods.append(aptsrc_fetcher.AptSrc.create(d)) src_uri = (d.getVar('SRC_URI', False) or "").split() for u in src_uri: diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index da2d94c2..1d133aae 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -9,6 +9,10 @@ from bb.fetch2 import logger from bb.fetch2 import runfetchcmd class AptSrc(FetchMethod): + @classmethod + def create(cls, d): + return AptSrcSchroot() + def supports(self, ud, d): return ud.type in ['apt'] @@ -20,6 +24,11 @@ class AptSrc(FetchMethod): codename = d.getVar('BASE_DISTRO_CODENAME') ud.localfile='deb-src/' + base_distro + '-' + codename + '/' + ud.host + def clean(self, ud, d): + bb.utils.remove(ud.localpath, recurse=True) + + +class AptSrcSchroot(AptSrc): def download(self, ud, d): bb.utils.exec_flat_python_func('isar_export_proxies', d) bb.build.exec_func('schroot_create_configs', d) @@ -83,6 +92,3 @@ class AptSrc(FetchMethod): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) - - def clean(self, ud, d): - bb.utils.remove(ud.localpath, recurse=True) From patchwork Mon Jun 1 11:34:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5101 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:39 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f58.google.com (mail-oo1-f58.google.com [209.85.161.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZZRI024824 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:36 +0200 Received: by mail-oo1-f58.google.com with SMTP id 006d021491bc7-69d8e34058csf7278826eaf.1 for ; Mon, 01 Jun 2026 04:35:36 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313730; cv=pass; d=google.com; s=arc-20240605; b=P5drTXfwZBQMzhiUaTtCQ/6UKrTxJnGefSyt69oL+b8C9zKRN9qBcD4Rwd71UWJnMr KX1BA/J5bv1lpPeHsRnc1KUtx7OQXT+u5UoBZ+jSwLR7Yng2QbeoGcgCA02QRsUICeti Wq/IE9dJr8TBndZPqJHKADvq0rkzIlksuf8W/vde5m4Zzt3KHf3X1lrHk2OtCwPCNSl9 9D6Tp4M6i/LNVYbAHiaHgps1fPLiT3PwJWtgCPK7IlFKFWCLJPXDCWPyYgybilpy6mCe pWGbF+Ujd9/vL67Ty0Qs+/SSzk33u9VkcwHfepY76ok7sLmVleSK31MFUK76j4pUID+0 7L2Q== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=/dtQgI1lI6nfUAWg4l0S273bcOfRdJFA8S6ekErL8XI=; fh=+aiAg5yN2q44E9caEJ+3vaqmOCD/uPj3E0buV1/YPdY=; b=RY+8Iry9MuH/yGowE7UgbqJ8mWuw1txLFmLMo5cjp7P9O8UF66PEGgM+1/M6PbIpD/ ieccFN5ItVzVfvhshOzPlc+AeK2G0cUovio7KtX8jmwp4Yrsi7km2R8spX9ilzUDagce JbupwYDN2cn9IDHiuE3+oRTpx2CNOQj1Agk7/faEXvDjrPc9BQJJ5W5A43JHo31w52Um 3wKb27eTwrkLUr/qalZuxSmmjqySFr+XaOdbXa26wbD54ULj0plcy/kHAjAX2zaYeph9 tpRn7AFIe1ewp0CXkXmw8PnpgeRjuEKFW1QCZvvtAMgbdp7YpPX8jvjo1HC+M0qIQpvw Rrlw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EZi0dncQ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313730; x=1780918530; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=/dtQgI1lI6nfUAWg4l0S273bcOfRdJFA8S6ekErL8XI=; b=gK9h3VNSMOjqga3lUsFZYJt559jfLpMosGu/TBbve7y0b10lSTHfAUX57w3zDrsv/x tQB2Fk6RLyrD/rXiZj6qAZUuehbKS0PMA8g6NYM4ulplpQhtACckKc4p5dEtdTH3EiS7 ee7CByUkoVX7feDFAFvARbS/ohXwSqqs+OfM5OeUcMD1vlsLSClXTNXIOpZlIXOXRMIK o7U4EEUnST6VXeh/OP+Cxui5qG02P/pRy4MK1z2BY+fMAcoHgNI5YqKg9DMJWRPazumm yen7/oY+eGAD3Wv4ZemOSZtCFR+nwy6YVSWZe7zLvDh7EuhFG2uZSTsm+IGzFloKc+4B D9Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313730; x=1780918530; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/dtQgI1lI6nfUAWg4l0S273bcOfRdJFA8S6ekErL8XI=; b=VOELmN3KfPLCmGvGmTVYaMBMNMwIFYK5dDuHQLTI5C1hgcqZDjNxnkKNj7v6mDvqoM lYhfrnxcaKtpIWxlpE0kOJabI5bZSfF8f0smGirjy8DUCoU90dTed0/nD59E8olTwv1z qog89x+KZo+VqBbtnwO2yaglTgxi4ffPklgBn7DOjCg92oQuSkcEBKc/7/CMYV2QnbtY DtC2nqybC8ixK5xThjKoAVNsCgS8fJj0bzXDK4qAD6glaK0aC7YN0QAnjYhHl6N2JYRo 385S6fPArAWbNAd6LJBFKhpBirPL0WKeAP8Q6rZEUFVflAnmkfXc1plmlVOTlGCOr1ra wP6A== X-Forwarded-Encrypted: i=3; AFNElJ9kAvvBs99/6alnJm3gmEz5gpevSayuVdqJtCPxJalY1wTBOWNDfIJ5vp2uia2hpP2QW1msm0c=@isar-build.org X-Gm-Message-State: AOJu0Yy0Ym6rwPtOMBR4hS+OTlYKBpe2nv3LkM3+KJk06aN8AglBcyJb DN1lQtUMVy+4WyGYbcWi/pN5HNz6kmaQK/iuPPwx+YlyrcatGDsT+Cmc X-Received: by 2002:a05:6820:4cc1:b0:69d:d86c:58fa with SMTP id 006d021491bc7-69e104c1de2mr5420056eaf.16.1780313729801; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMND74xOXifdJ4PtiMytmPNa1W2U7v/8vaoO/4acymPqLQ==" Received: by 2002:a05:6820:160f:b0:69d:7ca8:ef01 with SMTP id 006d021491bc7-69e2c86cdadls210004eaf.0.-pod-prod-04-us; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-Received: by 2002:a05:6830:6181:b0:7e5:6d2e:acd9 with SMTP id 46e09a7af769-7e6a1dc10dbmr6669138a34.12.1780313728781; Mon, 01 Jun 2026 04:35:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313728; cv=pass; d=google.com; s=arc-20240605; b=aVoOyRGnpwNHI/ZE4pq8TYoIbU3BL5u3H7l28Nfe493eNhSRTes5o17elxp+8XHLc3 wqOlnTVlG1VpVFTrxtjn0D+JdkzfOrDnPIhNDyvhbht1kSZH7sNdM3adhJi9XCVRO0cS PKnoj/vP2VSIdClkpXbyX9oeoc+23hACWWGR+Las5tLN6jPxjli0Nvf+x7Nj7PNjIroc /j07eURrKzFWmMb2OeidUlxXy7/zoaMxY5GcjdQ8tzEsyBv8L7NR9Rn/2PilxvOJREKp IyDn9RP4DBoh+dijcP+fiOygFX8H6qYdXdnpo+EjjLaAzRhfVmyu5k/zFb1Uw+JlYQeq xmdA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=TDtKkczd06rUz/SHSV8gBZzOphVI0Vo9pEqObUM+pxY=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=KfyQUNXxNj/T/Wcwa0QcaysuxsxsnyJ+BKBB66cBWz/0AH85kAP7itjP7cQ1OF1O40 ek/WoG7KY9w8JlQ5qQmTGp1p26w0gyPxnpQYbuTl4Pq6UddGzYd34aL00bAnFYYzNxxb WFMdwJrSfIOerpjvyxQDHVxYaWqWTQfWDIMOgtoQXe0iQsVWpI0sEtimVkRTjIt1U7p3 p9r1nGpdsw8KcwH+SeQzpC5P3nZq54+yzSZxJ1NlcgHbxzyFSU6JlJbo7QZa55uZMvgu OLozj2FQEI5qjgoVEQv8d/u6JBZZpNgANE4W9V5J6eebg4luk040DnAAM6w/iPJNpQgW 21aQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EZi0dncQ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:28 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TOcUA1TRw8hCH8XU6Nkqwpaqkd1S3nU3nyhpKHPvUR8699fEMlM+GwpnqEwL6L6ig1UXHJJRfLxsKuDburt17w96/kc9nAOz97dwYc2pHjCBdh3CedBTT0MQVTIixGBlofgZcwi39HQwgExCbO866S7tgP15ynKpccXYc/Qfzb1CMCzpUJJ+7xmkJYLrP7mFR4BrtVJN/pqAFa55j/NekSda0mGgzbOUbAda6EST8D9sSahtdppfSasnI77beLy/kcfoLhSha9StwTk80GwcB/PoSXTDnJ9yydkio31G042mEx7h+ljgGm2VcUSTO2H9qPUDYX7v+0k7ZwoV8bbe6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TDtKkczd06rUz/SHSV8gBZzOphVI0Vo9pEqObUM+pxY=; b=xEhxcDWWZtt1VvO+PM4jB/gsjbdY1702/rQpHv+/F7+KRguWbFE9YCjUi7iaUYGe6zVc27yf8encBd1AC/Z8QltniNGvPl+u3ygnKv4iGpsM+MJNJ1qr/NY5fTpZ98K8FqvRuGC1osy/cR/RfkdAJ0jdQJe78VG3s6S58ukZlKdgM972h0soa5gqmxDaYjLZ+RB9D2/GiFr1NcVeQTecikA27+5xDDQfDgdHB83iNCanAtBGoutnnXahgMrV/ROTL5Fw5paJ7dU6zZR+UHUXNYFNGRFFKjOpRgO/y77lkgQ/kpQzRFysKVNOtPglx9f2+abXjVymssvx7HQXU/Y6WQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:22 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:22 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 10/17] add support for fully rootless builds Date: Mon, 1 Jun 2026 13:34:57 +0200 Message-ID: <20260601113505.2898877-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 361df03a-b544-4c90-b5ac-08debfd1dd0e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|6133799003|3023799007|11063799006|5023799004; X-Microsoft-Antispam-Message-Info: HkuoXMqOg/ohiDOqrJtCQ3sAZobNIIyaVd4Fk6jszJ7j+7U5dfTdck2bYvda9Mu1un8cPn9LrGv6spjLcmz+6uHxRLZuUbVQ4a6WW41KeqlN1N0gMuONh4Ugl9KuffaLdTjbVqrHDbkhzwdrq6fQBMQRClUaVrGWOf9J8cCMW4R3M21xBOXU9OgTMCgvhkEpqxCiHcUb3cA3bS9qT+svr2m27YECCFYFbt+NKs3VFlEdsNK1WgF4Ci2oBsdj2drpJTdUZid0wyas1FxaTSm2oPGPqOr6yTc8gA1t5vALoKY297CFyPlRHeh2oRYzkNwW4cT5d1g+fBNTFgBoBkahJzRfWpN6SEgvqkqTRkPo9WSNv4wLVS0kwVrubmrAUJsnEa3daVJY8mn11u9eYTS0Ms9n5z4jcDaO2AvW8jEKHP7im2OF0rB1tB0LZqkxiUyOMOSuQ0WMSxWzPnAmARB9HcLTIZ+bWFFSeHzGGtXwbQ87SNWm0U9HWMTy5B40AApGmTFKleIPrYzofrBEs9gO0Gh6BcDVkUxSMTvX7CjZomSciLlveqSTvYiz3W2rboOOswZ66ijRIhCt2Mk/5a9kucBw3SQDMUWjY+gDzzSb5NtUYq5JfaMvRYuU/eVNJ8ROzXyrA3GeJkQL/De0tVvqnA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(6133799003)(3023799007)(11063799006)(5023799004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: cIEADMOZ2SaNOAj42B1cilkPK80dpe0rzxh9bM/5dNemXUViYXeXdiwNyJPjs6FOtCCJSIZ1PFVaUqy+1ildzb9qUeBxkeTvPC2rU7QHrd29/C9mFz+RFKk0GZsiarluiUa/QoECNv1ADx4F+syaE7KfF3HX6vFFhMF8qiZv5yN3PPjbmBgHWgDJCJq1xwf7eXOsD8+tdvPdapUztcn/NwOdNSpT2WG7vEhP5ws6Sd/pacj/wBu0M4CKCln19Lki0hIvoNfYnmQar85DdQnDKEVecaamiX+r1IuPS1FWLi1OjDxsIGavBQdoC2PLlHGCYhzMbOAyfVqfIVydUcbZhH6VUQphdMdVMSsYhj3h3Cw6aquJgSmUqaoDObVqVj38oNnkKgjaI5PXLl3agGgJoFyYxkcvQ7onN2dvyZ7I1LMWIMpKeEIHoifsjy4DknUEXcXnJsrHvgOwQX31Obz7uDejxz+13m5S9ClgXCiP+QeFR0TELnGAJhjRxr5nwEwiUYJ+/rjYwTUwceBU9Gw3kanONEbUPEyk1/iQinj9hlGvaAeIMUvcX8Fp/svkMC5Z4i4elyo6mKxaZ6M5es6P3fhozu8Pw3R6kSycoDK1i9rLMOPHcC0sVMaYcqMsZegFV4KyxvFO4oXfyoLCSQDQJxOiEkTNV+wh/Fb5ejXacmGkSvI1S08+jd5zj8UsMMq74sqFCpIVJCUzboelEPSziJLoSU2W7e+DFKqak5nDaeVIjRCSw8BG0oIldKyP3gzgKJGWw0S5Hg9ZZ7Hqr9FyQ9klkDyMrJDX+/DwlPXz0uy4/ExtqxltKtMJZ5avpuPh2Ud70klwAePuwZCbD3xJEXQny2wU8okUJ3FGqwKQG/0FSG69dypVzr4YXonhRVTw2JcPhveMCFDt+yFlZ8HaXrtJS4Gqf6ibq/ERNzujwPz6a+wRBeASgj64AvjpqblicpdOzaGLmXj3znif8cqGhKRPul7hfQN9nB6uDQhXAAHwLSQB5eY6rKma/RGnK3gWdCOee9vfdYElhuePqS54s2gylVM1swVkQc35uC7/wJLJpdm+846spxrtiG68ZMrhEuyG+/Ib908W6g/i9xMnKqRafC6IKiriTR3mLPLy+lCGkd1XQYuj/R8InnNJp29DZtoyPq26Rrfnx+wC93SPz53WtgvGM4CN1vqpm5odCyKvYdKZrWUZ2qUnLb37gVVWXb5TGwDCF87U8p1CHn1Fr6hxAJLL7pm6NHDQnuIz2RGehcJ5yRQw95xyKS+0FJ5nb6vfbZ4EN3G2Rb1hBoULGW0YbcK+0VV5h6t91GEyl2YLJIDBzvPWLzqOzIuOIOgU6UBFbRcRT0tZC9sCs1fhCqySXHYuv2sQDpXZvMZhG17zb4Fyf/4h2ZeTxkRFzgqL5s46bBZr0PtTxNRnZyjlGOiex6mOXub2V8QygpFby7o7LXvCLX0agQz+mLd/2SzeufwzEQmp6yNudYXSK7pYpjNxo4HDE0E38T+DEsGlt75sCcdKVgHBOJbUwtt91RzjBTkahkYg9bD/8/dkXCbXKMzZbNw3OXK1XO5C9ITtSuQJYPTDE459L1qMncSuostt4//hmpI2t7R+g+vWJnyQKAwtp5WtHoftUc384cEMVer+KIT+rD0Suay1xyr+m4FkUpzlQB2aTeDe4sCWqJS5rYaqBhVJ/u0p+nYM4emM7/HHD5pxsDJWgNX47pAmEbI9ER/8PaIZxDA8c/RTPf1RCBlynzbZQW6oF5MW/HDmWqRZVqdmhwgKa4q8nUkkoVa25n11Pm+/ X-MS-Exchange-AntiSpam-MessageData-1: cMC06IYMQJfP8C5mo5yzQu3pKMLYoiygyhQ= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 361df03a-b544-4c90-b5ac-08debfd1dd0e X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:21.3164 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8s4xb2ZJcafO/CYsSsp4bq2IlVnloptZRBBrz9IPtelGUkTsR1ClhDGVjmm8u1IaTVW0WiAncjQzRyuGGy45qKrxCaNgy7OZGKEfgrppktA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EZi0dncQ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Currently isar requires passwordless sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). Signed-off-by: Felix Moessbauer --- Kconfig | 2 +- RECIPE-API-CHANGELOG.md | 21 +++++ doc/user_manual.md | 2 + kas/isar.yaml | 2 +- meta/classes-global/base.bbclass | 86 ++++++++++++++++++- meta/classes-recipe/deb-dl-dir.bbclass | 9 +- meta/classes-recipe/dpkg-base.bbclass | 22 ++++- meta/classes-recipe/dpkg.bbclass | 17 ++-- .../image-locales-extension.bbclass | 9 +- .../image-tools-extension.bbclass | 84 ++++++++++++++++++ meta/classes-recipe/image.bbclass | 7 +- .../imagetypes_container.bbclass | 4 +- meta/classes-recipe/imagetypes_wic.bbclass | 6 +- meta/classes-recipe/rootfs.bbclass | 52 ++++++++--- meta/classes-recipe/sbuild.bbclass | 24 +++++- meta/classes-recipe/sdk.bbclass | 10 ++- meta/conf/bitbake.conf | 7 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 18 ++-- .../sbuild-chroot/sbuild-chroot.inc | 24 +++++- 19 files changed, 362 insertions(+), 44 deletions(-) diff --git a/Kconfig b/Kconfig index 86a4aac3..66dd4112 100644 --- a/Kconfig +++ b/Kconfig @@ -14,7 +14,7 @@ config KAS_INCLUDE_MAIN config KAS_BUILD_SYSTEM string - default "isar" + default "isar-rootless" source "kas/machine/Kconfig" source "kas/distro/Kconfig" diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 552051ad..74801070 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1103,3 +1103,24 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Rootless isar execution + +Isar is able to run without the need for `sudo` in an environment that +allows unprivileged users to unshare the kernels `user namespace`. Further, +a sufficiently large set of sub ids needs to be configured in `/etc/subuid` / `etc/subgid`. +This range should be `> 65536`, but smaller ranges might work as well, depending on the +ids used in the rootfs. + +A simple check if rootless is supported can be done by running: + +```bash +mmdebstrap --unshare-helper /bin/echo "rootless supported" || echo "rootless not supported" +``` + +To enable rootless builds, set the bitbake variable `ISAR_ROOTLESS = "1"`. +This internally switches the chroot mode from `schroot` to `unshare`. + +When using kas, the `build_system` needs to be set to `isar-rootless`, but the final +interfaces still need to be clarified. Further, kas patches are needed (for details, +check the kas mailing list). diff --git a/doc/user_manual.md b/doc/user_manual.md index 396e1b90..dcc3f560 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -75,6 +75,7 @@ Building `debian-trixie` requires host system >= bookworm. Install the following packages: ``` apt install \ + acl \ binfmt-support \ bubblewrap \ bzip2 \ @@ -89,6 +90,7 @@ apt install \ qemu-user-static \ reprepro \ sudo \ + uidmap \ unzip \ xz-utils \ git-buildpackage \ diff --git a/kas/isar.yaml b/kas/isar.yaml index 16ce8b42..3cfc4f96 100644 --- a/kas/isar.yaml +++ b/kas/isar.yaml @@ -4,7 +4,7 @@ header: version: 14 -build_system: isar +build_system: isar-rootless repos: isar: diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 90e4525e..7167cbb1 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,9 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - run_privileged rm -rf --one-file-system "$TMPDIR$i" + [ -d "$TMPDIR$i" ] || continue + find "$TMPDIR$i" \( ! -user "$(whoami)" -type d -prune \) -exec ${RUN_PRIVILEGED_CMD} rm -rf --one-file-system {} \; + rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -380,7 +382,28 @@ def deb_list_beautify(d, varname): # shall be used outside of this class. def insert_isar_mounts(d, rootfs, mounts): + """ + In unshare mode, all mounts must be created after unsharing the + mount namespace. As needs to happen within the unshared session, + we implement it as a code