From patchwork Tue Jun 9 12:33:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5121 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:16 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f190.google.com (mail-qt1-f190.google.com [209.85.160.190]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYEtN005454 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:15 +0200 Received: by mail-qt1-f190.google.com with SMTP id d75a77b69052e-5175a1e32e3sf152613611cf.0 for ; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008449; cv=pass; d=google.com; s=arc-20240605; b=cWoK8DoDw2lNH+EuFev4FiSOhBqpDF3q57broAlLp6FUeVxfns9gxTZKh7BM3XxeuS zf5eueJbxvyJG8qnHy+l17k7AE+jcADH8EzBbsN/BhUP4qlvfPNgkBLcTNG8MgUfQAkT fs3jyzJ9sMzBU7aLr5qL+wUBGNmaTKTsuiw2I20ocIxUbA9c7+89YCp+TrlNPUtoyxh2 S/4Sdq6oW0Ws6ryWUPiIuF+f5lMSCqHwxhP4MBVmwew2EXXg/BdEvTlLn4RMrIaUal9I 99va15xM6JwDDaEmT+mOkGXFPFS0LyKmD9l+UA+vKHusnRRPX+lWE9QMTX4N2WusXSO1 6leA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=xPiO/HH4E2OUplIWR9LFRGzKsGUiQMNwHoI4oYAJH9E=; fh=dVoehR6pxWKdzp2YMliz0ldG2KkSZj0rS2xICPsB9Eo=; b=T4ejP2+i4Q6p+kedjdplWz2lp3LMws3yYPgqDx8Pq7FHwPNjj6BYr5xJypik3J3ct/ HxkhatZRI2UgQaaxFdazsr0mbAE0HDZ8osDgKb7wkBkZh8gjSW/wpN2xb+4nc3NWy7Bq fWEZXj6/3tgd6TNnvt0v5wLRnlXvU3eeV/SgLGWbaQo6WWC+LbvaMLzOnwlqzncJ7uf7 PyPWlISP3po0CAwJloVtKkUyNYpKCwulKEWY0lTBmxUnfMZPqf1wKc+bs2o9F9qsZaq6 ENI40/Hg629nOHgRkwU5XmWJyADncMUQJzB6wx0NdUsbGbtql050uvHedkMKtaUu/4cu CCug==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=pYAg1dcE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008449; x=1781613249; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=xPiO/HH4E2OUplIWR9LFRGzKsGUiQMNwHoI4oYAJH9E=; b=acExKSs4oMbudN/ZlPnb3+DSUZoOwAAwo1WRRfutj5nQwPO/2XwvALaLR67f8O1Lnx AmDmdpxewmUuyVF8WqlQqXHXh25NaDhCpvrABoaUE/N3+t3T6Foe0p7FYy6yfLzilYn6 igX8fp9MwRKUzEyJF6DtRiwtZo9zzfM41L5tx82Ak4+9Ph1KZzsq2nCFytgmxOs69zEq M126dsLNyzfcayTTGlxb8idmCwshjCdACBLPMArlRzmkjWLTX82CpG5IQk3eZ/B/9OiZ pcXIq13YUpsep0WYydYJZadGlv+JxZqjl4QKsaDOvcSBd3P0xsO8Gu7Olm0OcGKhtG41 OrRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008449; x=1781613249; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xPiO/HH4E2OUplIWR9LFRGzKsGUiQMNwHoI4oYAJH9E=; b=ek2BPM/zSYJ03kiY4SZUxAG/NXJBa5LkhtD9GrOUeWHaiviPynh2PHnSZgI/QsqtxX QFx28BM9FF30BZYIqs0q4s8HkqyroQe80WS29xJVZTAfvuYnMKWRE8TWptpg+Mo72orw yPrZ87h4uYMx2iMxq7XfEtP8CFW+O450a8hJwWmRTMe5rNedycIf7I6iXY1uUFebQEN0 aLG/3s6esH3t4IA0JWTfl+B9MflfFwztc7OeauA7eydNUNw4K5h0SUg20ZaZBRUEi4iW H3hQkjuUchNjryzD7DC7fdxI3JYfg82t9lzQnifDIFnaVnGlDewW8iK/HqCUA032oV2v 0B9g== X-Forwarded-Encrypted: i=3; AFNElJ/whU+1FL0h9eAWNX80+SN/6anSy3d69WZAgGwOWalJQpf8JOq3s2C3i9Kk4wNIkCYclrybt8s=@isar-build.org X-Gm-Message-State: AOJu0Yy9EHUPssCxb+CCvshF+EtMTMMZ+ZhJK2GhX69HZzHFME1yNrON 8Qauxp5XrZjP2fRC+7c7I0F3BjBRqH+D510SzWg/GvteafpNt7Xf6zLS X-Received: by 2002:a05:622a:2cd:b0:517:6b57:8164 with SMTP id d75a77b69052e-51795cda6f0mr297530591cf.55.1781008449461; Tue, 09 Jun 2026 05:34:09 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdjBE8kdwT+tJ7YYIrY/pnNLgG1YfhWBF+GdWgmitLrfg==" Received: by 2002:a05:6214:8011:b0:8b4:b672:871f with SMTP id 6a1803df08f44-8ced900346als118131136d6.1.-pod-prod-04-us; Tue, 09 Jun 2026 05:34:08 -0700 (PDT) X-Received: by 2002:a05:6102:149a:b0:636:984a:1e5d with SMTP id ada2fe7eead31-6fef05f052fmr11575049137.11.1781008448338; Tue, 09 Jun 2026 05:34:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008448; cv=pass; d=google.com; s=arc-20240605; b=GqhtD31kCajjF5SIqIhIYSB/bktE2oz2Wpzdz8psuwScyoMUsRV64S4cZpKuQ2m+Rk vT/+3YvzclRg8U6bsiAjEihYaF+tKkY9qc2ZoHOW1hQn1TqMRaYtNtqYlvm/VbQZ4o1g W59v+mfsL/bha20g8VURDCydU+x0YiEvHTZLLHLSWK8hNveMa6aT0TcReIw0kahunU7n zWf5sFHBcGMebR7Skj6DgDXQJUUPmSdZTXirRFoNznIoO+PGFGQaWdMXwqtJYt5sqGYf 8S/RBpb1EHQTE1+4i96JD5C6gSlme3+M/eXxXjsjuk2w8N+MWP79i7kch5I/UFJcrzs2 HAlQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Qye41HXe9nyBRp1zBB99FnT8AJEfpJjO/ESN4oCJ9mY=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=OetLy+aBY0XStQRbcj77haECnQpqvR/ZHUiKoKpyzkGJ5D0+NWMkp+XnW7SeJB+K8t +8D56VA8F2pL+fdCnwmUlO1hiPkqEaAi7L+VP9IcFk0Zlp7E/+CtUftIKMoo4Lr+32nF zKV1ZcXjhlKZjBS+gLGdRd48J0mwNa7qk7+w1EdXdFr1s9IVicQzhMYAdSWB3kedHxvD wF6jchuOrINKQw24nAa+JYdkQpDTZ6JOeQI+emK3GrXlkLYzOlw/eiFqo9C3gwD6pmJ7 GOjxFxELRpkO8EdNJ6D8ZFJvJ0DuvknwZolb4cFzWhO2+1YktzYxrQoTxMevi4eAtSej 2Pdw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=pYAg1dcE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-6eb55c4b627si674447137.1.2026.06.09.05.34.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:08 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zBfUPbavQaX1ufzadjJHZF3EGapTVn+cTSYsmbK9CteW0PG1LalEXOJHtjQJJZDFL3pqR7pjYXTLbj7Xw2XMOnGaRxkAXW4TpiIGl61En405jvuZqL1imYMLJLuXM6RdlszKWHzxXr4lzdnJKp7nP+880JuyCHPIqFIWf311raeR4x4zTVehjN7QrAZnK0G9Y8XQW3gEXKh3vCR7vj8WN4Uq/9JfJr3KQlE8zNeCfhvIsM92/MZdxL5jGRq/X+Eh8eytYyEmRaA0g6sTc1JYBvVQwHrr2YBrcs12n8yvnlxL3eybjLt2CfmgI2Ra+MtZPaJe9iLY1RzgcgGIk9g1qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qye41HXe9nyBRp1zBB99FnT8AJEfpJjO/ESN4oCJ9mY=; b=juOmDs8H3CLsDXUyl4pD+uIE/j+4YNKSFT+JLrDMpl70adCK94OfxEZSzR1xfaGJUbBqmagGySHriOOqX70ysuEsWL6VXU3KTGLxN2I1XOlw/oYGzvV+I3/mYJf5HwQqF5sRsTq6rxS+KgpqSKTNMBruE98owxHic2zY72dWZ1ZtVjikHz++OFIB4BCB5HI/yboUsCmIWTe++bcKKWENISDrWNohl5uh7E3VZEwEmlwihqIu05dUNNQ1JwyFn3OqlBIUnHvQ46aJvmLitfJ66eCxylIMIkwoFMb+Q8Xn8kvu5qAimLZWjIwPbJZxK0ybnMnKb2qGuYedJQg7o3g1og== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:04 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:04 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 01/17] refactor bootstrap: store rootfs tar with user permissions Date: Tue, 9 Jun 2026 14:33:39 +0200 Message-ID: <20260609123355.2368573-2-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: 62b746cc-dfae-495c-1f64-08dec623645b X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: MrhgtJ5q/B6eSbZB0mRnJGuVIRNjXsL7yrqmeXAvdR9W9TEo2slbgwh5GO6SwS/esTqkC2Gos5qsoFjhSI+Q8iVBQKJktuhssdYioWg/fQHvzshO0UVUw8c2kVsnAgXAnzcbVa9GLtHd4A50eAudPiDZr1jiZG4/737HlDE9OMYwFAe34OYJm7NvgYZcM6EaxAGcxvOg3cbdRc1GZrGW+M5QpvqZ/J8Cg5UzlOOEK2w0JUZBUZxHqhsZnv0EgfrQfr0GKfOx/3WzCdCFooKH+7SwMim48c4lEcfuFCbt7AMh2TxLK1UCwOHTWb0XV5YtWjy1C/7SezWltwGv0Un3SzFF651yS0Wt9PJNQ3RDcE7y5eAy/1IFSJKEfAlvH0BTnjLdAP0ZJYzc+ij5wRtw/LSy+6y12ZlsxTsgGS2VfsNZx8UUAS1P7t3fKgh3puULKlpStk5xprNGt7EHN0Es4e51A84g4l5VUh4Au8nzPpD77efmjYsQYOVqiKAnE3Qa4LmBmvR+mHc/Ftyafe12dhbwSTSTCJyqzr92Cxyyh/U6BY+QVJy6D157nHvwwJT9+8DyKQ7CBHWeTEsVkNL6dFoVcnJWYWv2lyMkZ9NjOY10+XDt2d+MAlJjB6HUeYg4++gfiS1pqrm0l7qPl6G+npmKOgKVpn6pYrhWeWkkK3fflt0Xz1PQgE3vS+SWo0/y X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: RWmIAGlj+Jxq/x4fKepesUP0sHyJok/xQcPHZxbX5mEkPbMakKJpLcRqgb13iqZHTyOik5AE4AzzN/ahVJ3JccKoW0IZ3G2h7Dv4tQxZXlZQCLHGkVRqNioamOyLKGJ1+jRVMCY+RiYRHFN5IH7viDE/ik5AHuQVq38yqoiIfOCiCY6kSxmuRE+Q2AfKKHWw7ILrdTVcFxUr4tq1/p94JOFO22UOD75cg8KLud4tYriFIuClkgmxe6qzo4AjKOTCycRMClaEiT6cxFnE/fLkzzlaeMyhsnmuFTME6C4P3LH48bC1duDhMjpjag+zEVdDxGGGI86O2bW5cov/Rnj2A/VH2kbrS3jIL6lvVqPInrIkC/bQwzSaQ5igltDdHJlsoPWEU2hzb4s/+Y+RUdisWcUZ/aCTI9iDJ4y8UZPxLc4mvT/oUCY4hK3IPOvQOW24KGY6sxKokZndVKXAecaNwHPsH3k401kwChX4aFvP5fdnXtkcu29n5Z0FvzKKMvheYA6KTxB+ys+IOLeLvUmrNODyL6sorDTU/97rPj5PYg2LD7M4chq+pFQY9uMUpW/inB7nQVChG/SMrhQkpTE3x/nOP+lPuNSXF0M+nlQ8Js9K8dHtz71u3Le+BZpHO1eCPLKeeLK/91Deu1AB/UurFu++nJHMzV7A4YnjzwSSLnUk5RhbIR/Wo9levr4R+T8MVp9widSQETBa2NsQetW9j+mqSldNpp7X59NnXncwFI52ToU8QocFa7T+CQenTZJR6O6BXLLyea8RZtMSMae1eqtfqS3Q2LjaxdXIv/fd96SfBrU3kXF3zAjHBIQvA6FIWOSo4ccJ6n3/zmCN/F60syJ4TA4afygw+Tz/NaLSAAdqq1o6Ucfaij9xjF+dr68pduqf3gyO+CJ8NT1yZRCNR19o10HIMKHvW/C20vs5uNd6ZUnnKbGF94j3kJJrwxCemCQqWxvzZfJJjAT3/NU0UvKJaWZRtS3j+8bjPvvDh+HWQY4FWr2MoHVWJnrQAgBrMRDx31s8NkW0xXHUBu+ZB3HSS9XPdENjkdy+h9tAcigAJxQ+Z/2mS96J24Xp0pqiMHA0tUs+GIY9kt5mVDCeABkqef+lWLsM2df3PmuBGitTx/lN2dIlY4sLxa3ovt1FDAAp3HN8BxVgxEq81NuZFAztAIAtW0yJz9wsO7p0i0X+OwJ+wRBluD2cSteLhX1vPSXR1/DNEumbEEZDf8CHaj3v2RDCCtbQfYKWOrKzyDFYFgzRZd7RqtZuc1q3KSKjYuLupD5W0SndYe4NgOoC9st2QVS9mK8CqyDx13y/hIoZ1XeiJnCHAQnKWHehGQipJ5XS+J1ku8WAnFiaxNrTZqBFM8M36iYPtbx5yhRYute4kINmSyDS6ekei2akxk5cLyMrZ5b78qxAm7Q/LGlyf5mNtw31Pq8szNbDo8j1Ax+s8SB8TbGy/c7ushkoltZjl+PIh/rPxOu+Aq5CMUgcTLEmgCIWbtF5vPpORtmtgFG4ualfxUM48Skc5rDhZpZZyH/axq/L2NNvdjmxSFlJOJsJgJj1r8XJvxwdVN9FcwHPvtAH8v89UhvA8wj9grJ3nlgNs0+j8HPY1mdfI6XWKjQryMCpNAS5DtBrLtDBqFgyX8Pp8ePQYJOrp2IK/w/4XSmyjUNqiXAtnPvXT0BkYS7681I/DLUemw7pKOA7X+9ouyow5yYxtIOqwkUZ3SZdIuZlpYfgi8jmuelChuk3orMxw5H1IEpSUwMY5hoEo48= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 62b746cc-dfae-495c-1f64-08dec623645b X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:04.4272 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EN5amWeOtFDW9Pbyo4poC6nMHwx45J84KVSKlcVgRpNfZnM1iEjGjQfFehYI+T6XA3UVTZlJPahb2EnLzLC5Y7RdJxznOn6p8TAI+k6iIsw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=pYAg1dcE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As the mmdebstrap itself is executed as root, the generated rootfs will also be owned by root when stored as file. To avoid this, we let mmdebstrap emit the rootfs on stdout and write it to a file outside of the sudo call. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index cef953ef..9bbc63d9 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -245,11 +245,11 @@ do_bootstrap() { ${@get_apt_opts(d, '--aptopt')} \ ${@get_distro_components_argument(d)} \ "${@get_distro_suite(d)}" \ - "${WORKDIR}/rootfs.tar.zst" \ - "$bootstrap_list" + - \ + "$bootstrap_list" > ${WORKDIR}/rootfs.tar.zst # Finalize bootstrap by setting the link in deploy - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" @@ -264,8 +264,7 @@ SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize" bootstrap_sstate_prepare() { # this runs in SSTATE_BUILDDIR, which will be deleted automatically - sudo cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst - sudo chown $(id -u):$(id -g) bootstrap.tar.zst + cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst } bootstrap_sstate_finalize() { @@ -273,8 +272,8 @@ bootstrap_sstate_finalize() { # we should restore symlinks after using tar if [ -f bootstrap.tar.zst ]; then mv bootstrap.tar.zst "${WORKDIR}/rootfs.tar.zst" - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ - "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ + "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" fi } From patchwork Tue Jun 9 12:33:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5122 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:18 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f61.google.com (mail-oo1-f61.google.com [209.85.161.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYGO9005479 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:17 +0200 Received: by mail-oo1-f61.google.com with SMTP id 006d021491bc7-69e81dbd136sf1799626eaf.3 for ; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008450; cv=pass; d=google.com; s=arc-20240605; b=aSI58li+iZGhWSXIMuTSzTEAtp14/RLb0zRhrGUmsRlTyr10QSS2BwM0Q34RG/X0ag QC3bHnZJoTREHViMT5KV3i8nZ3Kprzlt+RkL6F7OVZjIMufsK+aRSGNVb6Kyfb0Y7iv6 r1CHtPY/8y+2qgUl7RZqYQ4nGGHcu4vyM5goeh4wdqREBwFgGtLX726A6MgRaeDw+NOT x8dN/YhtL1EtxK0b/O8UeE0dLNB7Q1uVWPiDmuvqerGf4ri8D99Ppp/0Fwz4SC/K6WPW 4S8EpawyXmOA4BcRlo1He6Ro6ObZZFZKXbJJoXIWRtI0fDYYsjheXbm05TO/jVaN+3Bp dQTA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=G78TLajAds6poenjngtObOlDQgLMjTtUMsTIcPLMhUk=; fh=By8x77NhI2sMg4/02xNV5vE5sXP6OzVbCqZBMMX+gSI=; b=DQRh+5H8GYztjru+FrH49Xnlh0r946Qj8idzSbZiF2M8xe2JBsvV7hrYQAawwM9D9b oJ1kvoIVTLcRFbdBH5WPEAf0xe++TP9vgu7ejU61W4L24nE2+lXIUCL9cizin2OaP3QL L5Ou+tTHozlAQ+PaDaVXnRt5j76ErycW5g2Jij15g2rdhNxXcNKEqFVJuL2gTsG9FYAN HRDnrSrI4Ztm1e8av4V8Q7UraDwutXzJooEFbKJwnr3lOlTf00tH4UWHWqKczLZICfwe GOLJcu9UZz5ETUMtjCXIJpoPEGqo4yfXLEfPQ1NkF68hxyb9toBB4OLvStgG5rycyvG5 7kwQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=tA528bUo; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008450; x=1781613250; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=G78TLajAds6poenjngtObOlDQgLMjTtUMsTIcPLMhUk=; b=okWtTn2P9MJsmSp2gK+EPllO/uSnlKbB1B/Ff6wNRDHir8gQgVgg429ULcmVYKWte8 EL0SzcCc6WVehhK87C/nEuRXQMTUKaEy3Q1OEu4mLi9bBsqHbkDnODbh3q9p+HZA2h4k dzJyEODrHsq68FnMB1oFSB7iBsqTWAKgwjPR1HW0J6DyWmymqyjgmgsVyGaezVAGvIWZ 2xL+57GaihfNadSW3aJtomQcwhtV61ytQlXSXmfx11OJCR654S2w5h16osw+N4yo4uQh vu7gvCgHI6/c5lmvzjsOvlb2NGPL0Ad1sqLc81Ci5kRomVZYAJtYcirv4i7hqP6yGQEX ORxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008450; x=1781613250; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=G78TLajAds6poenjngtObOlDQgLMjTtUMsTIcPLMhUk=; b=f9EgGq5eyBxTSluU37raPdi9FwzGsGbags/BgEfDVE1iJqNBgcQAo0DvrCeFrpG6R1 poR9mG5h7cG2da49tA8h4Vdz3SisvByZyO263OUHVd5btgtZxAIGLROsX4rGI/XPk6XQ hpE/V76MyyqO4B3afbsiieFvAKzlyq0AMZvRBe/cKBgMiUx3fRHbYccDgryOzYNZF6DJ un0RpwBGV1+I4kvg58Pyr9w5VFyARUJWg7wUoNHrzqfXk4I5STXo8BIKr+VL0bIiJ+nH Gsr/o/oZgEDEsMx/9XGZQrTJfBMQl0dlGT1HJufLs2T6RGZ52MRhwZJBSNNO+1rQQ2Nn HXHg== X-Forwarded-Encrypted: i=3; AFNElJ/r87Yqa6VJs2W5c8ywgnxeyk7ifvu/ybJdMRkHj5r+OrcwkIzmGv2kItcXLEWQhVgcU1cTQfo=@isar-build.org X-Gm-Message-State: AOJu0YzMx/KkyH4HwUoIrYTKv+srmDeQzNycopK0HX0CoGBvddjSyeOw xSfsJGAnVvXeuGZou1U8Nly7VtoyhCbTsm7eSgggSuD8sTxYXjys/1vh X-Received: by 2002:a4a:d00c:0:b0:696:1a25:fdc9 with SMTP id 006d021491bc7-69e68c27783mr7734597eaf.28.1781008450059; Tue, 09 Jun 2026 05:34:10 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcLRiXQZdVGrJlWALIXmVw8p7iiSH/YhvmmTuZySFeKqQ==" Received: by 2002:a05:6870:b3cb:b0:3c9:732d:60f2 with SMTP id 586e51a60fabf-441098b942fls3196951fac.1.-pod-prod-02-us; Tue, 09 Jun 2026 05:34:09 -0700 (PDT) X-Received: by 2002:a05:6808:4fcf:b0:44d:bcb0:1409 with SMTP id 5614622812f47-4868ddd9148mr12457457b6e.22.1781008449085; Tue, 09 Jun 2026 05:34:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008449; cv=pass; d=google.com; s=arc-20240605; b=Mg3d6pX/0MJLIIspgd+wY4VwvXQ4nrBeM03Bw8TeiDzqeA8DHJzO0bcsKtwmn4qTuC /421Asq6PkWm+xWkPEIiUCJ9+zu4UFUxzD9aXL3bBj27tXk/TDqnmU9NuBsqmINFeRkv JECaNZgeV29b/5vGJyeacISMT1r3bdfYFGyWIZREyi+fbmHIr+rehcAolNivgqvc+H6Z Vliyqe9vb/PTSB2C/xL+jLA0zVE8OlhQ29ZaFZqG6DvkVTaCsftWdjkT903GV+WYOX/1 vqwBWE+4q5E6ByghRFPAmmwqIK2v7xhEc2YVSpv5Cziamjlfz+hJ54btnLjv4OUKMg/f rIlw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=YtZXeZa65bOuBh6AfTpjWZL0oEwqxxFffSFmdhGKcL8=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=KwEl0/BbF4NTDtPrBpe89dnw2qXOy8tD7TCA4X0gXc1usgpNOjQOlDDq4KGxVHW9yW AM7ml2Q/iINuTovMPwiJ/C5J+wmoZ3oDS5hOwgfO6jvRhbfieJ6tqsxSv8F6t2jfu/MB tF2Ihju/EezbK4rWaC6WqF5jUP2tJj+gtFkmngGyi021FojbRl3NZsgpZ+xxAZBLgtB2 Ds+jmJTJ83MCKTUrscDmg6R6S14coP/vbjjeTfjOY1U6rK6SrOJDXXe4nIo19dtW3V9B Z3Rtwmief1KD03zTLiX6j361Y7U08Rn05fjP5tkwxQAg0Zm8l9K3RHeZyXKx5fojeINX hT5w==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=tA528bUo; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-440d825e1e9si665814fac.4.2026.06.09.05.34.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:09 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hAmNw8uselZONomwm0s4S7t94H7GxkNeYf29qOxzYooxmvM5Xq8Z33jegpK3CGa1KJd8vr8MnpxrMZcVfSZTGtPDE/TjdYZZRuv6vwVC8emB2/2mvAxC7OtfcTQAMrw2hwCi66/mzcTml3qE3TWkj0BAbHh6oMo++TDrz3WxVR25lpkuyPStJpzA0Dq7TDI3TfBcoSi7m5fp2XUYZ/I8OrsUWfPKR14jPf/j1yqbD1NEP5cjrvz01M6fuQ3qirEp1ntR8gUb/2Se4WdFTkc3YXjR5MEMwQe+rxC0VZAdqVKS779Eni4CAu2Sfgg1kG+MPTywDPMCBgtt7QrFxz2K5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YtZXeZa65bOuBh6AfTpjWZL0oEwqxxFffSFmdhGKcL8=; b=E2fZmlFmxoZ2IJl3nzCBrpz8m3OYSx/QXCKuWIdvFbOWwOKK2yH4+W3mZfVezMMnb4X3L1ft4vqJw0yuqkbrGdTzDiN/blTbrLZyY/VQWKJz6QVxfJI2ZYE5evV/Dzxb2xeBDMVFR6y9LaGvuwOEoT23R6R9F5YPszKh+NR4fk3Io+r8DUO6+SsEToCYhtKlXbVk9YWmp17kFA/VLW3R2V2ZBVvffPo9u4ysVz83cMaOihJPvboV1wyW7o8StaFyRaIfd62oe9g5QkGQsWUpr48LDkoZMCkK7XXAk5r+cQCFmHqi1tlB/8E7E+uo8n4BoC7ImDorum4iJnOiAw7iEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AS2PR10MB7024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:598::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:05 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:05 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 02/17] deb-dl-dir: export without root privileges Date: Tue, 9 Jun 2026 14:33:40 +0200 Message-ID: <20260609123355.2368573-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AS2PR10MB7024:EE_ X-MS-Office365-Filtering-Correlation-Id: 2ddd6603-13b5-4718-d8b0-08dec62364b2 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: w2AWqTartnrIE+2/Cv2gm9vEArxc3dcHYjv/Gl0ry4WP0+bimQNir+rZL0gpklmVF7lX1nAoEydtrIux06uOhKjRtwUJKSSTWSt1du4nPpAdMHPffkOOWZfPFv7Oio+4H4BpFind6fdfs4P21YzWBxhCKNtmstm7F81ypuA6D0x1mE79rhKduCXB8Cb5X/VxXjOFi+wPY3N74xWtjBrY/KOveWgq2EW/eXqfNOiy3G/I4BjJxL9SBEGOCJqJjELpZPukVvQN+TXYNofrlWNm1Rytmsv8mypP/HIRYYhU+5aeveojEaY0e5ww3H/Py9SRV63TDlj3PQ0Mua41SbodEAsh9XyABVcf642duofrVh3O2zCca0Qk7cmx/7WG1GPcciSVkS0l5sFqUAALnlogOAbjrpxj0g2Nz6p+Qx8xWG+zqKWlzQY7OKcElUw8TjNXBXEmckLt2eby3zvG/cqWf+iFmVlKJ5Xd7cGo1yV6CFQCnRO8cAHBDMzRA8taei2kYo4U0e/EfDf8C56C4qYXuYzT3JceMSIil/BD3m060OuTxUE9bNd+KR5tPWNl7T2axJ9lSy5tpreG8g+3t7+Ko4xewyu4U624v16hf6gKeeoj1YVmW2u+yLs+ItCnkLW9gm5AldNNygxXcCyKD/s61/hIVtexl9WUGVfnVi7bb8RXrxPzAEtkYdG75ML0ddmx X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ZLA6qpXqCdrCraOMbCLEGEmqUrrPQltocNAaL/33fNMvQfMef1rJ+2+DA/5x/+6jPztzSjA7gs2tZgdYg1bf6VeXbwz9HJldgqGrTX8bXWpI5yUGFuP1LTapsD2O+LiA8X8m4CAw7FyOnic7+nucaZlDFV6DqgkHeuU+2XjU4c7sdVD2YJkcRwTfUqro0iCtcT+/wP1kqBagnWSyVlSiuXmAfO2WZaCKzXgXnuxYEHt+xg8rlTVUI1cKJmAwUy5qq53JI8+mNtBjvdeoEdiqJTOo4pZbqaAK6kLHWysY7ZxBuyHZCNpFWJkmXVNASMc53mQQPAMuhgMqlhq5edeYs5a0xIiogk4Vti3yxx55iuizl0n2+tg3PSNM9HjuzA8hsFXIkQpteXtHtPoqoc/UVbIc8l5r5ouGMO8LUkLkj/1nekZECzD5Fo3tOrw03cWU4pdlxP9Kf+eMszlwuBj6F3x7CClUkUUUTWEu6xuxCAbnRGTSUDvOXrMuJxXA8vMj+A1cJ7yqhKMK6tAkEDFdLedympnUBuzFbAVP2K7LC976RhWlwgV476zx3fHRqABC0PxQalB86j9SOAPA0AImkQqHD+NtUhg61NGYE8gmSiTCtZbHitMiwMVUId5h48C5hlq824Q1K+ZiPxfEZqu2hk4JbqFJjhwQAx5sY/R2Ftp8csXxAUKS/oRt7Rp40kb8LVBvSA00dMVb1fYj6E0UMFRjGwKsqfh/MwfuGPYDhFs2KGBs0Be3D4s6uSYWCNBf4N2+EiBEJX6y9jJ0sdH8f4m+J7ZKFOP/pFOLhVxLsD/4io0Si4GSJR/GVnpZyplDaydXOvsdpRGyeLvpfNI82yT4zs2d7HRJkUfYOcVMv4XzpuC/wspgrBsu0C+DHdx3iTftczX+s8g8mnaI5+f/3HogtsJKQDCMWG9m7BU3SyOLe2LQTvn3ed5JFKdkW75+MZKr0U/PFseiiIR7+y3WnXvGmFJ59TsaJjJCawrcqde1tB3HQ86u16CQ2g9KyzDR+Lv415w3wVbrYtKvxGQo0jacpDFRyjZhnlAc+eWVFr5xzU+TTNS3NBC/sL3AFgl01S+RenKzfHfEv5nSsomZkTqA0Udx2BG7wtxMgCbs7XWuzkhblDssTDzFBMHLYg+ClqVZQ6obckRGay6lJ7k9KfjCb3LENzIirJouqOa/ES1IW2HXSQ5Q9ynwF/9oEP5kyo2TeyC54PxEI8cPd5nkc4Uwkal278BEzP5iBe5Qqovd3LNEDGIytoErSK4Q3GDl4YXVMnBLtmr5XraPjqdNCEC/X/AIWgoU4vSiBgQ4c4ZxVwYYI5ofgDqScJgZ2oBp7Ap9NvtphDVtL6QXsfAcabVgMst5jNbUqU8RGyjoSVc8w0vlIcqh+s6VrJqwF5MGK4yExN/n155gtq0dURaBlg5/9LaCe+OUuDtxAVTmC9lNJzKyd3GQW7CLuGSRsjtQ3Fz+419PDdtljMMMroHzQ0hDTGXbvHvbr7AtmifChSulr5Vkvu2ppn6yyxoV/ePCqkkM9qsXSIafdeYle/Zcqx92BzGcWNWXXIDAJfyfut0vmBosdcvhmCk/DaPKPK4e2SXrGYuba0DsRM3uFOPJcd+69yhPeeWKqOeN0t5x1xfT6XzSbRYZEj0sGXkR0ILegfEqxAz9fIvKRMEuzdHR703H91yku5P5uSeImvI3Cv+dgQNfdqjOPU2MSU5zq4onUv/NgXjiZ6E22ZUEJTosVMm96OuEtlN4rQYqzDvbl1A= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ddd6603-13b5-4718-d8b0-08dec62364b2 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:05.0417 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XdlH9Q/OOlAzFDeKQvqdtX2dlwJcXz5nhY2waZ91Ht77NKvuGhzgxv/oOX+bF61gqM0nJtGUlsheMts0LJHJFr44+wg0NMkvm+q+11i1VnQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7024 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=tA528bUo; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 620ddc96..71bf7584 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -152,7 +152,7 @@ deb_dl_dir_export() { isar_debs="$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print")" - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -169,6 +169,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF } From patchwork Tue Jun 9 12:33:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5125 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:21 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f61.google.com (mail-oa1-f61.google.com [209.85.160.