generator. Note, that the random and urandom + mounts are needed for DDI images. + """ lines = [] + to_touch = ['/dev/null', '/dev/random', '/dev/urandom'] + to_mkdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('touch ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_touch])) + lines.append('mkdir -p ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_mkdir])) + lines.append('mount -o bind,private,mode=666 /dev/null {}/dev/null'.format(rootfs)) + lines.append('mount -t devpts -o noexec,nosuid,uid=5,mode=620,ptmxmode=666 none {}/dev/pts'.format(rootfs)) + lines.append('( cd {}/dev; ln -sf pts/ptmx . )'.format(rootfs)) + lines.append('mount -t tmpfs none {}/dev/shm'.format(rootfs)) + lines.append('mount -o bind /dev/random {}/dev/random'.format(rootfs)) + lines.append('mount -o bind /dev/urandom {}/dev/urandom'.format(rootfs)) + lines.append('mount -t proc none {}/proc'.format(rootfs)) + # we do not unshare the network namespace, so we cannot create a sysfs, hence bind-mount + lines.append('mount -o rbind /sys {}/sys'.format(rootfs)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) inner_full = os.path.join(rootfs, inner[1:]) @@ -389,7 +412,18 @@ def insert_isar_mounts(d, rootfs, mounts): return '\n'.join(lines) def insert_isar_umounts(d, rootfs, mounts): + """ + In unshare mount we don't unmount the system mounts but just + remove the mountpoints. + """ lines = [] + to_unlink = ['/dev/null', '/dev/random', '/dev/urandom', '/dev/ptmx'] + to_rmdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('rm -f ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_unlink])) + for d in ['{}/{}'.format(rootfs, _d) for _d in to_rmdir]: + lines.append('[ -d {} ] && rmdir {}'.format(d, d)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) mp = '{}/{}'.format(rootfs, inner) @@ -397,11 +431,52 @@ def insert_isar_umounts(d, rootfs, mounts): lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) return '\n'.join(lines) +def get_subid_range(idmap, d): + import getpass + with open(idmap, 'r') as f: + entries = f.readlines() + for e in entries: + user, base, cnt = e.split(':') + if user == os.getuid() or user == getpass.getuser(): + return int(base), int(cnt) + bb.error("No sub-id range specified in %s" % idmap) + def run_privileged_cmd(d): - cmd = 'sudo -E' + """ + In unshare mode we need to map the rootfs uid/gid range into the + subuid/subgid range of the parent namespace. As we usually only + get 65534 ids, we cannot map the whole range, as two ids are already + used by the calling environment (root and builder user). Hence, map + as much as we can but also map the highest id (nobody / nogroup) as + these are used within the rootfs. It would be easier to use + mmdebstrap --unshare-helper as command (which is also internally used + by sbuild), but this only maps linear ranges, hence it cannot map the + nobody / nogroup on the default subid range. By that, we have to avoid + the nobody / nogroup when building packages in this case. + """ + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + nobody_id = 65534 + uid_base, uid_cnt = get_subid_range('/etc/subuid', d) + nobody_subid = uid_base + uid_cnt - 1 + gid_base, gid_cnt = get_subid_range('/etc/subgid', d) + nogroup_subid = gid_base + gid_cnt - 1 + cmd = 'unshare --mount --pid --uts --ipc --user' \ + ' --kill-child' \ + ' --setuid 0 --setgid 0 --fork' \ + f' --map-users 1:{uid_base+1}:{uid_cnt-2}' \ + f' --map-groups 1:{gid_base+1}:{gid_cnt-2}' + if uid_cnt < nobody_id: + cmd += f' --map-users {nobody_id}:{nobody_subid}:1' + if gid_cnt < nobody_id: + cmd += f' --map-groups {nobody_id}:{nogroup_subid}:1' + cmd += " --map-root-user" + else: + cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) return cmd +UNSHARE_SUBUID_BASE := "${@get_subid_range('/etc/subuid', d)[0] if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '0'}" +# store in variable to only compute once and make available to fetcher RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" run_privileged() { @@ -415,5 +490,10 @@ run_privileged_heredoc() { run_in_chroot() { rootfs="$1" shift - ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" + + rootfs=$rootfs run_privileged_heredoc <<'EORIC' "$@" + set -e + ${@insert_isar_mounts(d, '$rootfs', '')} + chroot "$rootfs" "$@" +EORIC } diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 04fd6414..0e268f06 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -123,8 +123,13 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ run_privileged_heredoc << ' EOSUDO' - mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + mkdir -p "${rootfs}"/var/cache/apt/archives + chmod 777 "${rootfs}"/var/cache/apt/archives + else + mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + fi EOSUDO # nothing to copy if download directory does not exist just yet diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e8721c79..a0d4fd05 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -168,12 +168,30 @@ dpkg_schroot_create_configs() { EOSUDO } +dpkg_chroot_prepare() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + dpkg_schroot_create_configs + fi +} + +dpkg_chroot_finalize() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + schroot_delete_configs + fi +} + +dpkg_prepare_unshare_ccache() { + mkdir -p "${CCACHE_DIR}" + # sbuild id from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110942 + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX -m u:${@int(d.getVar('UNSHARE_SUBUID_BASE')) + 999}:rwx "${CCACHE_DIR}" +} + python do_dpkg_build() { - bb.build.exec_func('dpkg_schroot_create_configs', d) + bb.build.exec_func('dpkg_chroot_prepare', d) try: bb.build.exec_func("dpkg_runbuild", d) finally: - bb.build.exec_func('schroot_delete_configs', d) + bb.build.exec_func('dpkg_chroot_finalize', d) } do_dpkg_build[network] = "${TASK_USE_NETWORK_AND_SUDO}" diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index e693800c..1b2616db 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -85,7 +85,10 @@ dpkg_runbuild() { ext_deb_dir="${ext_root}${deb_dir}" if [ ${USE_CCACHE} -eq 1 ]; then - schroot_configure_ccache + ${ISAR_CHROOT_MODE}_configure_ccache + fi + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + sbuild_add_unshare_mounts fi profiles="${@ isar_deb_build_profiles(d)}" @@ -109,24 +112,28 @@ dpkg_runbuild() { DSC_FILE=$(find ${WORKDIR} -maxdepth 1 -name "${DEBIAN_SOURCE}_*.dsc" -print) - sbuild -n -c ${SBUILD_CHROOT} --chroot-mode=schroot \ + sbuild -n -c ${SBUILD_CHROOT} \ + --chroot-mode=${ISAR_CHROOT_MODE} \ --host=${PACKAGE_ARCH} --build=${BUILD_ARCH} ${profiles} \ ${@'--no-arch-all' if 'cross' in isar_deb_build_profiles(d).split() else '--arch-all'} \ --no-run-lintian --no-run-piuparts --no-run-autopkgtest --resolve-alternatives \ --bd-uninstallable-explainer=apt \ --no-apt-update --apt-distupgrade \ --chroot-setup-commands="echo \"Package: *\nPin: release n=${DEBDISTRONAME}\nPin-Priority: 1000\" > /etc/apt/preferences.d/isar-apt" \ - --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;\" > /etc/apt/apt.conf.d/50isar-apt" \ + --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;${@'\nAPT::Sandbox::User root;' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''}\" > /etc/apt/apt.conf.d/50isar-apt" \ --chroot-setup-commands="rm -f /var/log/dpkg.log" \ --chroot-setup-commands="mkdir -p ${deb_dir}" \ --chroot-setup-commands="find ${ext_deb_dir} -maxdepth 1 -name '*.deb' -exec ln -t ${deb_dir}/ -sf {} +" \ --chroot-setup-commands="apt-get update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"" \ --finished-build-commands="rm -f ${deb_dir}/sbuild-build-depends-*-dummy_*.deb" \ --finished-build-commands="find ${deb_dir} -maxdepth 1 -type f -name '*.deb' -print -exec cp ${CP_FLAGS} -t ${ext_deb_dir}/ {} +" \ - --finished-build-commands="cp /var/log/dpkg.log ${ext_root}/dpkg_partial.log" \ + ${@ '--finished-build-commands="cp /var/log/dpkg.log $ext_root/dpkg_partial.log"' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } \ --build-path="" --build-dir=${WORKDIR} --dist="${DEBDISTRONAME}" ${DSC_FILE} - sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + # TODO: port to unshare backend + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + fi deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 029caec7..9bb43a8d 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,8 +29,12 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - run_in_chroot '${ROOTFSDIR}' \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS') if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '')} + chroot ${ROOTFSDIR} \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge +EOF } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" @@ -62,6 +66,9 @@ __EOF__ # Install configuration into image: run_privileged_heredoc <<'EOSUDO' set -e + + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), '')} + localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 then diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index 766f386d..cc046fdb 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -16,7 +16,14 @@ do_image_tools[depends] += " \ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DIR_IMAGE}:${PP_DEPLOY}" SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" +# only used on unshare +ROOTFS_IMAGETOOLS ?= "${WORKDIR}/rootfs-imgtools-${BB_CURRENTTASK}" + imager_run() { + imager_run_${ISAR_CHROOT_MODE} "$@" +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" @@ -103,3 +110,80 @@ generate_imager_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} \ < ${WORKDIR}/imager.manifest } + +imager_run_unshare() { + exec 3<&0 + + # ignore everything before '--'. If the remaining list is empty, + # assume a here document is passed via stdin + while [ "$#" -gt 0 ]; do + case "$1" in + --) shift 1; break ;; + *) shift 1 ;; + esac + done + + if [ "$#" -eq 0 ]; then + set -- "$@" '/bin/bash' '-s' + fi + + local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${ROOTFS_IMAGETOOLS} + tar -xf "${SBUILD_CHROOT}" -C "${ROOTFS_IMAGETOOLS}" + mkdir -p ${ROOTFS_IMAGETOOLS}/isar-apt + cp -rL /etc/resolv.conf "${ROOTFS_IMAGETOOLS}/etc" +EOF + + # setting up error handler + imager_cleanup() { + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} + } + trap 'exit 1' INT HUP QUIT TERM ALRM USR1 + trap 'imager_cleanup' EXIT + + if [ -n "${local_install}" ]; then + echo "Installing imager deps: ${local_install}" + + distro="${BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + if [ ${ISAR_CROSS_COMPILE} -eq 1 ]; then + distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + fi + + E="${@ isar_export_proxies(d)}" + deb_dl_dir_import ${ROOTFS_IMAGETOOLS} ${distro} + ${SCRIPTSDIR}/lockrun.py -r -f "${REPO_ISAR_DIR}/isar.lock" -s <<'EOAPT' + local_install=$local_install ${@run_privileged_cmd(d)} /bin/bash -s <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get update \ + -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ + -o Dir::Etc::SourceParts='-' \ + -o APT::Get::List-Cleanup='0' + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades --download-only install \ + $local_install +EOF +EOAPT + + deb_dl_dir_export ${ROOTFS_IMAGETOOLS} ${distro} + local_install=$local_install run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades install \ + $local_install +EOF + fi + + run_privileged_heredoc <<'EOF' "$@" + set -e + mkdir -p ${ROOTFS_IMAGETOOLS}/${SCRIPTSDIR} + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 +EOF + + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} +} diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index bc3f2181..1590f58a 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -188,6 +188,7 @@ SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" python() { image_types = (d.getVar('IMAGE_FSTYPES') or '').split() conversions = set(d.getVar('IMAGE_CONVERSIONS').split()) + chroot_mode = d.getVar('ISAR_CHROOT_MODE') basetypes = {} typedeps = {} @@ -263,7 +264,8 @@ python() { if image_cmd: localdata.setVar('type', bt) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -293,7 +295,8 @@ python() { cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index 8d4f8050..84ea63e7 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -68,7 +68,9 @@ do_containerize() { run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + fi } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 8b048dc7..3e261622 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,10 @@ generate_wic_image() { fi EOIMAGER - run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + fi rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 00d71195..51259068 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -145,7 +145,12 @@ rootfs_cmd() { } rootfs_do_mounts[weight] = "3" -rootfs_do_mounts() { +python rootfs_do_mounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_mounts_priv', d) +} + +rootfs_do_mounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ @@ -168,7 +173,13 @@ rootfs_do_mounts() { EOSUDO } -rootfs_do_umounts() { +python rootfs_do_umounts() { + # unconditionally run the unmount code as this ignores missing + # mountpoints but also does the cleanup of the directories + bb.build.exec_func('rootfs_do_umounts_priv', d) +} + +rootfs_do_umounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e @@ -215,7 +226,11 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + rm -rf ${ROOTFSDIR} + run_privileged_heredoc << 'EOF' + mkdir -p ${ROOTFSDIR} + tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" +EOF # setup chroot run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" @@ -285,10 +300,14 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ - -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ - -o Dir::Etc::SourceParts="-" \ - -o APT::Get::List-Cleanup="0" + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_install_resolvconf" @@ -316,9 +335,12 @@ rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { # download packages using apt in a non-privileged namespace - rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot ${ROOTFSDIR} \ + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" @@ -345,8 +367,12 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - run_in_chroot "${ROOTFSDIR}" \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" @@ -654,8 +680,10 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then + run_privileged_heredoc <<'EOF' mkdir -p ${ROOTFSDIR} - run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar + tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} -f rootfs.tar +EOF rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index d9ccce7f..8ca66138 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -7,7 +7,8 @@ SCHROOT_MOUNTS ?