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYJRw005518 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:20 +0200 Received: by mail-oa1-f61.google.com with SMTP id 586e51a60fabf-43d171066e5sf8447090fac.3 for ; Tue, 09 Jun 2026 05:34:20 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008451; cv=pass; d=google.com; s=arc-20240605; b=KmYGzLYIvW+ICsM8TNuVe768HuH+ZNymS4+lVs0Va4aIZNxR1Kzjll/UuS278MJUfn BA9QruaIPCTTIfZTJWH9mW3a7BR9V4dWG4ExeF19e6jv4ASHN3z2bK4/rTPxCw1CEcbN BIwp9Ym+OFo8D/Ykn9bsV9VRRpLoRooWqgbt4sXALKGvHBbSKyaN1rKqDLxqV5Qqb83O dpMFqbann91cUP1HRGrHc2qe/i3gHIPV91Sro/X6akmn0lRfvir6fg+bmXZzQvnJ7hRG rJJ3db1vfMCjwb+qexRS4yjVWC02yol258Vuvu9PHZJQn8LH/n1JyoKmVat3AwUeTNZj YVzg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=b98U4CeEiv6yXoNrDhl8LOD6+g787Wg3K/qa9lMwkl8=; fh=k0bn1fi/JivuzSV+aRDeuWsVeh8HSw1+mXOhhgb7Q2M=; b=S17fhELmEdyGhtIskh7zazD2oU4Ihr9eQN3FuFGSQvoOpyjZbfoAh7oCUdQOjTyqdG wEukHutUMRriyKxjk2ZUU++dodSsUAKdTxRFkVVXuHUulkZvYTGmodjewa3JA01fk59Y Y/85kq42ruUVZEwoO/dyC0CZq+1QD4Wgje1khdMnWpcibJAETQi9uX1B9pqxvaCW2wEZ E8dc+qcJcuYJA3sT8G4D0NwYl0P47LaviZXifPs/vOoR8bRGg/Uo/WG2lRQYrSfR/gWH J+xRLFcUUqC3LrNdKhLxLq50//8ZuSI6JlffvcPVF11IMtgjrUtaj4Rkpg/0iUVwiVbx wuSQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=A8gVzVOZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008451; x=1781613251; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=b98U4CeEiv6yXoNrDhl8LOD6+g787Wg3K/qa9lMwkl8=; b=uJ/wMXWKhmgv1FJaM41hpW+yjWIq6XI7H13HwkBCESIh/9yYvf3fsCMpzy0otVtwNg 8GFH4UBmp8uEcioYJqPiE3dMrKAITkHaqaBaCpRCSwGWXroFcoekOyddtVPgdCVysP/Q uPD8BrrboQhYRilIr6FlvshFpMs3n52QZDmuTtDwk98aVSFidMEkYQOq8ps/BoOwrs6R AtHBt3VEsbsbdik2CHcHgyC5g8NwOAFjNr+2A5KAi+E1d9scqe88rJgbSI3aI4Y5hIcm ex2vUa5za+paR4bTqiy+RUj1lDRDSdLgXr1+8BMmJBG4gv0+joMKUiLGuAn2nzjtXSLU 2l3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008451; x=1781613251; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=b98U4CeEiv6yXoNrDhl8LOD6+g787Wg3K/qa9lMwkl8=; b=ajCnb0dWSQGiCgmzQliGPwf3I281hbGiydcqK5fSYXxGYyldPvIB9tmObuszOIGLbw fbX7lqgSqJcTPPjUQquZrj/7nNtN/0GwGMMHk9e2w8ebka7onPX+sxCK57D/b6JFQnjo mg14afnzpjiuOWB+wZFeH/JH7h44SnnNPUooX0KiyYb/soC0mj1C96A80sLvDPQ5lhC1 pJ5D9e/aYyluBroTmmJDvoLvN9RmcYxRApYVwZkCDYEWNFKDfZbFBxxhJIB6wgLvDGgi mnf68mkThVXKkMMwkYOFo0HWIat5ycoJz9DAFj8/xER4ijt1GFLtOstqsTM53peDsp8I uhfA== X-Forwarded-Encrypted: i=3; AFNElJ+cZzJdm8j5CXO35yo0BZjPAZOiQpiDG0/5z4m1YNdUooQkSoVY9fywczC2q5GYcGq2nCpRAxU=@isar-build.org X-Gm-Message-State: AOJu0YxWhtDFTmDADpL/DFHQH4hl2n0LMhZX7lTuWKWuBfA8EURPFQkh frpkux7Bn3uC93MVGGKGiNDdGoii4oLLnF0q7E/aHcgvmFCSn0x4hurS X-Received: by 2002:a05:6871:2b22:b0:430:12c3:c51 with SMTP id 586e51a60fabf-4413d1ee693mr10590226fac.0.1781008450916; Tue, 09 Jun 2026 05:34:10 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfbOv7YDUjZ1WEsUcBAblMWled9bkNoRqD0N0O6s6qEqA==" Received: by 2002:a05:6870:8a25:b0:422:c0f1:a9e4 with SMTP id 586e51a60fabf-441091dec62ls3389712fac.0.-pod-prod-08-us; Tue, 09 Jun 2026 05:34:10 -0700 (PDT) X-Received: by 2002:a05:6870:96a8:b0:439:b9c7:4c78 with SMTP id 586e51a60fabf-4413dcf4ba8mr11163204fac.17.1781008449855; Tue, 09 Jun 2026 05:34:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008449; cv=pass; d=google.com; s=arc-20240605; b=Blv8zWDlfBrzzzDPNrjsVOnvLgJUlcgfmgQoEZKXVdPsq00SHTdcFt79BRwY8UJx3j /acSeLHJ58VVUdQm17OUcZoDxcP0JsZgPIYupxwKRZFMDh+05S5NbgDr7Rz0YkzEzFDP vXbfrlcH9qpJ+exhhUAISNXywW40idIl80ji8PHvysZk0UmbRZvdtglErV9MLMd42g7D iLm+hH3y9iI6VWistKiEsC4IvZVY9veQs9iOPF8gZE2mbzVwEPIsgLcSkFD8MT5jOoRI +g+Ex04gswq7eacXAgBBWJKBiFcp+TuMR+DdNr5BzwCXWPN0eR2fi6xDbdIS0MWdXfFO Z6lg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=uoiKquZqdGgBQCVks6IRNPcx4Eifun7jhUHuZMOxfxk=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=JL1XBxRZayinmZOXGX5q4pj1kqCoT8Y1tiYNXjPgElx4k3SuFOY7xL8rGzbsUN0hZQ jcnlXNb1CHkRrhUJ2tllGf0zL2fPNHKx1sy+bABcjJwY290ghKmJqfXapYsrrxjWtI+Q bXcOJ9EZxPCum27upHgXTG/Yizu/fBZowEJjtxUOcF+8C93ak/S5UoGzaDIifpvujglT +4AfMZVzRuLKkKVgBNN6zLitrmA2H+lazlho0eIFwSTASxNF3+tHBvcyyMAUnHzDPK5N 6No+a/p7rtxcJzuj2tSrDBPaDUSYWBjBNbxGjYW7+aNt4CKwGII6Yhr2bpDxJJXE3E3L xeaA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=A8gVzVOZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-440d825e1e9si665814fac.4.2026.06.09.05.34.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:09 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=w46vKV8BJWRpaDz4IYH1Lx1YJ50vIIKqJO8DeLzqAzM7mEDFu1kRXEBFXs9cSli56ijBpL7ZbQB1fykDraVKJCTi13qEXvbh8yvj3/bmDSrikwfJ60oxFctRjDXXi7p7PA7EPf/XTib2peKmKh7BU8I+dY6/GeQMQrGW7CRwB+Mth+9oK/IQEWqhVyIjOycZCXatao3iBFvwygsL948tu8o/ta39f/P4eQUFDL9Q1AJuFsm4A/hXiaMh7NTJ/ziWq+x7k1f49HbVdnCTp3Dxjx48nX6URaTGs+QhiXWJJDNTVZ6YpVFR/IQ7zqTYgkVxbZ6u/vto35ACzRZz/kAaKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uoiKquZqdGgBQCVks6IRNPcx4Eifun7jhUHuZMOxfxk=; b=UoCfRvEXivCgoODlUjOqOGw2ICI2XfCv1ESb5OKo3QRBvnHrV1Sd70VRDubYEkuIf2Y2PrLlFBEtDZporh/wiw9vaV1GFX93xyoixT0rDL5xAR7XD5oz8Tps5azj7khUmzhrQZsJBhCHWjMi4ZabvFFCBqZAllVQfkyYmvjBltjhiNwCk/7nxhx+htA39r2e8lcOCww2Yw09i0E1JlzrO3ElKVb6SSxy7hvQ6v4Thoveop/OlTKfoqvzmADUMOCeAYtMftqwmztLo57RWm26OTvrYJa0tg4hXWUwaOj71ijWh/o26GX8NhpVicCsIUzazRl90vy0oYDY6lLfivRwJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AS2PR10MB7024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:598::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:05 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:05 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 03/17] download debs without locking Date: Tue, 9 Jun 2026 14:33:41 +0200 Message-ID: <20260609123355.2368573-4-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AS2PR10MB7024:EE_ X-MS-Office365-Filtering-Correlation-Id: 907edcca-84ea-44f7-9d51-08dec6236516 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|55112099003|56012099006|11063799006|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: KCjDOeFP7S9HgDszXBIJzW/01lspliQ08j2IG6aiTJi1Sez9fC2bwOlUYUv3S1T1I0gCefR1RRkpFjGasJAaNZX9JvM2b12qEiPU/sEhMFlPWoBVWaQTyz3IQnu+tycgjhXhh3A926IW/coVfBNCCbKKVNCnD4w88Ebg7BMHTPCGTsCUkjcSeq8ouCMd/Mm9LMEZRP0us3+qzAk9WagdeP6op1qbd5fnqYv8KYqf3/kY3VrDW99jWHTDKI3dtOo+4+IKMyCjheEkDAffV7op3VkosfSJNZQRJD7xlPzZnbNdrWP4AO1Ybrzls1kVZ/c4Ee+nxjLDt6lxgwYI7i5DY+r/QziaFueD0e3KlsH91FEjIKMj0VTO1lY9l5b9UKPWp59JKLxriEFZyzrIVhOgnFKj+85c10mu6OaatgAhmFPbHxtgB1vCarl9kQBA2YLB6HYA8h2oApump2K7xbqa89qAWL0BTAS5OhPWHqy8hx3GVZ4F9WCEUKVrQiC5HayaAM7Ihbt11MW/oWAuWIrKBYSGe3kN1OpvsiSUYVI6WK9u6PSkz6T/xlq5eSrnFE46Sfzlyof4jJVd9sDOcQU9rxJCLcR3c9nuioqCurQkQ8OSMULdMrGT1lgZRnCA4eYlVVXyw8P4wTUdVLaM8BIVnLzZHgXarbfU0IN2R8K8aXkzGl0wMzolAhM7KIxnD3br X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(55112099003)(56012099006)(11063799006)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: p/Z9PNptlZuKn3CTgQQo2LONjCB4EyLDjHLemuFqD9oqE3nWJb4xOLrrzKzhxbHsDAndNEpZdwFhofV5mVSc8h3EGAuI2/85qIcVglQ15zdVV4/avO/s0OkyOIYSlLowwA4x4QmTC7tJ/ApNFFiSXV7BaQz0X/QlQqF8GTCid3FSn33io6u0HWrVbeTwCctEeHVty/VBI6n5jBMy5czNhcr0wDPQe49WnPEEFz3NsZG5iXh/ViGMbjjmkO4XiA9bkvGxkQw8B04XtjIIZuAz44aXrm1nGbE1rlvIJJLL40v1njS1m4MOZV30FCg1HCqveBXPQWDJG35USe5IajdVVnSneXFeIUWSF1zFj1t5ZnlgXvE6JpI7Lyc6N/OOdUB1cR2hqA7YdT5Qa18ioxCV9ID7MM3eEcU5WL5Oixh1MHeN/kWjcnZesvLM548psBeVHN6g0wtX0+HpHa9OgFsGBsNETp1q93lwYRSZ7HUZCMrXbY001OEMcBXf/DE2kjHfLJP39GxVZXVnTWtPBEmnoQDdcYs7Teb/w6tIDFpvxeYrMIsT1EPe8qYTFMm1yRyGwpW9BQY+9NK45MWQaDOyDILLseKMtRH81I1QCGfj7HpAiG72+XW+5sqGyRdwcKgu4v96BBJCbHszgGqUMEVReneUuUlVcEwr1LcxW3CfdUR9WXWfCijcHyWGiRUXiWkNNxln337e3Qxumczsa5V4xNs0rI08Uddzzb/tHIZY5weZTY2XHovU/NPbxbEcmP52KQfQvF1g1dzhk6qDpc+Jm6Tjpohk/Ufz6tl3OkSpVMS0v5UHt1duN1FIuI+Daz/UYb7TimhUeqV21Z8jv7sT3UCxoIMS6K9lsxjAUOLNDOOKLGZ6M/wJjODSS+6s65jlEnAPijEQsYR8xE5mL7u5d2rncTBEQKo8O9tHbJFJjFWjqbJIN6HTlRvcqrnT9Poe9raueHOpluEG44e6Pa+lu5PhylO58u+zf/umz0DozYCPaoQAOnN3GQdWWPX9Bl7LHitiqQn2ctnHnVZD+URhIJ/w5BJQiZMwRZSNnfYgSTsYFaRYIxA10vckzBzjfQkGxeIBr8DzYH5cCSKi9LdPElNK/JC8E8a16v4mWq77o6PhZfC9+IQdgidMnsH0/6lBzpkJ08mKLspaCXhjdf5iE4PGoWFiWdq5DxKQDjWCJ7D/xZp8ay3nfGV0HP1r8HbtuCoRkZfTc0iFT71jFCu00qjO6ntfwIoK6LeymPH7cJtl9yaMDEv5q9q5OPYyeayp6H/PpgkCZjkuDhiNwIijuQ7xgrKGyNZcvBN5/en95HctgoXJKooFycyoU+gy+WUsSQc3SpNx7xT6K+KvJtl3VRphOnDWRjmbWAOFd/OtK9U+MQjZQrwf39c9PgEtlw+sBqk0oYvG+Sf3CKxJMq3BZt7t0A2qyGndXzhuMO9lgpwAZaJGwnDQEUXmo9WRQ69A+jP/1BeJCHSlga+hAYyo90FVh2ffs2J60GkUAS3suT3xOLP/r9yd1QasH5eQsxRByVCYjtuXocKVIQEJAm/UhD8DxCu5506iqz7+Tr8xuxAM5OYpWrW/JX3NWkEE7kHGqQHfBlHvS/SW2kBXsUxFbuDwNpc97SQABQUwZHN1refkZ4bpIKMZnu1q8aPTrBYttG9JON3av9TzZJb+mpQuPRN1olvrJ2AgxwiwCcNZohf4lp1jOyS0TEUtjcpMqMzZp8m9mF7DM5qF4bj50s5uN23Y7C6QJ2tqzPVeF5i+HsE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 907edcca-84ea-44f7-9d51-08dec6236516 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:05.6737 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NrdDJvnYBk9+6wVlC9UvSF57hAQiDip4MdoqbsTPN4uepE4ISoyaNPnPV4kz2s4KmoXjKVvYzjdPCFNm8cb1qSmRbuhspQDjftvsb5HE3vg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7024 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=A8gVzVOZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As we are only downloading and we are the only one acting on the rootfs, it is safe to not lock the apt cache. By that, we can avoid complex file ownerships in the tree. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 2 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/image-locales-extension.bbclass | 2 +- meta/classes-recipe/image-tools-extension.bbclass | 3 ++- meta/classes-recipe/rootfs.bbclass | 10 +--------- meta/lib/aptsrc_fetcher.py | 2 +- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 71bf7584..336cb0a3 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -79,6 +79,7 @@ debsrc_download() { --chdir "/deb-src/${rootfs_distro}/${src}" \ -- \ apt-get -o APT::Architecture=${DISTRO_ARCH} \ + -oDebug::NoLocking=1 \ -o Dir="${rootfs}" -y --download-only \ --only-source source "${src}=${version}" \ || echo "${src} ${version}" >> ${missing} @@ -120,7 +121,6 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ sudo -Es << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - touch "${rootfs}"/var/cache/apt/archives/lock chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index d14d56aa..629796d6 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -77,7 +77,7 @@ do_fetch_common_source() { schroot -r -c ${session_id} -d / -- \ sh -c ' cd /work - apt-get -y --download-only --only-source -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' + apt-get -y --download-only --only-source -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' schroot -e -c ${session_id} remove_mounts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 32666311..c90280aa 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -30,7 +30,7 @@ image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index ab616b7e..766f386d 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -54,7 +54,8 @@ imager_run() { apt-get update \ -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ -o Dir::Etc::SourceParts='-' \ - -o APT::Get::List-Cleanup='0' + -o APT::Get::List-Cleanup='0' \ + -o Debug::NoLocking=1 apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ --allow-unauthenticated --allow-downgrades --download-only install \ ${local_install}" diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 8b502a50..b201b97d 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -340,18 +340,10 @@ rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadPro rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - mkdir -p "${WORKDIR}/dpkg" - - # Use our own dpkg lock files rather than those in the rootfs since we are not root - # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) - touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" - # download packages using apt in a non-privileged namespace rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ - --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 4fe5a9ea..da2d94c2 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -41,7 +41,7 @@ class AptSrc(FetchMethod): set -e mkdir -p /downloads/{ud.localfile} cd /downloads/{ud.localfile} - apt-get -y --download-only --only-source source {ud.src_package} + apt-get -y -oDebug::NoLocking=1 --download-only --only-source source {ud.src_package} ' ''', d) except (OSError, FetchError): From patchwork Tue Jun 9 12:33:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5124 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:21 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f63.google.com (mail-oa1-f63.google.com [209.85.160.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYIGP005514 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:18 +0200 Received: by mail-oa1-f63.google.com with SMTP id 586e51a60fabf-43d052ba649sf7274854fac.1 for ; Tue, 09 Jun 2026 05:34:18 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008452; cv=pass; d=google.com; s=arc-20240605; b=FeaQ5XjWGuzOzvg5mHoAD+0FhG78Ebj9i8P2bAYhWWH4BM6azrFj6Qhk8KGKvi16X4 JeIiy06+nsq/a8YloTBzNkhi9fRtMZyGyCcAUPX2YmSG+m4oKn3UW/lObRN5tAl/Fg+N 61w0GsS4ZoXMCBdaBgdr2N09d24k+Dv22aY6JdUrneC3uOdYNNmqhn8fJhl/s9es5VOL 44km8J2B8OvZ6AN0a5+3jRcd3bGGCWQ7jn7CTQMlL3p/upoMw3vETiJaSEelbZUcNh8h /tb7vAWyzH8xSZWgFQiaUtpSDJC1HG2h6+8PKqf7luZ7h+mqn6SFn+vIJcZoID9xBbmq FoyQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=h4lWnTE53IdpYCqs6QmhSGdzMyUfNH8r6v7eJ1rjEFQ=; fh=hxa9NjVPNGkdI69Xxl0Jb5rbtKmbP/DkcqyjGya70wU=; b=Vtu4dhG/D0FJqX2lruEK3ytm4k4FS9cmjeMI6KQcJrlgc0fsYBiOdyM+apQoX5KDyL kiIxi5AIByS4/JvIBgYrchBjQBLt3pZXpIfm0MaJHYyhgldyrHQojqNA0CtQ8a/ccpyC IIYpIwdHQ8blSyOB3HwAHLgAQ42+rwjC5sCcAhX+vRwEc7yZ8KRMRQF6dapadMVNPKRz I0Tl6o9W3Fo6bLN+9NyNhD3bWIAjkMKMG7IL54LP/AON9gBMiX316TRc4YOrSgDdfq69 gohJdRPZQ/LnfJwPoDnaIpZEEJpXuXvKCCHs0CcIenJprx0OmJhJdp7AWZGtHglmQlC5 TtAA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JD51WvWh; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008452; x=1781613252; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=h4lWnTE53IdpYCqs6QmhSGdzMyUfNH8r6v7eJ1rjEFQ=; b=RMW8tb9jW2UfceEhLoBUDn9lYukKAw/XDgLWNcFtLP2E8JjlLXOy0kDcUu5YrWn+n4 Op/oi8M86AtAczlxWqofO/cNzAKAyD98y0lH08kxHu/5G7ZHmDKY0DGItK0N8UdxLYca kUQFtUXxY6ytGpurAaQIPsE/XTyCk7j2H3pJSx5IGFSSzXDX96Mm9VIOPmE1hw8oW5zA ovSIpM/MIWuAZ9U+qOfNnkgElW2FEArmggQhQzUwsypYBBxZ5PrDJRyjV1XA7EYqjHS5 EOIRmUQA6wpxwjWstwFQE6LLQnAj2iBNH+XhLrW57dnXv5mhhU3CG33dhAWJJgTIg2M8 DOow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008452; x=1781613252; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=h4lWnTE53IdpYCqs6QmhSGdzMyUfNH8r6v7eJ1rjEFQ=; b=XpZvAJv2lfWpAPZkDJYAR71wz1M7d2BfzWqq9TwnD+29TVTAj+8JaoSP/lxr3db2hZ ZTGau4z8hWx/kBhQwt1nKbWDEIrUk4j0HaTt7/U4zUKcNpiZmFM6vVscj/K2cvFVpAnf Cer8wVFVeNcqT9PDvE2SKnLYM8EGqp/PMawUHRyTTRy/U9kIsGF7rMgDsK8M9R1FjbXy A87Zn6vrWn/0DhCwYnDXRZrPhXTBiiDasYIidxpxmgAoRRT8O9jZLNPN8f2zVzKNienv QI6n5JRxO9ZO4ePqXVHRVLkJAcwdWiCGJKZSHTLePYgpwOlMU0sVtD8ZlXrOc+Htl7D0 NLgA== X-Forwarded-Encrypted: i=3; AFNElJ83Fqu7ImNjWUeTE+Qms+gkL10sqoWjJxwc+LusyNRCCIv1srwfUguwpf2bKsRPaepUh23VJL0=@isar-build.org X-Gm-Message-State: AOJu0YxY/M7CcoV3CeykBMtLwOLjVeJgQMASzmKSK3wR7+XGoe0kAq/J swmOzzwy03cuzWHmMhFaMmgjjzI9ZUKdi9zF5Upnf3vB7hfjZAQqxhjH X-Received: by 2002:a4a:e905:0:b0:69d:e795:9a9c with SMTP id 006d021491bc7-69e68b4d98cmr11268793eaf.16.1781008452538; Tue, 09 Jun 2026 05:34:12 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdFt85f4pgHJ2MTO0PEyIcxqQRBfUdV5TeNZWTI+Ki02w==" Received: by 2002:a05:6820:629:b0:69e:4f4:8560 with SMTP id 006d021491bc7-69e5900295fls4313838eaf.0.-pod-prod-07-us; Tue, 09 Jun 2026 05:34:11 -0700 (PDT) X-Received: by 2002:a05:6820:1993:b0:69e:8bbb:78f8 with SMTP id 006d021491bc7-69e8bbb828fmr6723624eaf.5.1781008451442; Tue, 09 Jun 2026 05:34:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008451; cv=pass; d=google.com; s=arc-20240605; b=bpfkH+jdN4DLg3u+yeAtzQDLgMV67HLP4CCBRD8F7GVcsYG0MjUcvj0wiXzgXv55pA CvrB5E8PqThCrYH3qgYr07jCWCOWATRNIfMxrYNXqp0y86J3LAr0TtNI7Gq4mNWf5aB9 owQDDvaR4YCxigeHBInOJFFubkF7SAvpd72a6kc3vOG+5lM3B1ywmMGcKIzvg/876ySr R4sdyiikLCe4AgGuN+EVqGqSiwd3ScYhKJM3I+/IVKSdP7/ZS8g/GqvGH3T5fsnonpZZ CpY+Fd20QYmIodZ7ObS9eYtSRmsH9Zo3Dn2mrYkRj6sdi/6kZRdFk3PF559XrAIKCu8F U67w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=x1vIWBq993mm+NrwHiVrtSKrjs62yMEZaRo7OJYQxyQ=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=hMiDrk80+0LVfb+/xzUtCnGP+1Kmh0Vrar8zPRkhUGM80z0wGHyOKzxSypYbMf+vyI KdGLCZPXZ4Fdzm1j96JJaDvmUZoQg7J6LxWPl6q9xMNfzmUM1kO5S9vNtOt4cdQKO5q8 yZRm5qVBJRfTb9uaX+inUno9A8u8tV3IFQ+iiLbOggmQ2E8mIX9Vdj88eiFof8eeeo2m eDKEIf0yvVdQbbsPJGKp+3oR/PAbolOZEEgbeHK0Do8oXvmTpsI6282ZsOUm8zBcQC+F hsFI5/LpGGtn+2Lz0ohiqW2GITZvZOM4aT9Fu0TmGnEzL27qzWhwH2zL0aYkr1jybHGw AFsQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JD51WvWh; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-440d825e1e9si665814fac.4.2026.06.09.05.34.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:11 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EQjR9ORIPaRRsyNWtx5LXm6m31LO241AqryaMforKYMKdP429LJ7EzTCb3LDXPKjFjGkqeBff398CQl7G3jti4A2vpIJC60Tj7iSE24zpSA2EIiZainiO5oIPDljo9XT/9WjNSR3wfHnZl+UOfZyZnEf8EA+rOHeW7jTHxqciFNO2thbHGnKfGy7cTcV8WPbZbwOidjZSq2Qup4G2DhN0PSrO62Okf9UxcEm16HH7N6fhtR+wJfKUx9CFIXEs2EveEjTymZMMyyX27fGx+kLmQv1yBKwf1H0YML9XO9WpynLIP3yMgFx0cpT0xqF42nuaPKJx7O5czUiDUltt7ucrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x1vIWBq993mm+NrwHiVrtSKrjs62yMEZaRo7OJYQxyQ=; b=X2pPlNtMiWuRnZd8hcnWRkLz2YZ1gECIP09PKL+iu+LsFnF4xocV/V8eAS4hJBiD2alnw272ck2I7Jvx0WxxYv75vO4e8VRYG58zobuYnFkRgb7f3h2ufSe3r1OUBK4ytrHb1f6j2uvnuvZb/V3zBHQOgs3apWhs4SljilqaeCAhl3VqhWiaDvMuHgUSdZn8FBL7hZhmX94H3B0SNCUN4rIjqZW/KuJqYYQwf2U73euiMd0iR/agWxE/HylbUMg9tFC4szizbSeU715iCVy5RlWQhp7uMtgkGr/oL5c3+Z+RNlFSHtpStR8NIWIgB8X6bkJxn79bLel8ychdOP6Osw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AS2PR10MB7024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:598::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:06 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:06 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 04/17] introduce wrappers for privileged execution Date: Tue, 9 Jun 2026 14:33:42 +0200 Message-ID: <20260609123355.2368573-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AS2PR10MB7024:EE_ X-MS-Office365-Filtering-Correlation-Id: b6503f60-8091-4093-6a97-08dec6236572 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|20052099010|55112099003|56012099006|11063799006|3023799007|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: sVyLQU+wpj3W/G7OsrYpIuHs8dq/Gtx1kWMuQ/EaiW3HGdQYmYpbzi2DH0NVSWedyxMPlHZfBIYHDDtjRvcQuCx/K06Eb5vUaBe3dj8Inxt60Znp2VMz7q3IWLq5TvKdc9SB+zIas2243rtEwHJTkzOLBColSbejASB5/Pw6sjxbPQgmDyWDJcJM1RkIWh879RCx88an9c/tzVNXLDDdGB2sYymX2ZLBcW0v6tvkBgTkuN5phF+nJamEyODc1S8/12neSsWTjQfCINUGZifKajTr/GAyvvgZtgYlHsXvsY3RXMJkcWRo7T2h7Mz/gdywu8Es1NdqvWLAkeERHFHoPS2Gls9ClyhO7eFQTySfyg97W8Oxfz9e239PPXQd8YtnsLHpOCSSBpwzlmasFSj8qhtmQUxr7/XkshUMnrxzW2ibCyZo62Oid6zc6zx654QVHu1O8U8hJp4D3yUHz+oInIgKpNOC01YYQQaRKSXk4Xp4/GW2eomUHFYbcLt6YcrEtRCpnlov44ZQHne+fI80z/gh4CKgDdIqfUhG3pd1bYRB1Ugv2NvHTG0Hi9Y0y98wPmtqNGEzz4HO6yDZJJfJG3TGpgrO4imgQDxHMAm6/dC5ihm0AyIDY0RTzQVn2x/O3BLVeOdwLyHmVFfu6FBdoYtTGqdvUXApwPW8bibI/nCQsK6Ld6D9178tdB63QxY1JmT4LdqYXWHGFNgnL3gMdA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(20052099010)(55112099003)(56012099006)(11063799006)(3023799007)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: jRyFGezRn+zem9zcjvMt8+cxIpqajcuW68VJVJfJeuMD/LZXqkuT9b6SgQB8i3fu7J5I1ELZ5S7Stn8Bf1J1H26lvxSE3vdFwyyS026utYGChFWJP2/jt2Sy0++YTNfYP9NHWV6DvTvA5TjLhPN+iYMtywKGp9rbz59t2WT3E5RCd3fKgyrHGMnEvmw0jIJgal47KcbJnTnkt41Ggqx9LuAykCM4tL7ix5sDn7ShesJe1taP/76yE4t/GtFPQzzsDGZSwPZdP4+1osrgWUOp1Yp0JCLFQaU+CIrtdaV9Ty27ZU+0pJFKh/v3MfYqVWNnCN/qtt1I3e2n9+3PDya3Bg56gArl9cCphLb9jiK5HZ0qO8LIcT7ypDJd5IwtsdMuTaaCjIbs/tnouMtsREBt2AobRbUVIrwjpitNhOK6y0GO4ZjznnV5AcClJdY9WQlpaMQwF5jeE2/2jSA6TRzhjyWtE4LRPzWFHdk1E4tLk1FuosLhu1HXNZkOhoT3eIyWLNf7zhODLyXgGDdkEJ4/LBjL6TBupL350WjqP5nysCzN9kLTdm7WHxK8IGj5qnC5ifBL3P4WF0gUDrp3pBxeEUG1RmN9fd+ImqeDbJTLNHz8ckcw+/xNL/IDSUSj0xbDmutkQCTPLjgxvOqjbE5PNW6MXOdlHAVZIt9zIXZ6T5L2FgFrcywJR6SkVHX/8GpTqgOKAwgiWfLknR8VuoySRveUEaKKMzTp64Hdi0f8X5lHGlSPNxvlMnz1OfLb8A3TdlkDJEEswPtMmJ7idepntd2v9CPxftCDr9DdhAN3E1O2DWWY4Qb+NdnOvBd79lHBFgP1FbwtojnSOdjE+E4T+MecH/Hqg6PnmkxSTcbylWYsyp0T+rVWgl2F2M0dK0P1pk8Tle9CVoE3LnDbkB4WXnbiLpdcq2UG8ZneYbX5zpticXUk2B3XcgGBAUTuTFWpBc7l0slqeGE0ANvZC+FAJsS8a7JqWSKgnXvBths9Z2qn3y0l9mMDbCVQsjfZwoYmzmbTSE1YdpXv2hZ7m9bQvSHM3Pcon+vjsnNXaHS/87dQMP8AOptiZ5nFnex/aKs72kuqyFQIOGZg2h61sRPhmoupmlOGIXUGX24x4jBCpKwyUOyS9zUX1vXL8OyHadLtuRXg454taAnXx92Kk8oEu9atnvEsyFATGjDQ8OY4EVzYWo2Af9RZXRZjqvmI4y1XjoBpvbGHYaJZaB2Ydg7JxWogrmNsHg9ABVMc0/zPbOy0Vwv+oa/sH7GAdEqmwnlu28lOkCY5lOCpJnUTnA5yiGGpQZmDvFUumsdg5Z6sbeveKiyDdCC8hO1oA4s2a+cT6a8VsA0KFnlgPYnkab3vok8xddwLpQ4JWP+07wV3wWvMOPsj8gGUmAI62x0xpJO8/wq/n72Ap1/Q2LDLnUigkRPYfI6so+aAXFv5tmepznB2JR0WAImZ6IsGUTK0zRiLyQ3/jfoowIHzZz2uNsXGTHKNzprXsI6HzwyEODgy8UjdBpur1vcacI3W6TR8E7KlF2KnDpxiyjuLJADbp1sFSTQ9yCCJf1W9+hv1fBgur4ejXq8iWzcHmw09A0Pk8t0t7NEJDb27hmA2PLv3SD/s07Fd0l/gw0GWKDLz0rcBVYs88HnD89smTOOU/MQ91S2s3gy2dDUiWgfC26B1UGhLaYjlYCB8jlB7BLTNH7tSfWYMMlKBfXgxwOteQEwjcx0hWCDT6QRxV8YfY7VCMt3K9OJs9qPm1J4w2r1FgO6DkHU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: b6503f60-8091-4093-6a97-08dec6236572 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:06.3863 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eZ5uSYWApj2RCXLS/Rhq6ATRRSy2mmJbQvyBVBiF+vQHORYaFZANaE981N0BYLWFTi9vPuNEjj4LySjSTcRBSlcw5b9IyyNkD3fsPuQPT7M= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7024 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JD51WvWh; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As a preparation to enable rootless builds, we introduce wrappers for common cases of privileged command execution. The wrappers are defined in the base class where later on the executor dispatching will be implemented as well. The wrappers are introduced throughout the whole codebase and downstream layers are also encouraged to use them to increase compatibility with upcoming API changes. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 16 ++++ meta/classes-global/base.bbclass | 26 +++++- meta/classes-recipe/deb-dl-dir.bbclass | 8 +- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 2 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 4 +- .../image-postproc-extension.bbclass | 30 +++---- meta/classes-recipe/image.bbclass | 14 +-- .../imagetypes_container.bbclass | 26 +++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 +- meta/classes-recipe/rootfs.bbclass | 89 ++++++++++--------- meta/classes-recipe/sbuild.bbclass | 10 +-- meta/classes-recipe/sdk.bbclass | 14 +-- meta/classes/sbom.bbclass | 2 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 +-- .../unittests/test_image_account_extension.py | 9 +- 17 files changed, 156 insertions(+), 116 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 5d2514c0..552051ad 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1087,3 +1087,19 @@ and `arch=all` binary packages). Recipes for such mixed packages should append `PROVIDES="foo-doc-archall"` for an `arch=all` binary package `foo-doc`). Consumers can then simply reference the package by its original name (e.g., `foo-doc`). + +### Execution of privileged commands + +When operations require higher privileges than those available to the build user, +the following helper functions shall be used: + +**run_privileged**: Run a command as root while preserving the environment. + +**run_privileged_heredoc**: Execute commands provided via stdin in a root shell. + +**run_in_chroot**: Run a command within a chroot environment. The first argument +specifies the rootfs path. + +Using these helpers instead of direct `sudo` invocations centralizes platform-specific +privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged +in downstream layers. diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 70b4565b..d4dbbc3a 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,7 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - sudo rm -rf --one-file-system "$TMPDIR$i" + run_privileged rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -375,3 +375,27 @@ def deb_list_beautify(d, varname): if stripped: var_list.append(stripped) return ', '.join(var_list) + +# Helpers for privileged execution. Only the non-underscore functions +# shall be used outside of this class. + +def run_privileged_cmd(d): + cmd = 'sudo -E' + bb.debug(1, "privileged cmd: %s" % cmd) + return cmd + +RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" + +run_privileged() { + ${RUN_PRIVILEGED_CMD} "$@" +} + +run_privileged_heredoc() { + ${RUN_PRIVILEGED_CMD} /bin/bash -s "$@" +} + +run_in_chroot() { + rootfs="$1" + shift + ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" +} diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 336cb0a3..792b8b80 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -97,7 +97,7 @@ debsrc_download() { dbg_pkgs_download() { export rootfs="$1" - apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ + dbg_pkgs=$(apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ -a "${DISTRO_ARCH}" packages \ "${rootfs}/var/cache/apt/archives" \ | awk '/^Package:/ {print $2}' \ @@ -109,7 +109,9 @@ dbg_pkgs_download() { | grep "${DISTRO_ARCH}" \ | awk '!/Binary:/ {print $1}' \ | sort -u - done | xargs -r sudo -E chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- + done) + + [ -z "${dbg_pkgs}" ] || run_in_chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install $@' -- ${dbg_pkgs} } deb_dl_dir_import() { @@ -119,7 +121,7 @@ deb_dl_dir_import() { export gid=$(id -g) # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ - sudo -Es << ' EOSUDO' + run_privileged_heredoc << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index f7a12302..e5987554 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -161,7 +161,7 @@ def isar_export_build_settings(d): dpkg_schroot_create_configs() { schroot_create_configs - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' sbuild_fstab="${SBUILD_CONF_DIR}/fstab" fstab_isarapt="${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO} /isar-apt none rw,bind 0 0" grep -qxF "${fstab_isarapt}" ${sbuild_fstab} || echo "${fstab_isarapt}" >> ${sbuild_fstab} diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index 500aaefe..e693800c 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -130,5 +130,5 @@ dpkg_runbuild() { deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts - sudo rm -rf ${WORKDIR}/rootfs + run_privileged rm -rf ${WORKDIR}/rootfs } diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index e874f3c7..de01484c 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -34,7 +34,7 @@ def image_create_groups(d: "DataSmart") -> None: """ entries = (d.getVar("GROUPS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] @@ -72,7 +72,7 @@ def image_create_users(d: "DataSmart") -> None: entries = (d.getVar("USERS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index c90280aa..029caec7 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,7 +29,7 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } @@ -60,7 +60,7 @@ ${@get_nopurge(d)} __EOF__ # Install configuration into image: - sudo -E -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 diff --git a/meta/classes-recipe/image-postproc-extension.bbclass b/meta/classes-recipe/image-postproc-extension.bbclass index 43ab750c..59128c2a 100644 --- a/meta/classes-recipe/image-postproc-extension.bbclass +++ b/meta/classes-recipe/image-postproc-extension.bbclass @@ -17,19 +17,19 @@ update_etc_os_release() { done if [ -n "${OS_RELEASE_BUILD_ID}" ]; then - sudo sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "BUILD_ID=\"${OS_RELEASE_BUILD_ID}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT}" ]; then - sudo sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT=\"${OS_RELEASE_VARIANT}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT_VERSION}" ]; then - sudo sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT_VERSION=\"${OS_RELEASE_VARIANT_VERSION}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi } @@ -37,11 +37,11 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_configure" image_postprocess_configure() { # Configure root filesystem if [ -n "${DISTRO_CONFIG_SCRIPT}" ]; then - sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" + run_privileged install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" TARGET_DISTRO_CONFIG_SCRIPT="$(basename ${DISTRO_CONFIG_SCRIPT})" - sudo chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ + run_in_chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ "${MACHINE_SERIAL}" "${BAUDRATE_TTY}" - sudo rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" + run_privileged rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" fi } @@ -58,13 +58,13 @@ image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( run_in_chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" fi - echo "$MACHINE_ID" | sudo chroot ${IMAGE_ROOTFS} tee /etc/machine-id - sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' + echo "$MACHINE_ID" | run_in_chroot ${IMAGE_ROOTFS} tee /etc/machine-id + run_privileged rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen" @@ -82,13 +82,13 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_disable_systemd_firstboot" image_postprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_VERSION=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${source:Upstream-Version}' \ --show systemd || echo "0" ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then - sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot - if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ + run_in_chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot + if ! cmd_output=$(run_in_chroot '${ROOTFSDIR}' systemd-firstboot \ --prompt --welcome=false /dev/null); then bbwarn "Your image is not configured completely according to systemd-firstboot." bbwarn "It prompted: \"${cmd_output}\"" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index 26a4ec06..bc3f2181 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -363,7 +363,7 @@ get_build_id() { ROOTFS_CONFIGURE_COMMAND += "image_configure_fstab" image_configure_fstab[weight] = "2" image_configure_fstab() { - sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF + run_privileged tee '${IMAGE_ROOTFS}/etc/fstab' << EOF # Begin /etc/fstab proc /proc proc nosuid,noexec,nodev 0 0 sysfs /sys sysfs nosuid,noexec,nodev 0 0 @@ -391,7 +391,7 @@ do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - sudo cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" + run_privileged cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" fi for file in ${DTB_FILES}; do @@ -447,7 +447,7 @@ def apt_list_files(d): IMAGE_LISTS = "${@ ' '.join(apt_list_files(d)) }" do_rootfs_finalize() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -e "${ROOTFSDIR}/chroot-setup.sh" ]; then @@ -473,14 +473,14 @@ EOSUDO # Sometimes qemu-user-static generates coredumps in chroot, move them # to work temporary directory and inform user about it. - for f in $(sudo find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do - sudo mv "${f}" "${WORKDIR}/temp/" + for f in $(run_privileged find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do + run_privileged mv "${f}" "${WORKDIR}/temp/" bbwarn "found core dump in rootfs, check it in ${WORKDIR}/temp/${f##*/}" done # Set same time-stamps to the newly generated file/folders in the # rootfs image for the purpose of reproducible builds. - sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + run_privileged find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' } do_rootfs_finalize[network] = "${TASK_USE_SUDO}" @@ -517,7 +517,7 @@ do_rootfs_quality_check() { ;; esac done - found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) + found=$( run_privileged find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) if [ -n "$found" ]; then bbwarn "Files changed after package install. The following files seem" bbwarn "to have changed where they probably should not have." diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index e07ce8e6..8d4f8050 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -37,38 +37,38 @@ do_containerize() { # prepare OCI container image skeleton bbdebug 1 "prepare OCI container image skeleton" - sudo rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" - sudo umoci init --layout "${oci_img_dir}" - sudo umoci new --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" + run_privileged umoci init --layout "${oci_img_dir}" + run_privileged umoci new --image "${oci_img_dir}:${empty_tag}" if [ -n "${cmd}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.cmd="${cmd}" fi if [ -n "${entrypoint}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.entrypoint="${entrypoint}" fi if [ -n "${path}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.env="PATH=${path}" fi - sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci unpack --image "${oci_img_dir}:${empty_tag}" \ "${oci_img_dir}_unpacked" # add root filesystem as the flesh of the skeleton - sudo cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + run_privileged cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" # clean-up temporary files - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + run_privileged find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete # pack container image bbdebug 1 "pack container image" - sudo umoci repack --image "${oci_img_dir}:${tag}" \ + run_privileged umoci repack --image "${oci_img_dir}:${tag}" \ "${oci_img_dir}_unpacked" - sudo umoci remove --image "${oci_img_dir}:${empty_tag}" - sudo rm -rf "${oci_img_dir}_unpacked" + run_privileged umoci remove --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index dd6c501d..8b048dc7 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,8 @@ generate_wic_image() { fi EOIMAGER - sudo chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - sudo chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index b201b97d..440786b5 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -136,7 +136,7 @@ rootfs_cmd() { rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ ( mount -o bind,private /dev '${ROOTFSDIR}/dev' && @@ -182,7 +182,7 @@ EOSUDO } rootfs_do_umounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if mountpoint -q '${ROOTFSDIR}/isar-apt'; then umount '${ROOTFSDIR}/isar-apt' @@ -225,7 +225,7 @@ rootfs_do_qemu() { if [ '${@repr(d.getVar('ROOTFS_ARCH') == d.getVar('HOST_ARCH'))}' = 'False' ] then test -e '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' || \ - sudo cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' + run_privileged cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' fi } @@ -240,16 +240,16 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - sudo tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" # setup chroot - sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" + run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" } ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_isar_apt" rootfs_configure_isar_apt[weight] = "2" rootfs_configure_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/sources.list.d' @@ -270,7 +270,7 @@ EOSUDO ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_apt" rootfs_configure_apt[weight] = "2" rootfs_configure_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' @@ -293,7 +293,7 @@ ROOTFS_CONFIGURE_COMMAND += "rootfs_disable_initrd_generation" rootfs_disable_initrd_generation[weight] = "1" rootfs_disable_initrd_generation() { # fully disable initrd generation - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -310,7 +310,7 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ -o Dir::Etc::SourceParts="-" \ -o APT::Get::List-Cleanup="0" @@ -322,9 +322,9 @@ rootfs_install_resolvconf() { if [ "${@repr(bb.utils.to_boolean(d.getVar('BB_NO_NETWORK')))}" != "True" ] then if [ -L "${ROOTFSDIR}/etc/resolv.conf" ]; then - sudo unlink "${ROOTFSDIR}/etc/resolv.conf" + run_privileged unlink "${ROOTFSDIR}/etc/resolv.conf" fi - sudo cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + run_privileged cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' fi } @@ -358,7 +358,7 @@ rootfs_export_package_cache() { ROOTFS_INSTALL_COMMAND += "${@ 'rootfs_install_clean_files' if (d.getVar('ROOTFS_CLEAN_FILES') or '').strip() else ''}" rootfs_install_clean_files[weight] = "2" rootfs_install_clean_files() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' for clean_file in ${ROOTFS_CLEAN_FILES}; do rm -f "${ROOTFSDIR}/$clean_file" done @@ -370,14 +370,14 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - sudo -E chroot "${ROOTFSDIR}" \ + run_in_chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" rootfs_restore_initrd_tooling[weight] = "1" rootfs_restore_initrd_tooling() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar-stubs" rm -rf "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -386,8 +386,8 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-initrd', '', 'rootfs_clear_initrd_symlinks', d)}" rootfs_clear_initrd_symlinks() { - sudo rm -f ${ROOTFSDIR}/initrd.img - sudo rm -f ${ROOTFSDIR}/initrd.img.old + run_privileged rm -f ${ROOTFSDIR}/initrd.img + run_privileged rm -f ${ROOTFSDIR}/initrd.img.old } do_rootfs_install[root_cleandirs] = "${ROOTFSDIR}" @@ -437,21 +437,21 @@ do_cache_deb_src[network] = "${TASK_USE_SUDO}" do_cache_deb_src() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} debsrc_download ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -459,21 +459,21 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('BASE_REPO_FEATURES', 'cache cache_dbg_pkgs() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} dbg_pkgs_download ${ROOTFSDIR} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -482,17 +482,17 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get clean - sudo rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* + run_privileged rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* # remove apt-cache folder itself (required in case rootfs is provided by sstate cache) - sudo rm -rf "${ROOTFSDIR}/var/cache/apt/archives" + run_privileged rm -rf "${ROOTFSDIR}/var/cache/apt/archives" } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-log-files', 'rootfs_postprocess_clean_log_files', '', d)}" rootfs_postprocess_clean_log_files() { # Delete log files that are not owned by packages - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/find /var/log/ -type f \ -exec sh -c '! dpkg -S {} > /dev/null 2>&1' ';' \ -exec rm -f {} ';' @@ -501,32 +501,32 @@ rootfs_postprocess_clean_log_files() { ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-debconf-cache', 'rootfs_postprocess_clean_debconf_cache', '', d)}" rootfs_postprocess_clean_debconf_cache() { # Delete debconf cache files - sudo rm -rf "${ROOTFSDIR}/var/cache/debconf/"* + run_privileged rm -rf "${ROOTFSDIR}/var/cache/debconf/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-pycache', 'rootfs_postprocess_clean_pycache', '', d)}" rootfs_postprocess_clean_pycache() { - sudo find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print - sudo find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_ldconfig_cache" rootfs_postprocess_clean_ldconfig_cache() { # the ldconfig aux-cache is not portable and breaks reproducability # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034#49 - sudo rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache + run_privileged rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_tmp" rootfs_postprocess_clean_tmp() { # /tmp is by definition non persistent across boots - sudo rm -rf "${ROOTFSDIR}/tmp/"* + run_privileged rm -rf "${ROOTFSDIR}/tmp/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" rootfs_generate_manifest () { mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} - sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ dpkg-query -W -f \ '${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' > \ '${ROOTFS_MANIFEST_DEPLOY_DIR}'/'${ROOTFS_PACKAGE_SUFFIX}'.manifest @@ -542,7 +542,7 @@ rootfs_export_dpkg_status() { ROOTFS_POSTPROCESS_COMMAND += "rootfs_cleanup_isar_apt" rootfs_cleanup_isar_apt[weight] = "2" rootfs_cleanup_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/isar-apt.list" rm -f "${ROOTFSDIR}/etc/apt/preferences.d/isar-apt" @@ -553,7 +553,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@'rootfs_cleanup_base_apt' if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else ''}" rootfs_cleanup_base_apt[weight] = "2" rootfs_cleanup_base_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/"*base-apt.list EOSUDO @@ -561,12 +561,12 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'populate-systemd-preset', 'image_postprocess_populate_systemd_preset', '', d)}" image_postprocess_populate_systemd_preset() { - SYSTEMD_INSTALLED=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_INSTALLED=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${db:Status-Status}' \ --show systemd || echo "" ) if (test "$SYSTEMD_INSTALLED" = "installed"); then - sudo chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" + run_in_chroot '${ROOTFSDIR}' systemctl preset-all --preset-mode="enable-only" fi } @@ -626,7 +626,7 @@ rootfs_generate_initramfs() { mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - sudo -E chroot "${ROOTFSDIR}" sh -ec ' \ + run_in_chroot "${ROOTFSDIR}" sh -ec ' \ ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ ' @@ -664,11 +664,12 @@ rootfs_install_sstate_prepare() { # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - sudo mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro + + run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro lopts="--one-file-system --exclude=var/cache/apt/archives" - sudo tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - sudo umount ${WORKDIR}/mnt/rootfs - sudo chown $(id -u):$(id -g) rootfs.tar + run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs + run_privileged umount ${WORKDIR}/mnt/rootfs + run_privileged chown $(id -u):$(id -g) rootfs.tar } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -677,7 +678,7 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - sudo tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index 95dadee3..d9ccce7f 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -20,7 +20,7 @@ SCHROOT_LOCKFILE = "/tmp/schroot.lock" schroot_create_configs() { mkdir -p "${TMPDIR}/schroot-overlay" echo "Creating ${SCHROOT_CONF_FILE}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e cat << EOF > "${SCHROOT_CONF_FILE}" @@ -59,7 +59,7 @@ EOSUDO schroot_delete_configs() { (flock -x 9 set -e - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -d "${SBUILD_CONF_DIR}" ]; then echo "Removing ${SBUILD_CONF_DIR}" @@ -101,7 +101,7 @@ sbuild_export() { } insert_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -112,7 +112,7 @@ EOSUDO } remove_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -123,7 +123,7 @@ EOSUDO schroot_configure_ccache() { mkdir -p "${CCACHE_DIR}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e sbuild_fstab="${SBUILD_CONF_DIR}/fstab" diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 6f09b5f6..16165792 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -69,12 +69,12 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "${@'rootfs_cleanup_isar_apt' if bb.utils.to ROOTFS_CONFIGURE_COMMAND:append:class-sdk = " ${@'rootfs_configure_isar_apt_dir' if bb.utils.to_boolean(d.getVar('SDK_INCLUDE_ISAR_APT')) else ''}" rootfs_configure_isar_apt_dir() { # Copy isar-apt instead of mounting: - sudo cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt + run_privileged cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt } ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - sudo chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" @@ -83,7 +83,7 @@ sdkchroot_finalize() { rootfs_do_umounts # Remove setup scripts - sudo rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh + run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh # Make all links relative for link in $(find ${ROOTFSDIR}/ -type l); do @@ -95,16 +95,16 @@ sdkchroot_finalize() { new_target=$(realpath --no-symlinks -m --relative-to=$basedir ${ROOTFSDIR}${target}) # remove first to allow rewriting directory links - sudo rm $link - sudo ln -s $new_target $link + run_privileged rm $link + run_privileged ln -s $new_target $link fi done # Set up sysroot wrapper for tool_pattern in "gcc-[0-9]*" "g++-[0-9]*" "cpp-[0-9]*" "ld.bfd" "ld.gold"; do for tool in $(find ${ROOTFSDIR}/usr/bin -type f -name "*-linux-gnu*-${tool_pattern}"); do - sudo mv "${tool}" "${tool}.bin" - sudo ln -sf gcc-sysroot-wrapper.sh ${tool} + run_privileged mv "${tool}" "${tool}.bin" + run_privileged ln -sf gcc-sysroot-wrapper.sh ${tool} done done } diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b220f3d9..b4fcddaa 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -41,7 +41,7 @@ def sbom_doc_uuid(d): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) generate_sbom() { - sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 9bbc63d9..596a6152 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -209,19 +209,19 @@ do_bootstrap() { trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ && rm "${WORKDIR}/mmtmpdir"; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && sudo umount $tmpdir/$base_apt_tmp; \ + && run_privileged umount $tmpdir/$base_apt_tmp; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && sudo umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && sudo rm -rf --one-file-system $tmpdir; \ + && run_privileged umount $tmpdir/base-apt; \ + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && sudo umount $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -253,7 +253,7 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - sudo rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/testsuite/unittests/test_image_account_extension.py b/testsuite/unittests/test_image_account_extension.py index f78aa7f8..ff0e47e0 100644 --- a/testsuite/unittests/test_image_account_extension.py +++ b/testsuite/unittests/test_image_account_extension.py @@ -54,9 +54,8 @@ class TestImageAccountExtensionImageCreateUsers( image_create_users(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/useradd', @@ -136,9 +135,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupadd', @@ -164,9 +162,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupmod', From patchwork Tue Jun 9 12:33:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5123 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:19 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f63.google.com (mail-oa1-f63.google.com [209.85.160.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYHUx005494 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:18 +0200 Received: by mail-oa1-f63.google.com with SMTP id 586e51a60fabf-440e399d049sf6152778fac.1 for ; Tue, 09 Jun 2026 05:34:18 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008451; cv=pass; d=google.com; s=arc-20240605; b=hinK4dYi5bV/UBzXCBUNW/hn4Qm2QMAJxzM5tSf9XwFqPijrCS17DpIcrXD8nYq0es dErCgSjmtcmUzz02NiV6gwMd83EjoHgAxkl9EM3FeaWRT5ZksA8ORMrnAWRe15iL6M04 fDHTCljOmvnNAXtiEOi2vo9I/GNB/RzJgM4c15EaV3SDNEyJkrqJWpeqDhxi59YQxps3 vP0gFKQGwZk9CS5UBPMoukG45Cgpaw7IKk1VaFd41GMUTb4JwFwq792wsvvNGd2aG/d4 XwQl+TaZ/YKYlxrbxShCEAXbpv3kazUf5GGycf6YBNtkQjIZ+LQSdICVBe8wTn2aXJPg SkTw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=wK/cvT9oFL6ndk4BSZ+sbVBc0n7kUsxD/xAkW5R5Fvk=; fh=kwwalM/lIY78i0+H2l0q66np/AT+PbIVhA9sRKp7eUs=; b=f+RsEBlfJLwMpQZundtZgQ+diFV+FBRcJ8cUgAdMA6GCbC11foko5DwkytjpTbCJIG I385qjRJY2xXwkn06PKK7MrSQCc41czTMeizAoPGiaTWB5JVfPfh8yWSMNE9QE7FBblQ D0lqWJjlPWwPAD69SzT35c5o0gH0RyeOMiGaQUWytwA+aAbXQJDfLdApb2hNGA5iEqCP 5MZBQzS5N92zSDondvF3Hd+x9MLTwBleH8cvywiF72ftpKEtk8nsmH64bLdYed7LFzzZ VzMrCO9o2IZWEv89gUC8/iz/FnAvZwkhpnAoTDgLlxXTjMmIn3x9WlokEHtqn1t1nD4/ j2wQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=b83+Xg7q; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008451; x=1781613251; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=wK/cvT9oFL6ndk4BSZ+sbVBc0n7kUsxD/xAkW5R5Fvk=; b=NPxw6tikodZBj6JVuo6KbNh++Zi7mLAXjVjei3vrUBkmDoGpVMr21+6eUTEI+BNFZT So/zoMwSnETe7gaB8mbsTsUJazh2Umud0B0g0iRpzaBuN0/8C2fMWqPgJi3iu990EFne z6BeR0k0e9S4TONuIzi9Ly106Y4UjlmezPYj4HcF5Z4TlqLa2zudpLS9o0UVgURdMGIf HEkkSL4d77K4zYHnb4Zr4rFLPlMgDy8glQzqcwG5bj3kGttS+IR1w6N9gN/UHboLjvSu Gcd4xxaAOKoUX6KMECHb8j7DC+h8FrsktOOLqLCL+Lk1wxWXf/Wkx+raMQ0THNvhobWf 3xcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008451; x=1781613251; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wK/cvT9oFL6ndk4BSZ+sbVBc0n7kUsxD/xAkW5R5Fvk=; b=KGYSW9qk5XWmkzjmUAVGe564EZ6RtdyvNx/YWm55bWvhd47EyHHGnGI6/7bb2PZBF/ 78iZ9SeYEnNEYe5l1Q+XmWr8786I6RHyypItnY0sITt81c/a3rbawZewp53ulphxIlAx eU/QIlUD9trFLYnntiaSp7f/TwZNEgkslBjeyqx+Gr4lhveeChcL2X+BOdfJ5wGAep04 ug+RQCzgzBO9tpzaGjxG5kQaDIBfh2nrWUby/SX8waXgrJhTfh8PmfOyw17jSfiSD8SB yqc3KUsH9Fx9nePnzEQ3prhFkIT+NqfI3aONGRIQHyr1omj0wdOHUWIjqyFMqRl1GOIG nQ/w== X-Forwarded-Encrypted: i=3; AFNElJ/epM6UmglFAqOp+wpl0dg9Uyl8LL4cFiP/6UJATu74GTxgKPocuCkVXel+lzGeO+t7VCqxp+o=@isar-build.org X-Gm-Message-State: AOJu0YyxyMKV0KpigwJpo252S+YNv1/8lwgtc1LhBgTNii7qnmxdjS3m AFAX2CMk2biBWFYrmUuMp+Yj91rH3ln3qbfqJc4PG69qzromQiw620oZ X-Received: by 2002:a05:6870:c230:b0:434:2752:34db with SMTP id 586e51a60fabf-4413d5764c6mr11297995fac.5.1781008451451; Tue, 09 Jun 2026 05:34:11 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdkgel8nPK9ll8RuD/6zY7OQNHvXIes5chvlVf9X5iwCQ==" Received: by 2002:a05:6871:3589:b0:43b:6fc2:7088 with SMTP id 586e51a60fabf-441091dea87ls2868693fac.0.-pod-prod-04-us; Tue, 09 Jun 2026 05:34:10 -0700 (PDT) X-Received: by 2002:a05:6870:5490:b0:417:6224:5855 with SMTP id 586e51a60fabf-4413ceb8f49mr10887585fac.0.1781008450581; Tue, 09 Jun 2026 05:34:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008450; cv=pass; d=google.com; s=arc-20240605; b=LKKgwGZW18vvvZC5a5Iv0+NcCYPbfY5xEA+AwtKfBW7gAjUEW3KG/XHjBKoGrbD13l rPtc0mW6ybKS+SxwvmqR8Mi9fFGlQ5FsUPxD+wc9YJYR7zH4jK/8RiWIQl3SxtX0R/qE PV+AFa8sdyYocBImiwCqQozBqOGi8yinqJwJjCOYA4iMm0pFme+KBp0nK+0c+NE2TUBZ M+qs7ffaxqPrA8TUsrxeZhL8sYPM2BPSnxZLtREbvjAj+Rq4d9A/nT0Nj4QMxd8qg51u KiENotcH8IRE/2FIjgz4Rl5VsFvq0dzKkpOj8ISOU2jndNfG1GJmI6HcPXQzFUrzE5Dz vofQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=wp2xaxsd4WrGtm0TxvQ0dsIIgS0pU6nhkxVgbsdZKII=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ZLcTHqELcxRiY6lJllQNIj4DNwEGWYrRNMjCusgFhgY91Oi3pVcignYKqPSo0HghNn dTNsXEWl+Vg48NUwk10MdN1l/j/G1HeOnK0PpM+WlVCtdf20r4bLj3WMxu8ca874Apxc ArLk3aob9QktKUIsdiMKzhTs9td8YXsyUj9W5x2Dw8GpefAFp77gFAgbwPsnsjHMdLbz 9T/Cqr+RqEH8lZB4q5DxirgWxZ51nzT7NVbp1Q+ZcYB7+8z7vKV5oC0ZIwnIyvtm6xIB Rz3YF4QUBIjcgT5nZalft2CmNyFf+4rEhFa5gfkwzTjJaZj60X3z+2ip9gsMVnOv71Vu S7EQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=b83+Xg7q; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-440d825e1e9si665814fac.4.2026.06.09.05.34.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:10 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gjVQvGtKv6cWjJ3o+/05ygS2mJzu2smdI4wdo/dti2F8tf634COJItJIbugnD7iFnBZHz0xBN7sZYD9WD4KxAjll09x7RK0CMXVdKA0CzyuuSIU4Si4PR48xJp+7fHbj1VQwzt/NyqgD6RAKnO7brsx+t+M9u7UmKA/9hx3NtYYqk/w6rC5XBIH6UVZPZnouwdLUwcueuhaMyH06FE90C1PkiSEMnqdRlljPa0GWaicAEnpG4F9lsP7sodlhqUG29zcxAwt7pm0ypukyBdBQnvJVKeppXnpZ/Jz7C58SyisKiDyxkxNwJdvbOyk3+09RPg9MhWf+6OtuT0su8JlqGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wp2xaxsd4WrGtm0TxvQ0dsIIgS0pU6nhkxVgbsdZKII=; b=BmszM1N0CDh5smAeZYJkqEsE0QLFnI1txU7N5DJJRfspaighiz269CKJNK1N39Aoh6h66VcsAbVAsZ1IxyP9uTuPbGW0+iJqipJiMuUxQoHluQ1N43tnv8PD1I72Otw0TnB8rHNV9lT5P/MyIH0rpnEwVGwNjnFRCilHsvkiuerX1PtzlviWabOgsO/iti580JsbkEex0TzEcE947N/Yp0Tyeht3Mas/rRyGVUfPKmZfcUJD0sATA/puk7KcAEGhIxtmTKZcByEZ8tQe3gi22IeW8ESAtxGkzpX+g/qh0DBCHgf13r7urGKOvDdcGWpV59HgvGOYzsi+ZRVpgCv+vA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AS2PR10MB7024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:598::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:07 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:07 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 05/17] bootstrap: move cleanup trap to function Date: Tue, 9 Jun 2026 14:33:43 +0200 Message-ID: <20260609123355.2368573-6-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AS2PR10MB7024:EE_ X-MS-Office365-Filtering-Correlation-Id: d23f47d5-4ff4-4156-da44-08dec62365df X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: AoSjHHRz/4/wIOcEQu8VukW7698wK6ZppcLdjWFYi4Dg7nhE0GekLJoznmoyGpJTxmjg3ndnoaLFoAZNLWFK1ceng7wzYD+rxoaY/wn6VFm/lXDiZI49DUN4nesHQ1HUYQ1ZSz/d7DeIHaGohczEiTQqcRp+8g2yg5MnbUgTfyzxHi3PboU2u9m96EtttItoxQTd5OuP/wxoeAqMrImKbcwdg7c4QVt6KiNNR19prZ+0pK1uedaeEqyN9e8TGnsgpaIN5ArVpZjAFl2nlIR/vjD3s7jqaXRLudvFFNcNAkBGVZTDB2Ioj7Sn5mFN41JYnoEUX2el2uHoleWeUOD5jTXZkjGLNvRRERj80oRZwY7uzzKzMZqs+vja8qPKBuz1JbzVGb1pWO9yOLg56l+mUaiAByuLrMtLtyzR7tnpjJ04ZodBX2lFFX+WNjPlHpVA22jjW/MFkySC6Ow2MShrZM0gXgdt4dk/Obc/hr1euPYvzZcIgZSCDf+QJvhkiyW5IlZ7MabWXZM3h5hcOJcAoEI5MyJRERJQzxteT1FCTX67TI3y/cHZqDzebA0BgiUBCnW0CAvsy7g+Y9moBlmdjEfLMqsWK5wOYQAJhrbRq39dJu19g2sFdnyDiwQrcp3Xj1vShcuw+rbdIfFhQYIuxDzk1j3Kclx29Br/TTaxbZ4iC7N//Mqg3T5ULTXnaX/X X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 0mFHZPI8vDTHDh589a67Nzy6L+SUyaSmIKC2p1uXpwX+CnfrqTRRAtJnZzHAnVn+n557t53McmDhvUGOFohz8x/Ec0WTO0Plw2CLvBFVZgYFm7QYXtkxaGITYivtnS+x2uEj08e9OjPuJ5+SW9mKOLZEJvRdHH95AJRReUOymZ61UaGJi2RjHgiQHJlZSjw+pVIkP5oKLtNtABGSBqnicp1JnBNJVy1dnt5b0NqtO3Y3RfG2vxCsgjLh06S9TitQUnlQAHNUYWTMgLG0n3RmNXMVnX7XnatamVbXX3DY20pmwbAtEhUSN5Am4QvdrbHfLar1g1BqRzNSWUa+zMzRHOnGN97gNEI9chF2dZXuY0qpTs3xmTuOtByLkFuMkPDra4PNXG/h0wm3n/87JsHRylkLhvLgeBGH/7rSD29L0NURY4z4UxxHpUkWQ+A+VsgPhSOw54F4Xf24sxQWb3r/TBdvbtVZ+zsKw/C+ma66KYHDnMLaTL0y/Xbd3A7FPlWgFlm+7kt9+uYWfMMGpNN5cYWAXTirxykbkILr6K0JrgT4c+gRqFdNThs+2GXu45um/KYxuyvqDVSIZCe6Irytb61dUgXQLSbG6k/tnJce9+giQcgNOZSGAQHcJ12JajtDtcpAlLzb/2lNgTQl2e1n7D7SQwcBBgkcsoabp9zYsAs/rRv3a1l2yvU610xMGZiET6qcwZZYQQlrCf/79XlIPFKJX52JnclMJC3OpZ5nc2C9wl+9vKZp3lIr9bg3oGb3ixJdKIbxaAmAjPPO3NU0+OTLjydG2qsAmh8df/1Lk/gTakqQEFgceIMKwCU4TBhf6oTG0POLVosGDAUXimPUwq66WJQ7zMCWsn7ZiBdQrz6Gb1SltZA+9LsHQ3SGxE9X69UhpZW6W0IkkinQL+UvPv6H/YthIIPYWF89YpO0KCUvZk5YK6sMqQbEI28upqiGZ6k1+QjjYYD8/E/wyXQIuLT+z+kkRGP0r+V3MIt9UDkdPE7AbAuJyiJgGXvWbmcRSr0/VmNDrc98brgwK9r6SykVBlO9BD7BL5i7AvYPQIc4EoUcQ1UmbQqFHyMaJcklK1Tdc5ovZZ4veU7SIoOGv6yXbxT6nMONBaLC/ybwZaXZohK7sYGrRIYVKRIPA1WwCjbykWFUXnPqC530o3R5EMZVnNtzvd01rzMf/nxUZkWEYw9Ew70J7KL62U01B9nE2iPiDzZqnqPPUsQ8h8nak8rM49pGX5f7osUjxG4J7KJiSifpklOt+NJJRXnXf9f8uH7hP1wbZ1VNdDTPK2wyYXWyKQktkzmN1UwuzxjWj44HZvNzzPd5EkpWEv0yf6truJ5mHtnwbamEUPuN7Hyw06eCEnM9J0s4dwVsrCIjM1BthHYouiTejYRFeQwFEHqcT0106LuzKVPAjWdhxsjGCQNX+NdC1xKGWNEWdNYMM2NuzsFycTpIrIRbX1NXi5rYf7lgSP1FUaFpIJu3D/q0UPwjpedZmJ1XZXGs6ZZnbGTkYrJhFDXob/LDR1eB53yNOww3QLIP3ZbTk3P6ZAMlhf4iHtZtWiopnGTjoPqjhU1yopLqQ1SG1x8RwizedsqaGj0ahmq10YUBe0Ae/2gRp9r1yql8/TOMSGcxyKw16URUngAlVRh2nSr2HfnwXsmIplQHxYHFN6Ht/iO03uUIJiQsixC2YMB2sgPf/ohdmoMogz7z5YeU96+knvEoZ9HQwBVCXnXZyfTEUl3gCbVhcM8m9WFj9RkIbC0O618uYPM= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d23f47d5-4ff4-4156-da44-08dec62365df X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:07.0190 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8U9c6BO0BS4Z60hzInLxp7C8jfzzU1SK4hiN2LFCjZloj+4AvqZUW/Eqn87KbeCvwid+muElk5EevEIrHCucwV41LcGT5TGnumUgvZAwE54= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7024 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=b83+Xg7q; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By that, we can make the trap more easily conditional. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 596a6152..eba6ea85 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -110,10 +110,24 @@ def get_apt_auth_opts(d): f"--setup-hook='upload \"{workdir}/apt-auth\" /etc/apt/auth.conf.d/isar.conf'" return '' +bootstrap_cleanup() { + [ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ + && rm "${WORKDIR}/mmtmpdir" + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ + && run_privileged umount $tmpdir/$base_apt_tmp + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ + && run_privileged umount $tmpdir/base-apt + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir + [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ + && rm -rf --one-file-system $base_apt_tmp +} + do_bootstrap[vardeps] += " \ DISTRO_APT_PREMIRRORS \ ISAR_ENABLE_COMPAT_ARCH \ ${DISTRO_VARS_PREFIX}DISTRO_APT_SOURCES \ + bootstrap_cleanup \ " do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP} ${BOOTSTRAP_TMPDIR} ${WORKDIR}/trusted.gpg.d ${WORKDIR}/sources.list.d" do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config" @@ -206,16 +220,7 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ - && rm "${WORKDIR}/mmtmpdir"; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && run_privileged umount $tmpdir/$base_apt_tmp; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && run_privileged umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ - [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && run_privileged umount $base_apt_tmp \ - && rm -rf --one-file-system $base_apt_tmp' EXIT + trap 'bootstrap_cleanup' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} From patchwork Tue Jun 9 12:33:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5137 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:45:10 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-dl1-f56.google.com (mail-dl1-f56.google.com [74.125.82.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659Cj8o1006781 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:45:09 +0200 Received: by mail-dl1-f56.google.com with SMTP id a92af1059eb24-13807001f80sf10192912c88.1 for ; Tue, 09 Jun 2026 05:45:09 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781009103; cv=pass; d=google.com; s=arc-20240605; b=e+7T+7yNC4Jh1udOsh5cLIKRKH7KT6qzsdp8KA0HikYzu1Nq/yWdj1YlFZSxPy3i5L 848Jr/1BO7SKER84CFi72CRbEacgEWlri1Af8q+vuS/eOxq2EsVfZYuRTXwkp7X/Gixu //M3ZONQO+kOfiQFhG+pxp6VDfXohO9y3IJDwKx8EWrz0kPVhS9aJtzRCDROpHYC69CO THtQsBo2l8yofu21Zlz2Nt0A8xqnZhvLVEfDJfyxdmzhLFWBzb94WzrrhNCv9k9wdaN0 /F9UqmRbtf/37psAcREgdaMHGwlt8xdscyRe1oktiwsYU6W5amEOY0khoYMb0UFIYY7B XjaQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=/j492v4+XY+WXJpDs2lxpEz+150lj8OYObEWUtnvKZ4=; fh=sYlML4rPGcRbgRf4PzamaPeVOWxXMNNfS2Ljwyf6iZ8=; b=TvD/vcdWl8vIYOI1Rrt3aZjdnGi6+NZptYCbJ42WyAmG1BrmH+TLGZB7h9ONd9Qcig Y1pRXNyfn1uGQokcZ1kxxwwAkOAJCwuAGbEDYHlo+zl4AXmQBtASlUvLOHRzLOOXsZ+8 cfrlsH6EDTQ+cfIvFuFP+6AeriwI7fpBxlED1890dV951Hm9Qt1ze+NdhNGk/sIWbEBu ZMu94uYfznnHR4sTa4buXOOhj+r6Kho9pFapmsnPLirrORsjDtfX1Iw0AejDX+dVtvsA 2vacf1g32ScULXv0dlQgqihPAhJBA4qcnwbpgac0tc7byDbt7Q8oDPSA6XLe25+R+fCm B80A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ebuI5kQl; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781009103; x=1781613903; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=/j492v4+XY+WXJpDs2lxpEz+150lj8OYObEWUtnvKZ4=; b=iFUtH7701q79ZrwkIHU8Yzy5rDQwZsg0tlg+fqDHxaVv2tqLwiM+VS/VpfU0VVwpIN HsS9afb/cZAhhBj9cr9s7rIzamL4JbmDPIucE70deHdBdBhD3ztiT1x99ZORmezaKTOi FHU/bjYDaIFDo3Gahxg8yp4JyTjSjQcabuKSwJoLyMoNBH/HriU4H7AizSe3hPUL7KYx YRz03ZB3xUTRzRLOKQkT4rucFhNv/yfN7J9w3Mn5tzRm9FD+o1zcqyUrfFGG0BBx5ncm OhwGiBnQcwXa2zhoYMREIAxoo94WUG2Ldiy7qZaadNtC139+Zc5iP2J0ZDJfw7U7MRRd fyrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781009103; x=1781613903; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/j492v4+XY+WXJpDs2lxpEz+150lj8OYObEWUtnvKZ4=; b=f0r/qi33IzKIugLHBzN0kSZSFGzj8Oa6P1Y6wDydKlLX4QC+cuDBL2jVBQHzMlSXGc Y2SNROMTbUTDoIGy6Q5+hXHEEvSsJ8Wtytp74H6b9TuZbAuGw/flSJtksxDLghFVVsGe xa2NZ9MCIHYhgkY35s/Pc7NuzBFwptU0clUek2+8AYnHO3SYgpTtdEwdn+gOUl951cnn QkuK0SsNp4YlHdzDUmDwnWcgzRukR6ECZiXD3URYUlIAanBNK1J4f2A0m5DGpq/CPAfG XfyFUW++ZWQ3Zpttau7LMhbwMpzrNDccoLKgc9Fo6LAzixhxQbEhlKV7RpOYRnVij1Km N+3Q== X-Forwarded-Encrypted: i=3; AFNElJ+1ktXku1qCXpo3R0zmvUn/Ffh9GoGx1BagcSYqyClfyC+ntq3Y99qtx/SzCL+DQ6zrd8PZnLA=@isar-build.org X-Gm-Message-State: AOJu0YxX5auTH1WFQxjMTGK83rfaXLqfVbnwAqRjP9oTnz1QtX3KB90s dgZXrZe26+UmHtU/me2kaYuwQRA7cZvVdSGZYUkJPA7dRD4QW20H+Jqt X-Received: by 2002:a17:902:d590:b0:2bf:372a:830c with SMTP id d9443c01a7336-2c2a1bccb3dmr34438905ad.11.1781008455977; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcCIUUU1dhPLyNI0q8fzD+5t9HEgQ1oNkDbJ6liC9rJJg==" Received: by 2002:a17:902:f944:b0:2bd:1d26:e78c with SMTP id d9443c01a7336-2c1a0bad078ls38136855ad.0.-pod-prod-01-us; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) X-Received: by 2002:a17:903:2448:b0:2c2:27be:39a5 with SMTP id d9443c01a7336-2c2a1cb5759mr32223235ad.33.1781008454083; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008454; cv=pass; d=google.com; s=arc-20240605; b=b/GftjBUnOnX/dfqfM/5R81nUKRoh8KsJxheNv+zjoIq6nOo9+A3ZolUtFB7mW14qZ /cpszA8gwM/7KJaB+PF6YBvZ5O5hBr8IKBEfVAHXhh0eJnw6F31d1MCO2Avmdnb7WnbH i3IOlYBU5FfOK1bwxq/m/F1ikvLfGzZpTSa0c1bcYGQQ1Uh1Y6gXtpQClsRPFEZ83xvC NebCXPzWsCmO+HGe4sMhP/YAUl4I+hSyeorq1/E8T1A4q8szBwUDrweVie7nYrqsPeMq Rj/UcnPzV489IfOj0W3GB8EN9+hoiF9aTRmcyovvibokjZKTCWrauc4dKhzdp69J/eL2 69sQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=HY6F2LWPZSzWZnysI/leSk+SaIU04Ft5g8SPyfiGVfM=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=fJ2WEY5YtktAP6oYYfSNhX2uamWkZ2PY71St8Ia6FQUh7KdQiV69QvMtpAaDQY4hAv JWM9ZsRbGmJQQKZTwcqcXfZqdCzy8HyJ5vuXvyemp5WAmCxgKEiAttbsiACt0LNtVvdU 43fr5ef0IucZsvj7jzbz92AE10YiFWEgtOJR35lXIItTpiW7rfWHFP/PAESNyQKteqKN SocnuWaeAk5OT/N2TA4dzdDVsFGFPFmgqHr+QfVGzfcBT4LkIVUJGhWYbEzpnG68GSbA z9AnR8e4zXqIj4WLmYSF1yCcUx2TvgD2qJytg2SVmAk30QZMslhmM39J3FhP7KYzmVRs Mz7g==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ebuI5kQl; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id d9443c01a7336-2c164d6090csi5921175ad.2.2026.06.09.05.34.