= "" inherit crossvars -SBUILD_CHROOT ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" +SBUILD_CHROOT:unshare ?= "${SCHROOT_DIR}.tar.zst" +SBUILD_CHROOT:schroot ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" SBUILD_CONF_DIR ?= "${SCHROOT_CONF}/${SBUILD_CHROOT}" SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}" @@ -144,6 +145,13 @@ END EOSUDO } +unshare_configure_ccache() { + # ccache must be below /build for file permissions to work properly + cat <<'EOF' >> ${SBUILD_CONFIG} +$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"; +EOF +} + sbuild_dpkg_log_export() { export dpkg_partial_log="${1}" @@ -152,3 +160,17 @@ sbuild_dpkg_log_export() { cat ${dpkg_partial_log} >> ${SCHROOT_DIR}/tmp/dpkg_common.log ) 9>"${SCHROOT_DIR}/tmp/dpkg_common.log.lock" } + +# additional mounts managed by sbuild +sbuild_add_unshare_mounts() { + dpkg_prepare_unshare_ccache + + cat <<'EOF' >> ${SBUILD_CONFIG} +$unshare_bind_mounts = [ + { directory => '${WORKDIR}/rootfs', mountpoint => '${PP}/rootfs' }, + { directory => '${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO}', mountpoint => '/isar-apt' }, + { directory => '${REPO_BASE_DIR}', mountpoint => '/base-apt' }, + { directory => "${CCACHE_DIR}", mountpoint => "/ccache" } +]; +EOF +} diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 16165792..7a8d5ff4 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -74,13 +74,17 @@ rootfs_configure_isar_apt_dir() { ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} +EOF } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" sdkchroot_finalize() { - - rootfs_do_umounts + rootfs_do_umounts_priv # Remove setup scripts run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 08c525d9..4dd4949b 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -72,7 +72,7 @@ KERNEL_FILE:arm64 ?= "vmlinux" MACHINEOVERRIDES ?= "${MACHINE}" DISTROOVERRIDES ?= "${DISTRO}" -OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:forcevariable" +OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:${ISAR_CHROOT_MODE}:forcevariable" FILESOVERRIDES = "${PACKAGE_ARCH}:${MACHINE}" # Setting default QEMU_ARCH variables for different DISTRO_ARCH: @@ -151,6 +151,10 @@ ISAR_APT_RETRIES ??= "${@'10' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAP ISAR_APT_DELAY_MAX ??= "${@'600' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAPSHOT')) else ''}" ISAR_APT_SNAPSHOT_TIMESTAMP ??= "${SOURCE_DATE_EPOCH}" +# Rootless build execution +ISAR_ROOTLESS ??= "0" +ISAR_CHROOT_MODE ??= "${@'unshare' if bb.utils.to_boolean(d.getVar('ISAR_ROOTLESS')) else 'schroot'}" + # Default parallelism and resource usage for xz XZ_MEMLIMIT ?= "50%" XZ_THREADS ?= "${@oe.utils.cpu_count(at_least=2)}" @@ -206,6 +210,7 @@ CCACHE_DEBUG ?= "0" # Variables for tasks marking # Long term TODO: get rid of sudo marked tasks TASK_USE_NETWORK = "1" +# nested namespacing requires this as well TASK_USE_SUDO = "1" TASK_USE_NETWORK_AND_SUDO = "1" diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index cf6c355c..4d102ed6 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -161,6 +161,8 @@ do_bootstrap() { line="[trusted=yes] ${line}" fi echo "deb-src ${line}" >> "${WORKDIR}/sources.list.d/base-apt.list" + echo > ${WORKDIR}/mmtmpdir + chmod 666 ${WORKDIR}/mmtmpdir # no need to sync /var/cache/apt/archives if base-apt used syncin='echo skip sync-in' @@ -177,12 +179,14 @@ do_bootstrap() { mkdir -p \$1/base-apt && \ mount -o bind,private '${REPO_BASE_DIR}' \$1/base-apt && \ chroot \$1 apt-get update -y \ - -o APT::Update::Error-Mode=any && \ + -o APT::Update::Error-Mode=any \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} && \ chroot \$1 apt-get install -y dpkg && \ umount \$1/base-apt && \ - umount \$1/$base_apt_tmp && rm ${WORKDIR}/mmtmpdir && \ - umount $base_apt_tmp && rm -rf --one-file-system $base_apt_tmp" + umount \$1/$base_apt_tmp && \ + umount $base_apt_tmp && rmdir \$1/$base_apt_tmp" else + # prepare dl_dir for access from both sides (local and rootfs) deb_dl_dir_import "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" bootstrap_list="${WORKDIR}/sources.list.d/bootstrap.list" @@ -202,6 +206,7 @@ do_bootstrap() { -o Dir::State="$1/var/lib/apt" \ -o Dir::Etc="$1/etc/apt" \ -o Dir::Cache="$1/var/cache/apt" \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ -o Apt::Architecture="${BOOTSTRAP_DISTRO_ARCH}" \ ${@get_apt_opts(d, '-o')}' extra_essential="$extra_essential && $syncout" @@ -225,7 +230,8 @@ do_bootstrap() { mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + ${@'' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'run_privileged'} \ + TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -244,6 +250,7 @@ do_bootstrap() { --customize-hook='sed -i "/en_US.UTF-8 UTF-8/s/^#//g" "$1/etc/locale.gen"' \ --customize-hook='chroot "$1" /usr/sbin/locale-gen' \ --customize-hook='chroot "$1" /usr/bin/apt-get -y clean' \ + ${@'--skip=output/dev' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --skip=cleanup/apt \ --skip=download/empty \ ${MMOPTS} \ @@ -258,7 +265,8 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged find ${WORKDIR}/dl_dir -maxdepth 1 -mindepth 1 -exec rm -rf --one-file-system "{}" \; + rmdir ${WORKDIR}/dl_dir fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc index aa62b324..054d7fc2 100644 --- a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc +++ b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc @@ -66,8 +66,28 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "rootfs_cleanup_base_apt" DEPLOY_SCHROOT = "${@d.getVar('SCHROOT_' + d.getVar('SBUILD_VARIANT').upper() + '_DIR')}${SBUILD_SCHROOT_SUFFIX}" -do_sbuildchroot_deploy[dirs] = "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" -do_sbuildchroot_deploy() { +sbuildchroot_deploy_tree() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_SCHROOT}" } +sbuildchroot_deploy_tar() { + lopts="--one-file-system --exclude=var/cache/apt/archives --exclude=isar-apt" + # we cannot use pzstd, as this results in a different magic + # (zstd skippable frame) which is not detected by sbuild + # https://salsa.debian.org/debian/sbuild/-/blob/d975d388a98627a0d7d112791e441c27a6d529df/lib/Sbuild/ChrootUnshare.pm#L608 + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${DEPLOY_SCHROOT}.tar.zst + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} +} + +do_sbuildchroot_deploy[network] = "${TASK_USE_SUDO}" +do_sbuildchroot_deploy[dirs] += "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" +python do_sbuildchroot_deploy() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('sbuildchroot_deploy_tar', d) + else: + bb.build.exec_func('sbuildchroot_deploy_tree', d) +} addtask sbuildchroot_deploy before do_build after do_rootfs From patchwork Mon Jun 1 11:34:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5099 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:37 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ot1-f60.google.com (mail-ot1-f60.google.com [209.85.210.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZYEt024789 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:35 +0200 Received: by mail-ot1-f60.google.com with SMTP id 46e09a7af769-7e60308f6b9sf6716624a34.1 for ; Mon, 01 Jun 2026 04:35:35 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313729; cv=pass; d=google.com; s=arc-20240605; b=YYkkk/ZgwjPGt4Hd5lKS2ch6xGpQv0elyNG7FD0ihQveww4l3X6H4tWFleWrFJBq0A S1fuSMcR9k9pP+tC70YI0kBr6zJtrk9lsqyknzGJlSg6wI7QuNqPoluACk59IJaVunmD c08vMo/KjnN2r/WdhJUFfiPtVlDY1QuMWb67KACpHnyOxNkpeGFVNGJ3jgwszHPASmtp G2Ojorp637pePrS0EzDgb954G5+Dq1ESrhBhvVqznoba7MqmqJLXJiQe+G6HpKy0IxzM PML4JjgX4+RQWCdNve7EM5Ovc33Gk+Z2tsg4D7asY9qB40spJ249dQFIMApcuddZmJ8o kdpw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=L8t2f4+LfCw6IFcRB8IQxChTUThvtQWy8dKr/AijaOQ=; fh=Z2xsdR5GSKx0Bde105PoOoQcbMyMKIWwdiKE5f0NT9E=; b=kBqGW+Rjlzyclwn3U9C6KBGzrFnGfGC4RkI5kIsIV1AkdoWzcJxKb4IhRi/eW83Kcu Q9RKmJHvRITUiqKuJcUnRZ+8l8XK1ykEhObd7MAw/+lt1JNOnDyxvi863+um77l6B43O 5SdTr4vFaJV4/mbSywVZWEOde3AosAtzerK/bTeqrbPNQmQVYSM0unZv77tcYesk5H5k hARUiaL8QRQ13GKV6Lj82TeKGWxOrJzLVcnlIGoJc6zC3Pk/4E0OtOFoF4kI0bGpBcic 0QM3IIAzSH+6O2Pu2bgg8XekC9m6CtucAaSZn5O8zNANNLOPtrvXDyMVqlWoE6EQbnB+ W2cQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IrDGszLm; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313729; x=1780918529; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=L8t2f4+LfCw6IFcRB8IQxChTUThvtQWy8dKr/AijaOQ=; b=RJ2oIgQxYBj75XYaCLr9sjk1li/ZOoRr7aSg2peYGzuhK2YeJjomoOiUzyg3XjQJ1o c4W70A2iQPtC5LTwlRNO0DSUwV8ikghRwGR1uuTHQQSRVqhL5UYPwQ+yn/dCS72yojeg rjzBIzYU/UW/ffXH+Bzbz/DFMVKL7hHPBaof7+VC4ys4TzPtRWtowq43+jKK2wD16BhJ tdjDJ+5hiZ7qsthCqrBK3/Y4zXFGkTiecpw82vIpydaJFG4Uy7qirDVLQVV6p4vSKlG2 G65KHgypXb4xIqdvX77qk1OC0PL1c/yosrl0l2kV8kZmGo0R+yWZyZR8U7uFAuCFfmUL br5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313729; x=1780918529; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L8t2f4+LfCw6IFcRB8IQxChTUThvtQWy8dKr/AijaOQ=; b=IqEyzQ6ZGz0dLwACoTAqAA1V7nKyMASV1UiZ1PAZdfA66v2croyIDcI0NT1+7YXJbj YEZenHjEt5smsGc4BJVrAME8O6ystkdHO1EWLxNjbQ5el/tDcxHMbRfNcUkF2/uJCwl/ c/QMmzMl1E+4ayzEAP76A6m2vDcUOyNHA5w19z195GGek3MwYYmFpIEsPqT+td895oVn REZ41p8aEXwsrQGJqVY/Dbkoac11eFiv0r0UO9/OLKE1Do0jCh4II5MPbhWhjon2I+1T CtOyMHWdrh0ZOv65HFzeaEEO9lagZZo42gzJJbt8DmRErBKn8ZadHE5YMtcnxlsejTbp sf9Q== X-Forwarded-Encrypted: i=3; AFNElJ+z8dqdyxM8pu+15ka4EKMEBcvsSbf07/ESyx8P4IFa8L4rSxnUCBP8X/j3Bqfu0+OaItWynNs=@isar-build.org X-Gm-Message-State: AOJu0YywRklyzyciYKEoqmeIp8MbnGIFXjXg92T3SUXN3hM11o1iBtKl 6S1iHpCRYfVUJhTsw6IsGdDqje6HFhESGMIBKimhzQ15N0QD8AG/6upE X-Received: by 2002:a05:6820:2201:b0:69e:b8:ffe8 with SMTP id 006d021491bc7-69e103fc5efmr5673444eaf.52.1780313729045; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMaAjF2Wbz6GLVcWo//7gfS5A8p2I311as09mm+hkcRDw==" Received: by 2002:a05:6820:80ed:b0:696:924d:2958 with SMTP id 006d021491bc7-69df445c958ls1898314eaf.2.-pod-prod-06-us; Mon, 01 Jun 2026 04:35:28 -0700 (PDT) X-Received: by 2002:a05:6830:6732:b0:7e6:50dc:6512 with SMTP id 46e09a7af769-7e6a1cc3df4mr5983178a34.6.1780313728170; Mon, 01 Jun 2026 04:35:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313728; cv=pass; d=google.com; s=arc-20240605; b=HQ7q0mxyZ0vNT6WHkUnKW0ZB/Yj7uFJat/OmhEseOEsSd97VlFv6cbXmVEZeqLj7sc Ac0FxdvArObdQWLxdcRDYcoBg5AgIxTCzK6h8+rhGucBLbFrKwDCfZ4gF0qAVxJNwiVK QgCnQef/7yolJxTCel2bT6ZYzI4WZoUFO340hdo+T0hN9gxUvhzCT9AET6Y+K95JW+Kv 4EL18eoRbFz9KRBG9/fmGqUCPNlx+k0Ss2YqX7t0TZzo4HipZbzIElurWtrmEg7NiqCM Mu5ievG17xQbHJuk1jSEJe+uoukHdx7+qwDIlcfvkvLL2L4IPrfP1Bdby6eRvGMg/IAS lUcg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=P2ujDlnpzmWi8BXiqqJsjdLRpq2gFNogUq/05smG5wE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=NgzjNkaM/cveaCEMlmvlPgzOC2h78FVifBsJ7EpebKGqt2PK1Os9RGwtC6WEAJaxuD 0v4PiTc2kc1JGakYb78Fdfb9aF6qrQbe3UgOz4IbkW2YEyLbVbO1kuixt250RndLSVBs hDnyZH1ov2UrdaQMpoEWr5ga5VxkzooW2KtWTuHXWjR8+cUVTsfZU8Ttgbekc9I3/PCg Ds3zANSFdb98J7kOTUALS1cZBIZGtYr902WHfmsPxlj8ramgx7lqDsh0iQYDtupr06IP 83eIZvBKMOjuVzBOGKI96HqHtjyotE//y65UBqR+I5Q4CTRGCfSBsr6JckRsZi8X3Dir xhKw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IrDGszLm; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e695ca31d8si351370a34.3.2026.06.01.04.35.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:28 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JNCbe0iur7wV5/uIL2PFoIRuMvewrXCxV2rBNwdwTkfyqM21QcLYHcNIWSpTrIZYq3hzruM0647sGcHEvThJu4ZEaR3Hy5Qbg78xe/4+E639tv+Rd5MGvKpmG4n4NA+qv+EVoUhN4U8U/+7nPzOHCu4DTGzBSBozB33/En+4ubnwK8ekXxxM6hiL6UdKcqhkOhofJiHxSb09XgqH2r6whptEdNLBlmlYqiHCyEb6zQJqYyBW6k6L31i9tMmVG1LF/fjxmR72MzrHli1reL6kpq7A7CYwMeaHCpdLi2prvWkShZgkenQ+Eyd6njaASPXKIvY6tD3+0kPpI9tkMZ0sfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P2ujDlnpzmWi8BXiqqJsjdLRpq2gFNogUq/05smG5wE=; b=PwG1N3is3oTtQdkLTtXNOmh1CIUXJIKdgfM+Scos8NtnTpIupZ61JOxslqrrrcOke29/aLfnoUkKJH1q6i+Bjc/P/cNXWOvCS75oz80tYV0/IbT0kt86BN9ZOdMU978ZpL/WFOm+liS76Xyz17LXTrT9t4ps45ihlAAOibzobCDdBbay/RuewFMkKoz0WFGYdXJEZg7znwJcXuA2HtPTd6aGcsoA2wrNTlCDx5g8oN/OUAi2XckGB069FLb1ttyyHTPTY5reUfH6lDgeFolELJIwuTMsZw+fiIyyUJYFCbY7v9UKY4DidstIzYLN0bQqqhs3f4l1+z5JeS2fjif3IQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by VI0PR10MB9577.