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:14 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XWbVaIp8INvJJSy6ZEfZtqyuCbzRYJ4n7GSrIMGlihvzBtpLx3kFQelX/IFD1CDLu8nBGTCv2HurQb8Kldw1CTj24tjNORQSCgS0tIKROyN1HhvyCniq1EnBHI8flcjI2+ladM6Afd2Q5bbvhYYlQoqfPKSbbtpYBETyb9s42fvzTgViymhKcpj4nS5FKsq6z/4kz3n50iOviU8A1YUKSqVVEnxW6scXmNdbYOF4vjU404PWOwQCZM36MhD2Su0oHQwZjdM5vkejowoCk9LaewfNND30j7A5B58OCwGfMYsf4Rbg4uv8bz7vtly/QciOcdleyZrKIoMV1RdZ2QDjNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HY6F2LWPZSzWZnysI/leSk+SaIU04Ft5g8SPyfiGVfM=; b=bJ1bbXyRsQnOPMK5XUcS/WestlUs+s6VtEEA8+CSG0xfYf5Os0k4aiU7bKdAfqVbBuhZhdPl4Z7G8QkpPnJif2CbIY+xsb2SNVnjyH2rpO+ScRdxBs1wEDiTII6MDkcw1eloj3PCgbtDHvmXKlFdCUTF3joYvtucsr8RCFzaOQ9SuLsFIxzfz2RUUU/+W0oONf8hyr1iVT9Q16hpnWrOTzT4cL5ERt53WGV18QBaW/Bn34g4mLokd2W6AoyLguGzMcZIoru8SGayKXOLbcKjg8Pp4j25bd4ygLsBrTTLJGqnXiuTr1OJC6Weev/Pge6u4pHIfSQQR+cumm/3XGWXUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AS2PR10MB7024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:598::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:07 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:07 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 06/17] rootfs: rework sstate caching of rootfs artifact Date: Tue, 9 Jun 2026 14:33:44 +0200 Message-ID: <20260609123355.2368573-7-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AS2PR10MB7024:EE_ X-MS-Office365-Filtering-Correlation-Id: e57d5149-60fd-442f-0d8a-08dec623663c X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: Qks1aZLfbrcyl5H0kOxI2I8Q2S/4m+VfF5SCXC/sXU4dIs/rQYi2YKh/hpyYJJ7g9qKYjB4VefmrmWPmCctrdXTKhrfrRtnz3era2v59Tz09HKBJOaQeVhMqCP9FYEjvfQlaktwQOwuVXWux2F/fNdOp79lTU1oF0SpMpYImQaQ0t1gLyKQ6MA4ilJmvp4eHMuWyAKNRQbiSRif3gfGno9DussjV6gFlel2Rc2X2slBmWbTkGGxaeM69I7nuMdUp5VHC9KWuT9Z7/z4xCuMjchCmqr+rTvdgAYvVoNbHNUoNizBIuL5kC9NGTC9wxqurHiq6n9yGGyMul5vg5Idj3iuH/IsDARxnzz96gXgY/pRJiolCbcXtMGhdOcQ8haldd6JNW3u8LpCBP83usWN6VZPWX1yasrrlJoA1euTx2Ic9lET4kdyN1g2VQS3QDagktB9d5gpjBR4QatRlxuxHWgvTCWXkd+wWg7zjQjbnCKtLWmpfIgaJiOdTbdfkAEm/uzgEmAfRnYNl9Qspvurp4OIKlSKZs4jUkvpJS1GLID8exsVq6RAN3WIyRWmFeQSsgTA+GNZITGgRVnNopAHzPKBDVFOVyRwpc2Kf3Kcsj2xDEiGgl4mfRPsCjpOYWR7uYvjSBrpbXxKLJC0yPh+AI6NCPtJHBAwNzBmFWXyQox4IDv1RqyqwP5T1/m8NCKtW X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: aDOKUi43yhiiMqc9LTDrZasgdkLj35N2RH0ecKIg3Z0u3k5xmDZcCUHi4nqUuxiBXPllitxd6Wzstq++hqhlqNXBBpKE1hHdkysJALYX4aVERjvtMaxKayDuIvpuhvS+9+Ei5DT8S97ZbmWKN+kX5yqXiVPcfOrBaLNnsQ16j3UDKibgNoRltEolkztMkK8CbZIPtI3YEJDd0VMBLSWh+Zxuo/7Xb9xnravth90eacZ3m+wRR0I215IulLC7OlStGCwbPnTPhFGyjUZtzrMjRSo7unJqNVb+uD+gRt+CmhLrbM4+DzWXfBdYOX4QK2AVwnI/kE/DVcXq7TQUAj6mf6hWW8/AZUb491jCTeRU35pwviWFwl/2VJ1jie08qaaqLw1I9v6a2YiaYuRixf6HDFNz35IaxfZJxjIC0wgE9Pm20MEIzLNSalrP6poI7WqazEgmRstlX9WRUPxLI1a8XoDjkS/4rIXLfEkemUGmtQto3un2lGb3nzhVWCJsj9tFbhGcKhFFkcTscGsZy3Ko3YC8JfBLwUWXnL6HVxPPU5hix1GQazIDe8qQbL0IW6/qtlTz0n0m9SJv6PigoVgxvlEQvjtgG6J6OdL4wYcSWXe49+A4zhpR9q891lR8jK7vdT3ca55sfsmksCQDentGUdFRcOSqptvcmwMm0SlrnDO/z4znAyPz0EAr6C7Xac8NyGOxOJ4vHEwRoHWE5vdO5cl+/aS53tlDitG3DLqynGjIrTsFdxt4rtOq0uecL+LbnsT24n7u0MXECg+mO3DYA9orii0hj8EZc3bzj8JRilblDl6FlPsQQGyeT9d1B0cv1FKHGf6tDHYmbwW0kUp7M5sx4OrJfhFjIOyA/kRTqvl20GxHRGOGg2DUMozmvUzEU7LRv4AcjClZIQE1llfTE5+eUHCvweImh38GiQUi1QUiKBcuG/02BCNPAc7psv3NnT1SiIaYHYcxYEf+teNJUrlPUH9E90AVDzHGyNEV3TSlqXUJBw4YpkrQ/J12QBKZsR2+1MBGIOQbdFJdc8ijmf3p7+91TtAWvEuH0K/ulAjwLZeHoWuWwFr/dNBUvsK6EXGzj8jgsRe3jSYI/53IYU+Ke2kQL10qJoClmKKVgEAH1yavF0cszR2W8f99MXyaNXBDlwSKrjHXytTWs8n2CBkZO1GBk68Utot17jGp1WiO86RLA79pGL9s7tAS9NA69voLNVn3uWjj6pRCkaoIh/6KUsQyk3Uw3HCxBwaEzRo/D27q9geiJT6/DPTB2vb5VMNlVTuioBXvxhgJnpaQ3CpgoUby3H/wNdxn+Cr0BTtGilCaF6Pmh1IU/SnVBiNl+FDWeKD+7V6ReD+U84Ymd5TwalLV1+EI6kzFyOsujSuei5ZIuG4m3+hh4417MntsUS1VBLZMEDkINwkIvkXuc56nihXeKbxkmu61NpwlyrpnD+Fce4Z6CZ7SDoNPdtm6DTQy/QMpjiirK2DyUwocko3OVNxios1KJD+eWiTb73uDawJHRNQt5CuLWHzrZHs+Uy9GwzqFUKl7YJzByWaUGOGMHNpS1ZwVGS3RjmG8/gkw7ATKN8c8nvomCxu4UZIpxIB4s0ewFibLqyuYLD53EeqhVGNTTcCKzrOmqgvOOn+/1h7l12plA1Pv8fiDHNtWd5bcfNgGJenyGUuze1Vpfl9YfcUrnEM/P+JNQFkt2ikj6URZsw932Vpw7IRS/WXg7MUDEwM26WFRxElwuI65Kfi6oL5mgY2DMd677CmJBfs= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e57d5149-60fd-442f-0d8a-08dec623663c X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:07.6041 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ENpEe9tFJawEtrsbZYFgTaP47/aVjEicutiTsHbH2+hv/bGV9wEy9QKUTz3SmQpE6MJwhiiGHOs5/YbPS0SSYMR+PYA4/Ty+3dLVn17olEI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7024 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ebuI5kQl; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We ensure that the sstate artifact is always generated for the correct rootfs directory by using the ROOTFSDIR variable instead of the assumption that it is in "rootfs". Further, we avoid file permission on unshare, as root inside the container maps to the caller outside of the container. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 440786b5..aa65cec4 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -665,11 +665,13 @@ rootfs_install_sstate_prepare() { mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro - lopts="--one-file-system --exclude=var/cache/apt/archives" - run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - run_privileged umount ${WORKDIR}/mnt/rootfs - run_privileged chown $(id -u):$(id -g) rootfs.tar + run_privileged_heredoc <<'EOF' + mount -o bind,private '${ROOTFSDIR}' '${WORKDIR}/mnt/rootfs' -o ro + lopts="--one-file-system --exclude=var/cache/apt/archives" + tar -C ${WORKDIR}/mnt/rootfs -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} . + umount -q ${WORKDIR}/mnt/rootfs +EOF + ${@ 'sudo chown $(id -u):$(id -g) rootfs.tar' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -678,7 +680,8 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + mkdir -p ${ROOTFSDIR} + run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar rm rootfs.tar fi } From patchwork Tue Jun 9 12:33:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5129 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:24 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f183.google.com (mail-pl1-f183.google.com [209.85.214.183]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYM9I005700 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:22 +0200 Received: by mail-pl1-f183.google.com with SMTP id d9443c01a7336-2bf32259e0esf73004495ad.0 for ; Tue, 09 Jun 2026 05:34:22 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=HvG6IebyeVI/+RWBVDYyU5bq/HGhSSKQVNEcuknLFfF6UWYxPsHnkBR5M3YD31rv8B MUQaWLAeEKHnQ4A8Xnvq7nk9w0wbrtqC7Z0Y0/ueA/naVPhCGt3tD+HaU5i7Ynv+LPTu sZXvlsRedq7fnfwPBJCU/dFVWe1H6Ac0CRcB75zL5MZRusfvGeV9hq+He1YmgSgg6TqC 9shrhNay/3SvBTjZ0Zs9RHRO2jE7W+tZwpQdzM5cyN7WOHbSERAUWdMu1v6hrWBnKqn1 1e7V64fwzfZTDD1ckV2Uh/D/eEO6gLoPsqTVBsRmac4MMmM2DInrTr/6LKLnGlWfH+pD Fiyw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=6PqvFWwfzs11wzzpG1JPUxLyWIk7TSvHbuW34ika7Pw=; fh=LZyMWFk9leJ6EmCCcSnpyy7SuUv6QSTwS05EIwFYs9s=; b=UIWEbtLgp+XcdSZHoI3nYka+kj2spEVBZ7nczgsPOEp39XNmNPfoKpii8ykBG8YLzx SshBzpRKtip7h4JzEeeVOeHunPv+29Oybk8Y6+KW6IFk6vIan5cKY12SFJjgJOCXcoGo ePMtKU0CDWYhsYbbwdSXZ8qyff8FT+mkNvs51J1TJ3Lu3xtHLY3B0gIuJoQyA3jwwX6Y 1ysXgtrOVNVP2+Yee0cKjy9PdzrJmuPUjg8y5LSXotniyst/TZFRHEUlxlAo9CgG8aq5 cWAg4PvBtuIESmgSZhCyfuzlOOFy2eNlhb/5DGI18rPNEmZuXM7K12tUqjSFcZwkleJ7 jg1w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=i9+JB704; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008456; x=1781613256; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=6PqvFWwfzs11wzzpG1JPUxLyWIk7TSvHbuW34ika7Pw=; b=R1tuE68/8cUxfrwXLRvt9Ceo/tlu2uVMKRprixZTn97Kt1sXxxN/pBM2m5C9+9zc07 ElFUv699kU9Wn/7I8p8115sBhuCVzxmPB4CEf/pP7LKJQO4ynln28NtVgXYahZkjLwo0 Jsk5etzCXWiVMK+f9NKu/idwrGPW/gc2UnKyeXZCtH4/zho0D43I9+Ryk5CTOlU1xcn7 p2tzdLEUI8XiQIXO9+ygojthbIrUjSCiH+o1u/+h9zWh1DZZMvYXzUsB/KwYdGbFbu+w OBes43Hh6yc7ivixvESdyv6ck3WAe88/S8ha133cFk0YpKDrEw8sZjAXZ7oYEvd3BBNb c5XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008456; x=1781613256; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6PqvFWwfzs11wzzpG1JPUxLyWIk7TSvHbuW34ika7Pw=; b=IAJ3ubb8vLw3avRqhFymScRtIiAxOqVkCaLJMyjkEWrRSIrYexYBlcSmbpmxGMe5RF RhHKPJjEP+5GxnaQEgqW/KVTT235c+uCLP0LuFEKGYCc8ywQ+7kXj2wTX8keonM542Uu zZsLdRzyjZL+MR/5UT8OhZ1T4WMzfVoprhRTy3q432DbO8V5dWwLy1Vz0B9462YU+ZIj Tx/TOFmTcRQDws1dBcKqBWHMlbrjnVM3qapoAvDewFXc6hGZPmzTuoMewqju8UJ4kF4s AX58WqU6galw7QbaS55VK+AdOmm1eZnaUGG8HxcjTtk2GX9hDMPoyjQ4iv1dvxvF61QT yF8Q== X-Forwarded-Encrypted: i=3; AFNElJ/riZGoL6InDL8DwJvBfJtKH3PAOFsnDeMlQJE9ZJFrxuKuhJ3BUQ6Y8GDAtbpQ2eNMaXGbm3g=@isar-build.org X-Gm-Message-State: AOJu0YwAcOP55lihE8qfatouEqT8PJy0SmTqxC3TIWWRG4MqxV988wrW exZvqZgKNrjaY+Yhez+9ifzmdclCgJziQ9wZEwTCKxIsSjOdfioQdXFh X-Received: by 2002:a17:902:ce86:b0:2ba:6518:a6d4 with SMTP id d9443c01a7336-2c1e847dda7mr217586335ad.20.1781008455859; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdzNLgw+rBXEo8id82UFCcvStgpiY/rIqtg5ArvWRptpw==" Received: by 2002:a17:902:8544:b0:2bf:5f1:1e97 with SMTP id d9443c01a7336-2c1a105a2c1ls59936615ad.2.-pod-prod-03-us; Tue, 09 Jun 2026 05:34:13 -0700 (PDT) X-Received: by 2002:a17:903:90c:b0:2c0:b7e1:7f08 with SMTP id d9443c01a7336-2c1e859fc13mr239364835ad.28.1781008453486; Tue, 09 Jun 2026 05:34:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008453; cv=pass; d=google.com; s=arc-20240605; b=VexDsKquOSXeTZRhLk9Qr7Dw4viA8DNxRJfRxIteTaxqUH/zJeEHFTPujZv5+u2a8y RpXmaCIFgZ3TjVC2PD5NJvPO36G8/flReVZaFdn2MwZKN/akWyzyJCZ2JAzbi6ck+0CU Kr8UuU21MtsrJOvOZ6cUbf3gzkUImrLoZhrHp895aorK+KBfjr4AclZzuRXMOj4GFosI mj+VIkOiDCQKhbgj1TIgbe7+2TM6key4KugqLBXjgbV0R7+ygtxG8OB3IR94c4EnBDUF lbLnD1jaKcao+7nTS3phHOh4FMRyhj71ro49auIeiVDrssTSc1iL57w/0UyFfzpRJGGh 6AlA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=AuKM/jNER/k0+A1zkGa6kDQoxALDuCYcpRjFjAo2MfE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Sl7MqKNIxJrSCyoC2SzGHRcWx47gKQif3eAc2p6lBvOlAEvmBijlTbtRDKgl0gkI97 HvhUD4AVNWaCmwbw2DFvzo9iiJjIWeflCn5rk3Q/wviqWLn0uu1ZJ5+Nww1DRH/l0BJV U7ZLVn3Y8e5qwdCw42I39+ZRynjg7/9vy+v1T/N2tFZqo3QVsHtUG6z8OH966ZTas5eb sSqJVblhsIzCCzypS3shNQhYGOvNOV/vxoJc57XnF52u7u/3m06pmNbYw0hHDaXpo3x0 ybB8kbiGqTXO4f6vyV1V8ULRp5wSuOQ42rsegeygBTjWsMg91U3d/RjeNFzVEnDyNP9x tJBg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=i9+JB704; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id d9443c01a7336-2c164d6090csi5921175ad.2.2026.06.09.05.34.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:13 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jDQ1BsiCtyEDa1629luLJyOg7CGt+fSJbDNYRx5AKEhmNicQll8YJccvvZFk1bHN2J6Rxb748j9/A320zZtN/eFV9fH/DtNfib3YCbXurZxb5VqQgIFqLCTLMfqBUrflcT8wZ2n1C7A7rrQ46krzmbT/+poNCCzkSERnuASNgNokg1NWrlG6h/m95zEjQWd1jV9TWMqK7Su99Xi8Nbc35sjbZm9NzpGgTe8nf14Rvlf/PzhgjtSlHfqbYVLFls/iMviksIlXLkzMltSjrWXzsJOEd7+Z/XXegfxSwtlIerIpzJ2hVzrfalxxFsvLuIfW5vtUPUArijopBEc7dlPWng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AuKM/jNER/k0+A1zkGa6kDQoxALDuCYcpRjFjAo2MfE=; b=NxAjcHxRN5cktsViMmEjj/jUu6a3dM2D61prh21NhmW4iMsW+qfPIyh1WBOG6ScJGwLupS4B3i8pgMJER7gkMBCwfpKX8GqyWtNs9nwc5IMxc67vaH59AbV68cxuvqPfmHZ89uDggKRtNcR4LQRHMNsKgRRfB1v3LJz3/l53qDJkNZ2J4l2Ov/CGid5xsRXd/7FGrNz7WByQCf7eFRt9rihcsjelP0azMYpnW4z3uLG28lmZ4nD9mYXIBZkbcpNU/FqAEqgt9fXoLhaOM4fzjKjq6TrHEY0YB/rRetVoPz31E6j7Al+0qfL9J9tzXoHlbU3u44ddc00dksTtNofA9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AS2PR10MB7024.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:598::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:08 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:08 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 07/17] rootfs_generate_initramfs: rework deployment to avoid chowning Date: Tue, 9 Jun 2026 14:33:45 +0200 Message-ID: <20260609123355.2368573-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AS2PR10MB7024:EE_ X-MS-Office365-Filtering-Correlation-Id: 178eb22a-9d8c-476c-1a18-08dec62366a3 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: qJhzN8iX0sSWVkyFnPnDjvQFDSrxhZcBxR/k7zEDWfG86Aevd/oVITEACz1gyBb8/lzgx2ofsEC3S7zfwvIRTJDfjYRSZ+iRqU8NXzsL3UM3fLT03rfKY3iR8EyPoyLBWSE4tgYu45xPdPA16vQI2ebW+/4B587Muyop8q3MAp2fdURcm+NcPQy6A0b8zjnORcaOrSrDEpETa1BLNLnv8wr/VuvPPywwEBwpXHbW4mBXVF21bcE6eZJENnyYm+B+jjPtZ9ysiwPDGkbqj98Hcz88rgfgcoq2POTuCs13hXyiB8zviFYM79avUbVWN06OP4J6N4iox+iYgkv7dGk2o5kON2SXd95mC93ia3IN0uX8DzF5g4irFyg2FIO0+MkmiC+l78fE8gtiD/PZuvYehtGXSPblSPG+qbAcSGu/rN5E4qmO9UeQI5BpJVDpO3ScS8XxRlgVjfjHRAMU7/cXtgMUj06mznJ4D3Pagm87A3Jul/e1NWdrW98LYLn9muZNPPqdjXvrLTQcmNblAlPXsdD1mu5uh/ZHdv+7TuSmiWWy8rsVwKBUTYybeRBkD1kuSRUAFInhADHS3QtwNF1S2+7s3iJTUZo0gGlbj1J21snbNhTUnDuZcabY8v3tFHfMv7M6OPMoxUMBUMcP+9tpW8QfNNtNF0Ipy2bM86VrujmeyJD2i9Y4NFopTLkOwiRF X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: lBOavWmdf/S+zu1QjjJ6Vg8txLgJh/SKYsyUCiHxaqsHnx02vMq8X/htRxC9B/nzbhmStBYMjhBU1NrYBPd/X2MFPcIhoWOWGGteOCMp/mAO3kGKkDKy26k0eL/T855UU0V5Ks+FFTRFfB5XQLHIfmDVYnEZogtZlNG81rNhgOI/MonGGMiEjLDLC1UhGP0eKymrCw+LSQAmUzTrI1pBOt9RvQOYlZKAwHVhbI35BM7A/nUVW+JiKze6cN9+s21R9Jt7uUr5UFyeOZorfBF/JkBEc3uPunGotaUQEA4LfIIM/Gz5FbZIbw8ahXXumcOwyPvjtBfkf+YXHqOkBKR2PPDsXyi7ht8s4GVFnW3OUcFaGFgT0ikFf8O122s3HOBbAHTiABrWVcfjOF7erbfXZ/QjG/gS6Z2vOtUQKXlG5CBn+T3+1CG77qIk/S5Ede0cW3/xi1+ShFH/LlhFsmxVNcDA3gIoRRxvoFGUYHqaR2XnbLcfQ2uTMCyvcZiigP2AeCqqOeHdl2xsUW6s62ufNRtysFDQ00VXIeyX6tDMKfcRqjKS/666YQoHNkPADGYBfCfxuGzK4i3/q20syozWsALLkAaVr9TaTPK2JOekarnhC7MSKx0axA/mHP4m6jIfG+OxVmTQMFwedxrdOKtrLYl3nvyZvpbAvdSlcj6t1CLReStdyAyz1moqwiWCqp6Hfobp18vtp+BnwVu0FXduaonRTVXjk7zNV7iH7iLr0uP8BHrdDwl1MTkxT2Qv5d5t10NwQt+kjmyDib1zjkAVu0gl6b3OTAySP8EAYPPgeXyHHu7V+DEtFdIbErSTROitusANpTmxhXDu6fiHCTIEkuMhfQyx+e1eZzxf+vxAaCGPByJQ1ej3D8nZTlzC7vG3NFCKkB3rwSgGe43kMucRQRvoAhhE7OJzPYgmoRWR+zTMA9ch0mP7YRUwrzjsPVD+l9vGUFj/ulT5jwf9v5UoYALAUWokkKVrHurWPIEgwk0kTHgTM8e9FUrNjRccB8H0RiRp1jcC3OILHourpggOIsXLLUx66NM71UH48lgnuTDzD+JSZXTooACHJ/Kogk3vWrMG+xv8XGoNf/TNFQp6sHjmk4+S5YnwPDfg0CJkc5k/TAQCfDpwIJEsB8fs8ZwyOsY0hGwy0ID5CJNQnmOEw3RHffXlRNyDgnmOqCkpBhXB3Izz34BputnFIyRr+zKuYFHSW3w+gcLGlqSqxFrJpBpDcVyJpoV+jdVb7C1u2ZlbLOEbJO1P7G5fYC4xpG2lI/K0KytzAGG9vDAgwjGX92ZhtnjGd9JYrAJUuMKcIdBph6LbVVe2x9+CzGc1vk2nzfijK7yWqP2kwJ5N85P3/FXp+cGab2n7j2SLpOsSpSGA3RQeU246n8vWOgji2axtqFIVwRvzMlKQ+N5ahbupq8IeXV+KnQEZHOJu4WXL+fbe7Dhj2jzXVWmpF7QGYaZpG245Fyp28j5X1Of+sJ3YYnoVY1ZHPfaMK+50XBsOpKShPCbsh96l21uA3nOq2VU1lTbZAX1zWO+Hc7PtCd0nSadAX5tS6MJh/PKi/OvUD42vjb7tW1iNjPsOONbPLhPGdhNXc4GIsZhTvHUoizRoLgAzYhRFm3gI2La7bWHmnxWe67OVG4307BRGDd3uN4r8p94afjKsA/k/fsAecQ2QZXM56tGvE7QLCSjKrGHL4x7vdN9dmHWr3JcYhvWBTmw3mZ8pdgRexjpTFr8BJuZgDt6llo8gSFVP3NFbLe+bna8= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 178eb22a-9d8c-476c-1a18-08dec62366a3 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:08.2753 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bU3Yga9QcsVOe4jCiGRxbBVUmK2hjdcStODazwpBWbj6uGOLVF3f86aaN4854cyoEQAR2+ka+D+cAwPUOhB0apOyIEkFoplknslloSRXPOI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7024 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=i9+JB704; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Previously the initrd was deployed as root and later chowned in the deploy dir. This involves privileged operations which will no longer be possible when running rootless. To prepare for that, we deploy via a stdout and create the target file by the correct user. While doing this, we also remove a useless sudo invocation when listing the ROOTFS/boot dir, as this can be listed by all users. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index aa65cec4..ca179392 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -620,18 +620,17 @@ python do_generate_initramfs_setscene () { rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler" rootfs_generate_initramfs() { - if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then + if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do export kernel_version=$(basename $kernel | cut -d'-' -f2-) mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - run_in_chroot "${ROOTFSDIR}" sh -ec ' \ - ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ - find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ - ' + run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}' + # on dracut, the initrd is not world-readable + run_privileged find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \ + > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} done - install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} else echo "no kernel in this rootfs, do not generate initrd" fi From patchwork Tue Jun 9 12:33:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5126 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:22 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f59.google.com (mail-pj1-f59.google.com [209.85.216.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYK9w005520 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:20 +0200 Received: by mail-pj1-f59.google.com with SMTP id 98e67ed59e1d1-36d98b5a68fsf9739435a91.2 for ; Tue, 09 Jun 2026 05:34:20 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008454; cv=pass; d=google.com; s=arc-20240605; b=ddT5AUreVe1aseYxypjgPCx5XBf3XIyCiOV0692xuLdKp2nmBrbbNbRbe7f2LAuwiw rN8ojbRHoZoPZPwIcgISX+rs/qNOmqP+vwM9M9hpSf49GCQgRY1zv7eLd9tqQF/DvA13 775DTj8h4CId67BU3SWtcGgMjCd4rv2hcli8j+2fNg6g9NJpmr7N5pEulKMsyHgTTZy2 fATQhnFAK6K/9xGM41meUSfoMN8Q/weBxkbkSg+slYK/0J54bBAh9wfP0VyiY4GALTfz MKbdEOvVNtwJ0GNiOVQlyQwHgDOI5gw2d4qmub4ylSN+71ox4Citvgu4k5hxD5vw8dc7 P0+g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Fqj3EBcMxAeIe9J8rerpWcgxZ8yIu5FveHh1fVE7mPo=; fh=AuE+un4XbyligzLmm5nD97bEk1dp7guZuE/IH+uiKIA=; b=fsnCnJYqnbIK8fctbwzyeiA41AMNw0LIr8DjDEBAf57TI2k+nHZf4DRUR5qnn05w9g mfIjnu3wmoLHO9vqITyhALGmtPkRMmM2SFYV5Pz//hgVg6nMSdSTbrD32qdeGjd0gTDI S62btE2TcmvCHpCSfj6oXjqGXfx3/o7tktlf1f0y/h1ZU2rwDugzs0UW0uFULhBn50N4 uawr41Q/2ovIdURIZYY1G1UikyfScH91MNUzGa2qKsXaWlSeReYyyAUmZBJllEagCTzb huoPkbanknH/s1O7Dynf8J2kAHav1FANJbJTPU6anwZks90+v3zKdrLnZ0cGObfCygxR zS5Q==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=fhrFolC1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008454; x=1781613254; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Fqj3EBcMxAeIe9J8rerpWcgxZ8yIu5FveHh1fVE7mPo=; b=hvBFW2S0W0PXonpr+FjYl5Hac7GWQSODxFdDxR8NYcUgbP6y0AgP1JMgMZm+A9a88g Q33PlQDCsqpDMpN0rAlxz3BBlNMTT2fXjhz5ikXxXCrh/fF1n7Umch2ONYtIaGjn8miT DTY6U7W7wpdI8sIUAZ95bCWTCg9yH26pNdTIjWmJ++8zbDFPk5/qgjOgtw21fhphJP5p bY9yVLO5GJE+8z10yBSsWmQM6sbbYX695n/DArcRzZ59AvQXAIxswGb8ugvW6S4mZAe1 l4Kbp+vs/8Gxb0B/PRvY57To0b31F1BCDLLORzV0o4gstqXZgg3/OLSykWsDLcsD0Rri e2Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008454; x=1781613254; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Fqj3EBcMxAeIe9J8rerpWcgxZ8yIu5FveHh1fVE7mPo=; b=QBZ+p5WQFkGjWgnFO2ylRtzHr4XL2mFDNk/FeGDnNPvm0CekgfDgzBjKKqN72fTlnn fwkMdP+DVlB+8On0II6TdiDrAR9hfkdHeNlotLteochU46zcSrJ6Sa09gzTYN8a+tT8E 07z40VhtzzU3LK+D5EOfwGNqBQk86IH4lm0UR9B/8gHDdJLaZiHWd7Oa/3mcpquqN2IJ 2eK+lDF/Tbn7mxSa/C+8KSfXid4j3/y+jHIayAiC4F4XIqy3NFwQL5wLBv3UHZxCy6la iWkVBO2iYFiq0uU7vjrVD0fdx6oWF2hounqFSJkQqs/tpUeofbsGHx2u7XkIwrbYHkgP EZxQ== X-Forwarded-Encrypted: i=3; AFNElJ8sQXxyHqsT79hWNb/HrI2klk6m2OtMs+rdXhJGheJH6R3h4ErK1hUJCGPVQMtpuocRELM/g/A=@isar-build.org X-Gm-Message-State: AOJu0YyAqx1d17q++dVbE995egr8IfIpfty2nCOtd+Rh5Oex8GQIoFLH JkBgHSzNMcmTOgYUdayEjhpyWYfRwRIA4uQhBo70J2mCRSi2FwVVJu7Z X-Received: by 2002:a17:90b:5906:b0:36a:5d1f:7ac with SMTP id 98e67ed59e1d1-370ee344dc4mr21170656a91.3.1781008454204; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcM6GOebA4PhqMPyhPTYXyGIo+FexTj8NWT/xrOPzvmSA==" Received: by 2002:a17:90b:1b42:b0:368:e574:6b68 with SMTP id 98e67ed59e1d1-36f66221805ls9046056a91.2.