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:31d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Mon, 1 Jun 2026 11:35:22 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:22 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 11/17] add helper script to clean artifacts in build dir Date: Mon, 1 Jun 2026 13:34:58 +0200 Message-ID: <20260601113505.2898877-12-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|VI0PR10MB9577:EE_ X-MS-Office365-Filtering-Correlation-Id: 1e07a1a3-80d1-4a33-76df-08debfd1dd63 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|366016|1800799024|55112099003|22082099003|18002099003|56012099006|6133799003|3023799007|11063799006; X-Microsoft-Antispam-Message-Info: nD9i7knK1yyVutFTmx29htDJ6yTGeMDz14E+LiiMdktCqEN7u/EefZx1rhKJs9V1TR6ZwfTiVie69fE2yOS8xAiSUjszH+vqgJMwnlbpSuwkNOlq+GTsJrP2wIxyIdz3komuiJwF/1NoBFOvjiSU8s+yq2EU6qvYWAagl+06AnGXYGvYehKqGK26rDTRs8dJjVdIjexeANa64EcU1zqEBJdvXIHkPRg7G0STQkbCDcpQcZXKPGqqkd7J0xg81oNdodolvKSP/StykILaFIfR+pzMh3WaCcO5mU7Ze2Asjrfm3jgZL6OSJbtCJWPFtJ0qeeHxeCdh+Fb3zZ45aSqQHW5cFDMUTYPWEj3j6saLq9wuVQFFvZXzYYXhJmVUGeLbYYO87fhNIZNMUjbiFUc8VHlHqdOgq2SKbpQpKEaATRh9lYztjCZDa+BckbLVaTw5GsaDdtlQVkwA3AOxkS4/klQ0S2CR0r7okoM123I+3QWECLsn+InPO+ZoEm+ym8I/LxQYC3YFPs0rxIlSMCpYfJ1SYP77DL80M0bxYPV3MNvICcjSPg3ByQ9CKTp3LLHI9l5o/j/zECEFkGryRTvN3SHNqNpmdJUNPsYV5HaflpjfnbbpCYa1nWDz6YvpfdTDWuqVzmDv0dM63dgKxxlKV9i6gPOkw1Lgm6lFXaFJRrgukpAxcjC+frIGugjym2UI X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(366016)(1800799024)(55112099003)(22082099003)(18002099003)(56012099006)(6133799003)(3023799007)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: LmNUVAKMHskIvAs8mTd/lryn/dZWtk/iCTPPfHPQljHwt6bqh9LUMl0cnd5kTeomdluAgG3bi4D6a/Lz4IWAuFc0l3q1d40uzlp8QL5PC7tfPMLv/0/de0diONRQy/gOnY9h+jrld8wISirwH7GKJfXBglzjas1n3KUl4r+VAqy4WasquvDKVmSHZynqh1wQMK4lCfo/mdkM1O+48G2xwnXhCCg81Y9xNg1V7MPjL5qhXBG8ZCWypG/emRgh/5kayeXxVPNe1wlmq0skyWGH/i2QgwUTzQIIGfbVldkGWeiTi4SKiLTwclWJJLi6E6biAhv+izQn8/5BPiJ7v+xVH/2RGhHR3fRv28VUPlu9QzkDR7J+0D1KW7MlErnw0oMtaUWOnJlf+1KEaoFKRA/OVdCH0e/z8F+59aWwvy5ecmjskgeLe6PpSWqg0YyhMWVWAJLfD2SQhdTKljkV5+YTL5dQr9lSIllUEe/ptDcN2feemGQyN8+BN06TpgSDVJjvaOltCbbzbxfB8bWeTlgfVHrQfZ2AFs84TH6k1A/zmCTt4X5u+2/kPQ6m4um5a9X5moV/6+3PSEME1wvytURYNJNINFIPs6WT6EjMA6rBD5B25S6ioix1XYOev6jIU02XxcWBnA1uAIc1j/p1QPSRZ0sjhoZoREY5LphOFWo6qHvvy3eEITRZ4n4ZOdll4ZWfpKjYO2hJosBB5ZK7Y0uFvOr4SuUYtD1yVJACyGlW0P0PGb28Nu1FjwlcZ77jrc+GAGnIBW4K9fnvYPeEZnnKDDFmvPG0ZvLaVlsdroC/nGqCW6WjmFwBEh1UPD/vqx6ESGhLNTNQ+jshuqS44S7jrVhzs1Wf795LzxOBprsSM0I47OOzGH2i4ayd9QL+cyojiNyuntB20VTIyO1lTofF52OVIRNJIX3DFq2FNeTI2Ln87FSqjlMC1LURZSKeODQk2d8zKUPlcoe+R/huikGsKAqa46f+F3btbaUO+coguHBS7zDpzBIJShT/Sss+atDqsYD5uL0RIUebw4NDJeWJUwx7wwo1YXnJEq8PDmtH4WxQaz+i5rd5De5dG/s227/xsgzbQunxKtoentnyIFDEQO/UeRY0eouiCP3EBfmOsdIa0yzVMU/pCt4XKlRkBmN7D5pk9ml8W19Mi+YPMrdQkfl0A3q1gbTdkWj7nHdfCCKd34MDvj6c2w5DuGh6I5Cb/bui+yT+KvdbByBKtC8cw8viZvUod0dlId/5fxxWtJlW7idWMtMRRPmnqeob0rGiUtR7puKHVIvRYLL7NcwAq8+Bk1efS9ziDzBBfrFUj+wSN2AbroQAzhCX4vMJZq5Kk7xJDMb47Iv0/dhtEo4DvRWQqiSF2soesbB6eo5tk4NfzXhzxYvgOrUF+hcLpOfbkRRhuJNe3myLjIuFfNWon8tdqflKwzxzckAkoPapdHoS7G/QnlrDNd+38zg2UISCe6zPUOeRcG+X7clBet62H7uerAVpCN0n6px3AIzSp4Z620r1M09Grl3SVPwnED/yjIQ5qCAQhcg4so6d8I3ibJ5BOwFp7h2u5Inn4jzHVaa1YGkWu1DpRxcrcWXQspFUKoDniL0j4ZS41nrjCdhfFJVuNnau2hNe1JMYCtekDGhaFWMYaCGaZQfwsp6R34ytE1ciDmOlBvt2BmGVOUMG63LQ6reER+s/gwKCR5OQP67Fc9AQ95LFRNgBZLxl3/IjTCq1/5iZ+cEPbGvP1fPq3OFWhYsXaBE85vJ545aI6NRia9fSmrS1l/MkWLN3xqBPoA3gixkp X-MS-Exchange-AntiSpam-MessageData-1: vawCJ4/FHKSvTADMDrXdrA8gORr4GgrdaEA= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1e07a1a3-80d1-4a33-76df-08debfd1dd63 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:21.8033 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2ZFP7lgMEn/FpqmlTvX3Ug6q99RaE3wnfLWpWYn9fQo/oigD2oeeC++ymH5NjpXpKR4iWKZNOdJmGHoPZStSbj1y9D1La9ksUWLA224+WeM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR10MB9577 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IrDGszLm; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When running in rootless mode, cleaning the build directory from outside the build environment is a non trivial task due to mixed file ownerships. To simplify this, we introduce the isar-clean-builddir script that can perform the cleanup without requiring root privileges. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 5 +++ scripts/isar-clean-builddir | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 scripts/isar-clean-builddir diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 74801070..da6a4f26 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1124,3 +1124,8 @@ This internally switches the chroot mode from `schroot` to `unshare`. When using kas, the `build_system` needs to be set to `isar-rootless`, but the final interfaces still need to be clarified. Further, kas patches are needed (for details, check the kas mailing list). + +Note, that the build dir may contain files that were generated within the rootless +environment and cannot be deleted from the outside by the calling user. To simplify +the cleanup, we provide the `isar-clean-builddir` script that helps purging +directories with mixed ownerships (without requiring root privileges). diff --git a/scripts/isar-clean-builddir b/scripts/isar-clean-builddir new file mode 100755 index 00000000..6bc90b1d --- /dev/null +++ b/scripts/isar-clean-builddir @@ -0,0 +1,73 @@ +#!/bin/sh +# isar-clean-builddir - Clean the build/tmp directory +# +# This script removes all files from the specified directory, including those +# owned by other users (which requires elevated privileges). +# +# Rootless Mode: +# When --rootless is specified, no privileged commands are executed. This +# requires that the UID namespace where files were generated matches the +# cleanup environment. When running from a container, this script must be +# called from within the same container. +# +# Part of the Isar API. External tools may call this script for cleanup. +# +# Copyright (c) Siemens AG, 2026 +# SPDX-License-Identifier: MIT + +DRY_RUN=0 +ROOTLESS=0 + +usage() +{ + EXIT_CODE="$1" + SELF="isar-clean-builddir" + printf "%b" "Usage: ${SELF} [--rootless] [--dry-run] [dir]\n" + + exit "${EXIT_CODE:-1}" +} + +while [ $# -gt 0 ]; do + case "$1" in + --dry-run) + DRY_RUN=1 + shift 1 + ;; + -h | --help) + usage 0 + ;; + --rootless) + ROOTLESS=1 + shift 1 + ;; + --*) + usage 1 + ;; + *) + break + ;; + esac +done + +[ $# -eq 1 ] || usage 1 +if ! [ -d "$1" ]; then + echo "error: \"$1\" is not a directory" + exit 1 +fi + +if [ $ROOTLESS -eq 1 ]; then + PRIVILEGED_CMD="unshare --map-auto --map-root-user --keep-caps" +else + PRIVILEGED_CMD="sudo" +fi + +if [ $DRY_RUN -eq 1 ]; then + echo "dry-run, not executing" + DRY_RUN_PREFIX="/bin/echo" +fi + +# clean all files that do not belong to us +# shellcheck disable=2086 +find "$1" \( ! -user "$(whoami)" -type d -prune \) -exec $DRY_RUN_PREFIX $PRIVILEGED_CMD rm -rf {} \; +# clean remaining files +$DRY_RUN_PREFIX rm -rf "$1" From patchwork Mon Jun 1 11:34:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5103 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:40 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f63.google.com (mail-pj1-f63.google.com [209.85.216.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZad4024870 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:37 +0200 Received: by mail-pj1-f63.google.com with SMTP id 98e67ed59e1d1-36b9d265308sf3053124a91.2 for ; Mon, 01 Jun 2026 04:35:37 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313730; cv=pass; d=google.com; s=arc-20240605; b=HOT5wS5DfVw5+wTmVE8qQ7mVO31fVeTF0sq2Eu2CRwqRX7qzR+e4SBof9Pi9MbZ53p 8bH08wxeVo4vOKNVLbfksZtatBNLyHqTmVL6eaATOg/3SPmPfXu3EgzK26d+u1f2zN/Z ljoUgXlf6tu2uawYmwmoWLtO53Int2AyPMKAy9JgWQaW/G333jVk7QQmceqxDUR24O6d 0liJL7VOKcM316LLpzozkXmmdzh0NJkOQ6x3rkFlQtdWUUxP6Dd2cNj4KF4OVvgr0czb Y3TM5tXJTC6WjVUpdD+GX+GyCo3aUkNqlqo3giCwOOfeqRK7jwrRBCOzz192NJGtZ/z2 LLMg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=L5Fct3VCSFoltR5tASE7mcAU/KhyPrmittIHBdE/Aks=; fh=SrdGtI4ZsMk5mkQZD9g/PKLS7icE4R92SOT3H0LzQvk=; b=IpmfcAt8P9bbu4ixAkO0v0qoAbYnFYw+/HJuCrqoCoX8mBpWwgd2pQKsIUjBK2d4YL pOXP2ynjbGp3HwMdYkragpNckAaFFhWcACpXddeDP9nMs7fg6DXypOrphZUUm2jABWrf ij4GE0vXlNYv7h0wKMMX7b/Tx0pyIHkZ/ufTpOLF2ss86Vm6PwNJ58o1izOdEE4rdBLQ /sERHETxCfFB7v3v3MraLMe7qdOwbB3T+RwwclHNtJ0QShnT6/WuYUDkUjEPM8LvT8d4 y9pskrnm56dabylhNqV4KjCSptP3MEBI5QAWqiNbAD6jt5yegmYdxWH0U30rJ/l2k6De +ZgQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SoTS2lBW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313730; x=1780918530; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=L5Fct3VCSFoltR5tASE7mcAU/KhyPrmittIHBdE/Aks=; b=Qg+jccz+J+CskeXo5Mzz4MjYN7i60nOW3uGoD7E08wsRSU+vtCxtTT2rTEO+AZmLsR snz8FJ0oteFeepXjz30LHWugzakgFXSYJrbmYj9ba9akdw1C6VE8lECLsVjfkkO0hPK5 /Z4FwlYv2yP5mbt9zeK30bEGOD3rxJCFAWnGLxWwVYB7iC5QJPadsXF+q8o31Hj0mFm+ r8Qg3PSRf/rAKTsELrVTJszAlMtSHP0d9MgoVm3z8HDNIQP4BSwT1nXy72JzajbCJUxQ w+uy07Ev07Ai3Qc87BLB3fLWB1rFdo75FtAGZBftbB7ozNCwtGMJ6N9qXvD9svAmfApc dOjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313730; x=1780918530; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L5Fct3VCSFoltR5tASE7mcAU/KhyPrmittIHBdE/Aks=; b=ShmLyrql/qjry8gHAvrZ8c+dONLPxw8ojTuRApPTGmYJqhg7hpAlJIsa9rKJbDJqga gMqzDIC5RLoMECPGxAcJkkEJxO/eNb0ClYZA10aewW5ysVLkoYJCtash/3o0rtbPWykV A0VABDBUxS1VkeTqSRq9uolCwoKMvqkllsDkoSaCuipowY0uXTewXKi90Yxbzsr6dbXq nW9uMZgP4E84WuL7ZqzK6lb+vAmGRfsJhFGl90zBtg0sdzveNa6SX/LHKoUB7emw085H BUL0RE5mAzqNDaJJvgSIqvdFLSNpG+a4xCuJx3mndklr9JeoIkUiwLvrWXrLSPs4+CCw AJ4w== X-Forwarded-Encrypted: i=3; AFNElJ+vC7IBD32yBMhcqNYFpsM4pJ059764/8xj/aKMhyjMGtMrhA6dPk0w7Ti5hAL9pMWvpONJKRA=@isar-build.org X-Gm-Message-State: AOJu0YxWlHy+/WNbbOe0KixjErT2PN9+BVePLsyAYRTsytUgygoSbrki kA8mCZpEA7nAfJaofMkxum5d++sUR+8Tnn4rCHWqzGQRVXskMf9QFBC9 X-Received: by 2002:a17:90a:d00b:b0:36b:9798:4f67 with SMTP id 98e67ed59e1d1-36c4ff6b1e6mr9813000a91.8.1780313730390; Mon, 01 Jun 2026 04:35:30 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMON35eaWzqsUyT/xilixGs0bJ/jCqoL8LeGv91oGvci9A==" Received: by 2002:a17:90b:3781:b0:36b:c173:efff with SMTP id 98e67ed59e1d1-36bc1740346ls3564323a91.1.-pod-prod-05-us; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-Received: by 2002:a17:90b:5286:b0:36a:8240:2477 with SMTP id 98e67ed59e1d1-36c59abd658mr10491440a91.19.1780313729037; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313729; cv=pass; d=google.com; s=arc-20240605; b=d4zrgorecUrWNoRkvMZJSihwySpTyh/JechO06Fhmp2simhmNuv5OS9IcPISpM5vT7 /Sozy1EHQRenRX+7N46MFHMQ+cRiXPptkVDYLGLSW7J1UavTprgqlmA60zU2GxLvemYf BvnE0d1TMVkXL/MAnBn0rruIUiH5BnqSyBxIU29YpOWF4nMDejm1mtizmfPcT/9V6Gpt K0zAo8eWtRF9wM8kYC9oOWWlTlDAHQskaBIdFo7EEN5cNTgrACnHUGHC+TyvXz2z6zJi HV+808rkikiRNTu7RDeWlDGyvXYvksCG12wOd5KsHWoT6xr/R183oqL1pM73sjWLxOeO kqFw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=VRqFE3i0n1gbrIKs6wQZ05Eqf4PiQQ7+OBwHh6uZUAhmVmj22bCJYsvRnprJEasp5I 8c1nLO71LH3btmROLzFpYSw4w+VuPx3UoFx9Nz5ktuqdLAPcjNq9HBPDFc5pezUMut+T WHdxWEFUb9EsoRsMYijuEfc2jKo++V5kMe9eDUuYzPtAjCT3w1jrtHl4kaWUu/FUUARp SB2kWzZrmDWr5Z8supsxW2OPNQUZFN2yz2akF11flQg3ftAfrJ4LM2XyaGfnElBw69vm Kv5fD0xIYV5MFkEpfFwfM+HUOfbUcS49PTVgtX5hnSyGC+kTRIlJxu9NAZBhPFLeaXJs 1wNA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SoTS2lBW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36bbfc9830bsi359915a91.1.2026.06.01.04.35.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:29 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ag0GiWKF4QGVAVSX+XzbyOhh+0FXR3veGSkjiXj44SEmV0rONxHGe5aOzo6i5uz6mwYfDBvgyqDfWTY4LlCZNbd4YHkPFSlxQtf43BtzKq1SiTrRwbJTCKdmUH+cSuJnQIl0fuVOH7iDmMPxDlQwDRtEJ2GtoN0L+Peav5phC48GuzxLLMzIuxFcovkSTHH8k6fCnQ7XTSph+Lj4khXKM/dbSJb16lx4zRnlT7SR1dE/051es5Lum0SYeZPMCSIwgkPkV7ODu5DbLZ7AzOIn2WLVm0Kxn15TxjHegRxlvK89R6w2rYXD4x7+YmNz5gh3qJ7kqpwk4LePmFU4j9AZcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; b=gWKmomIraJkVLol9d4BWzp0n2xScoQHMXFgyd6dVlXo13qJSRxKhJFeLmAhJFhQOk5l5hfcVAPsOFM+6/XRKrhMLHpFpqPS9DbTNLOxiP0Z9hAtKs3cb/BYyDpwT9GCnI/1qfuLps29Oijua6s28K9VpzJyVMyu+Rle4cFJFvjIA6xq5R81OFMkpK76z7YaUrKcnCOgPIL9ZtSlXAUQ1bYzcccaboomF1PLnK85VM82tU2FXcVcqRwEie1/GqQaovpQbA92ucDgTTWx+ICO0sTAp08c7DoJx5jYfMWSfYnhwcuGbCc9GKI5swV+it0dNaxsHaghLbF3kEgdBOO2zcQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:35:23 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:22 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 12/17] apt-fetcher: implement support for unshare backend Date: Mon, 1 Jun 2026 13:34:59 +0200 Message-ID: <20260601113505.2898877-13-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: 2266c910-75c7-433e-b2d1-08debfd1ddc9 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: hoba1HIOvchSOtPrD6qiR9WmZjO065DWGrwN76odeh+vk8FwuI26Kpxfs21lNQe9MG/Er6mH1lfnRa2cdozgSJEaYlH3zQaDFcSqExuci08wyIYcE0Bku93wxA285ESMSnduUdEBPybTWIcD8ZiQHNYjF2th+poV251LX/IwdH4KUbD5UFtNUmlD4g2NZsPvL49N/D8+AMGohq4kI4pMYRInCBepmM/HK/0A56sy6Qly5YbUlWc4FtLtdXmmrZFY59FnrzAkh4vgwBc76MvwEFEcwhEuI6Xr9tQ9WBFIWS4PlnYj6WH5cAtXNQ70Spc4qG9ctBAklJbSGToKK9gwJTNbyy5u7elGCqHsAJpO8KplfLLds7ZN7vKWyivp3meGGVvyFe0ovRMewEasIeQyLWzxFyax/uumzjaorr+MGy4cg8oDdSZnqD1WOjbgXrh4k4OMN2+MT7sVnOTpBCp+JZ4/8Sno2z+eB9AI1aWNTqwsjERDDBVXbgJPWLcmnqwu1hmr6z7Tu0fojU9dm6+Wz3kYF2EgZ1qPnrsocWWREoyY2btQjWWu8+uH/oucUlVWKql6FvEEzUv6DxQnqJDluchxEEwtSDFQIXC9CMDeCnfmWuu3cYWOLf6vx/PiBYSbBip0FKN9r2vMjbXwB2EzicfdWZLX/QnRWvXsmKQqWe0faY0vGjBEriUJ1q/h0Wpt X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: ShjUyKm3Gv6os36MvLIxLJdf8nh24qsinqoOGH8tI/OmhsncaML/iImu0mR7ebHyzp3n83NdvvSA0wIMqJbq4q1G2pXXZ6lEE0FEjhMkhfsmRr+Hw9w1kKTKBde/6EoVKDSGRAt18bGpKHKfIOoFPj1ws1LkZhZNpsaiFrdPxcFd3M7R5c5HWhu1mcUJbp1cv+FOgaejTY3i56KrCIp6wQySwn1a0hVkpb8prQjhzW7XeAH2x6daNnPbPakyXKTYElApxm1wT+cprtmaQcdhFzNxIVfANq0qyhgR8xlk7/Zb9KSsIq/IsQN+FIzTPfROzyxApHZTHGaYuYjmlGQtBPhOTaM/F1eKvfc4POfNf7xPi/hI0iCS5mRJHfmukM583AHIoETsBVKdmrRQvqpIsBuOhjY5hn/4xwXWxypce3WfrW/jzcjGkt6ekR435Vr6iDhok5BFFcBMO1YptoOpEyb90a7DsADemdeQM9+s8sYErwHe+EMbjkvnaLBbyiTPZDdrK+jSjYRzYepqUPrCOcS9AMg35RnEZ4oTfT1fifYDGS6OGiLRn7S2CGrlkz05TX0q6dcSN/rFEU+kPCG79w3dxmxDjhdQUlBP3jd//xMk1okRSFGiXAwKOIYak4zkce7SCO6BxnOEzANOL2C6kp2dn+EHygEYwbpVxEX16FDCai1b3gsbpT1dm9JxUd8qWCilNxpJzcfFAYW4NQUlpj2axwtGPIv2ySHHpJwbS+Fbymiz8cRhSklZobp4b1jmV9Qum12dgqX3czTXIplLRq2iLhkDWD/ioSwIIka0ubykSFOTZs04AA7oGSSe5cYRCYSlf/4nDvankx/6bZJp5ZpB8UdTjTAeMTcTOYM4hYBpFr4QD6atPVaolHzxMwO4P8C6Ob9sXuq7hBSXH2IKqGJ0JvGdN8djCA/ErKT/vo5aBYdC8eyB89euWL/N9ZC4ID1oFJKGX3qwuIfkfxGtiIAab9WaJbBPkDVBm7tNNX35IZoZ/yPr09xvobgn9mqbMT0vYNS3jThOP3E9AbObQs2XgUdsqCWCA+7PpiTgrR0EOwnPckkMxsGJfpa/qGaJXGDUQUMYS0xvyzhi1iZMLfk93Hen7Q6Vv/IzfI5ZY9+HtBx+Hh1ecu7AwKoPFC0DydwVHEya+xjKjD+AKVYNVEWUHy7scmipugZ2IXcFeDzepW0rQ6HbmYSGVCMybcLJsIvV7KWfE1qkZ3Xc6d4IkFYK9vnH0q9NDK6Lrxnq+ozidgQ6UVsSPu8ZRlQ1lQCfUMp9J6MaqdOWB/oxpGoGUTTUtOPbctVH+bX9blyLhUBOpBRKHzVcXPy80xNeVIS/yGJx3rnYkJdAco7KOwIwHWoYp08w5m1g4Rg2N2t2RuSMyR5xsFhiUTFa2vonG7PSrCrS937eC2717ekk3UpCuwaj1sA0iE0P6X9nhxHMzrkF/ud+0PpwUTu3J8GqcBLb1+Z5vualDXLro1R7MTD8xFQcxOpVG6X7cxzYSN39kgttzOlGlh8DFA85UGjhbcTBZH7WJ7PZ2MwgKb+3JjDyr+6yYoKZhEdSC61n3liTyNxYEzyQou9i2WxeMs78iomhXOYpkeSC1jYkImAqkusUf6kyPxaPKBUwvj1BHwcGg7pHPnm+K96ONNY1VJGNT1rcDXiwnxb7jwmVpMYvizh7xcDqjyzOafWaapGc6eB1RUxzqYS5zO6wVIcVChz7PSudDMVt56wwh9K90EfApgk/Lfzl7W5lyEWdFfbnhEWGzUHSrnkiRIpdoFMpSktsBzmxlvCzNVmF X-MS-Exchange-AntiSpam-MessageData-1: 8jfBo7j/3+qCTIYt4AahGwIVSQNhhixuluA= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2266c910-75c7-433e-b2d1-08debfd1ddc9 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:22.4603 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rwlNYbEtsXgD3yDGTxMHbKSnl286LYKa02BOWXn9Wi2mM2Mp+tJEOlQRsrX8KVG23qf1Z5Sr7F3l2zUpo6R1xwbeVtxbnl/tq9CESp+KvHU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SoTS2lBW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/lib/aptsrc_fetcher.py | 75 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 1d133aae..933480ea 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -7,10 +7,13 @@ from bb.fetch2 import FetchError from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import runfetchcmd +import os class AptSrc(FetchMethod): @classmethod def create(cls, d): + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + return AptSrcUnshare() return AptSrcSchroot() def supports(self, ud, d): @@ -92,3 +95,75 @@ class AptSrcSchroot(AptSrc): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) + + +class AptSrcUnshare(AptSrc): + def _setup_chroot(self, rootfsdir, d): + sbuild_chroot = d.getVar('SBUILD_CHROOT') + unshare_cmd = d.getVar('RUN_PRIVILEGED_CMD') + + runfetchcmd( + f''' +{unshare_cmd} /bin/bash -s </dev/null; + tar -c --owner=0 --group=0 --numeric-owner . + ' +EOF + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.unlockfile(lockfile) + self._teardown_chroot(rootfsdir, d) + + def unpack(self, ud, rootdir, d): + workdir = d.getVar('WORKDIR') + rootfsdir = os.path.join(workdir, 'rootfs-fetcher') + extractto = f'{d.getVar("S")}.dpkg' + bb.utils.remove(extractto, recurse=True) + + try: + runfetchcmd(f''' + set -e + find {self.localpath(ud, d)} -print -type f -name '*.dsc' -exec dpkg-source -su -x {{}} {extractto} \\; + find {extractto} -mindepth 1 -maxdepth 1 -exec mv {{}} {d.getVar('S')}/ \\; + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.remove(extractto, recurse=True) + self._teardown_chroot(rootfsdir, d) From patchwork Mon Jun 1 11:35:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5102 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:39 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f61.google.com (mail-pj1-f61.google.com [209.85.216.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZZSH024825 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:36 +0200 Received: by mail-pj1-f61.google.com with SMTP id 98e67ed59e1d1-36bd4146cb2sf2940017a91.1 for ; Mon, 01 Jun 2026 04:35:36 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313730; cv=pass; d=google.com; s=arc-20240605; b=KuvVFpXYX3sFCsa7+7ymdgG9aIt98kNG8nain2NzXCZgsw0tVLcwT1Oqi00ztW28tF 5iSbfAcLlJ5jFnvZdLWBu2wIAuvr4GaziUi4syhzO+8C5bs/S/1WUOZ8nKlhRiIveCDL V7v1pWVqOZmiybUraQgxi2mnU8qJmo0RvKr6y7FyZ7cSktEpl79U3vpxw43Cl1v921Ru kpmzaKHprJmOBZTSNeNhZp0UuH8xOwfVavy30zTCX8OLLphktBQHeQVLqzSC9dOydGrx pEATTV3+rdtBXhAmAQvCU84wPiBx00XS4e9rqtiFEPB+Dzm3tlW35gOcNLZRSJQZI2cK DtHg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=SyBxg/2x5RMAoceXHIacAmemE2QEaaem9BwiGn8Jiz8=; fh=HhNxs9JsNLGbQ0yW1SIFAlfwBNnNXUwbspdCQrRp7zA=; b=TuAGiJAzGSbB2cT+uB/OGfg5QYSWtBCucqPPzC6Vxs6t+JatiqyUewsoRf15sIAgq9 Mv3QxvEilvoYJ7Xos7XHAANTvRAMtA5VU/TTyHx1Z85CnncCZXHjF776bweF92n1F72z qtuqIbtW0cAS9ixXWShoTvgg43nY+8RZdLXVoVpXmMGvTnD/BE9uOqXOYA77+ZyU5F6s T593boecYHYBkDjog5msw3geMTHNzeM5Va/gEZwl3rLH5ovbCFp/zKXAWlilDMSRdDSw B60vH69ePerJxGM9l7H1xZzBVu4dqmdf+cea/S3sp6/UjNFpivM42K8u0OriA11Xx2oB kUKQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RPAFPU9k; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313730; x=1780918530; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=SyBxg/2x5RMAoceXHIacAmemE2QEaaem9BwiGn8Jiz8=; b=oexKJPHK9qqpacI0N//+0vuLgw5sDDLmXUdi/9YvqakLbMlpdDYwWKPT8iMObZKKQu lCadRF02WQE8sCDtRONbxSMQrbqxC3nqUmLsMSsz6QRcjBQxBfTSeCbIRXS3/CExYym0 SPID+iD+0XC47mz9/NqXeUDQB9xMY9rji4oqWCZRrb3ni6IpXYtN1ElOiRqZb1TjZA/W XW1Rwp+Rw8OJP0A8KiaZEbfPk1PMsbk2UiN0ReFsjtQ62J/BjPJakIEOvsSyO2QEbC0f d0E6UP0TQAeHcUEwpiBd2P/GigzRQLigT/i4g/vh3es+3G0PKVZxo15jdZarY5B1Yzm7 65/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313730; x=1780918530; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SyBxg/2x5RMAoceXHIacAmemE2QEaaem9BwiGn8Jiz8=; b=Tq8wrs8WrrkbtNQlvpB3F6iucdu6YLvxef5ez+eZa97f3t8MQRe4U77xcnUnS09CUz bX06cC5rRs9Sb9OAnKCgPVdmYZmlnUknoLIxwyl9n6UsDEtMTj2/764rfZPzJjXIFl7+ HUec1wvFoxZE61G9Vz38EOoMxBiu3hlnNPlPD0+lG3jlvrH6Rbh6O8x19Woy/0x/B660 6syG3ZOBPkzanR3Mjwdy3Po8ktq3eZdesBwYsUKzxDQTO01kitklaGlustEV35w11mfr Dyyc3+mytv3jnq5eTuAmnhPzJOKSkCdaYkLzpEF+k5085yvXoMHpb8czgT2uOUOi9+K3 Vk8Q== X-Forwarded-Encrypted: i=3; AFNElJ/pj4LDrvdYDdpVct8MarolmJ186AruMN5Cu3GThjHAEG9MqjwvaT1NrMHgeycVB9myLizZEog=@isar-build.org X-Gm-Message-State: AOJu0YxJEbltra2acLBj6CYwLROYmZaOUAWA1vDUWB8W9t9r6es/OaGE tkPn5juuUZOukpIGqlWJEWr1qU+oOwxk4JR6CkEeNiqqtxFOyfcpvg+/ X-Received: by 2002:a17:90b:3606:b0:36d:630a:c4e4 with SMTP id 98e67ed59e1d1-36d630ac782mr4198101a91.3.1780313729864; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMOSCkqOYmoLSE9MyvPfoBFoCL60r9w5lGAdUNRsby1Ybg==" Received: by 2002:a17:90a:bb94:b0:35f:be73:26fd with SMTP id 98e67ed59e1d1-36b774a928els2402228a91.2.-pod-prod-00-us; Mon, 01 Jun 2026 04:35:28 -0700 (PDT) X-Received: by 2002:a17:90b:48ca:b0:36b:8e97:fb06 with SMTP id 98e67ed59e1d1-36beb5774c1mr7661813a91.8.1780313728450; Mon, 01 Jun 2026 04:35:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313728; cv=pass; d=google.com; s=arc-20240605; b=IWaRly2skBe2REVgkFZTt1gCVbXr93jH6imiuaVlXHCNDJ1Mo9ECXSEOwKiWrVb7bQ AB81RVgwll21OwGnP/UxdcXbPeMzrIXbSzQYstW1p0BAQRzrPqTg+Atb049yJbZfs56B Lj+aSgXX5RFY5hJ9hSF3YvLOy4MbNbbxExYbyeaxMEYyODowO6NuUd8437d8OPJeod8g CZu/s2TA1ScNfKMM2iD39aUx7N//k5r7VYjFjFwKaGEZRuyDQgqz4kUFRpqkNvrQ+uUC 1FxVPg29OqupAmVZKvfoyWD9hP3wCsRWShSysfJZ3ysP3pjUPBVeDWlw2wJCQTinWrjk 48xQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=SUsjov9wehMAJDellb0iL3zpLElVVDiXIw0zlrf8xWkKJMpWn+RdOmvNkHf+zsn3uy UfxSLHVBNMP8dhssAJc6UEqNVBz7cywszkkwCd2qKMGw67V1CNeIidHkjdXZrS5a7Rn+ ohEdptvL80+LV7CFLplIHtbHLFHbrtUbWPu1BfOjizkMU1os8aiEmNIfED8cJtXBIky5 bJSqnRdmmu9634E6AbLh+rAAF9PeHLurMfbS8zWe2CtLMBNfJH2sh9BlihAGy4C/o0+6 rRWTEPYVfnMoitvWhRzmAMbcWqZSrFxpneibabf0Rrmi8/iyUqsa5SBhf85+91LruFVn 8LRg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RPAFPU9k; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36bbfc9830bsi359915a91.1.2026.06.01.04.35.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:28 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SxQhwfxS1lPQF1KlOpkMI6qtblgF4vPhVrIQ33j/KofU82LDyq2yiu4MUOa2IxW/BkPymDDtTxsQsKCylGL2YxY29C+6F7obuSts7dc1QyU+CYJauwOJVfYw9jsMCu29I2QnpVDb1OWA1+8llKteu6aQfQr/mLX5xDfV040SbyLpiFFAu+kbyqhQNqkc/LjMXE/5fB7mX19+joNBEzMX3zV2bEeIleIJHyZrbJK6wueTtdbHUgrsYLv381VCtMcBd4L0llqL8qvvvXEdpfmmoQa4L/tcAAWz8LhbAQ9752pdOZG26Ix/q4rJEMsXrmDWydlId4BOaBN/EMPlRpQ/9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; b=dxQ7F1+u7V70zHAO/Hz8aYXhuEY/98PN0AwaP0w0OvdIlZDKprwCn4MPATnDuvUfsLjrF6h651uPs2hB6jw0Nfm679htDfYLnJkygIBKBACt5olQKz3Yu0PVLQUUVkCegu2maaBXuS2InMQQbiUJWXSc5afdyGnaZD9SLKGhrP4qPUASLEFgl867yK/8xXSsUhn+ejB3XcfZBt8IywOVlX3axkNGyJVGytR4m1WSvG7/6JR81Mk5hiO7lli5Rl6dpFCVpIcyPf1gtQn1S70zlNx67SXyKCd2AiX/38g77DxYApml/ljduu1/zKYauwCAPhmSj4faNn8LpgeWKs0HLQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:35:23 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:23 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 13/17] dpkg-source: implement multiarch support for unshare backend Date: Mon, 1 Jun 2026 13:35:00 +0200 Message-ID: <20260601113505.2898877-14-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: 8c230396-b634-430f-640c-08debfd1de28 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006|5023799004; X-Microsoft-Antispam-Message-Info: oy7Rn+qMT2K/AmtBgyTLkGKYSe9P7TxcVz7eoyQpwAJhDBHnLXPrBFSB+XYgbGNn0VBZSwLXb7fBC7kVY3UA7jkQUKA5mMb75J4X3BaVvZU1YhrMPLnfhos494YPPZ9RFKp6Z6uRBkf4NfDBjMSeeBCISgENQqiF9qAWwWiOA+3vTkE+TNJwe88a5FOigZRiOsyj2ILFpA/qETCOWmjz9r56qtuQUuaaukGbgvbcydHe3AAjiGKiPI5YSZMdVy19nikRz/uf7IHVkoWVVneSaEnYLnPLc88HU9S/5euhvqnwZ+8gCacTDg1vP1/4qc5IagoC2iM8+Lnxc8k4IEYzMDrStQWzJnEJIu1tbtY7/ltQa0utp98rFXAAYdbJZRU1GLA4vDk+Ypz/ImBDnBhI9hzk8yCQswga6znmUboFMLdhPaL9OPXlMplEkxHuwFsy4JH2JKREhFTjAj4Y+B0xlT7vMa8rMECviios3VM7mHTfDZcf5GyGbIfTRvJzitNwVA2AIksVKU+3et38QHeiyLqsglP4Oq1FqAGQpBmhjuukLIhF9AWoiT1vfLNTgmBDX+XvSpwjPkWLnJHJUMmyR8q8pNJ4GIhDyfKtcY2CNPE5I8Hi416HCi4WDR7mZCa0N+zzJHXd5UgB7f+JWQIpS+ZkRSR5nIA9sITc9sud54gQrxeboE5SVMs5SR7HDiA+ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006)(5023799004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: L+5x8bzhVWuvKN1XK0uNai0wjim6j1/TerXHA4WuL4T7/nDuhKKsz4py7RqSzdynnk3NUVQj6P97WxGmPE0a7Tve7tizH7XKDdqwoVQhw7+/gmcpyqaCW6pr/Qfu220Q/Lu3BlELjtgaN/kPXpt74KKViMHQC8nro35eVGDTlpiXorDlf8wmn5PzsSIYgTSBROUE7zqfyVN86SfWqd+m6S5rD62qPcWNK7ZE/ouCHBbErWlHxy7bPdC3EFmeI4qnik1OuFF78fSoejD76+hVITLEPlKB170U5kn3A8g+w/XQKYG8gODXNsl8BYcRCxKA29LMz6BclzbE/hWShyzi5oJlDRkGeu5Na8AUUwdPnrItoPvfuVJWKd6s2ISLLn2DfB098T412VHi0lYmIcZE4ysWVVq3pX5NVpsaqFtuyfMeCCXX5t2AWzGBJq1D/Y1COL/xBbaOgXmBEoza3kqrlHPi5CpF2NgLnLhuO9cOACAsj1WdPBWNvCf2EvQlG/HBBAm1WvJtbD79y/bUVrKSo8AjZ2xXXdNbPniZ3eqpwwJlren7ZHQ/UAKeMpTCkAkrCBqDBcFtgzXN//9/VPHQDN7dWNaunLK7KbMhKMGbJWl7vsrVXs9iuNxulVx/eSOttO+1pfdk0XEqdK0/9YArRWuNd5RGmSuwmnibCAXB1kBgpZrOwNbX5bWyKgjhKqrTlGgr4bG7IHsYoL97UE0Tzbdr6raGRcORGAXaWy9dtEmdK04r9wmFrzmtb5edTIl9hI2Qg00M+Jla4C+MuQuPed28KHDbh4F8r2oOpqNS2LuDw7mL6A4/vkP0Ij5yIjb33VOYwB94/QxW9Q1d0h+3S/8vHHUhdV2ujZtyGbaI9/ydyRKD1aZWnI64UTuMRDL+FhvQ49vyypFrLX6vjgW34pmYCb53ZPLrMTZiktUB0YE2vKUPxHvCNgBVQbOfgCuaScr91M0P6G2/xtjoIulbu3/g3r2Ecfrr1OA2IPvut7iyxJASOSqDKPphtqxdxyAHC3ecEvQLxao2O14N3PmvRyFJNGYjSUrL3vNUx3V28OhrOt6maOjIDOxAOsCDSw69cHtrdNXX+qoJcVplOASH2ZrWQewyRGRCn0DNu/uZy2SXw9QbMk3Z7n4NTxSTdrEdZKnTDflA0kWMID5+cOVvM543Xtu1S6A8TXT/18ijl9m9hjlJDxYG2j2F4RC6aW9M805U9x6V3ewAwU913iGJHicErxK4QwnPOp+z6/i6ljV87tx1ueiXp2fo2CKmFC45+LSMl3xPjbZdViAibkL1ahxIlS0B2UNRAqvTfhOs8SmmqJf/1hTMvfN5HIqmKGYmVuRVXvOAEHxBWYPuy3HcTGFeWs1a38rAnFIava+SaOURMLTkFZPz6glCuQ6LgMZpMiROxVHYMPLwfQXog8+81yTv5B0nTxPKtcegsraH2gOUcgCs2bx2WdzNfYYVTWXzmJnrDsRTml2AXtSKs4dX8n+Mz6Z0SJLIusLbt582rtat24SGGZtjaoOJgr+LwWQO1ZjpVJApCjWEX4Lm7G56n8wBzeVoqdxd4ZYFmQgkUHQIWK8y0x6qTiL142HM6h/401iZEZIpoTVnsqi/7IxuJdWbJK/K1XJh/Ohsr8NJiXITLwEJ8TH4vJUd7uuIVrC2KWyGraMW1mJZOKv5FtZWbl+6rkdPyfrahvNZHwHT/2OdHMXB2xvB+5qtjlfOdnAxWy5hAKjYp+h4ThEg6NQQNg2FOJfLMf+vn8PC0pusqqUZCsjOCNGjOKhsP4sFQ/RENyXSTMJg X-MS-Exchange-AntiSpam-MessageData-1: 5PpPeOPVt2MbiGpUhEgE5SBTXpH3lXwbCwA= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8c230396-b634-430f-640c-08debfd1de28 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:23.0530 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NZeTct027cqHoECIJON6gspRNmmC3avjKAIfBgVKV8D75U2kK8mxHPjxishizao86i32T6jP+yWPLYzG0W1VJd39Z/oyMOzdz243UeKGYXc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RPAFPU9k; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The fetching of a common source package needs to happen in the chroot. Previously we only had an implementation for the schroot backend, but we also need one for unshare, which is added here. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-source.bbclass | 38 ++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index 629796d6..a1848473 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -52,10 +52,7 @@ do_dpkg_build[depends] += "${BPN}:do_deploy_source" SCHROOT_MOUNTS = "${WORKDIR}:/work ${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" -do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" -do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" -do_fetch_common_source[network] = "${TASK_USE_SUDO}" -do_fetch_common_source() { +fetch_common_source_schroot() { schroot_create_configs insert_mounts @@ -83,6 +80,39 @@ do_fetch_common_source() { remove_mounts schroot_delete_configs } + +UNSHARE_DPKG_SOURCE_CHROOT = "${WORKDIR}/dpkg-source-chroot" +fetch_common_source_unshare() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${UNSHARE_DPKG_SOURCE_CHROOT} + tar -xf "${SBUILD_CHROOT}" -C ${UNSHARE_DPKG_SOURCE_CHROOT} + + ${@insert_isar_mounts(d, d.getVar('UNSHARE_DPKG_SOURCE_CHROOT'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${UNSHARE_DPKG_SOURCE_CHROOT} /bin/bash -s <<'EOAPT' + set -e + apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" + + cd /work + apt-get -y --download-only --only-source \ + -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" \ + source ${DEBIAN_SOURCE} +EOAPT +EOF + + # run cleanup in separate session to ensure nothing is mounted + run_privileged rm -rf ${UNSHARE_DPKG_SOURCE_CHROOT} +} + +do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" +do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" +do_fetch_common_source[network] = "${TASK_USE_SUDO}" +do_fetch_common_source() { + fetch_common_source_${ISAR_CHROOT_MODE} +} addtask fetch_common_source do_dpkg_build[depends] += "${@'${PN}:do_dpkg_source' if '${PN}' == '${BPN}' else '${PN}:do_fetch_common_source'}" From patchwork Mon Jun 1 11:35:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5104 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f64.google.com (mail-pj1-f64.google.com [209.85.216.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZaB3024902 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:37 +0200 Received: by mail-pj1-f64.google.com with SMTP id 98e67ed59e1d1-36bd4146cb2sf2940031a91.1 for ; Mon, 01 Jun 2026 04:35:37 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313731; cv=pass; d=google.com; s=arc-20240605; b=B4kG24bheED5XoRZjGDmDjk6UjbJVcDqOquGuMiDgR/H6rFd5JLJz3kIKinb4jDvvO 63tqlgWA+GooKyb92h86wIHu3vCRF6bLR8u9KnZv3COSqFLdrE7/Hk3ZxIN6J7WZGZwQ eLRMz8kT1TzWXGqMD+btDtSAjDjEmFOU3hR9B1SU9IBExCi+zPtM9owGnU8zi/Y5HXQ2 5jpd/3N0BZc1f5mQkF2wKh765Ct/Jgp92ggSb6uBSgpscujTfdKsDNoR5mybUmM7RwPA NInk9kikdIvfPzpdim9jvEeIzzufRJ68IJBnOPoOwLqViOjGyTAl67+kpwvjSvgFr9tv QyEw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; fh=jZEs24u/RSDV5cHpJRGqg2Xwq5dP/DVFEkMs15NyHXo=; b=OE40JaEpxOxJbbYg6qlaHNqsN+1QC++YK0NfOmYABM3WgfRuWHl2wU5TIqzEtMDB27 LpxMzniNp3n9HPnwaske8jp22FVrzLs1IktBRBiw+itkF+Da3nL4IsQFYChWyl69d/FA Qt2VX/yhLW2CZnxsbdNBTcUFIitbauVZnDsBLfx7WLx7+fkGt41Kqm7Q7ylyUmZmJOMW 1oEupPyi3DBsrpdpt0oYLf99izePXqVap7t8eN1ynA68ydppP0yEPYw4AMFp060L/rol 2umr90CR0wIYXzdSLuqvUCdSbP+Dt2TdyBoUHUHeQCz7bGPeC+uWw6KIoUwZgux6n9Zq tc8g==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313731; x=1780918531; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; b=Gci5SUYsP1LwCXNccQn8xmYME06Sy5kxYUquga5fqV5ODQgN7CRBNL0ShuxOJWWum5 TTP7yK/BxBSLkjRqbBbeRTwAgeGZMlixVuX9dcCsqZKJ/aADF7CNsTO6r/oZYLeya4+y DMwn5XMOHqb0/Hf71Mh81/9Z1+tJA6OP5tBg/x8XtEPGKv+vmy5aOC4f0NKFem3EKNz0 VZ+B+prU2bPFClgwuMFUFGEiGVlD7ZXnoefn2KEGH7cV5zee6okGbWebDC7auInd++Ub 5dhuFAZNPSJ0cYEHQ7SHbt5XDv7tNhNgOub2ZkPiIYtFjOJV4HczFoU3sk2KdRncVMNk SF/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313731; x=1780918531; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; b=VRp8eKhzha+wSA9H5AZNUWEvpCI9o1gpWiyhu4gRX8ycCCUQbIDyihlz0VZN+Kb5+2 10Z9/QEz/xKgQ2+PS+ahYqHNWoJeOAQ4x9ayeg7mmR0nKQ3rwKm11gNLqx0BHpXSxNR4 /CwXrSqwoPfujW2OQhvuyOltlJqv/F3GYg6lvonz3gBMBzK6I95k6eidXXiLoP0hQFfy xhwmwRBxgSANiTYbto8YNmlKFgLDnfpwGBtVuPvONqDnIA54fpkb/EeG6mbBNKewUGSS /A8wXSjmx16LgjaPiADiWMoanG/9nlxc/lymlKrrfcNLp8h8PZE08JvDeYB0cmc7Pij9 nL6Q== X-Forwarded-Encrypted: i=3; AFNElJ8pdtq/seS+4GUrfAq/7ZhK6VnvNjDBzm9jYpgsjfV3TNKoQ7tPWnbVlIgWexUsHcki0+5YStM=@isar-build.org X-Gm-Message-State: AOJu0Yx9pXgsN0pB8PSKtQ2/sSdnlV7hkFK09AK7UR9DkxdGZMfS+pqQ 85Usj8Vb1+7W5v39R5ZJHQYOZgdvv4dhRqkV7STiewCBpBRBU2w3R/Uj X-Received: by 2002:a17:90b:1d51:b0:368:3830:a8bd with SMTP id 98e67ed59e1d1-36bbe0b5b21mr11533967a91.7.1780313731323; Mon, 01 Jun 2026 04:35:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMz1ZmXkiZf1tkSlgFoup2/zhraUYnoDQQMN+HTU/ek3g==" Received: by 2002:a17:90b:2e85:b0:36d:b120:8d29 with SMTP id 98e67ed59e1d1-36db1208dc2ls769029a91.0.-pod-prod-00-us; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-Received: by 2002:a17:90b:5445:b0:36d:c138:e0a0 with SMTP id 98e67ed59e1d1-36dc138e22amr1427293a91.2.1780313729641; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313729; cv=pass; d=google.com; s=arc-20240605; b=aBCNqu3eVz8yKqa0zgfispszZ0Q2efke0I9EpcWXWmetvtjaLahw0m38mLmr2siF29 lPV6dGtYtEjUIeHwmUAdQWQT2OvBZ8Zyd2xqVfvr+HjkAlpv6DdFVOosFkOmjWwf1NuT QCxlEhNcWul8T1X54IX1TsZNiS836MZbowMCMCx+Ipdxpz1QpSMbt2XHqzVoajcmIB/B ZGil1mjJQZv/if44J2rHBwfHvKPyNO+WRtOwiREQ90Yp53+fclA935weBuqARJAcSQUj pg/D1ltyu1V8rj1SucBJnUgzBZsFawNFTrDXbijGfwBmv4unCxmKdL6dnVCqPI5q6Kha tdqA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=aY2NW5g9NAy9fouhXkKl1jM/uNfhwO7rqALJuvDh7mbTqkvmGlrxpEvH0C8JnwsybI W5M4WLihi/ME1HQT23b1/EnYtE/MZy+56lpTwf/KOtzf8O82BIcP/SvHrsnYWPGz1btl 0Kol1umYkltuGLg35bvy/NLfQOFabOKYEiyUTNO8DzeiWwyodjDyGPDiNn9DvsNXU5rR fmwJjVIxp+HVrmAmr4siWFjLgqviriwMHugn3XXIJpmT/7Px89QatikHNuROT3VGKMgm SKF0ch+FzkLAIexowWdpKehpWUZHLH1Ee43UQffl09cNM/yrAsL9fTJqcb5wfTvOuujr VIRg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36bbfc9830bsi359915a91.1.2026.06.01.04.35.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:29 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GFPxaanmKPZuO/5kDZ8WiyrsFTqUomYtWmmasUzx6c8Pom1Few5hOHeLcW3x7/SQE2RkMFCk4cchn+l5AQdDPnZBkAicG6znyE0Kw3TSQ9mNPfcbAHsv5l+KQLIcfhBclaH1IRZ4G16GEkuzjfkl9y5lO888MEn3RSFnFqlgwA0uWPONs6bn/XYOimNi9E5zeHzfCRHzIOJT1uekLVoRqAOWejLs02UnPTIPRYr9EcfvgoGOyINSM0oHhpLdxdMiK+U6jrlaf8EZvvbjbDJRr1IrwdLTJ7Z8793ddXktBodeLE2BqYgeekxsSGpd0uL4lcT/OqFCxWlC/O92+Wbazw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=xNP4y3znBJR6tTsIRlv+iHj19mp62QeZXo2z3a/7UUcBBemVums97S/6oQ6czqAgsOBUhjbab9XcvD6ZQXEUtin5Wh+uZDvIqj9V8GIt/SIIwj9Wy5fAARyPpOx3nzSX8h+p2VkPXJGuTzc0fWYf40FYUMIFne6/Z+bLlwmcFzQTbQklldMzNFS46hLdSgTd88HtTnYAX5YtDTd19/jYsyqB+R78WB8nFPKI19nS0G7Q2KEwm1Vzp10uipDO2hrdi+Gmv+GpZ2hLotlsOkhbHbl/0ZXFvosP0plc6+tpHd8AWQDZCZ8rWUxaD1IKrnXtuYjJgtHYUKrlUxOJHHyBXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:35:24 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:23 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 14/17] use copy of sbom-chroot for sbom creation Date: Mon, 1 Jun 2026 13:35:01 +0200 Message-ID: <20260601113505.2898877-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: a7a52cb5-d720-40a7-42bd-08debfd1de85 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006|6133799003; X-Microsoft-Antispam-Message-Info: P6Wpo3Q4FFPzK/wKOZaUr+Sfkt8sk4c9qn0prAIo+tmIhzcYStq4uFgXdgcnJTJo1r72R6ph6WXQhDBsEJ/RiK1rRUeU3fJ+TkJknucJn8kzPndcx2/F26HY3dlQ6edpirdGDRAWVx64ZMvWMmwvVEOT5vtPhPSmynNbzXY5gCnCLZ9Ak0Tj7bCisHE5cjtu/aIgSWor1YWbaFyOXTngN6DUHB7DE+mJ7KM4oyy7zNfqvyLpnVEdKvjkyN94wzZhFImyreac3ynL264RkjAtOK6AYYgFSpJ2pUsPTtrf12LjFpHCrbWS+SgShTSW1FA8fFIVMriUxuXi014K2VOwTF5FbYt2O+z7xRXf7tpurwCo4SZ+CRYStcZ+Ef7My8wJarZHgP2Bu7PCWfRkaG7WuSienzNRTN8d3RA0ZFfqYXR9U251gq7tZ8qA84qM/cSSqQnHDXZ8vYn7KeVIzUWvDE2NwymTZP/XYcESgINPsFNtBKviISqsCPeHtRXk4SLaUtK05YLQICgIIGhs959QAF7LRt9aHmgt3c+1PMbrRf/4PxRGxa4IlWdQQojK61XAOwnARbj7WfHqQkiSIDCE2xu9jGpVV08wW80UVkZJIebiaZ8xqbN+ag/pxD2WT1bWFYKC0ylAwzZQ5QdlsqZoLg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 5V6Jxe5hr9dPvax/TVSJ7AARP/Ya0UOs/jemOpjJmJHDpE6gSRGJYDNapAqpT2tcNOMsuMgYwuEErfoSc2iQj7VkWBtbIhnMHN+lOT48haebFps5KCOVU982uBlzI79QQZcqYZv1tm/JjhUqw5cVu+wfwY+tJAk76nhuYUs/Xy1Jk/pCfqPO8qbRtCFllFKqAWf0/eXxnUWWSMPedIYJES7Ej3crbmmqR5FUF00wNjOgXi6IBxlrwCIVYjWrE+e9Bd51d7d7R9E0SZ00DccCBD8boBOm2KH07zWbddY/4739ijDDHUHHMOEldO84A8D+Eu+9H2eQ8AXMVAx889njiTrX99BcuP32NSxk4rCiey7EiFHVqgqOfwPuP31yDI6lR6Bnp+nxHPLWJP7LqopUIJVcTbuu7w7smZ6ZurEueZqn6WI3FFF6DRz98AuQblXN73anm8ylk/VW9fXBzY2E2boYTbN4upAcbTJgz/PhboidZTmdewPUhWMo12JiTqprD6c6HZNSCFwTDHGDE3aYEQQYU2DxZE9Ylvnv4x14yMCNttZ2DFkLJiXGorwxq45k/UVJowSHaSA1c78MJFJlyg3CEx8I4fXBobs7wGDimIrUdReDS+7cRgV5sv/h2obJvoGEWQq1L+d2Uvyj/1QDZxztJHTqmly0BwR4dR54gohruPSnruy06Bp+d31yL3rTP2crOFwrXvC8is8pwJk597aDIsVSNYpR7qHT2Sycas9E+f50LN+fKIczNOj03XVwVa9EoDKRh+VpawMqdd6s8nL9E6FtFrq07q5/P5E0W6z+vE5hOHhbIgiNIjS3Cqr+Du2vZMSdNYKd5tWbyqr/83VgDR+dRK9NZctVza8Y4it1ICcWkL3PWN6NXNUjbmqTYjPhLTbNjCBUDTMXno+wO1gSEuToecYDQukjc0IDxRudeB/VDemgz8di4MOBnDWt0eHXUd6KDdnn5NR/BQMOLaCoqcJFLjIfVw2aEKFY62IY21UM6S1IIT3bjslhp/DiVWtOMxyjOrLB2MHTuhPz+9WfmHIJ4pWfo9ExgfGmJocTgKTQXWolT/7L85XCpCYb76uI7acXTdfE8c+3l1G6wgAUk52rFPbuB9liOJhvJI6rg2Ok8JWrN96C/lj/ptUou0o8tEoDO5AFPmA/CQaDUmogmqo/Gd6yjXmDgXH3LtVem+zCui0z95c80fcbE7chXNGdhorevmq0yf13ZOtBLwg7grjv8YzVuWsVXagYU4SHYW9NgwvuZ0fy8D2z2gBHwHS+1G8g+V2W1uj+UYwbO1SivWROlWcG/3m6VfaCQ3Wq8ydQSKsbYtQWE6JkSHd2rkibS6+4B8KApnPb2vBVvQlbuhYjESe9RTW0EPIDRKw7FRxQDWkxKNLGbQ9DLaLgCclkGSTSC6IULemwump5iOWf+GdjSQNzI8zGbVKXEmwEYEwhn5XNye7MYqoMhQgNBHdTIBJcwhZ6JIRfW9cegLgl7hZDBW2ykQ7tFjpoUpv3cSBNPMvr82CkE1eb1lpWr8MxfTECWLcBUZvDQ1ZTW1rasRKLYg8a8TEXWrRUn2ykw25VaWgwOKSGrLAkUfzOGWr8sXXHpSDoMaHjRWPpKepzykMFXwPmCeR0oj+jaqgUq/7dXY1QZ829/gB/M6PHQeX15Em2y2l5hOacpIc7JOpJWPyhzM47IM9eLCd/mXdYtHm/5W4TrqLpMZ5f7d8IECIaANaqfwl1CP1SQK57+9xZkfND8zrxEF2cbjQZcFaDApvOAlzYfQE7s8HR7efswNj2K76S X-MS-Exchange-AntiSpam-MessageData-1: LUt3uq+4ccQsV6HqzyA2KsQYCbRGqXisPaQ= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a7a52cb5-d720-40a7-42bd-08debfd1de85 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:23.7016 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7ZTQQGUixb7k1QnsnNpyn4QJ2N7zaesyBefmUQyEwIQ2zKX1XYEp6aOeqg8yr7/5O7kAQyELpz/CdW9YQ7WhmiZkkX1ktSmZIQ1c747XCNY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs From patchwork Mon Jun 1 11:35:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5105 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:36:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f61.google.com (mail-qv1-f61.google.com [209.85.219.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651Badr0025566 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:36:40 +0200 Received: by mail-qv1-f61.google.com with SMTP id 6a1803df08f44-8ccd719a2f2sf30492356d6.0 for ; Mon, 01 Jun 2026 04:36:40 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313794; cv=pass; d=google.com; s=arc-20240605; b=UujsQeDY+AQxXAvhYf5cG76MPDKK/uKu2OSJt0d30NhaxZ0EY+jrOYH9a7J9f7i08E pgYuh5QrHu160E3ifFxHMmTzwnXjPOGYjvolB/CJjLMObL6f70sDderyJCPoLnn6YWig tNsE7Lmxi18IdSHUDeSfOAwBGuS7pgP4PSQTtjFmEbRq9AtKXe4vTr6pG2g0zKDh34EI f1J3VQfq1fhx9TbjTPwW4ruoAuKFOLLEZTEpg8v603Jf5wkk8eSZduv/BGiNGz3Asf1j pmeSX4NO8KgThBQfO4QKroxApqZhbeeF2cXvMkHpHNh5x9RCujC3VY4qsSH4xhWZMJMc eGiQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=8ELnAGKfOMauDuz0nG/eg9lGzGxYO4miLwFMsi/8F7E=; fh=hNHvq643r8foPTCsD89Io3ebc3GA3JEh4q76raEtjVU=; b=VOA4VilUwwWJ012rm2JL5PgaEig8LtEdT7uxtwZpjBV4YsMHTUFwsKYett5vJFMCXd qtFviJKDPT2NDFzZ6zSw9bHcUP0vnUiGuyjPJvsx4rujtqmO3KiOhtYmy/QonLV9q8iH qMTtVcqC+84DzrkMtVRHcaV83xvtk+Rm8de4P5WpN11Asq8GPUwsFY1nN+wnNk09dGGS 58lLmlCuEFhA3f5+YCtgaPI7DK53D1JxtugHj6TSI05I8HWJtW9z4hk6Onc9Fh4BOgyQ DNg2/2pG6DV9KcJ6GMitf5pqObaQ/ZcDhZ5xKQpV/nnpLykEBgDZbW3SbIuy5pHXnnj8 evQQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="Zp4RuO/v"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313794; x=1780918594; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=8ELnAGKfOMauDuz0nG/eg9lGzGxYO4miLwFMsi/8F7E=; b=Xw54rAer+no5WzJp4QDDTffwXaLlnpQ7e9hRBiT0+OQmFUi/egvMT3ZkoNo5t1OCco AkHCjzRfXdMwfWcSJbE4q//H290xe2yfeqZsXBQ9gLFDl89V96Sst47TVBwtB0MKeO/d TUPVGCZ6yX+PRQ5gxyMzLqm7D5MQs3V0/etE5FoXnIOLKqMvDGLhEN/ClPkvQHmmrR33 N1PRz3BO6dLQ0XU0AkyjxUkEjM678X71ilZ8hPaCVjbmsg/+tPJkulYiCphDmPqJ3dpQ uWmFKfPbZvPpLZNuWHf3/vFxOhYgW9ZVzv+pLQmQP6+GLuo6pFK0d29KLlieP1kxaBU6 EFqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313794; x=1780918594; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8ELnAGKfOMauDuz0nG/eg9lGzGxYO4miLwFMsi/8F7E=; b=SqjbBk5KL7onyuR/25NB4YWQwHm2zQ50/EuRkbtHr5X7bO7YRue9nMHTG7g4LMOpZC 9owXD0BlFHSxgzTDaY9vDBjb0cIN546TsrVEM+Ybo3A7LCy3Oq2tjV1xMBxGJ6ovwlQu K6eWQxT3awHK5jAv7zcusstxpMIaKFc98qfsbCqzJwsyWAIkmLQ+uvo2ZkBY9UBR03Px O8GBZVPNwPMJP08GXRL+mbs0MDxY2fimLNCumRPV6yptqItX1hHdmsN77utiiCxe9Ycp BGM/3LUZfD8i4YSwTqNvKpJq/OyvOZJaZrxEo7juz0vbuGkYCslyDOKHD6A6m6mnO+v+ MLRA== X-Forwarded-Encrypted: i=3; AFNElJ9IOL8DMXDvNh6TQcj3pvpp0jBFo0Mtrbgjk29/+s1DeGLsTuhAC9jXGsgrT9ag74lRYERUYbA=@isar-build.org X-Gm-Message-State: AOJu0YzJ89SbYo6rbh2OOIoOgBu7X/MoW6Mvy3Y4pOwoXjwyWSTLDDPL 1pNOnr1TQuWBt/8T/v8dUfwMjlL5nWOnnmu9NTvDSQWZgfzNVAnprQbe X-Received: by 2002:a05:6214:2b96:b0:8ce:f1b:74fa with SMTP id 6a1803df08f44-8ce0f1b76d3mr109652006d6.27.1780313793913; Mon, 01 Jun 2026 04:36:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMNdLHhL76Z6uWhYg6iTNG9I0oXyGVcoauH+8xmAKxhrbA==" Received: by 2002:a05:6214:6017:b0:8ce:aa22:9c19 with SMTP id 6a1803df08f44-8ceaa229dd4ls22603366d6.2.-pod-prod-09-us; Mon, 01 Jun 2026 04:36:33 -0700 (PDT) X-Received: by 2002:a05:6122:16a0:b0:575:ad04:4b90 with SMTP id 71dfb90a1353d-59bf82d60d9mr3789759e0c.7.1780313792972; Mon, 01 Jun 2026 04:36:32 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313792; cv=pass; d=google.com; s=arc-20240605; b=HW1IO6fS6m4Owbp6RPCPSQ6RFD7oWiXqLppMOusT2TwV0/VARfGQZQ5LoUsTWs8nwR P73Fi9U2stzdSi/DtHCUKStMJamzseiYY1idjL0RXwv5ifueBKF1le8OlDQgYLF+t+tH bpt2vakPyjlW7Cft005cWh9StXIW4C7KZQvWJvd0+zNA5kg7pfVVv3kvWc4iYZ6YVHGX 2MO07F5DRw5n1fDeoBTR71hbGH5fI7PXA7AR7/yGvBkysTJeHkdTHdobnFbOXJoepN88 pjBDgy2284zU/9/hUJRya+0vuc2aXu3cBaDmH90ymGCk4ZZ9jzaN7ZHsSKo4Juv+AX4k 196Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=W1HiG4InBO4A7A1x043brf+Yob/h87BxCylwHEr5KzonFSbK09qUl2plxC6hPSXNdf 9kzbVvkpNX5hv0Eeain9GGOlMAs0ALeBSBPeGm/j3jDRR6N3k48rL4VMlZJZcSG4SKd/ UrNvuIE3bZqfv6bEZR8r3Vs/Ox1L9DER0zlKTiPyo9qsMhYdlKnVjgfOSv02ymNbNnPw FCuJ2LyebCMSfUZcFA0JJ/xVVWfxTbxaegqpy8jnSisDbRrwjc0hgz96OsWlXXYZmVSb 6QBAnhojm5SThmO0j3locm1Amdl3z+nMZc4Z77jBIIDNE7hbzGymxhhPEsYcA26AwhQe X42g==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="Zp4RuO/v"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-599da006ec7si346985e0c.7.2026.06.01.04.36.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:36:32 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Bpq07qmplZ9HCkspue1xc9YknpVuLvj0XyZZwnswryp8twUDyblkyCY9v/dENwm3fYxuYwpYvWxTwKvuq9UUDWz//4LQ+tPW9HpMsMhWM9cTh4lobViRQwPTOJGPYyROai6Sbb6H2iL0f4tfpEgFYhJlv9Kw0lK6hiLcNZctd6W8s7YzpwWEt6GhYHDyBSoU8FdgeVdAymReuJskizO7AIQqAqRLsy7W4ahAL7cOBtgMiU9fweDSkVEypsxu0My105ReXqpnlgAqDgZ+KhEvC9/fVZZnzv2iwhUW3KukeyuqkiNcmO41dVZuftolc6U+IcRwt8pYP7sVK1hzobjLFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; b=mJ0Y3MfNduVFDyI+BJLDXluGaWHaD7SgMW4T19kuNDZRGZiH7ckdhKX8IuEO5chVKmAZIjOX/E4Rstef6bV7ClXP01cDyS0Dym8s9sefb68VDj8sN0g87jDSbunxFmvlcQxM8AXo/Lg92x+hijhXEReA4llFsfWPFSsVQ7XMEuH5fKjAX9iLU6Za52qcYgnXQFSXF7I5vOpLwcMti1W4yONX34/JplOPGUsWm1NNKV4Io8+npwMhTBVqgre19FqBXwQIRDsbqzuzENAKvIDtb2l/4N2N8lVvqgsnw0QcmBXX1Sc+9M8IGab5FDqhEJrd6NQRx14Z1HXyUqSyHBPxQQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:36:30 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:36:30 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 15/17] add support for devshell on unshare backend Date: Mon, 1 Jun 2026 13:35:02 +0200 Message-ID: <20260601113505.2898877-16-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR3P281CA0140.