-pod-prod-06-us; Tue, 09 Jun 2026 05:34:13 -0700 (PDT) X-Received: by 2002:a17:90b:6c3:b0:36d:b9c5:e8f6 with SMTP id 98e67ed59e1d1-370f0481909mr22389683a91.19.1781008452677; Tue, 09 Jun 2026 05:34:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008452; cv=pass; d=google.com; s=arc-20240605; b=I5M1yCjbiDquMyjI3gGZfYgrKWjm8iuI0cvTODt80dyp/xRgjOU1kF7Na8jR6SWPje h5k7AeMGJ4PDECBger6LolgrYxipeKRVH+r5UzJT8BEd3sT7cVONpaP88vPW8Yj0Bowc IDLnrJW4+Hrv53DjjJRdPnkD1/nIUxcNTBuB0iVKTMQM0ByXHZ2WhaKkbEQqXU+zlD7t nV7gP9yrM0j1LSuzynvcaW+DFtKzd2cgKXg1heEfpesH38ES13QVeZkRT9am8COkeAd6 gE/HCudacDvGsowdQAeIogLOCDP/kd58JcHeny5yeHf+SDc4Xf31vqOw0qDPiczb/60Y 7phQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=9CQMpHOsvmt8WJ9kExrr1xaWDFcIcWcoyUEm4IVdolw=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=KXLC28DGude87COkRYuvyE5E73lkbLUM4W9e9Ur5Gts+ngYR4xWkJTD/eo9mjsxj8r s29PEGXcALc+OmwHmTD9zX0ZbhJoaNRIo9btrHhoTnC9798XnXByB/7SjeZtaLagqYUy YyUs5/09gtZYTOjfD8aqRVuq8UGaMWwPfMn3XrZNMhDjGQlSbGWBLnvs2bBDFPhZjbel 8mgUcMbTNtr2okqgLyMYM81z6lIIT8x9nl00OyGzOmT8xtEEJ2GzWI6q9ypaERYSHcuA NfBvQvmwED+ldXQh9VD1EfVDrJK+lYIlrd0cBhlZaDSPhGviHQ/83HTJRSgtjmAcPzCY Vfbw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=fhrFolC1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:12 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gJI4kZFHb2Pjc16boLkCGkgvhi5t7edWcLN2NiE6YdqdkFQTpEsvzkFZJFwzSoZ4//cv3iEM2qKDBq6vgxYyvQG0rr4sumQ/q25qCe2EB1Ljb6KYO8SQ7x3MSC9/oi9NbMPw98Lj/NtHEjSpioEuuMEsl1jts0Bm4gea/0kfkAYgPYdtIVWl2qYu3U5jk32tvzDaPgo/1cH7J/gENS5B/A9ct4nQI716KbSsOQBNO+9RNJjgMF0qDWGlh8TAh57z96hZwHKdtHT6wVnocGactkXUCj7M6hWOvqp6Ku33CVRaX3E/vq5WurrEzYRyxZfp9YZRc74tl0Kp9UPIOi6YRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9CQMpHOsvmt8WJ9kExrr1xaWDFcIcWcoyUEm4IVdolw=; b=cAwzv/w7KFNUDP9F6SHg601Fw0M3pkqvASEP3TrXHVZHHisiPA+CALY4Si5ck9EUUq3r4LBJ415YF8Mfc1xODcitQxgRy4Fw+hpnwWYTKWTok5aOfUF7NUM+IzP/Ozght51gPF41bRBHXyCDTUH2MoMsnvsRdiyrGleMGCd5NXZ+zRqs7INQAulxBnEgLTapt489OyT32aj/d2A/Vh81xJCWev5jAYGVLIXHnN7RukVOyoCLVorS4eiVlV/xk0jwsAQ9wNBMWEHGLHa/EOaRo6/UNQ0d7mNFGoAEDeBoKXGRb7Yaot4rt1LMNQ0GiTmCIFXwKrwihLOWTyDDddIMzg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:09 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:08 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 08/17] use bitbake function to generate mounting scripts Date: Tue, 9 Jun 2026 14:33:46 +0200 Message-ID: <20260609123355.2368573-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: f22ff05c-7737-4677-5fa7-08dec62366fc X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: b25veyRWzCuPaG/DQsGkKsZMMwKVJl1sHiqaEXXNe77K7nkHLBTD35+DEGiE+VQnZzhFwS2OZ4Db3ZXqIQk8zqDYqJP7AuWy4G0rD411vD5+TZaEHj66mQ1yhhasypLum5DOcdid8PYav/1aMa8N6o2OA4/oKW9L9IukvAtH5ysJTCHHhhy89YQ8zcr9L6yNs6IpNNkfSzixTRC5LhSp/hGstiU1h6S4z5CbWkMQVXBTlapTlOixMoTlA6dqRR6So/+JUbDBksZzME5FEbYStLgJNDJ3aEPW+9KmF48IFsYw2wE1OBMIMWYJ61y5mQHHRaCC/7WHrFcwnTEkBaiUTUPKRG2IZm90oob7zR7yusOHbobknWLhiiDJKEzjgH8lFfh35Y8m6PU6fvmrdNn0y7qTiLq/xkHwITyzmBS7PLsXAi+pJXiOsN4J0QZ9fGjlPxfTli05eykZ9Yzll7DBJ1/PFQwWsMeLv9QmxIrCABYP+esrVSV8DvWZMefXEgK0x4uthKfbYwAlkG7/S77EDPbMjCXF//xA22BYeFDe5mqHNsquuXpqg85vhzkFfxYcr8XY8L4U1lxbTS9qG+3pgasoItG0U+H3un2jjeasprUjams0IA4IxFo5BDlPdVjHUqfP/f+G/HV4eZ6TFSLr32l9vTMOZeQnIbc7d2CYInQzC/HW5h/SKPOvE3tCe1vh X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ek4y7J8izkCpNWMQamtfBjxNiXnNquBjFhWFv6KmEh8Y3dEX9qvDdcaJX4z0XDgV8VQs5C9rvYHFIfDHZtSh8ZKV5+gveYF8/BK6QePzOJSjwDDfx/WgDT3/zcUm28OjwKzXD11KROh7MhQUBLi8I1ch/va0JqzlyH2tWqac3AhYK7uIHrua96jBzKo9tncpEhXZqViuHerACuTe04W5gkInLiybpA6/KZiBQ7CoOMnY1LqCyVgpMaBbPdYxm/ceGNfKWDmTXEzb+RXx4Ja04s51iLMksCR64eOEyHCRx7Z9QvlvlKIQk2RPWLyS04RY55hmCLq+imOdruzuW/B1SpjeB469CF+T8MBfK3E3aoSRORa0jGjz8xB43DilJLZ8vVuUxOXA+rFqG+hV8I4EA0+dkUPVrZMvrHoMW1P+NZwMRPa8skNNlkpUSC1uL0hFYZPXO8fNhOx46VjI7X6j5Y4faI4ADMrWglB9JYTZj59uUSs6u87DhM9Pz0MavRHvIlTj53AKi4jQnJfCx85/t8/sX6V8shVsqyezwCoNhbqml5OzvllRWS6xp4bCZCxUNwWmXxnF3IOnYLWZLtV8obEhPYxLH4yZQKYtN4BsJnWk5wqEJiVjj2WlHafQeHYLDzoT/KRCJ0sXZT8+3w/a9Hnd0kTgZeoEHRf1dUwi1+IikBUdMeCUkYVe+UfINbNlfR6RVjq2VU3wZmTB7zTF4mF2pcHE7PcoSY2qqfYo5Y2JLxJFJpla+r0O3eKWssk4IeInmUzjROXphe/q9B3C70NI0CqPn9jjTL4z5O0H3rglLd8YXhQ73uB3SMfKJxBXxD23VLkvR3onc8NdLroa3ATrHBusHWN5ltv17jseoSVjWS9kqpGUKASYT0ZaDA5IMf27fYeVyfQQDrp+G1i3CO1Hg5/m3EF9T2sbVEt236CpawlwX/6oZOI3SHmZ86hAqifkKBURoUxyeaqBFwHwpGkAFGId4KqzBTRs4u/WXbq76XoCaG0ks+x2ntWRADXKbNm1wPhsU9YlNxqxfamBvewh5qqq5MqOxwoE3j6G/Iu5lswM4ZA90p7kn+kcqYK27xGkYnz6dP5vODnwDzomlyYffraYMJIsqxWutDKyTRJiSsNpyXacwkcUAmX+wKEkCPGxVmit6Ry9P19Lub+MiJqg3Y3wPtFCVcAEhYE9j4w4UmE0sg3Z7aGfKFQ3Tr7BYvZFOInqY2y+UiwP260HxqStq5k/iNoR9gkarYlVhn6msZTzVdehHPwox07ST/Z/ihFTkZHmCvLR45Fxs9t6HM0TZwMrG0oup0QnJqIU4Ziku5upNMfy0+DaHGda1yaPHj29/Cu55CYszHl3RU6AZG9v/S4IXjx0Bq49XHp6cTNLP7ELUeC3GtHreK/kMsMhb0x15Hcb+6SFzHUF2QSv0vq1gjBbw9mG8P7xEnrEgDUJpUFrTL69twTVijcXdlkwPla0WBBxboj5lRj5LUKCg2DnE1SUMQYNyiXJqHqTrQVEsief68UOAA56N1gkUu2v9UrZHvnOLSWqicMblCkirKWvZtxHNCdAkNoxaA3Kpb3GqEmNZCEclgthCBoaebpf9xdK0lCaW8M9Ik5U9oKJPJAzeVJlcT8vHH9chmWC/B7c6V/kD1RzYmLcETio0zlbOoj9HJ6IXUS0hmgmIA0Bkl+W5WR2FVklNuewHtM4Xro9REKREu/BVLlJRmP5TJXQ9vhw0Ky1mjJihyqIOaZumAmAnVvU75c6bTtpGXFj2NI= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: f22ff05c-7737-4677-5fa7-08dec62366fc X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:08.8895 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PgUWXriaTD4JyaCudvmZMNB3PDJ5TgOfkzqWBezYl24EVfgvDIwlhgilcu+EeQZQMz2ly5wjOTs/pzvzn6jBh5JX+RIQojtrX/0AtUTm6qw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=fhrFolC1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By introducing a bitbake python function (a code generator) to generate the mount shell code, we make it reusable within here documents where external shell functions cannot be called. Signed-off-by: Felix Moessbauer --- meta/classes-global/base.bbclass | 18 +++++++++++ meta/classes-recipe/rootfs.bbclass | 49 ++++++++---------------------- 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index d4dbbc3a..90e4525e 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -379,6 +379,24 @@ def deb_list_beautify(d, varname): # Helpers for privileged execution. Only the non-underscore functions # shall be used outside of this class. +def insert_isar_mounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + inner_full = os.path.join(rootfs, inner[1:]) + lines.append('mkdir -p {}'.format(inner_full)) + lines.append('mount -o bind,private {} {}'.format(host, inner_full)) + return '\n'.join(lines) + +def insert_isar_umounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + mp = '{}/{}'.format(rootfs, inner) + lines.append('mountpoint -q {} && umount {}'.format(mp, mp)) + lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) + return '\n'.join(lines) + def run_privileged_cmd(d): cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index ca179392..00d71195 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -49,6 +49,16 @@ ROOTFS_PACKAGE_SUFFIX ?= "${PN}-${DISTRO}-${DISTRO_ARCH}" # path to deploy stubbed versions of initrd update scripts during do_rootfs_install ROOTFS_STUBS_DIR = "/usr/local/isar-sbin" +# list of : or mount entries +ROOTFS_MOUNTS ??= "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt ${WORKDIR}:/isar-work" + +python () { + mounts = d.getVar('ROOTFS_MOUNTS', False) + if d.getVar('ISAR_USE_CACHED_BASE_REPO') and not ':/base-apt' in mounts: + base_apt = '{}:/base-apt'.format(d.getVar('REPO_BASE_DIR')) + d.setVar('ROOTFS_MOUNTS', '{} {}'.format(mounts, base_apt)) +} + # helper to compute the rootfs distro also under cross building def get_rootfs_distro(d): host_arch = d.getVar('HOST_ARCH') @@ -154,50 +164,15 @@ rootfs_do_mounts() { mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' fi - # Mount isar-apt if the directory does not exist or if it is empty - # This prevents overwriting something that was copied there - if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ - [ "$(find '${ROOTFSDIR}/isar-apt' -maxdepth 1 -mindepth 1 | wc -l)" = "0" ] - then - mkdir -p '${ROOTFSDIR}/isar-apt' - mountpoint -q '${ROOTFSDIR}/isar-apt' || \ - mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' - fi - - if [ ! -e '$ROOTFSDIR'/isar-work ]; then - mkdir -p '${ROOTFSDIR}/isar-work' - mountpoint -q '${ROOTFSDIR}/isar-work' || \ - mount -o bind,private '${WORKDIR}' '${ROOTFSDIR}/isar-work' - fi - - # Mount base-apt if 'ISAR_USE_CACHED_BASE_REPO' is set - if [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')))}" = 'True' ] - then - mkdir -p '${ROOTFSDIR}/base-apt' - mountpoint -q '${ROOTFSDIR}/base-apt' || \ - mount -o bind,private '${REPO_BASE_DIR}' '${ROOTFSDIR}/base-apt' - fi - + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} EOSUDO } rootfs_do_umounts() { run_privileged_heredoc <<'EOSUDO' set -e - if mountpoint -q '${ROOTFSDIR}/isar-apt'; then - umount '${ROOTFSDIR}/isar-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-apt - fi - if mountpoint -q '${ROOTFSDIR}/base-apt'; then - umount '${ROOTFSDIR}/base-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt - fi - - if mountpoint -q '${ROOTFSDIR}/isar-work'; then - umount '${ROOTFSDIR}/isar-work' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-work - fi + ${@insert_isar_umounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} if mountpoint -q '${ROOTFSDIR}/dev/pts'; then umount '${ROOTFSDIR}/dev/pts' From patchwork Tue Jun 9 12:33:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5127 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:22 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f55.google.com (mail-pj1-f55.google.com [209.85.216.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYL8J005606 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:22 +0200 Received: by mail-pj1-f55.google.com with SMTP id 98e67ed59e1d1-36d98b6f019sf5682616a91.2 for ; Tue, 09 Jun 2026 05:34:22 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008455; cv=pass; d=google.com; s=arc-20240605; b=Y/k+sQuZX1Z2KKE6CGrW63IlNlI9HAdp8pkFO+UkrPslI5mMHJl1sy0R975IT1C/mH kV0ITI5Uxw4cZS81YPeMhaLeTK359jwRzLg7GGcsqMKkWousGm6YNdxbMxzVln017bGR 8EcubnNgznyIL9j8Ykl1GqgTMRzglhWxVtW5CyIjoriETbqci6FWv20DJQznfXz9wesn c3kxEki17Vg/78O9rdTA+a+FKk9uWfZ0i2gs9FbYXeZQPHxHKu48AtGnL3q9U29Tsanc S/+2Y2NsQw3WMYGfh/DBixCeY4TZ2xcDowVURoBIARmrlND6xT7juISKy6t6myvnFY9u 9Z3A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=nhL+J5Aq01hCwExhfQrlCNpspEFtg87+ZplR5EaGyZg=; fh=bYm5QNfKJ+DiWDDUsoU5qi66BjO+Oho66HtDTOfxgww=; b=L05Ci0o26klVW3qydWcq0s7kbAd4Klmd6iXXFt86okZn1ckSS7xqN2b0Ru7RWyyXk6 tq5bsdympT1m+QUSFLGI85Up6sqXSJ/VMgrPIHcgRjaoTFyGbrZNYsFrKUUXLp8Jz8UJ 0jqt+CLWPsrZy0Zos6pWr/207VWm/lGDy85yK79TN0eNf2e8cj5VexF+E3LjewbwMeQ6 yVXhsnk7BEvFPRqc/iK8hV7G9XSjeAw06lIPh//A6ZtekUelG0WJElgdvN/tUJiLfwc6 9a4pOv96sPMOaxt3y5WwIBA07pVntv5PLC8CAHIJS9WyXPDnzjU33LbZTNoRtvZljAUP AsXw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=q3pB7byp; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008455; x=1781613255; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=nhL+J5Aq01hCwExhfQrlCNpspEFtg87+ZplR5EaGyZg=; b=CjzxU7dQW0HsjK5Sgc9pFUcdL4+rsxqOQjqpD35Qb+k8jDducD+65CqBOCxXlgPpZQ 5xrItu90ZsoUwlusAWdFjjlKoJ6bE0VuZXxJahjBdPvtH3GmbKepq2InuEVvUGkReVVQ pYDbZV7kfNQZbUW8708zpK2o9GOGifogSthhs/ePzVEYJ7s/KMWKZH/ljWFlJ2VTu1h3 DCgSMfkrwRf++Cjtm7ovtgXbo24Y0XvUPVj+cLxxAbErtyaMPSG9YtUgcEDjHwlOTOiF PEJ/hBdltfGD4tHHpl/bRm2yVhrgedL7zh7bjrm8pn/8TYvHNZcpm+6DHGAB6wm9PKeZ ZnZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008455; x=1781613255; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nhL+J5Aq01hCwExhfQrlCNpspEFtg87+ZplR5EaGyZg=; b=sdCiT6LTnD5NxTwBHzsyQBulO39b0bFcIOsM67j71m6T6ODcDKpO3ualpZD1C/6vGv hb9REgiWj3HDyljRD6bpCH/RHM++R9DFAUG63/18NSgI/aHbBQHIaxTaZNgRg5VQsZDU aqbzMufwA5PpFKIovaVPtMM0v/WVuflrb2VNGmBy2xL6OBLpzSLx2XYvyReaqAgHBLCC /F6tMVOn22IxSJXt3ai2L5PZRM7Ofabp2ZtMIMCwNIWNHXPgj2OvNZNvUujamm7sf9IM CRft30Z69C3zs4LTg1eRuzFK4oEWkLGmpDnYrEDD+CjArJm+RZPPy6rVWGkJVtB6ydru chWA== X-Forwarded-Encrypted: i=3; AFNElJ/TpjfFqNZ6J9RhWuYc9SClwjOx0XugKBBLJTDmTDGsWkDbvkAw59T1jmJE5NveFKGcuxt07QY=@isar-build.org X-Gm-Message-State: AOJu0YxWJWDprR+vVvulZqaFXx5sjiPItv2nvTR1SmWRYNaDcR9T0C0/ PnrXKnqF6Q8AZwaLqrpgmHA4GXDAF3JA1q2/HDqF7MTBzvHi1FFjikR/ X-Received: by 2002:a17:90b:524f:b0:35a:189b:43db with SMTP id 98e67ed59e1d1-3751f35ab06mr2560351a91.4.1781008454734; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfDvtCVtwKl/HNqb7FHMKutO/sLkPo0LKZRqLhtDk/kfg==" Received: by 2002:a17:90b:4f45:b0:368:be5a:cc4f with SMTP id 98e67ed59e1d1-36f61f6387dls6971351a91.0.-pod-prod-01-us; Tue, 09 Jun 2026 05:34:13 -0700 (PDT) X-Received: by 2002:a17:90b:58ec:b0:369:b9db:b885 with SMTP id 98e67ed59e1d1-37520dc53admr3340299a91.15.1781008453419; Tue, 09 Jun 2026 05:34:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008453; cv=pass; d=google.com; s=arc-20240605; b=ZQgRcgma6seR+/6mTUYK3ItGsxUVkigX1bEFhHadcM4hw/gI6RdEmgiMlhg+CsHtnZ VwKjIaUMTtd2Eu5ndYjfIGSGRLjANIVUqZmFoNFUhAEdKUP6ml1pDg9hL1SWFdEBEqBa sYb4umvwK9y++78mOFRwUGl88MSElfIbTleQ4zrzW2Hp4OT0ZRkyaNp3e95B4sNjtQ6f AoV1k5C3KnWI87zPOybjUHkG6ChxW7uLF4gO3nKnTC3RU6oAA4xrMWWFjzOlxps2CIO+ pRXprN288CBs5tQU3xR/7RZ7tZ8oJ9CEzOjglsD825KhSjeKxhubE663Ej97c388Apk8 kq7g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=i1JxNHlzA2ceyScXHoUIlBQaaqPDOciMVBXfKyUStOKPDjW9SuHuMYCS23Rs8ajTLg dTyJzNXu7n0H8ABgEDqZdLewPTLbajjRLteJZEAuXZVRxNRebFyPj9Do9wrqfCagRsEU 5L38FP8iGk591me64LzGMMP/dNwLJgzyPH6VIFJBp3xWTI7Ybu+rfRvclCzKUGZrbgmt vSZh9H8V8HIUKvPCZp1bnUa/bx49Kjl49tMImIsoJRrr/KkAASgaGAt+vXa67TzC96O2 5qvymVysqSGDL8AGau/xSHG59+YdO8lm/iV3OjJ5ALPlBrYl1fHYqbWNCNLB6krjpq1T J1LQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=q3pB7byp; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:13 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=F3qoZEfU+031uF16su4Uf0UvRCuQsQbqmljOhYC/KFuztz8fk6Y36mil3I+IePu2ymKbWzetlYfa1gqveWQO1MI7YnaPp9gG1RNfRecuOkTNz4kCa6J6QZyDTxBIb+uatU3xM0bQWnqt0+3SGNUqJUJ522HmEyKPPaDUp0+fiOHbdYKIuN12W8mQova1N+akdbic8OMDrPM2EzNMsJzGXCpjCPCNCpZs7IahQj8UPzQmcCckYiuM8BRQ3IcvbfIdU+2luYxOuWs4ymMJWlORB1T5L2S0+dlpGW0f6tovmt2QXzos/KNxUSzs92Nsu8VmdaxE/Cv2n8/nRdfHh1erxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; b=RfdIvvwYgtY3aHO4kvFi7doqDgPF0BmCpWfYpUDSDFvWz3udPlcnRKQpPtbXOpHCOo8MA96LRmq43HIOlF4//lxWQg3lhl6uMYJxN92STE3eytQkLroyvuv/x61z4mM1fmy2hzUEAd8ATY2YZqe+SWqihQ61HCHPpLsX33bAJ/JAqLvk7WuNK+m4XuCsFrq+qNPQttj/6oQqJZmAEdc2azoZ81CkqAMwVIimQK0TxmnBsOPgDQyG1+ccAPAoebC+nkzN0o5gKLh61pt9VD2SeNE4DNZpqtJ/fl+zlJJ+VV6EqzrxdnRYEVVBTR8IUCe3FDSdpzav5OsW7msgMpRBfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:10 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:10 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 09/17] apt-fetcher: prepare for chroot specific fetching Date: Tue, 9 Jun 2026 14:33:47 +0200 Message-ID: <20260609123355.2368573-10-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: a64a3179-edd3-4e03-4c01-08dec623675a X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: 4dBnGWBxd+aaCMctHQ/XXzJCTw7WjWBUV8PIP+83RR4VU44jzrvj1iJs/B1ayWXl+32GaFVSdawaKnp2ferCOedscg5Shg3DTvyhWAiR+6Oq/TSu30qCvzunWOmvZ0dhWtcW9bZM4XdDZoB6Kb7N78+Ndtneczz338CWpeSwUhbh4r/ZxdTxfZHzgHZYkXqJeKCddli7TLtvDDK+kXQshs6txCD5QeE1HQcbzoFPMAlgWi9ypL4In26l9O1ONUl/cs/Z4p7azexHRvS+gueOfnZWKmebL6L8kSf8MwqwLITnSz7vhl2xh+069EBDOUodCgm0sKvtvle2uOIOeb7wJVgUZbP1tyJaBXLm1HF8ZIlx0Zow4mwHDFxkdp7yNabzHxx4dE3Fzoxkud+YAmA0hP7JPlq+dXsHcUXC83LSylWoINwhVtrHUG2u5phG2WaaFg2lBZC2dyfjVwma11piq/DnmbCm1XqATyoQuq6GLOKRzNmqUKxI/J4CoMQHxR56kpjJhH9GGUbbTdf+y8JZra9GiRvHjeAYnGNLGJAMPHfTsYVmJKckfo+xZBliRvaAsI7RMf8lrrGYWyqM1mmhEQqOuSz4B0aWooryAkxwKshk0n8+qAFdCtOSR6ZHr9ZQrSRUrNdZ0iiqemZ0kfM4Va4V3JvIDCNsYS60C5GqiOycNE7v683AD0KLzyt/Xvyw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: k2VPcRfXH2NrPuKhZ/oRZ9RHWI+t3XrqKxOkj6eIcsexa1cMweGhPY5Xv5zJTi8IQ1EBwqdrJ76dk/CTVdF/UzdNCRZp/8+OUzWOshsQAAbyfgOLIR1Afh3y1IhSlSf/zeCT94VKjUdBM3hG19P5FcS5lq4bzC2o+S4Lz0ceHKxk24kHGkR/jnyzg9o6CkWQ4ZOYp17Xi3jZY5zsibLCbAkYV2ihaTb/hWpuu2fn+ggJSSQEnQp/GiXr4bmen63lIHDDJQH7dIm9ROFY1NDakHoQW+jPhtlBTymCPXzSdmD2wfAJQYAl/pyr/uPtQq2oO6WD9hquhwsncjUHneZ+MKaVsmrXZjpyVSuuRQhgkC3MnJUIx2xKIuaJHmnpgM9wt4UuCPSZb740OUyY8idQ/hIzAUl+0jbhFgdb4zKsXvV/e4R2bJkznliADg/RI41OuonXkR7nMIDZsJTrkEBYUCOJXX9oHKA1P+KixUQ13Z3vLNfjDdzWTX4lOihXSLlzpCbkjHSEB/8drd3sUr/BDeMcT2hssFp+tTLQSO7WJWksTIYVGpLWsajYMvsUol7rN+9ipIBZ5gMcmwZQVi0ocp0kKWVYhsiS4ZBQl1Qe7uhnPBdM+hhJ/QA4ZZSZ6inxt0is6zJHF5d7+agAs2x6Z+i85GuMPps9XL+U6Gro4GKGqF+JDwBsF+ysaKd4SJOqselRNfY38aB1phxG23/TVXGkxEDdK7qPIdHcLuoJMB7hIwHifT+9kK5Xio5/v+PH7yeZq22mNTF9U0yp/YLxKkhIDHvoAP23jOEoVowNxlbhxXT4Edyner20AbTUxBk0Lr9SgoDpCruJR9dUjW1xNhr16g2hpPIrQdlqx9oaxsEaFWXKLdKP1GsyAOgBKb2BNgezKL2kdNLqKV0y9xCMOP1yQsDsxJiDHrAFgIaKYO3uT7MIdwGh+NNIHq8gQ6KI4MMWInIBX0KJxHR/KkVaGpVMHBaSTeQLOBPi4f8Ny0pjUqflsZZQK5Lt4WIwMO6lo6JQhDX++Wgs++e6Usx4SAjUrkcdA3B3CgPuGFtlSZHbhM5Wuc6We6rtGLEkXngW6FbavvbjMFCFzA3hPqHKo3fAau0CKXA2S9oAAc6aC9E4ET1eADqTaV0TQG0NkbgeqTCZoMBAlowqGUAjI964oL+GEJPuySnMMNez396fO4vKVKx9SyRhygzI/Dtaps8SU5Eon1Fm2SXLplwy0CdOqzq+fKWEU/VpPfRWLwqjg+H5xxha2ACYep9EJfXiY3cyQ6nyL4vWmcU7Bnj5hiVEiacPEd98d2s4ScMAPu+OIrw0He/jRcF9PEchOxxc3Kr64QduuT9PBIP/s0CRcWT4wQEC0DB/hNTkOWKYd/BfWy3fsCl5Gp00BradARYxGWgva8NftEZbhtCv9Q+j3t6hZENMdmgFUBEqSPHT3eTehsZw30bMnieMK0qlV51vbiI0UtFMnbI1hj0D/sSZLEAstLI8A9usMjTtvNShj7l72Pnxl7p89dITT1zj/+GkQJoevA0xgEJEuOVTKBOjS8ROhwUF0nh9jFKicWVnmmxv6IaUdPAZ3s7O1EF52TGxaXypPP6BGQ1DmORuo+p+9wLGpfoZIq+p+yIMV44F8HC7PsXlbsi0GGJQGErl3BaOTR7aBgae1KOscSAhuG9M424Kh2eHdYWeWWsSTHBYMXlK4b/bS3vfX/K8h56ECaxMtOimmKAR+7pt7mMMgiiw/W3cJg2Cyq8qET7bMr7/3zR8wIs= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a64a3179-edd3-4e03-4c01-08dec623675a X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:09.4573 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3Q3YAuOu1KfiEMvYw/aWQisI0XNR83ArtR2Nmjbxf2vxdHKBa96wdoqZc9yA58btpQsGCH79nIamXuI3mtyLkppHX/n4t+IjWuziptbDNgg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=q3pB7byp; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The implementation of the fetching depends on the chroot mode (e.g. schroot or unshare). As a preparation for the unshare mode, we hide the concrete fetcher implementation behind a factory, so that we will be able to dispatch based on the mode. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/lib/aptsrc_fetcher.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e5987554..e8721c79 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -84,7 +84,7 @@ python() { # apt-src fetcher import aptsrc_fetcher - methods.append(aptsrc_fetcher.AptSrc()) + methods.append(aptsrc_fetcher.AptSrc.create(d)) src_uri = (d.getVar('SRC_URI', False) or "").split() for u in src_uri: diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index da2d94c2..1d133aae 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -9,6 +9,10 @@ from bb.fetch2 import logger from bb.fetch2 import runfetchcmd class AptSrc(FetchMethod): + @classmethod + def create(cls, d): + return AptSrcSchroot() + def supports(self, ud, d): return ud.type in ['apt'] @@ -20,6 +24,11 @@ class AptSrc(FetchMethod): codename = d.getVar('BASE_DISTRO_CODENAME') ud.localfile='deb-src/' + base_distro + '-' + codename + '/' + ud.host + def clean(self, ud, d): + bb.utils.remove(ud.localpath, recurse=True) + + +class AptSrcSchroot(AptSrc): def download(self, ud, d): bb.utils.exec_flat_python_func('isar_export_proxies', d) bb.build.exec_func('schroot_create_configs', d) @@ -83,6 +92,3 @@ class AptSrc(FetchMethod): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) - - def clean(self, ud, d): - bb.utils.remove(ud.localpath, recurse=True) From patchwork Tue Jun 9 12:33:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5131 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:25 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f61.google.com (mail-pj1-f61.google.com [209.85.216.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYMvi005745 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:23 +0200 Received: by mail-pj1-f61.google.com with SMTP id 98e67ed59e1d1-36d98b74447sf4303890a91.2 for ; Tue, 09 Jun 2026 05:34:23 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=Yu6AnRK1C/lbzyRLnW2j5IDO3KbA30PNNQ5u8JBXJleZrkmwsJeAokSZlOgc0LIF/q 9gO0OvChE08n90M4oR/rYycIz5kYG0gxbUVQrJFJmvjaxZnezqJhc4tDXJqecza0ZVw9 w0kTF9fgha4vQ9d5jCqXLkK66/1Siu3QMmsVIVzT/eB2ZNi3LapHAfYDF5lBSkYojpzH HuhVz8vafJkjqBdBb7gp/7yTN+2Q3zgVXXchhg4/HS9xnGHkHQz3X5l3tbY8ixmbpmbi 3z9JbZhQVF2sFew7nzqmd6ubisZ6x4rodvQQ9O3bZRZuYZ27qUYP6DpYXCry9uw5WZQk jIvg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Eultm5DgUxe/hEwJm/Cg1pEOXOq9jBN43Txjtvnnfjk=; fh=qiezURc0P4QDznbNKgZQv18sC30/TJzagdAwFisPC1A=; b=TnvItahAiAI9vxZRswlmspx5pHKQsMwD6COwYmCIelci85Sxjftv/zlyd6hO7tSeNj kh1Xe0a5o/DkkhyGyv0nrOaJOWrn7EL4vW/Jc7x25TdhSU/7FAHghkt0T7cn5mYyQgup ZS5k4aa153qobj8IvE+k7BYgRtJiPhyrH1BDyx0muyB1W/OrmOwJ6eZndmk66K25eVjU swK9C8OBAFU76EemQTl1gGeR/BS9cTEYzSZEEEw55nTeW5NgWFOdYwu56N1l79lnwhOw jWo/OU3FbgOH+983WJqLzs1rncjq/sPtUWyGN5JGxIkvpClb4bsyte6bL4BSDAyOwAQc EllQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=dgzbWPw1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008456; x=1781613256; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Eultm5DgUxe/hEwJm/Cg1pEOXOq9jBN43Txjtvnnfjk=; b=OBiG52kmPGwzhbCMojBfBBL1Aj50fYdF/xzGrxq/355eNmz5gNIdWKLmbquYOQ+3Dp h4KAifDDA9kQo1shumDInyB/L8vmVZmPm97IcEAVGBzsDv8jdEQfxGQDmQYnOD+Ftcbn 2J3pjYw479wxJ0hYpFxbMPX88XZV1NvYiIVnjCTt1ZBpobsPWDz05rKORHAkw7Rq3baK oKuxqZoyzmfAMt/SEJ0+WI4NCu6S5QgrpKi6/vJgXwe3JssnlLuQuq11V/Yif3pYlO7k sVMFWRwcccvH+k2yH0veqGxtBsmNu7VZzmhkSkhdU+O3vEacQsZXtcImwaj1Z4v68jrn L7oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008456; x=1781613256; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Eultm5DgUxe/hEwJm/Cg1pEOXOq9jBN43Txjtvnnfjk=; b=Wo4KudMeqcZ/i2hGSjtzZqv1/XeXWNZ++aVGcP+DMD+sCxKfQ+6ypCZGPn8Zdi0PwJ JaONdOazJzqgD16PrcHeYxMsBeAi67SRS/b2O7TJWC0xvkkwH3wCOyRtA7sVG9+MvybM DLisSsQt5j9rqJyXyz4kyXSQN0pOAEntmW3Oh41dmMH01qLYdxeLP57dTMmNG9a1MghX P7ZzEB6cfraPUqfFpYDryHu6UBXOzpO9jB7ksEyNDMbW0/ky5Yq2DkIPz3A9eZRkkHaW GeG/grLDdfmD2ZN3iUtkKbq7HytESQHEUSzEy3PDNtFMsEqmI660sYhvZ8ser2iOs8Ql zFQQ== X-Forwarded-Encrypted: i=3; AFNElJ+NVBfE3vQmJIt9r7Wq2EyEl5y4XQluV77joRCngfvxHggN8cjObv4ZY6vuhA7e41acB/L2gT8=@isar-build.org X-Gm-Message-State: AOJu0Yz7VeVXTDeuSA+rBrA7lXnXcqnujkURozzTigRDs57MYx8d5Aky S1QvlLx0mS/kOH3hGfCIAIhSnWy2xhmuvVjuCtB0wP+gmtYL0lG/LTiF X-Received: by 2002:a17:90b:1d82:b0:36d:8bb4:4640 with SMTP id 98e67ed59e1d1-370f0b55e36mr20700137a91.19.1781008456181; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdYAfPfehApW6sJ3Rkc6hZi8oXEFPtBQKDVsxCmV3VWHg==" Received: by 2002:a17:90b:4f88:b0:36d:6bc9:1661 with SMTP id 98e67ed59e1d1-36f6621c140ls7808773a91.2.