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:95::12) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: 434b2f25-ea88-484f-2acd-08debfd20655 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: r+p+wEYOg0qIvSkeDRq9CpVDg+l8STumYHfnf5h848N1wj+uYnUw6hmvcSNlbhdHtvDXSOSQ/44ZyKlkGfMGuxpKKrOB5OOkdVHqyeiG5pJnu/qebyOmcpy25eWyN5asRhSgFkS73Qx9236EKjqLUNhdmHS+3a8NEG8tvxJchFPwUBpQlm3qFPOJazEDj1WiRN05hZB9l0jiKA6VnUL34ox3IyZw1AtpEqKR+u7oarzg9QolPr5CSnor8fkDKjZ5+WCn2CkyLu9BtKfgYwJoPoPsfkYqoFa+qJImjJ70V1yEqHxAs6I7M9abkoM/U2f96c3KPEe/8uLZHA2DrOZkmt8gUu5FHGG1xhlIMJhXt8gkBDjH93DPTBXiNp5yMdqT3Ci7Wlc0/PK8qixrs+wfokbBBJ7gXtPQIIMH6XVkDl3bwBau0SgWPgcRman0A++b4eN3t/xlxL793aIbJfA/Ljigpt6Ck8mlOn05Bb+J2XWbSbBcwMXvG+DOBzlVzHI7KfMvE5j2YGA8IeF7iKzgC4FiHx7yd9zkk0rIZIHdCnsQ861oixLRO7mxviYgvRWZD85z0mKiaoqOgbGFCiPC+cVKpMhz0Ck5lacQs84XVOsNwGUUDjgKzlLRClc71Rrye25yCaHWzSUrqsMM1GSwPhYbGnQ1fv8YpzAHadoWvKPBxV5GzerpIWJvVKCjESgF X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: AnRVDppIet2z4QbCTEUBt1wDpTj451eqHkAoHMTJ6U9B87YHEEt1wjPRKkk+APxWV4i4ZOvtLn23ISXuze+7UfQlApNkJGp62VXZJpwHoHm12v8MkARJFaZFeqR0JW03tQYWjJCK1TYvVF6QE6Wm75nW+1/A831vxJqBKPqjewwJ+VVLAf+Wu0b06rMQFf2n7ONiAW3D8/1vmXUkjBRFjAqgXMEXN5wJz3A6YXS4LrKGOxUqwsb2roGxJ0j53t/lBVwAXBNHW+POnfXHlW18XCwXn0YIu4JPTeDLrqTXV+Va9YzwNy8gNbhhyuuuKSMq95kN/sQ5cRnwCdOc5K1RvmZna2GJGWKbnHnMVtg2bVPOJUs4xLQ2rxBKZSq3HFg7wy+ABunKvfj/rUD7dRBrTwrZlntoNC0vDAGmxpSjOV7WKbxUQB7HK4Zuhj3YTRFjElhrcNL6IX8H6foBbC2ylXZk1a93G1U1SwkTsfJBNk9BUNiW5qj5tfw6b95I6GUqaKuDV0UbGqgaRVhKsu6ZmK8S0/zmSJ6c7fbm0WwEhmN3ME4Q/9bpksQ8Dn5NdXYSOo4X/9VLJT4ILSFi7yXM6gOI1bR8Mbenp20omGiKCF+cWwNLje2s1yWs5OH3RF3YesvpizyM9zFTsVCiB7r5oVdEYFKkcPSpqMzFYUz0RZOXbpXY5/bWgUyecXSpLhCaZ+oE1XNPkboGGOhdfnoisiUix00fZkBsrrnzMoKmDJmxTW0OMCNMNlcxldSOu7BhJ2BRHOHZ6ur/SYtX9+1GGUBqMlHUBHO3nY+F8lP4AFSdSc/QyCQbR9+8qB+wkU06GhBp1qOV8LE0qVkQyrf1ez91NHSuw5xVYk6ecXQyRk2LLTy3diXoYZsxec+kZdE8PaOwseIdX+YzchO6qygMpFqNq/vu2SvAZLu4NfRpQk6b43SI15FpU/kxx0DB6RQXkn5u3/K43UkkhVH9pMC8n9J42J67juv1a1nNkexl2D8C1ISwIxkhO6MlhLqh03pssI3x7wi2mo9RySYzFdeoP4+Oq7hMHKAH6zIFRaFZU644z3h0+KZ7FWojDa8KbQIyBsPI1Bq8BKvPIjREEsRRswvZ8WOES401ff3VS0XU/6TgEuCIZyfBHRPWYA7Pchmngn1tMu9Q2Mn+vZ1RIDflFpbXquE5vjLlkjJul9lA7vzETvAxTVXfdtmyaRNnvkRWX6Oq3qWbdgYpJDiEoQHm+mnMMALbJLOkzErHLgTwGN/xO3gjWN32asKejP9+tlV2QqIMiAXjGSE7KUBNyax6+nW5v482QobDWB/RDrDs+56Erw6A8Zuk7Ra24tRPu9+zYY/byM9gzNO+v8oVsTIjiIUzuoc6vdRpmpdj9LffAlq58kFDIO947afxvdkuC2fHZ8P4lcGtClqc+FHaLAqAyqfKCUCAGdEhT3/MhbGGpoq6I/xBN3BbvIWK8cUbjgp7fR2apCZ4t8HLfkxmTegLX9+A6vGJ8rv+5So8L38CKhQyXAZwDTyXZqW0KAJCygFLJHJp8eMg/QE61VCyt612Izb+SH6v4SBDVgAtUf+/A2vnwp05hcXiZIB2FcoE9/JmBxmvBnvC3XFxp3mmJScaokbEGrwQY3pl3C8VoPNsVYXwbYC0GYv5UIwC51yjewPaOhrf2neS8XmG+1ST7N1cHLOxhbtwK7zUXrX7rwKc9wcw4z2jYw9x15jIUVOMI0aCALHWOKJzp93A+/j9Ncns5rBiJJsqtDaYbKpN7FAtVDZ+RH/tLK1W5NcxFVPRI+dQ2fP1eoYV X-MS-Exchange-AntiSpam-MessageData-1: hJoIj5TYq3/ReX96Oglkhu5mOqnIiaJwOHk= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 434b2f25-ea88-484f-2acd-08debfd20655 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:36:30.5322 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fzfiFE/XUHOzmlCWsdYO/jRV2cgHQGEXMqHhDQlhQcJFgGT++1Hn/Oj969IcDZBNCptoLpyMP+CSrF9wERLy0KRGgVFkhoET5jaEvcQkqlI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="Zp4RuO/v"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 68 ++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 12 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index a0d4fd05..b3583373 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -253,13 +253,11 @@ do_deploy_deb[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" do_deploy_deb[dirs] = "${S}" python do_devshell() { - bb.build.exec_func('dpkg_schroot_create_configs', d) - isar_export_proxies(d) isar_export_ccache(d) isar_export_build_settings(d) - if bb.utils.to_boolean(d.getVar('USE_CCACHE')): - bb.build.exec_func('schroot_configure_ccache', d) + + bb.build.exec_func('devshell_chroot_prepare', d) schroot = d.getVar('SBUILD_CHROOT') pkg_arch = d.getVar('PACKAGE_ARCH') @@ -271,21 +269,39 @@ python do_devshell() { -t \"apt-get -y -q -o Debug::pkgProblemResolver=yes --no-install-recommends --allow-downgrades\" \ debian/control" - termcmd = "schroot -d / -c {0} -u root -- sh -c ' \ - cd {1}; \ + termcmd = "cd {0}; \ apt-get -y -q update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"; \ apt-get -y upgrade; \ - {2}; \ + {1}; \ if [ -n \"$PATH_PREPEND\" ]; then export PATH=$PATH_PREPEND:$PATH; fi; \ - $SHELL -i \ - '" - oe_terminal(termcmd.format(schroot, pp_pps, install_deps), "Isar devshell", d) - - bb.build.exec_func('schroot_delete_configs', d) + $SHELL -i".format(pp_pps, install_deps) + + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + mounts = d.getVar('SCHROOT_MOUNTS') + mounts += ' {}:/home/builder/{}'.format(d.getVar('WORKDIR'), d.getVar('BPN')) + + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('dpkg_prepare_unshare_ccache', d) + mounts += ' {}:/ccache'.format(d.getVar('CCACHE_DIR')) + + termcmd = """{0} \ +sh -c "{1};cp /etc/resolv.conf {2}/etc;chroot {2} sh -c '{3}'" +""".format( + run_privileged_cmd(d), + insert_isar_mounts(d, d.getVar('DEVSHELL_UNSHARE_ROOTFS'), mounts), + d.getVar('DEVSHELL_UNSHARE_ROOTFS'), + termcmd.replace('"', "\\\"")) + else: + termcmd = "schroot -d / -c {0} -u root -- sh -c '{1}'".format(schroot, termcmd) + bb.warn(termcmd) + oe_terminal(termcmd, "Isar devshell", d) + + bb.build.exec_func('devshell_chroot_finalize', d) } addtask devshell after do_local_isarapt do_prepare_build DEVSHELL_STARTDIR ?= "${S}" +DEVSHELL_UNSHARE_ROOTFS ?= "${WORKDIR}/rootfs-devshell" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" do_devshell[network] = "${TASK_USE_SUDO}" @@ -299,3 +315,31 @@ addtask devshell_nodeps after do_local_isarapt do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" do_devshell_nodeps[network] = "${TASK_USE_SUDO}" + +devshell_prepare_unshare_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${DEVSHELL_UNSHARE_ROOTFS} + tar -xf ${SBUILD_CHROOT} -C ${DEVSHELL_UNSHARE_ROOTFS} +EOF +} + +devshell_cleanup_unshare_chroot() { + run_privileged rm -rf ${DEVSHELL_UNSHARE_ROOTFS} +} + +python devshell_chroot_prepare() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_prepare_unshare_chroot', d) + else: + bb.build.exec_func('dpkg_schroot_create_configs', d) + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('schroot_configure_ccache', d) +} + +python devshell_chroot_finalize() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_cleanup_unshare_chroot', d) + else: + bb.build.exec_func('schroot_delete_configs', d) +} From patchwork Mon Jun 1 11:35:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5107 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:36:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f185.google.com (mail-qk1-f185.google.com [209.85.222.185]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651Bae3n025582 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:36:41 +0200 Received: by mail-qk1-f185.google.com with SMTP id af79cd13be357-9156ae53566sf70753585a.0 for ; Mon, 01 Jun 2026 04:36:41 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313795; cv=pass; d=google.com; s=arc-20240605; b=EfyZndhJpqG4wbma4Dl47SKHfAKRRSCqFTL3by8XwLnddXjJBo1rFz4HRmkOJbc0YA KWgB1JxBeS19C9XAC86HBQN7H89hZbLr2+hugLqrRREL4sssBRARqpWkoeeU29+PMazp Hqve5PNaQHLdokRXKK/iCHerJdT/uvNvnifp4s90fKMWyGVsZrklMIuWiZPwk2bDxVMw l9C4MZzk9UXXf38n+cgQHiV8FELwjx0CRAh0D1fQFTn7qJSVI63204vzOfb7clI5hBVy Mt/ISIBvarrWCgnQcAqCCH4PRz7gLHCZj2PpF9k/fD/6449LB+m91F0BenpGCsEHzZsZ 9BrA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=rO1ooi3D4kDV854brKm0EdHKZbY0TF5/fJ27benNqQ8=; fh=8nTIwkqswLqivEzssbzR2fdGRcN5T7eQOwPk24gxO6o=; b=EX9K4SESeBv8dFJuU8puRyjSZrBmOi4pFkp3nj9nXAgmjy7I4UJbl0kK2e/+5509tK 2Xd7+i4egXFDKPVijWqQwRZW/7VO5tNHLCBhid/0qGXFDGTDD/eixQ8jryWUM7w8chRQ ObF8feiKAxDvXb1lxM7b7kCaE20QfZmxUONa08bSrMXlT4fP1f4sNSxKYlWrWnXT2W45 LGfwB83jgfCszLY/yNagvwniWwO9LinHjhpCItnCEVt2e7OLjmQ2a0Eh/qkVdIiURTas YjPrwhzei9+JyOHKTPZypFY6tpPWCzaGOkTzTiRkqlGjvN7Zr11vJYeKA74bP4/2QtHs nfqw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=C7Upc+ed; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313795; x=1780918595; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=rO1ooi3D4kDV854brKm0EdHKZbY0TF5/fJ27benNqQ8=; b=XdkqPBI+3Ci7fbl60hPzSQU/HgC/6dHkaB88Hrqhi/kRSWQ51GuVQT5MEGRgiQvHGW qQbSHAciIqxbrfSy8dX9bwTelx5WekIutqPHSE7W1MtCVFNxXQeYXHNXVpSEIo5Ps2YP bqtB1xTASd6grfkPeG+b0wJa3GGwosJe5hkvToNFkiRWIA4B3t84HeNUS7CEgZqDrJqi +gysokg0LlJhtW1O/+Ux7yPmak16lZCtkgMl28Y+YhnW+jX6qLsYc0ZmQ7tSL61j2Pv2 hXDavco1bcHMlm1iuabWZUo0d4Atz1IjE1utD8N5dnfS120O7Q+9GE3CaBlMYxETGy7s cxTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313795; x=1780918595; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rO1ooi3D4kDV854brKm0EdHKZbY0TF5/fJ27benNqQ8=; b=rSNb/abFtaWOMAuZhzb8ZwdPjXccb9YDD15MgV1nmvz5AIwVxXt3EQFxyhGDqEQEbP js0nMNn7BW2nHqMqj5MZyRS6DidJznYwIqE7BB1HHqMCUqSoW5PHva5SEAbhooRZDrMy zFDuQf8DfzSiRA1qct2qF5qcODibL/vT/zDPfzLh001QiwLFWCqzav0/Nwco06Ok9HgT sLoQ22IHwqKo6kxbf4FPhly+uyD6mlOU9lk4ceIz7Tq10M7kdpvm7uAZ812MCnfvGFwK W4Y6/N5eT/x7uM+cs2NLuRSLTh5d8IWxiUr+blvOqiUU2PE8hJKdEN9o5fzLzVBbDyKD qTpw== X-Forwarded-Encrypted: i=3; AFNElJ/DduAC+K4vGSRb/j5o8rkT1c1JyHUYj3csdopPeV+/e/N0WQzlGJR0mjq/Ewb9sr8r7vijQuI=@isar-build.org X-Gm-Message-State: AOJu0YwbCRJbjlVMcHRutqsp73ZFGO4eKJEzZ7O2ObOLKC/crKLr6wIk RoA5UAkbmziXKJLS5aOyaOl5DZmeojQ3RNM0aP4oUKVJQcDWcLDYMWmP X-Received: by 2002:a05:620a:6088:b0:914:babf:9f3e with SMTP id af79cd13be357-9153d987c78mr1588508385a.25.1780313794659; Mon, 01 Jun 2026 04:36:34 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMPwkWl9Ho/JPdQMMz5OumW8MAhgz2y6922OVsNVczSD0Q==" Received: by 2002:a05:6214:4791:b0:8ac:7f7d:4a02 with SMTP id 6a1803df08f44-8cccee9ec19ls24401036d6.1.-pod-prod-03-us; Mon, 01 Jun 2026 04:36:33 -0700 (PDT) X-Received: by 2002:a05:6122:4698:b0:573:a6f2:65f with SMTP id 71dfb90a1353d-59befdf2088mr4354783e0c.6.1780313793404; Mon, 01 Jun 2026 04:36:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313793; cv=pass; d=google.com; s=arc-20240605; b=IueY7G6oqKvtkfOd57yRECJ4Y9ZNJHEfsnM6SVQBLwU9wOseYxE75pjECErr7chqSG Lv72JTPVrJLi2peF8YQH+o8gs7gMpu0ghjOSx0OPQJUvRzLXt3PCPmj5P5ih4GdUbnEi UiOMac1dZumOdELSn3FOb8T476htfwmcVnDjk6S0426YiUirdBQiRnlSxCZQRI/or3dh EMo9ZLvT8BY1ZP+TELo2KOHLG2j4tIFcpciSUmLPv99SMcBYNsqtv7k+DsQz8/W0TPGQ LcaqqaXHGZk4YBzRmjJrQ4EuBl362MG4P3ZnkZ0iF0GRzVM9CqnSTekF3dc8MwKfjPNG NChg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Hvm91kihu7lONM3+8tjy2mbtJOdNUMI85zYxS5tm6Q/bwEaLJ/Q3Dj6S9/VNYKmzOb RW4BBqHEECCHDfcwCa6y3xsREPyIdxqpCXvqnZyWGbW/nNKKWJE/QTFu8/57AH5z07x1 6JDF4i9EIciI4UT6Uao9ictYzLGMYIuv+RVnzp7UciyNrpcjAg1Bnlg0QRt65lNKh5yW BeKxDnXDxCKLlXa8Ddm8OYYg98lkq9Jw8GrcQFeF9njEGnyKQQCafjAY4MoSIYF8U6+K gHpPS9Jbs7DR2xmmR9LMVNpqsCLeOvAuaokMXinY3iNXJQq2s+WdNjev4+h8H5mDzHfr BZyA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=C7Upc+ed; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-599da006ec7si346985e0c.7.2026.06.01.04.36.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:36:33 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JWS5nrJpgYFDTyDLuc7BQ65pxjZcNHTsxsZ9W0XT3QdZ5aZ9DX4IcKTpxmsftk73gYYBRUOLkOPBdul1RJfyTHmR8xZVDTh4eo4He2nl7zKcvhojkG8WdebEzlavLyxWAqorvX8wtqL6Z1FHpZjcmH0fVYOzNvzBXHk1YPcJ/Hodv9G6+OmFl8A702ZFzeZO3sEVTGMW2e8Asz7SSiQ6TznCpKeMpVCZIHCpp4qOZEVfnDRgS+1E3VxVSYY2ISUKOFCm2d//hd0BQB4YihziGu5cFADG9LRWG2ZT1s483M9ryoxpzT129wZSkoka20r3ZsEz+lycJUmNtQC1JdFmOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; b=yf0zdXWkYArMgMgToDSN7Osh6XBTm2Ns91BsOGMOmxcuuSqgxUJxeJN1Spo0z3lrTIyDkrYjEpUyiAYOqI265jz4hS6JVvYMmDG+b00MGc125ovOp9+06RFFJki9yy6mGxZaIXENQ3RpWiiJGitB4LkC+xfXwViSnQDv0ueXcVha0KacS9Wk3YuYROm12yiqCngyGLn5qg8d6smwvXJ55qf/BBspBuVuBvRQyvOdYwOyLxdrZ7BAL4VxHZeMIDwd8YQhDajnE8seRBhTcsnFPtY4lPPmrBF8+CJomEL6LCbvxPBwrabnvZVg8McANpXAnsyBFXNg7kbBsIwJD6LGOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:36:31 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:36:31 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 16/17] testsuite: add parameter to run tests in rootless mode Date: Mon, 1 Jun 2026 13:35:03 +0200 Message-ID: <20260601113505.2898877-17-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR3P281CA0140.