-pod-prod-09-us; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) X-Received: by 2002:a17:90b:4a48:b0:367:b8ad:f0e9 with SMTP id 98e67ed59e1d1-370f0579c14mr18449578a91.16.1781008454723; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008454; cv=pass; d=google.com; s=arc-20240605; b=UtUw41Ye6Q8wZzorAbDX+4m4pZ5cg4HuFK4uUyOftd1xHdKX2zqizO5sduJvG9AWa0 pOeLgfUOmHdxWLK4Bn5235KCyWTto1MLmCXtwt0gguSm52Sz5kwSDNE3T6v4OkYjtTej XwJoM5ZxAUb7n6wXLYv2FsU2rkoSjrIqTcMJ+mhxoiSZ2Zgba7sFrQqF8lvfnQ9pAnLk i7CyATI4qp+Yi1ocVGEDPM7WLyOuDDAlICzsC95Z0sj1svRSGWr8AlNwXA2YLtO8WFWJ V4HE8tQS29vumRNCn2yyptaalNZqZeSspP8c4OWsTgaZ1k1rqPScqt8C61Z4AmNEJenF v2zw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=aiw/w6sB20bh+nVBsgAM2ypxSzURuzj1RXU/7FQQLUc=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=YK/AE31fHud104G8t5GwWKpqizoBLNCwHfXY7N39bpDDp6EPnPt9ooXgK66cESgbh7 PcEszL/1VwH51Ob1Z4SslkR/xe2C6xtMrZ7I+mkso5lI2uxd72MHJ8py8jO/gJGT2ZvG RHGiud2zcp+Lx1rBFW3r8JKmPYZECvWA4ZO6A7Aot9bK6obTzLBslCOcWXkbv8anN4BA 8aqMV7+AGgmQKYM2pTtpfpMOIi8s3eeZycsOr6PnolDw5mRj5TRyCZbbK1izkGxnN/Rv 3vdCCVoIwY7lbF51ij/b4IBN8rufZiKH0dqNNJ7qBSlbABEPXhj55QWLsPTN/cggEXNh ftHg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=dgzbWPw1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:14 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QRuEm/E/BjbpZiW64bVswUjpONMcbFvuIwr9K4HtyANPWqA7M4Hq4mJrzlwNfbjUSDHasV+VZbBSDaUnQlon0iGuBbE8O919S39gMj6l9ZyTjOusr7ZNDOzgqNkb2Nc7wFk2OUSM229yf1KrafuBCX891ZwbD1OhHyQx9PBJ7Si9zQYnAY394/Usgt6SLoDjrtqvrLCbdv4BrszRBZvHo+vBjvSfaeU3J2YJhcoa6NVv4Hd1cggdKiC0Opfd0SHa2ixMvX1DzcG4lf4+4+Vamtb/gQtN16hL0UtlATQomDeAKsMuMhPVwPwSENfld07RITVCts1uTTVBCtMVQiaC/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aiw/w6sB20bh+nVBsgAM2ypxSzURuzj1RXU/7FQQLUc=; b=BATagLKolZpaZNzA3cVB5L08JrwaUIAvkFyMi/iRcitk4Trgd9+sSVI0ssjqj6+aAW2Fs6wuTe/eXlWOOl7SQOdWMMnkxvamu9iKGo/DFgEry3/eHqwSTQZPIcHpxUxawqnWNABICQpoKH+bIPwU4pJh32wsAsNxkKFIymIWsmONxPzODyxmKeVHbcrMfRW5Mk0NXg4ZTCotSJpjhR3Q5Hhe5aAk6W3opNPOJ9Yjtv/uBoZBH9fFBxAg5Y/Mtnxrq88AXf7I/tbTB07LUiWym9Mh3wIPISnC6ECpZbbJpkm2LKeWSwzSRERPioWC+p32CXI5PELbfK470QpoekQi9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:10 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:10 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 10/17] add support for fully rootless builds Date: Tue, 9 Jun 2026 14:33:48 +0200 Message-ID: <20260609123355.2368573-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: e23c998c-818a-4bda-dad7-08dec62367b6 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|3023799007|11063799006|5023799004|56012099006; X-Microsoft-Antispam-Message-Info: 57eB2rmHRo06kqegDOfvayd4m3iMZTXY+/XUmslLpKoqtZMCyVXZWrci1gedoQB226Bzc/e6JIDWtWq0H6SzXUrtRdtmcyf6sK+idf0bvvOH/maE7kdY7cu3lul1sTcogmTe04Dn6JB6M16U6IfZyWSDQVzzmwFvHiOZRYW5ZssDVLyC/qqBEh7hIgR2JntKnWfMnAPDikfBOaN2iBVuiYmIlNi38cFoETVvU1JV1drGzUCQKYnw2PGMpGKf6DQfIQNUZFkpTX8EFxvTJxLRIdJnOoOuq0pKESZGOTQaw4tbITWJAst2/xU6kVqRRVy5UZDl312aT4PIgqKlEvtsChND2StQR/PzsV0M6+gESDBxXZOSRPPKpErBRUP+nfEBGev5i0AO2FWYSMj9CT48S18l8Jex8cO0+mM4HeILj7agJpC5bvmDQa/KbIeCrWsfdgQY7jkmuTWu6n3rm+pcW0rLT45brt4hp1d5jtOMm+kNIolaYq8wns5s3W76ss/+tPS1cZSy37i8QvBK7QAp8l6LnGU4DoFplT2vTsTk8gMXr+6alPq1lS869NUQcOoyfekgEMy23PG+byYSZ4kg2vQoMxNCG+aMuvHRZm+HgUbUDbM2cFwbux52vSHvu4UiYLv9eNC3UdVzS7CIliMt1LPLrOuVld0MWcHJhuE7utKGPsMhNrGoKbj/RPS6WhN1 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(3023799007)(11063799006)(5023799004)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: syipr37XjC52PjAm6maDYhAglRA840YLj7G8Qrf1wI2Fe+xeM41+QGZGTPub9pe7VMah3bNNj25I0Pp4tnOMmQSSUTf/Z1SybfdRFIRblf3ftL+SFmDbOpQc40Unuo7Q5hFUU93xbfb+kn4o8gyDiIL5HpKLeFGUIA+/nl7viVZNoorIofwsY8is9ssRwDqn52uqWTTXmzI9vGz2EksTxBcSju3I3D1Ta7Kqu0AJmAnxtMoGwQdDLz8PqbvMKPJn3jU/iqoXsa5SBz601/LHr2vtFaAHPMDuaHd27ZTMxy6eYmUMgwsPsOORKamuH3LBeNgy0bsJN01+xtLeed3uWqQUgwcJuak7ynw8qFrep/PFT1c6KEBh1ifWLZwJilRMmU7/aoge54h2LXi+WqZ0sVanbTTzjnqoHIxPyubbX3+p5rJ2CgCRJS9QMYHQ73rFHhw61Plb2cKVZBOUbEjh0etzsThIvGpa9ZtWPSQHv3G52K655dDbFH4dHm2VsYNaJSCPZrYCeHpQje4bVKNrQddHDaXMmwzK3Q0i+eFZn9J3Jz/sEO9KTKffsoaFnmvfJHwdsaH7OPRFW5whwtumKAfOndgxNQ/DjuPtcVIN6FYI+Q8RDlTLnwntDOnFy7KnTM+1wVl7HKyIRnJJ3J5Qq0J8u8iLHSUd7VUXPeE90NaNUEd0RUxf1vfAmFrDyuAmM/P0XjF3VOcjKqL1bIcdA9t8C/9YBolDwU25CU/nePa2obQ8tEK1bgBxwBNpNopY4eBRSdynuy1FESP7oy+DY5X2vOIWlZeKwwPSzAuirtCHG6eFgqlVW0QoK6xBZcjnCo2rA4Rh7JcjWQFLoXoqdpDu6KoTfxY/Qp8hbMuShykYw4pHXa0/mxv6CM6Q/DOQ4UsfMbF+ko4gwAmbiRd/hDHfs/2E75hjh7oKj18e4WdmFt/UBKGcXpcz5zwttDcnkK2B8CA+O7dDSAlQAiQbvt3bsA4XqGz26KjKB2oiFyvKmgfOBIB/i10FFMIBsMqj+BS+NUMPKYjgElqBpbg8XVPKAyoiz/EbAS69O8JuVyRlN9AI3K6BHWZzTVxGPkjowlxXIBgQK5fS1JhbQ5PJesSJPoYzkPtJpBgaWWqrV1mDtIb0+uitx7ZeCxvVq2bIvLQVQxZbXmCkD5I+WS/BRZ1PEpit1CZcQllOZz8rLXZ1O81UN1DPUjc8AmOYGHvmlenZezbFhodg1dpUZOHcNmgLAkAti0nC7X9cO+cRpwrF9hDaN6UDUkQktUsFsYERC2s5NWKbRCoTPeZyDZPv7zDdVeIpbDI3mxiMxeYYkReZGRgK1c29RXxeya+jxDzwNNpW5Fr0XCsdmkMqWX2BwqgICcl//5wFAyABwUwmy+v+6zCQEmDBk6JT2hN1zYciBsEyRLUt51dmTc/rCrFuibfFdnqx7J0RmILAqhqIj5BNhIPNhlqZh178hQh/sQcpbJ2lXaNly3yhqc7t1KwtIEUbzTOhSdComjLX5xXKyqsp2wJNGcdwCJL2woTGJCrOopojSmMk4iA4R/0RXKTgisxEBHdDcdBc6kndWGeqMgq9Ey29tGGGsaFTVP1opKGsNSGS5Um/fMaTnmN+qAUpNKe58mqRLA7WB5DDcZpSoy/Vpz3FK01XmOKecnu5IOBW5tW1/aCZOXubO/63NLWZ9uNaAnFqy4A/pusaangCA2aRr/M/S7s4qmj0lln1Br9pnpIWsKqmaSCye2DNCB4Db228pJxREl5pNZSn2g9l0kI= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e23c998c-818a-4bda-dad7-08dec62367b6 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:10.1799 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FVXVEnG0xcREXZxq9dS+ym0q8gsHGowh4lk6kGUS2IO12nz5Bmf0CcG6IuMEDDw6WyKRtciDZd0DDqLPmJLmV+knkBbmq2XsfMDu+KZrJWE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=dgzbWPw1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Currently isar requires passwordless sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). We intentionally do not switch the build_system in isar.yaml resp. the KAS_BUILD_SYSTEM in the menu KConfig, as there is no kas release with support for the new modes as of today. We further don't want to break backward compatibility with older kas versions of the isar examples. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 20 +++++ doc/user_manual.md | 2 + meta/classes-global/base.bbclass | 86 ++++++++++++++++++- meta/classes-recipe/deb-dl-dir.bbclass | 9 +- meta/classes-recipe/dpkg-base.bbclass | 22 ++++- meta/classes-recipe/dpkg.bbclass | 17 ++-- .../image-locales-extension.bbclass | 9 +- .../image-tools-extension.bbclass | 84 ++++++++++++++++++ meta/classes-recipe/image.bbclass | 7 +- .../imagetypes_container.bbclass | 4 +- meta/classes-recipe/imagetypes_wic.bbclass | 6 +- meta/classes-recipe/rootfs.bbclass | 52 ++++++++--- meta/classes-recipe/sbuild.bbclass | 24 +++++- meta/classes-recipe/sdk.bbclass | 10 ++- meta/conf/bitbake.conf | 7 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 18 ++-- .../sbuild-chroot/sbuild-chroot.inc | 24 +++++- 17 files changed, 359 insertions(+), 42 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 552051ad..6d5b6ba3 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1103,3 +1103,23 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Rootless isar execution + +Isar is able to run without the need for `sudo` in an environment that +allows unprivileged users to unshare the kernels `user namespace`. Further, +a sufficiently large set of sub ids needs to be configured in `/etc/subuid` / `etc/subgid`. +This range should be `> 65536`, but smaller ranges might work as well, depending on the +ids used in the rootfs. + +A simple check if rootless is supported can be done by running: + +```bash +mmdebstrap --unshare-helper /bin/echo "rootless supported" || echo "rootless not supported" +``` + +To enable rootless builds, set the bitbake variable `ISAR_ROOTLESS = "1"`. +This internally switches the chroot mode from `schroot` to `unshare`. + +When using kas, the `build_system` needs to be set to `isar-rootless`, which currently +requires a development version of kas (for details, check the kas mailing list). diff --git a/doc/user_manual.md b/doc/user_manual.md index 396e1b90..dcc3f560 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -75,6 +75,7 @@ Building `debian-trixie` requires host system >= bookworm. Install the following packages: ``` apt install \ + acl \ binfmt-support \ bubblewrap \ bzip2 \ @@ -89,6 +90,7 @@ apt install \ qemu-user-static \ reprepro \ sudo \ + uidmap \ unzip \ xz-utils \ git-buildpackage \ diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 90e4525e..7167cbb1 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,9 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - run_privileged rm -rf --one-file-system "$TMPDIR$i" + [ -d "$TMPDIR$i" ] || continue + find "$TMPDIR$i" \( ! -user "$(whoami)" -type d -prune \) -exec ${RUN_PRIVILEGED_CMD} rm -rf --one-file-system {} \; + rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -380,7 +382,28 @@ def deb_list_beautify(d, varname): # shall be used outside of this class. def insert_isar_mounts(d, rootfs, mounts): + """ + In unshare mode, all mounts must be created after unsharing the + mount namespace. As needs to happen within the unshared session, + we implement it as a code generator. Note, that the random and urandom + mounts are needed for DDI images. + """ lines = [] + to_touch = ['/dev/null', '/dev/random', '/dev/urandom'] + to_mkdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('touch ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_touch])) + lines.append('mkdir -p ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_mkdir])) + lines.append('mount -o bind,private,mode=666 /dev/null {}/dev/null'.format(rootfs)) + lines.append('mount -t devpts -o noexec,nosuid,uid=5,mode=620,ptmxmode=666 none {}/dev/pts'.format(rootfs)) + lines.append('( cd {}/dev; ln -sf pts/ptmx . )'.format(rootfs)) + lines.append('mount -t tmpfs none {}/dev/shm'.format(rootfs)) + lines.append('mount -o bind /dev/random {}/dev/random'.format(rootfs)) + lines.append('mount -o bind /dev/urandom {}/dev/urandom'.format(rootfs)) + lines.append('mount -t proc none {}/proc'.format(rootfs)) + # we do not unshare the network namespace, so we cannot create a sysfs, hence bind-mount + lines.append('mount -o rbind /sys {}/sys'.format(rootfs)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) inner_full = os.path.join(rootfs, inner[1:]) @@ -389,7 +412,18 @@ def insert_isar_mounts(d, rootfs, mounts): return '\n'.join(lines) def insert_isar_umounts(d, rootfs, mounts): + """ + In unshare mount we don't unmount the system mounts but just + remove the mountpoints. + """ lines = [] + to_unlink = ['/dev/null', '/dev/random', '/dev/urandom', '/dev/ptmx'] + to_rmdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('rm -f ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_unlink])) + for d in ['{}/{}'.format(rootfs, _d) for _d in to_rmdir]: + lines.append('[ -d {} ] && rmdir {}'.format(d, d)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) mp = '{}/{}'.format(rootfs, inner) @@ -397,11 +431,52 @@ def insert_isar_umounts(d, rootfs, mounts): lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) return '\n'.join(lines) +def get_subid_range(idmap, d): + import getpass + with open(idmap, 'r') as f: + entries = f.readlines() + for e in entries: + user, base, cnt = e.split(':') + if user == os.getuid() or user == getpass.getuser(): + return int(base), int(cnt) + bb.error("No sub-id range specified in %s" % idmap) + def run_privileged_cmd(d): - cmd = 'sudo -E' + """ + In unshare mode we need to map the rootfs uid/gid range into the + subuid/subgid range of the parent namespace. As we usually only + get 65534 ids, we cannot map the whole range, as two ids are already + used by the calling environment (root and builder user). Hence, map + as much as we can but also map the highest id (nobody / nogroup) as + these are used within the rootfs. It would be easier to use + mmdebstrap --unshare-helper as command (which is also internally used + by sbuild), but this only maps linear ranges, hence it cannot map the + nobody / nogroup on the default subid range. By that, we have to avoid + the nobody / nogroup when building packages in this case. + """ + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + nobody_id = 65534 + uid_base, uid_cnt = get_subid_range('/etc/subuid', d) + nobody_subid = uid_base + uid_cnt - 1 + gid_base, gid_cnt = get_subid_range('/etc/subgid', d) + nogroup_subid = gid_base + gid_cnt - 1 + cmd = 'unshare --mount --pid --uts --ipc --user' \ + ' --kill-child' \ + ' --setuid 0 --setgid 0 --fork' \ + f' --map-users 1:{uid_base+1}:{uid_cnt-2}' \ + f' --map-groups 1:{gid_base+1}:{gid_cnt-2}' + if uid_cnt < nobody_id: + cmd += f' --map-users {nobody_id}:{nobody_subid}:1' + if gid_cnt < nobody_id: + cmd += f' --map-groups {nobody_id}:{nogroup_subid}:1' + cmd += " --map-root-user" + else: + cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) return cmd +UNSHARE_SUBUID_BASE := "${@get_subid_range('/etc/subuid', d)[0] if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '0'}" +# store in variable to only compute once and make available to fetcher RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" run_privileged() { @@ -415,5 +490,10 @@ run_privileged_heredoc() { run_in_chroot() { rootfs="$1" shift - ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" + + rootfs=$rootfs run_privileged_heredoc <<'EORIC' "$@" + set -e + ${@insert_isar_mounts(d, '$rootfs', '')} + chroot "$rootfs" "$@" +EORIC } diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 792b8b80..aa8b44cc 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -122,8 +122,13 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ run_privileged_heredoc << ' EOSUDO' - mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + mkdir -p "${rootfs}"/var/cache/apt/archives + chmod 777 "${rootfs}"/var/cache/apt/archives + else + mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + fi EOSUDO # nothing to copy if download directory does not exist just yet diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e8721c79..a0d4fd05 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -168,12 +168,30 @@ dpkg_schroot_create_configs() { EOSUDO } +dpkg_chroot_prepare() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + dpkg_schroot_create_configs + fi +} + +dpkg_chroot_finalize() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + schroot_delete_configs + fi +} + +dpkg_prepare_unshare_ccache() { + mkdir -p "${CCACHE_DIR}" + # sbuild id from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110942 + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX -m u:${@int(d.getVar('UNSHARE_SUBUID_BASE')) + 999}:rwx "${CCACHE_DIR}" +} + python do_dpkg_build() { - bb.build.exec_func('dpkg_schroot_create_configs', d) + bb.build.exec_func('dpkg_chroot_prepare', d) try: bb.build.exec_func("dpkg_runbuild", d) finally: - bb.build.exec_func('schroot_delete_configs', d) + bb.build.exec_func('dpkg_chroot_finalize', d) } do_dpkg_build[network] = "${TASK_USE_NETWORK_AND_SUDO}" diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index e693800c..1b2616db 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -85,7 +85,10 @@ dpkg_runbuild() { ext_deb_dir="${ext_root}${deb_dir}" if [ ${USE_CCACHE} -eq 1 ]; then - schroot_configure_ccache + ${ISAR_CHROOT_MODE}_configure_ccache + fi + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + sbuild_add_unshare_mounts fi profiles="${@ isar_deb_build_profiles(d)}" @@ -109,24 +112,28 @@ dpkg_runbuild() { DSC_FILE=$(find ${WORKDIR} -maxdepth 1 -name "${DEBIAN_SOURCE}_*.dsc" -print) - sbuild -n -c ${SBUILD_CHROOT} --chroot-mode=schroot \ + sbuild -n -c ${SBUILD_CHROOT} \ + --chroot-mode=${ISAR_CHROOT_MODE} \ --host=${PACKAGE_ARCH} --build=${BUILD_ARCH} ${profiles} \ ${@'--no-arch-all' if 'cross' in isar_deb_build_profiles(d).split() else '--arch-all'} \ --no-run-lintian --no-run-piuparts --no-run-autopkgtest --resolve-alternatives \ --bd-uninstallable-explainer=apt \ --no-apt-update --apt-distupgrade \ --chroot-setup-commands="echo \"Package: *\nPin: release n=${DEBDISTRONAME}\nPin-Priority: 1000\" > /etc/apt/preferences.d/isar-apt" \ - --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;\" > /etc/apt/apt.conf.d/50isar-apt" \ + --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;${@'\nAPT::Sandbox::User root;' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''}\" > /etc/apt/apt.conf.d/50isar-apt" \ --chroot-setup-commands="rm -f /var/log/dpkg.log" \ --chroot-setup-commands="mkdir -p ${deb_dir}" \ --chroot-setup-commands="find ${ext_deb_dir} -maxdepth 1 -name '*.deb' -exec ln -t ${deb_dir}/ -sf {} +" \ --chroot-setup-commands="apt-get update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"" \ --finished-build-commands="rm -f ${deb_dir}/sbuild-build-depends-*-dummy_*.deb" \ --finished-build-commands="find ${deb_dir} -maxdepth 1 -type f -name '*.deb' -print -exec cp ${CP_FLAGS} -t ${ext_deb_dir}/ {} +" \ - --finished-build-commands="cp /var/log/dpkg.log ${ext_root}/dpkg_partial.log" \ + ${@ '--finished-build-commands="cp /var/log/dpkg.log $ext_root/dpkg_partial.log"' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } \ --build-path="" --build-dir=${WORKDIR} --dist="${DEBDISTRONAME}" ${DSC_FILE} - sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + # TODO: port to unshare backend + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + fi deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 029caec7..9bb43a8d 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,8 +29,12 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - run_in_chroot '${ROOTFSDIR}' \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS') if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '')} + chroot ${ROOTFSDIR} \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge +EOF } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" @@ -62,6 +66,9 @@ __EOF__ # Install configuration into image: run_privileged_heredoc <<'EOSUDO' set -e + + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), '')} + localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 then diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index 766f386d..cc046fdb 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -16,7 +16,14 @@ do_image_tools[depends] += " \ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DIR_IMAGE}:${PP_DEPLOY}" SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" +# only used on unshare +ROOTFS_IMAGETOOLS ?