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:95::12) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: 022921d4-0263-4895-b8db-08debfd206aa X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006|6133799003; X-Microsoft-Antispam-Message-Info: Qxpf+ZOkePFDhBrhdK9FJMo6UmfO0L64DuwhHYdyoOpqsroKSw/cRzFjBWwntYX9gHjNQrohVf5ngKgJmEp19c/JWamU/xomum/hf70zC8r9cXRrOUCRibO39kzB9AbDsZBlzvGLdoLVALyXSg4grnP1JaZtGeyMtCnGBrhevkrZ9GNW0A+JEKXSphCCfqLjUAj9N4elpTY5K5PKxSX+i4mebRdlhp6wmyc//SkDAUcPu3+4tk925ibs7w4nL1+mxl8MtrqG/Wt1K9+ZNJNgDnD9IPLXuyuUmS75X8b1pHcJNF0jiQNvkABJzf3JgiIyw9WRLu3kb1IKBeEIbhg0gKqGvJR5fdLW8WpaZbGgfSWnGDw9ebkJLO9G5opti4yLKsF3OfqwDUibZGfduhBYOu608m3TSIj11dsKKsQOrtgvp3P3uoFjSu4QcQlvLr/2lDbC9eQ4x3AhXt9qKbt/9DPztifSB+QMgjJ3ofYAPLo703SnHfKmwOFPR/jgyiAuTU0fwkCFHBLee+E1hNWjiJ7+bq8CsbJjCSxTWx0U93wMGb0T4Xq5gybE26+l2MS/LE0hyUqweiWXdOV+jy5ax0aXKtEmjNxO1OcP0wgBSXQQEkm5cvliaHVfs7PLXytOsbzdyjz0ImP2CVzZ4CmGRKRs0ov84/xMqzRS/j5l8ASqsNqId/f2kfZO85xn7vW+ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: Fl+L9gCQeN99W/o5dLF/wofSl3Dgxg8QM+AEWnn7iMgiYKTKTG2nz/VqXvtp+8Weq+DH4APWXxtUU8iwZBpRh7hJC2WMs0Gt7Ee9fcwcRuMTcP2U72WUqP3lIhDmWmpGdBpKFxatH+Xn2SO9zwIpY/X9EHtp/3/L1sML2fvBs1GdSd12JFSfXj1KqHtGwvlsqHB6mXb4CLSb9F7RdzbW/38a3ZP4IUKhvC7G84u69ZQ5TAQZYd91youvw72A884drSq6GNzQfeVIucPT8vwWLmYKK6O0MgvYknB+w9vXOIS3stVNw1Gc8HI1pttWWFi0NfXsrAlaSu99pyuzkw+xMsXOZ7ub/JBpmPxdG3OLElx8xn0WAbCXtRefKNqzN0kC6kR20f4DyeAeCy14Z3oeLqU3ebqzSVQKC8SBHee8upyLQ8MQkZCN7baLecEPNf/5NXpnCSB/dPfM9IJEnaGd8OdB8d1hYSQSOCKQTYcWrmAlcW0h1yeJbvhNt1VtKXOuuJEkm29int4+96fJFXxnAYw2QkfQxkeYVGtYWjblZtAQkBiaJ1IzCvB81PI86CNtUaDCP6tsefHX2uZYHxNgisafPjJ4BvN5PlZEE9WPRtMdKicSev2h63fgt4sU4P3Ov1mdi7CqiznF92FCKeri8IkAQJgS0tQvm14SrY8vWycjgL5iAGgKx8CjROrwMqxh247cBujiACTrpdbZ/1gk0bs+pAvQLWyc3/QA35tlq/pYL2JGMAhPVuDogrV613ezHifwTFJhe4Yb8jn9GP2usJ/qpVK98iPkZU04WrGWN6x/B9pW4yK0c1KPR12xiGxth0i7yGd5BLyxDbF9dXZ0Wh2TLjZ80GfstNCe2RwBNXZvjq0AR+QcSoW/S0f6xcLyEzngshjbf4Olk4xpNoWhgDr6ET7JXr7YAQ4sYaSk3z4kIW2OtNhhMnm07uPmM8VfulG2HsED0C/X3tV7aZ6NH7+wbbLXxWib+UHcXXPoWPaUdWB07fRPO1kGnfb9UITIsIJvA4MXEWTW2GElFgs1g33jnnS+E6AD3Hgl4aAFCyedyW6lIo5Qs5E3konUYov8FEHgJChfM/rFQlTIqM366m8SbzEdJBQ28/3uP/HhVoH40I8XIftCL/rPAwbl9GRxdvHln5EBcKQSRTwh3RFvfyZzGGkud6tJfZQtlkrXShLAUSIiOoimz/geXDR7OoQEkGsPW4rbHBhwOa4OHW/3c44XGTuzRGheBvQSJavspKQYzvO+nMzWy1OJKhVMXYnXgiPo67g0PkfOtHFHnB4AlBg92TduidOacTZ65MJupXlmKsOLS0NP6jwTB2swH9ZA1dg+SBR1x29xHFh4l2U3UKtlifjyQj2156WzxZsSgnhDzZHn3OWG/aJ00cf5/QfueL3RFim81u9JJ1egk7SJBh6djxgSJhLMz5gFCOtNXy4gMXgvLL6FJKduxkUynsaAxi+CJOBTniA+e5yy4ymiuVYPTVGG8xnmKm2/UzoRNgWYkmvEA3YqsQDMmAIjv6FlFdB1x795joifaTgXwD+MCq5bLPpY6l9gaSFP0eKnfuk2qXu7QJxh14LNJSdGO4iPN1g6osSVSFmTqg8PqjlO9Vu9eKKfsJe1DvXmxq89wS4tGgFUTULQ0EScct5pe+vXjG7F+1f2UHIy8n1LAls7XgtNzeTlte8SQ0gduufzUdmPoq2kuPTP+BPG/EegsPpHOYSQkNAer38oDHwPt5O/QO3oiYgitODgTki9tQGhhXw2Dp73azJfPb6KJozrIPOSq4gdX6EM X-MS-Exchange-AntiSpam-MessageData-1: AWe6bOajxjk4FOb9lmLZs+mpXqIuTLdhKp0= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 022921d4-0263-4895-b8db-08debfd206aa X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:36:31.1632 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: r0gDIi3QPheH7DXzw63O2A0VhV1mWiw1BRP4MUAfBYe5QJMSeE8cus2ljYpdERr9QXmm07P8u5LopUT1RS8WzGhPzhobnW+FowWwemMSiq4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=C7Upc+ed; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= While the build mode (schroot or unshare) should be transparent for the user, we need to test both cases. For that, we add a parameter to the testsuite to select which mode to test. Later on, more fine-grained control over which tests run in which mode can be introduced. For now it is important to get an overview at which things break and where code or tests need to be adjusted. Signed-off-by: Felix Moessbauer --- testsuite/cibuilder.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py index f9cca0c7..cdff86ec 100755 --- a/testsuite/cibuilder.py +++ b/testsuite/cibuilder.py @@ -128,6 +128,7 @@ class CIBuilder(Test): customizations=None, generate_sbom=False, lines=None, + rootless=False, **kwargs, ): # write configuration file and set bitbake_args @@ -140,6 +141,9 @@ class CIBuilder(Test): if not sstate: sstate = bool(int(self.params.get('sstate', default=0))) + if not rootless: + rootless = bool(int(self.params.get('rootless', default=0))) + # set those to "" to not set dir value but use system default if dl_dir is None: dl_dir = os.getenv('DL_DIR') @@ -178,6 +182,7 @@ class CIBuilder(Test): f" installer_image = {installer_image}\n" f" customizations = {customizations}\n" f" generate_sbom = {generate_sbom}\n" + f" rootless = {rootless}\n" f" lines = {strlines}\n" f"===================================================" ) @@ -279,6 +284,8 @@ class CIBuilder(Test): ) if generate_sbom is False: f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n') + if rootless: + f.write('ISAR_ROOTLESS = "1"\n') if lines is not None: f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines) From patchwork Mon Jun 1 11:35:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5106 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:36:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f55.google.com (mail-qv1-f55.google.com [209.85.219.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BaeIJ025571 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:36:40 +0200 Received: by mail-qv1-f55.google.com with SMTP id 6a1803df08f44-8ccdcc89495sf82974616d6.0 for ; Mon, 01 Jun 2026 04:36:40 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313795; cv=pass; d=google.com; s=arc-20240605; b=iICuJuek9+05foNRC7cj58yqrmbE5eVm0vcad6vLcuIDgHi2Upc7nnpYt8bP61PM5L 3osI1lulh0Nbut5bzLMhqZ0Lqtxonq90SjOQQm33KZF3NReFhHpsc91dh+fSTar70//H PxEbuCBq9L3usPAwqXvN6KJj/LnNlofieIVtvdhIAp5mrvrzPnjK1Mvm/lUWLJ31Qv8t 45eka+5o2eenhEpGz5NUvTRfrD4jKfNJTl05EGEcux8D6OklluBPByGM0lhBbnqdWBIm IFRqidxDCf2XJrMiBwRXG46E/7eZP+HiZh2inYmpM9aDT8bLTVfXtnmwXdRKdUTOQYzq h6Tg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Mtv7H/H1w8iIyF3XFbflLzoeI2VkDc9jcW27aY6fnDQ=; fh=GArHKIQbzA1Y0VZUsv3HCg7AXlbQtDYt0acDttdGIL4=; b=Q11xvZETsmjtWe+NZHoCz7coQ94OKaTJbQ6aYBVan22/XdP1P/61NAWils3grbuwz1 iuWAE+g0l1z/BNViH8ba6yrxlB1aZ+zPJO9UeMTkhsUvIJX7Q7MBeNUuttcNf1BsJIDY YSTYjuejufN+cqUW0N/bej9T10ArvSg+Xk3G7L5rmCAx6M6ohiWfQYAuyHQiq5nUprjN I1tgVgMS5CWHzG7UQmVBBdcagODDiOqC01nm/wFfRZzVBVL5iBbS2EuvBsLJ2DQcMh/2 lmsuY0K5qaA72y2RVJr3bXTNBvzerCLcHDA4rlDi/FR4VW1watbml4zxPBhl36uh9XTR O9dg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=UzVu9nNX; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313795; x=1780918595; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Mtv7H/H1w8iIyF3XFbflLzoeI2VkDc9jcW27aY6fnDQ=; b=dJnPFKSvrmzDz7suzlTnu3UVDrJY6+BAfBWZIi3bNp2FwK/7PF9+zugn42XBX4R1sl hWjqONp23r3a6pYF7COUPTTVVyriWJg5xy7yuJH7unjTGZRx/dNs7b4ovhbyPOeGTSkR K9M/P5iYuV/QSzArAgcyWYZ9yNFuv043SvpOU5tZGcrheT6bBGQKDXwiPOR/6Hwm3UWA caBNnMg8ch2BHXtbbP6AtZrja6dVHctpKXsMwbYfJlze4xhrVo6Y8f30flCG9pMe4Ysa yk7VZOIbnhIr/K7HfVsEhLZrwZtRp849BEJ7TgFUggOFSIdJVV8YMvQIQui8og9XYNRN Rnsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313795; x=1780918595; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Mtv7H/H1w8iIyF3XFbflLzoeI2VkDc9jcW27aY6fnDQ=; b=qbeaAFSIs0KAw2Thle1jZm+x/kd3jj6RwNoazLvTVYOekwBw9ITeW7MVIOvRWHsN82 53KDWl2nB4tnAzYblZifCjXqq261PVanxortSTALexerETFL6xfCvoQ0R96oTmIn+Khq hFQW9j9JugkOZzNvLBcJARA5BanCQrhfsQkya8RSXtWT+iMAs1SoMHH0xNX4lqLbrGIJ 3wV0y9fMgjU5626bnXEuqCp7HrJgDDbvd2EyL2qPZUv+wmcriwhIEACZqn/4QezN8tje NRDu8aGkeXPEpMNXK4Wf2mxpxpXSwEnVLC8li9JFNn5BJ1opglrp4VjI/huK+iTb7s6I T9mg== X-Forwarded-Encrypted: i=3; AFNElJ8WDzzycF9Z+NBTv6N0O8UbJqLp0XcNVa3Hcpz6xDrZdU+gHrDIkpFbLQheL9QJ/g7MBNlBp4I=@isar-build.org X-Gm-Message-State: AOJu0YxKVQkvcl+r5J5EQrh07nd7DgfD+smPULOya6BNJ5ik0tSihzbU ZXUvq74vsJi3wruQPhII5fOD2XYQeap8uJIZbcc+p1Wj21PQHq07Pomh X-Received: by 2002:a05:6214:5887:b0:8cc:dfe8:54ff with SMTP id 6a1803df08f44-8cce4ec58d2mr185529046d6.23.1780313794761; Mon, 01 Jun 2026 04:36:34 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMVbhxTV8IMfZEJO6ENhIG8DQ0lHRFVPLTDpZ/LMbDvjg==" Received: by 2002:a05:6214:548c:b0:8cc:d76d:93b6 with SMTP id 6a1803df08f44-8ccd76d9532ls36027666d6.0.-pod-prod-00-us-canary; Mon, 01 Jun 2026 04:36:34 -0700 (PDT) X-Received: by 2002:a05:6122:4898:b0:56f:696a:4fec with SMTP id 71dfb90a1353d-59be0de0983mr3470294e0c.5.1780313793868; Mon, 01 Jun 2026 04:36:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313793; cv=pass; d=google.com; s=arc-20240605; b=i0ogeFUmC4i96eI9L9VQT8ACpjwa8DqVv2HFaUugiasmsZcHX4LwIiqIkupuwUqZnK aHzb+w10aHYpMRNWxdE8+1jXgsYn1UUfdok/CwjPQY7aPH0Ca74xDcDdxWtIRMDMFB6l gprc8+QLbQQZBPMvaA8tkB7MlTbXBYsnJul+l3AY7AkK8BtOSPzNUc/veNTt4aGxy05a tWf0w/gwSDtiHvk8xTblJmvvrJkrP7S1Dkxd9EsbbtNNcOM73Vl6ZT7h74cOnifsmlav TpvGruPeufQJfyfSbexUnkZD30EskCKH6zTvNwtS/1+MePgewasKbmpMfO3gRNl9iiML nAkw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=BJ0GpUNyzx+c2RxzZydFK6kRPIvYdO4nCzax9gSX+iZ+DdURg6/nmu93WwYMD/z61i OEkYB07Zjjj0ga5sl1WEZjauMnJNkH4ewdxaVpYPtt9tKfb9YnVZ64BjEvr7kbE6Jy3H S8mDrDBawje5LwK4pCphQExgjNsOVYScy2ysqRW0F94l5xkfOAFhNwU7cbk5jb4R0imR g//5XymuYGy2CnVmcyPD+s8rpsjGNLiREJgW2WiNkVPlM1Q8RDVcPp7NT8TpVU6BJurT M6q04+6c4oICH+uolOQ1/CzI4tBqk/2t6PswAxuHx/mrDIW+KSXXJO+4BXAe0L/aRYFP E+Lg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=UzVu9nNX; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-599da006ec7si346985e0c.7.2026.06.01.04.36.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:36:33 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NPUjYQU7QonahW3h2VYc3aEpeSXFFHeitEIMFM36CEYyqZkawcCQNDwYuji+EJyZaHZfbTdQZjVLmwWD4ywpt2CgGTpF0/sZ/ULjOqigTMnuxYlhB/L2aGBSIagT0AJq8ZGh7PXgRaJNQObekrpd/wo3pKswSogPsnTfchq9c1GFdKuHoUbuNNOopkrQ13Vh1nTCAc4/aJClIekN5JwCG5DZNOWfX1pdkzCUnQY6RuQQ2mzCYUt2PM0vgp+sDeW4KT8zosMJKfxfL92woHbQxfZdi0tuiCSV+wUqreWxxdNB0rQUk0xElFrZ6O8Kp7BJd7vsHJZaL5CWUNF39JtNsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; b=N7i418JsTKNaVuIbqJxHusV1h52S31N3Ou/Vk1CndwZsS/byRIi0xe9my0eQDYJwygvMdAeE2sxHQGwwgfC6Hc+Xu8pHv19PEwCPC+FsDExbdpwqtMUBcIUW7bUYX+hh2j6KPUHMWCTyP7Ht7U+TMzvVKq9PBOTQVgOeEKtL75g2aX1j6sm4JM5OqRutYCrmcqOghWnVvO6sxPYcMJB1hqpM0xEpZYPinE7zh1xUAzzNyte/hD0yARzzjGSSOAdm9x/7mo0fc/msRaga2zyWvsTIio7hcwjGn393B85NUXI2LvUToOb9Jn6Ed95OlleC4Jyy6OmWVnL4ZXYCAttEfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:36:31 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:36:31 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 17/17] run-tests: add support for isar-rootless mode Date: Mon, 1 Jun 2026 13:35:04 +0200 Message-ID: <20260601113505.2898877-18-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR3P281CA0140.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:95::12) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: 2456a94b-b4f6-4816-4dda-08debfd20714 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: YJ9td3ixHyjapGUE7vfHAwm37KoTKGgBYCe3zm+E5n9gGr6K4elM3RMmNCV289zaYsnIQ0TgH7By8ec8BdlaJzCFF3po3j9zeQChc4gXNIBm+6qaIFpc7kieFgN8DVb9rRrk2hbHw4l/m7ZN+BjkV5e1yVeFFMltlAydUUl7SGw557UCcIw+dYiR6br3lhNjuEzvoSSgiZL38WkGFoPKKsB2G80aeUYf0JARcDgfDENR+PFcRQnQ0ZYUdNrBM8cmR2fl1CK9o1fV04LuxpK1Lhw3D8ogIAgkXxMTMjGLOgF5x6POKR2e/mJrVzS/ADsnULZLiocbXIJIECc1dLSSTD2PnUT0minb4WahabXaAOSZeOT56wb0PYmlYcVOXn5MWX5Bg42gymo5V9yJKSeH1XnRzrx5g60K8TI1tO4Dqy3+A7f6JJ/XlZCyG3M2vaX5SQFYh+U03Kt1dBstyDNXyy+Gz/CJZvBze+sEjO7gQ3H8lDhDpO9PvCvtpqui9mTI0q5Cf416dameo0MODym9xqkNm4J9xwqlc3mFsa05YioC5BE+oCDsQteymPBiWD9/nUWBOOMxYtwsHK7NVTK1sVFGQwbk0zAAKzGjmpGrFOS0Cke4cT8RbIjDmcWuq6TU+P0hi5rIUBS+DmfDlOAAsIDtOdwAhhCs4MjKeJTvstF2OQ74xMaWYfT5N8f7qKDn X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: TrQyq52KYT3vmIQJht/oNDObZA/PzmqeR4FS5P7Pr9S1zCxpReUH4dmorTPs3CVAPLVgRqy+TmWRBn2rW1/4z8eLsl+3XnufhmrmFweTSBVHDzBciu0nu2LgfqC6EgcPIXuLQGA5xMGFEO6FoIHv8ClJ0KBnr3kM5I1LknnE6iIwv7C03+C2hFHTnrUiEyt7eto/k88Wsy9iXyJNsAMzRtcAQFwOnabTb2Cm6/g4DiuFaWkDLlsOvqj43Pf0+ya5LNvTn73n1mKt+u6MqMIDy3Kj6nVO+F1aZKj7BJbOZn+fPF04l1u33Du9Dcd9v6ukUPTd5luUrZtjLBaZSxmSFz7jlsBOeWhqJnQ3dWb0BtVb8dU6Di207wPkdR3m8hNxwRRSA2PYeBparQU7DS91uOfzuCGZHU5078egcKTQID0gYvpCcxTe7mIWVh0hP5m6DjIr0v6TyhUdYJOIm/QvZu26oI3VPSymCmFXMjWY+0VvDyQqeXpbWIdLNx8SQy2Qtvo7fUU73GSKkVSKv7edLCUSP7wfDc2ogBWRGdWqJ2euBN+f6YsBBxogAhJ76Yg/pRkkYH0lHiMGC7njyxaRdDUvdp5JaTN51+ha2JMs6W7WF5/PQodjYrxi7vFYcC1729w6n6tC2xgk/nK4zk6xYVJvdJOQ3CJZcBUtJ5Q15p9fs3crz2ThSSJ4qF3yGM2CH9/oIhh2kUZoeP0JinvZ4i090Te+ph0coit8B3FW1QqJ7YNLI02A/MqFrjUXN7lOoRxyaj1t+IJBr7QnG2DPIDeeWG1c4T2WfxtR7NMDikyOY/X0yzPRmp8CWbBJMaV+wXSBNPry1r1Nv4WVe4K952xrensC5S7Q2dPm6Noce3SZ2MePhLiwXqwcGf7KtfA+UgvSKd8w+PZquPFqEXeTnbaA2pE3oSLOOpOlwQ+YvmzgPK161N70GbjjYtjJnfVBEXn18Rd8HAg9hw/vZNTjkep68b/ZlEEEqE+xjUi7zz0/ayPeBzEz/0bzyLdceDk/PwytL73K+/I6FCijOmB1e+mIxNEzX5pPuHxFr1EfypNznH4WEW4WygRD28NQZfI3E7RCeeEkanLVl9EmeopItQMkE/nUJOw1v0pkdZXfBJUonFUZxMPH2pom9tcp04EUt7A5D+kVCHGdAD00mqfv8z8eUQlhP2M7Hy6ty/syhRA3zl8KzwJeBCqeJopH0wE/5h1bhxIbjZp30kNLpZiWCN6q67/8kjkFwRkqedJbO6QDBNrSsSMlc+IXjV6niWCJ8XzRpl5tyB9lzV7k2BTUXrHiWIC5CtCrYOPnte4sLTwuyrU8DAmvF3NONlg89xecayYtSNsMzROVi9TBQm0e/zKTfNtC60w3q/nhfOy1O2mP/yi6g28w9/G0JKgGqE420BNOfRULPs/mrvZIQjYGMb/axux7WsZWmF05BZiL/hinbPqwhGw6rlcqhER5L9XTRSt1iDd8lZPEpJ1q0EepkBzv89Zsv0UWHMjyoQzL2tQWtTTT/HDOh60ne83cfrzzKFrXUqYYr1Dh/FpFotCtlSpkwu6p0kOv0GOoY0Px0hI4C08t8P6QPRrbiv8FTuQ1+F63OvGcvDSV3sAmDTmAEhU17q7zbAPa1VON2QSBE1WeiD1+8MT+V4Peoo47FIGOvUUpW2gUiYjlxzLSwwicp2LKajgQc7/ES4rw74FFV2+qsJ0cDULAA5+6YEvOPVM6u100ytuM+nEXMZtVkVUk4CcXjivvy6chm3Rrp1O3RTxdPOGu4QP/at4Yn4PNezwOJjpnxrg8 X-MS-Exchange-AntiSpam-MessageData-1: Wj8IM0jsAZu1k09o5/gANcdv6Hn62PCTE5c= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2456a94b-b4f6-4816-4dda-08debfd20714 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:36:31.7637 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: DyA24lo4T5gVPN9cdBQcd2tC5PqCmfeZTtj8kS3fse9TMYy3pEsMCDy5JT9UXvWwiG+lfCop6VBF5/P59r94WNGbws4Trw/RdvbIHiBjmuU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=UzVu9nNX; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= If the testsuite is started in rootless mode (-p rootless=1), then start the container in rootless mode as well. By that, we can seamlessly switch between rootfull and rootless mode when testing. Note, that this requires a recent enough kas-container version (>5.3). Signed-off-by: Felix Moessbauer --- scripts/run-tests.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/run-tests.sh b/scripts/run-tests.sh index bce10d70..ed373af7 100755 --- a/scripts/run-tests.sh +++ b/scripts/run-tests.sh @@ -15,4 +15,9 @@ TEST_CONTAINER_VERSION=$(cat ${ISAR_DIR}/testsuite/dockerdata/version) export KAS_CONTAINER_IMAGE_DISTRO="container:$TEST_CONTAINER_VERSION" export KAS_CONTAINER_IMAGE=${CONTAINER_BASENAME:-ghcr.io/ilbers/isar}/test -${ISAR_DIR}/kas/kas-container --isar --repo-ro shell -c "$*" +ISAR_FLAG="--isar" +case "$*" in + *"-p rootless=1"*) ISAR_FLAG="--isar-rootless" ;; +esac + +${ISAR_DIR}/kas/kas-container ${ISAR_FLAG} --repo-ro shell -c "$*"