= "${WORKDIR}/rootfs-imgtools-${BB_CURRENTTASK}" + imager_run() { + imager_run_${ISAR_CHROOT_MODE} "$@" +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" @@ -103,3 +110,80 @@ generate_imager_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} \ < ${WORKDIR}/imager.manifest } + +imager_run_unshare() { + exec 3<&0 + + # ignore everything before '--'. If the remaining list is empty, + # assume a here document is passed via stdin + while [ "$#" -gt 0 ]; do + case "$1" in + --) shift 1; break ;; + *) shift 1 ;; + esac + done + + if [ "$#" -eq 0 ]; then + set -- "$@" '/bin/bash' '-s' + fi + + local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${ROOTFS_IMAGETOOLS} + tar -xf "${SBUILD_CHROOT}" -C "${ROOTFS_IMAGETOOLS}" + mkdir -p ${ROOTFS_IMAGETOOLS}/isar-apt + cp -rL /etc/resolv.conf "${ROOTFS_IMAGETOOLS}/etc" +EOF + + # setting up error handler + imager_cleanup() { + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} + } + trap 'exit 1' INT HUP QUIT TERM ALRM USR1 + trap 'imager_cleanup' EXIT + + if [ -n "${local_install}" ]; then + echo "Installing imager deps: ${local_install}" + + distro="${BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + if [ ${ISAR_CROSS_COMPILE} -eq 1 ]; then + distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + fi + + E="${@ isar_export_proxies(d)}" + deb_dl_dir_import ${ROOTFS_IMAGETOOLS} ${distro} + ${SCRIPTSDIR}/lockrun.py -r -f "${REPO_ISAR_DIR}/isar.lock" -s <<'EOAPT' + local_install=$local_install ${@run_privileged_cmd(d)} /bin/bash -s <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get update \ + -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ + -o Dir::Etc::SourceParts='-' \ + -o APT::Get::List-Cleanup='0' + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades --download-only install \ + $local_install +EOF +EOAPT + + deb_dl_dir_export ${ROOTFS_IMAGETOOLS} ${distro} + local_install=$local_install run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades install \ + $local_install +EOF + fi + + run_privileged_heredoc <<'EOF' "$@" + set -e + mkdir -p ${ROOTFS_IMAGETOOLS}/${SCRIPTSDIR} + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 +EOF + + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} +} diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index bc3f2181..1590f58a 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -188,6 +188,7 @@ SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" python() { image_types = (d.getVar('IMAGE_FSTYPES') or '').split() conversions = set(d.getVar('IMAGE_CONVERSIONS').split()) + chroot_mode = d.getVar('ISAR_CHROOT_MODE') basetypes = {} typedeps = {} @@ -263,7 +264,8 @@ python() { if image_cmd: localdata.setVar('type', bt) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -293,7 +295,8 @@ python() { cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index 8d4f8050..84ea63e7 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -68,7 +68,9 @@ do_containerize() { run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + fi } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 8b048dc7..3e261622 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,10 @@ generate_wic_image() { fi EOIMAGER - run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + fi rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 00d71195..51259068 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -145,7 +145,12 @@ rootfs_cmd() { } rootfs_do_mounts[weight] = "3" -rootfs_do_mounts() { +python rootfs_do_mounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_mounts_priv', d) +} + +rootfs_do_mounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ @@ -168,7 +173,13 @@ rootfs_do_mounts() { EOSUDO } -rootfs_do_umounts() { +python rootfs_do_umounts() { + # unconditionally run the unmount code as this ignores missing + # mountpoints but also does the cleanup of the directories + bb.build.exec_func('rootfs_do_umounts_priv', d) +} + +rootfs_do_umounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e @@ -215,7 +226,11 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + rm -rf ${ROOTFSDIR} + run_privileged_heredoc << 'EOF' + mkdir -p ${ROOTFSDIR} + tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" +EOF # setup chroot run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" @@ -285,10 +300,14 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ - -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ - -o Dir::Etc::SourceParts="-" \ - -o APT::Get::List-Cleanup="0" + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_install_resolvconf" @@ -316,9 +335,12 @@ rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { # download packages using apt in a non-privileged namespace - rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot ${ROOTFSDIR} \ + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" @@ -345,8 +367,12 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - run_in_chroot "${ROOTFSDIR}" \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" @@ -654,8 +680,10 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then + run_privileged_heredoc <<'EOF' mkdir -p ${ROOTFSDIR} - run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar + tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} -f rootfs.tar +EOF rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index d9ccce7f..8ca66138 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -7,7 +7,8 @@ SCHROOT_MOUNTS ?= "" inherit crossvars -SBUILD_CHROOT ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" +SBUILD_CHROOT:unshare ?= "${SCHROOT_DIR}.tar.zst" +SBUILD_CHROOT:schroot ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" SBUILD_CONF_DIR ?= "${SCHROOT_CONF}/${SBUILD_CHROOT}" SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}" @@ -144,6 +145,13 @@ END EOSUDO } +unshare_configure_ccache() { + # ccache must be below /build for file permissions to work properly + cat <<'EOF' >> ${SBUILD_CONFIG} +$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"; +EOF +} + sbuild_dpkg_log_export() { export dpkg_partial_log="${1}" @@ -152,3 +160,17 @@ sbuild_dpkg_log_export() { cat ${dpkg_partial_log} >> ${SCHROOT_DIR}/tmp/dpkg_common.log ) 9>"${SCHROOT_DIR}/tmp/dpkg_common.log.lock" } + +# additional mounts managed by sbuild +sbuild_add_unshare_mounts() { + dpkg_prepare_unshare_ccache + + cat <<'EOF' >> ${SBUILD_CONFIG} +$unshare_bind_mounts = [ + { directory => '${WORKDIR}/rootfs', mountpoint => '${PP}/rootfs' }, + { directory => '${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO}', mountpoint => '/isar-apt' }, + { directory => '${REPO_BASE_DIR}', mountpoint => '/base-apt' }, + { directory => "${CCACHE_DIR}", mountpoint => "/ccache" } +]; +EOF +} diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 16165792..7a8d5ff4 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -74,13 +74,17 @@ rootfs_configure_isar_apt_dir() { ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} +EOF } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" sdkchroot_finalize() { - - rootfs_do_umounts + rootfs_do_umounts_priv # Remove setup scripts run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 6db10eb3..635b7ea3 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -69,7 +69,7 @@ KERNEL_FILE ?= "${@ 'vmlinux' if d.getVar('DISTRO_ARCH') in ['mipsel', 'riscv64' MACHINEOVERRIDES ?= "${MACHINE}" DISTROOVERRIDES ?= "${DISTRO}" -OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:forcevariable" +OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:${ISAR_CHROOT_MODE}:forcevariable" FILESOVERRIDES = "${PACKAGE_ARCH}:${MACHINE}" # Setting default QEMU_ARCH variables for different DISTRO_ARCH: @@ -148,6 +148,10 @@ ISAR_APT_RETRIES ??= "${@'10' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAP ISAR_APT_DELAY_MAX ??= "${@'600' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAPSHOT')) else ''}" ISAR_APT_SNAPSHOT_TIMESTAMP ??= "${SOURCE_DATE_EPOCH}" +# Rootless build execution +ISAR_ROOTLESS ??= "0" +ISAR_CHROOT_MODE ??= "${@'unshare' if bb.utils.to_boolean(d.getVar('ISAR_ROOTLESS')) else 'schroot'}" + # Default parallelism and resource usage for xz XZ_MEMLIMIT ?= "50%" XZ_THREADS ?= "${@oe.utils.cpu_count(at_least=2)}" @@ -203,6 +207,7 @@ CCACHE_DEBUG ?= "0" # Variables for tasks marking # Long term TODO: get rid of sudo marked tasks TASK_USE_NETWORK = "1" +# nested namespacing requires this as well TASK_USE_SUDO = "1" TASK_USE_NETWORK_AND_SUDO = "1" diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index eba6ea85..7d3e8a2c 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -162,6 +162,8 @@ do_bootstrap() { line="[trusted=yes] ${line}" fi echo "deb-src ${line}" >> "${WORKDIR}/sources.list.d/base-apt.list" + echo > ${WORKDIR}/mmtmpdir + chmod 666 ${WORKDIR}/mmtmpdir # no need to sync /var/cache/apt/archives if base-apt used syncin='echo skip sync-in' @@ -178,12 +180,14 @@ do_bootstrap() { mkdir -p \$1/base-apt && \ mount -o bind,private '${REPO_BASE_DIR}' \$1/base-apt && \ chroot \$1 apt-get update -y \ - -o APT::Update::Error-Mode=any && \ + -o APT::Update::Error-Mode=any \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} && \ chroot \$1 apt-get install -y dpkg && \ umount \$1/base-apt && \ - umount \$1/$base_apt_tmp && rm ${WORKDIR}/mmtmpdir && \ - umount $base_apt_tmp && rm -rf --one-file-system $base_apt_tmp" + umount \$1/$base_apt_tmp && \ + umount $base_apt_tmp && rmdir \$1/$base_apt_tmp" else + # prepare dl_dir for access from both sides (local and rootfs) deb_dl_dir_import "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" bootstrap_list="${WORKDIR}/sources.list.d/bootstrap.list" @@ -203,6 +207,7 @@ do_bootstrap() { -o Dir::State="$1/var/lib/apt" \ -o Dir::Etc="$1/etc/apt" \ -o Dir::Cache="$1/var/cache/apt" \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ -o Apt::Architecture="${BOOTSTRAP_DISTRO_ARCH}" \ ${@get_apt_opts(d, '-o')}' extra_essential="$extra_essential && $syncout" @@ -226,7 +231,8 @@ do_bootstrap() { mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + ${@'' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'run_privileged'} \ + TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -244,6 +250,7 @@ do_bootstrap() { --customize-hook='sed -i "/en_US.UTF-8 UTF-8/s/^#//g" "$1/etc/locale.gen"' \ --customize-hook='chroot "$1" /usr/sbin/locale-gen' \ --customize-hook='chroot "$1" /usr/bin/apt-get -y clean' \ + ${@'--skip=output/dev' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --skip=cleanup/apt \ --skip=download/empty \ ${MMOPTS} \ @@ -258,7 +265,8 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged find ${WORKDIR}/dl_dir -maxdepth 1 -mindepth 1 -exec rm -rf --one-file-system "{}" \; + rmdir ${WORKDIR}/dl_dir fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc index aa62b324..054d7fc2 100644 --- a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc +++ b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc @@ -66,8 +66,28 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "rootfs_cleanup_base_apt" DEPLOY_SCHROOT = "${@d.getVar('SCHROOT_' + d.getVar('SBUILD_VARIANT').upper() + '_DIR')}${SBUILD_SCHROOT_SUFFIX}" -do_sbuildchroot_deploy[dirs] = "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" -do_sbuildchroot_deploy() { +sbuildchroot_deploy_tree() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_SCHROOT}" } +sbuildchroot_deploy_tar() { + lopts="--one-file-system --exclude=var/cache/apt/archives --exclude=isar-apt" + # we cannot use pzstd, as this results in a different magic + # (zstd skippable frame) which is not detected by sbuild + # https://salsa.debian.org/debian/sbuild/-/blob/d975d388a98627a0d7d112791e441c27a6d529df/lib/Sbuild/ChrootUnshare.pm#L608 + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${DEPLOY_SCHROOT}.tar.zst + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} +} + +do_sbuildchroot_deploy[network] = "${TASK_USE_SUDO}" +do_sbuildchroot_deploy[dirs] += "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" +python do_sbuildchroot_deploy() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('sbuildchroot_deploy_tar', d) + else: + bb.build.exec_func('sbuildchroot_deploy_tree', d) +} addtask sbuildchroot_deploy before do_build after do_rootfs From patchwork Tue Jun 9 12:33:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5128 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:23 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f56.google.com (mail-pj1-f56.google.com [209.85.216.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYLTC005633 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:22 +0200 Received: by mail-pj1-f56.google.com with SMTP id 98e67ed59e1d1-36d98b76d12sf3830975a91.2 for ; Tue, 09 Jun 2026 05:34:22 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=ea2sDarSfvuF8u6nmxeo3/yf1OLO3cavA7cT4RsvkCmNc8+8hpqA7xWe/tM8JmQeA7 7rp/2mTUOi4c/s1CaF/INMwdH+F76oBs13DLIsP5UYmBtKw4DavPX9QxiS9rbpREmq08 KbhE7OZVabCD54a4E5i7CDder1ovUNGMGXqumqI4rgNA9yB+E+v0JhrHhz4qv4fYvQN5 8gNbry1NLUxskz/WkZmv9PhfSt9IQPsEJgb4j4nrY0jylR3ZK6klD7l1Dgk8Gnd/bQAk IMEnKiv0bk6yKjh1/1EsbEqnl8pfiuqFIgBRqANNKN0RFlnNtn+Hk//qgrL009iaQ08g szxQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=soSFmU/+UlF5c9A6+6CBColOCMDdnEYizysuohk+RUg=; fh=6kMp3nmzQ0GPE+iVxiiEWAfuaSqdV4XSPWTNNAaNFuo=; b=H+EmG3rCzlD1fcGe2jhqU2kNhJzLWRgCF1n2DjUSaqUqGN2uKLzn37nhRq3tTpsjLn y0JreYwmsXBNXFFZ87/Bv1gUqKvIctn32Lz5QYlTX7VeXDGa0h260d57bLKZqOYQ9bK3 bkjmmQ8UJ3NuV3nQ3vdR6h3Ajy/3Y4ty52C2EnPLs2dX9MTIAhHY/KVEzwdtne8fQ6l/ Au8aFLggF6+fY4i3jOBkb0li5lO6btRMGPQldJBxdlyMPY31AMMyDQHEtQal/JbcgTcs mGReMUAwuA1TZF2gvgBTWUzrpJYTpEPgdP4b7ynR8OLq+eV5McL0PFqADUeRaAra5Axh r+Pg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="HE+Nevg/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008456; x=1781613256; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=soSFmU/+UlF5c9A6+6CBColOCMDdnEYizysuohk+RUg=; b=lE8+0IJm8NAkxu+pXy9ofTy+GqzW+IBpwhnceoWxiauPUI5nL5fejIqd51axYUR/Bd a7denRurSSghtaB3bq6iJZETeyp83DsecKiZgbccUVYUhL/D1PRQwqhy8Ue9kNX87rvk 1kkAB/JOHFgKfIhkLNglT2MBsjgAGDCsgjTZ28wgRkagM+qfRXgv6wO/4jgtvFivyake RfqfWo2Jp1g+s8YvvzctcI+o4nofX8/CS6p3nws1ayEmQICiQeQFaOt3zllk/kJMZ5uE JO9I1l7AVmu21OmMQMncYldofyoi3Vea9iN6kuCThamMIKz5kpYEFkz9U4qNQYPWbziw 7F8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008456; x=1781613256; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=soSFmU/+UlF5c9A6+6CBColOCMDdnEYizysuohk+RUg=; b=I3G4OriJmQY8OH3VBj/6RHd/mlZGeW1Ugq/lxBWN1Oeg390gXZj8ACcDPwBOToPrCv /bjzcF4p1VkylkEL+oKvtBvRXJlPRGsJiNGF344n2wfq+Ceic+SLSh/NWHEojXp1wdQt YAHoqXOApCyAbAoqjtgWubtLEC+HLPsnFD/bh1VYe0fgDV/ZIwTuNl6BbZfaAh9QKgTd HRLlBJ8zFjhUCQ6F1NExMww9aWbGQv9Z7sx3blMrCE6yr5kKKp4b0dr24NDuump9VWif xOXz9fIjYX1+s6mFnpAOTG7OGyNlDUQXoD8PO5fT4KKjSaIta5hwr+TUYEXlE4XP9ikH chow== X-Forwarded-Encrypted: i=3; AFNElJ8Hv0Lq72iX0cYn7QrBmn/gUjPuILtZC1jNMw5xqjAoU/0TKarDiTNpVPPajFyWahEEcnhhOB0=@isar-build.org X-Gm-Message-State: AOJu0YxxG/QpShxaenYvyJIT7O0ayEa/LJ97hgzSEoTm+YKx9MrvJAFp Pv8P0Tf9cjwTFr+cp7eYGuA5vXR6Ll9/Y1c+45TAgfObeS+WpBSIwpQt X-Received: by 2002:a17:90b:2f4b:b0:35b:9894:f6f9 with SMTP id 98e67ed59e1d1-370f076d7d8mr20001710a91.18.1781008455651; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcqSi/DXGwbLgL8U8FHu0WKG+2FoPhiwBzVbl5GLy23Nw==" Received: by 2002:a17:90b:4d8d:b0:367:fe67:da3f with SMTP id 98e67ed59e1d1-36f68de7caels7766873a91.1.-pod-prod-02-us; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) X-Received: by 2002:a17:90b:2d4e:b0:36d:cc9b:2f67 with SMTP id 98e67ed59e1d1-370f0c4d5bamr20336865a91.19.1781008454054; Tue, 09 Jun 2026 05:34:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008454; cv=pass; d=google.com; s=arc-20240605; b=jf1BvzdmHuu7x9GJWOX7D7X16Xok3Wyts+Gx9vE7yMQrA9dzq5tCrfPksgPUjRu4l3 UM9nXl8nqScIHfS6u+NoG5H6yutsHQIDguFcoiFdATVOQF5CGPcZslLaT9VxijirfaEe H5cPBXiaC4A2ZhBnVybFOHP1TzjodGrVTT7S8RqC2HY9TpP67MwNZG3ZcqRBxYVKaPfx 6WEy9NuGNbqq1V89OO67cJIk86Tc4LZ+cNomf68B1QNbZ3oMghcQ7UWh/9A1v8GA+0nq wDLfMHYMYJGBZMpcIP1dJAoux4mn4lZm7hp/paAFWPyQ7l8IvyJjuF/UAhXOqdtqAeYD bPOw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=WrSupa5Ua7sDgGewyzsPqwurv9OsmMjTz8Q2jRj7JlE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Xd80jcE0LFk0gh8eKMqoLeUNy2cr4ESntRQzATc7k8VMRIfw+tHNz94Sd2GdnS/L2m 6crrULWoKBp+QF9Yqx2J4eud8xNSG1cPx/0gUhxzeIs8uhM+VPtA4OEQY0v0YKNBkgws 2yhuPrwAY/eJfw99OOHqH9aY5Gdu69FDQa8QmgLWNhbaL8hsUZqMYQEJvXGrKZsBamjR VPqtd/RhtUV/40MyELAut+Q+E3/i5ibVeEo+dvEWuagnEoz2GaQOjModOXhXoocY15Si +dpQICWKlDOzIbqkFRccKMJk/ul1sDhpUyDgnguJM/TBKpDJNeGLptEvxCUQrWNz9Pcv 4PNw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="HE+Nevg/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:14 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=u95Sr5kIeSipD4tvbQFqeqy2Ed2OYvJGFyNqgzcGwYlPqtXQMITX+tifD1r+kawbjU5RB7yT6FT9+jy2Wy9U6btE57/lDk6D94qZoYIAAValmmmm/oBtoB6V2pgoWK1wm5BllL5+HK2gXtf0jWOTiKimRlBV90m+dLiGwhL/fNNeVdpYVcTlVMRh2SPMmzubi1ecEUD3LfrInpUFfEkdPp277CgdyTXgKxogT70kZ2Cjxx2IeCSxZPczn+cFIKIMy3TAkEofVGlHOSCvBPoSvHKWs/K0ivwiGPZGE4CjoEsw1uZyS5F9vN61ShSq7Rd844R/3NXlwsU3ssMk/bB2QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WrSupa5Ua7sDgGewyzsPqwurv9OsmMjTz8Q2jRj7JlE=; b=YTpPj2Z2AZwZ5iWDjJldFTv4cwlurNP90to/xy747sMCUFjowLbTeRcZ25pUfXIBgYsaSD7L8anXKimrYCJiqDo4QjxkqSlO86X7g7LH5lD8EdKhKThp95dupnXkY6rEVGVKWisKdGV9OV5xp/iM1BfL1yd0mu+zohhW1o0rwTFEbE5678eb4o9Dzi6Eo2yHJ95zUlPMAkeSumDLcZTqX5C9n8dx8n/elkgdMR2rEtH98VMpV2IiM0tCsZeZlfygEk9gsV93bcNKIyiikg/At5/2nZLiWl1CBeJdFfQH5+cbNdbTlCTnqEMJRP5eLoi+hhFJeN2jLIVLUl7JP6DHZg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:10 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:10 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 11/17] add helper script to clean artifacts in build dir Date: Tue, 9 Jun 2026 14:33:49 +0200 Message-ID: <20260609123355.2368573-12-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: 0aa2b9d9-aad2-4850-3d84-08dec623681e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|3023799007|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: svVOrQvnEaHSS13AxdTwA4yKIgUD/+vibovpkNqYUF1Bfc4dXaba6Zey/uWETQ92wSf2sQoBWZKSCmOtmf3rvZht+BLc1gsklG886irB+yxf0QroIjGJEb25kgJzgRWM3YVjvIz7AUFeWejSeMSOhI8z70hby1JUNa1NymE7hHQYU4miCSFGFE09ovlfbSUcFo0eS6GBPkkmr/FVNAL4m6NJ+77GopZ8PxKq+YJu5DGtCDASHkMwlDaObj0yAxmAHwmHcPDBhs/uCz0J4DT6GHD77ra8RyD41cILcjLaUHif10uWjFFbkvFLV81y7h6yDd4R6uDFiSkaNMan7oxNVuSasKQCXunBvzk9zBY0rC44wxe27UUPLjlG598JAADZFfZx/oUiBj3hiKSn28iB08+xOgOLp7bZc83Z7Ybnuv52NrEdbHit2lroQMRmFa0F//EuP/hW5SqG6+5mE4o17NVhIKKsdx9/PM1jy1SLeQV81PfCcYNDXsr7dDqojNf4Px7vCmVFTl19YIs/NNUtKE9pOUf7q8UA0DsBK2rQ+xPsjnBNnT5kvvOr6DH3UsXsJRIb7ZVplXf+KjEXemZsDSadnILP0VUV4JdyogzpfWVFy8dyjXCRH3ww60cNMbf5qfJQsZF4z70M7OJivuEaF1uAM051BCZHBuJjNxgozABCeDOUqcHxx/k8y+Qbt8E2 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(3023799007)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: kgKyIuzBsLRmBWEe/joM6g1G63wAXUGuVnxrQ3eeQMjKyJVhvroEAs3IgYiqnAJNZ6N/svczuTuWeFTZhp3QFhtlkF4M0c0kNyy9zjHLmikafHP2vwRA4UhGhoqaL9NU2yXy+fFCAHJq5yhGR4yPU2Hz5sSG0hySogounRfoXxnZAEBQ/Hg4WuJwddv/IxnlvL4o0q7Vyy9jGDhb+MlSXI/eYbC6cEiw9U2Xyj1FJFckKFdAJS0Ym+8QsaVvPsATVr70b02M2h3Gps4IWcUIurjneG+Uxwt7RHYsahOFoZSCL6ZFmaxjIaT8viZqrk3qCQB/Yehb4ywLgLdf7NMbVM7MI50oGWf78ry14OnkmqTlkbCuOYRtA3m+otfN0RJKc9fn4lkhma9KrlfHx5QjC7hZy/SnxGAnW2Ip9RJx+FeEDRoOSPSYhRxgd/3JgXGizVGmqgJM0XPfq7ZfMJXpGwHgpp8jkYUeCa/RUV6LKDdDLO/vjdZIcCWnOWFkm+6YhpTyOiHFA2vDR5kSJqRXvBMxVDwnl7z//XdDiqL9njdo9qBEATvQ/drmf0iYmpsxBPBiB/Y4DQvrNet0YzBRYjEgMzEzmY3Ek/AQ/74/mjeTbm0kQR9qlGTceCEeFAZcYyc7u3L5khcw0blF5No/m2HLrapDCrlIhWij/IzTvzrm1KjD7s6jxiDRapp+K9R0Pxl+e0RfLz5gxnTySK/pEWTGIb5HBB8WakrlZYkxriTRDNatA4N4jiFAvv3BPrnxPjmwxUgr/PiG6il39dEFHWU7+E2uMhkIP7WT/62yBiI8aF+hEPxCgA5vpk3LEFnyVKECn8epUMmnbSjsSMhWTHf9EICvU7PgrepJhTjEHsgfIboakd29E9RH6KcEWUOIoiuEdyZk/ypz7sZwWspwbBTzKLgHXSMwL33YJ5aVXpyhZeEVnapqVjUQ90L68zrdTWKgiLAAgoa56/GH3rHM4rBGhd9rYSb0ki6G2/6I61mim+ejDhlaIFymqEEMePtGAAutHP5P9iecrQSxd3jKCrceZLeshxg6wh8uewOfebuk1bQaynSApmxJif9oh5n/KXMmcp5s8SNbezn2ty0aQheFiEqq/pdm3BnSp6012NeJE3m57RAwMai3qZUa8D5oXT53gWiIxvU0MeBwrK2IQEgHozgsritC5PCBG6POCv30TCDVNgxF+wu0FMomyNGAiVwGQZULqNInmq5qhiBeqyMZ+XcYK0bzrTwiPEStCQEHeLScNkNUlz1+nyLHz9Np4ojsLrl0Ip1aqlZShn4pycR2SR0DdAz2y29TLuR2zUPCAwMD/PPrkDqGLZVpLSKtQJR/y36kpZtn+hEs6EatsKK4BjyejgsE9y5zWSGtWvd5oiPLY4UOYKRrn9sjL4MwjgQcN7/K3K9JMiPg0xffah/cAGnG0yrcnj5RL0GYmvMx2Z3QMjwVIw+nnJrnxx8wdRB3bOJyNCat1aIFlwZGl5wXEbRJgYMItc+6qpAdBrz2BPJqyF3ZquqgJcMwTyzexCNtUoziFHJAqGcEWNLhpoWpspGFL1JHpoGqZD2SIjAw9gAD4C3TtNuX2EgdYR1pvpy6F4WYUcetbRFQPbLDsRgyAH0InUFin8ifIzJ5Dwx1W1a9QCySK/PbdfbjHxhnnNzPMIsBCE2CU2PpVkMoRWQ10rfthQRdS9BvEwvWP96pw4H2SYh0po8IDxCjcf/3hm4aKBEtbhHVdmR8WtEzVfeChUUz1pFc2b79pbyTKQw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0aa2b9d9-aad2-4850-3d84-08dec623681e X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:10.7511 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SnVC/00SGQ0w5b9mkJ9tg6WYE+U7M3QFxa7t0jwcGG+w8nQu458hX3LsPaShaYmqkia6RuLCrC/7ttOHORPkEJ1RUPw5akLhiFgZMw9yDlA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="HE+Nevg/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When running in rootless mode, cleaning the build directory from outside the build environment is a non trivial task due to mixed file ownerships. To simplify this, we introduce the isar-clean-builddir script that can perform the cleanup without requiring root privileges. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 5 +++ scripts/isar-clean-builddir | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 scripts/isar-clean-builddir diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 6d5b6ba3..dce28af1 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1123,3 +1123,8 @@ This internally switches the chroot mode from `schroot` to `unshare`. When using kas, the `build_system` needs to be set to `isar-rootless`, which currently requires a development version of kas (for details, check the kas mailing list). + +Note, that the build dir may contain files that were generated within the rootless +environment and cannot be deleted from the outside by the calling user. To simplify +the cleanup, we provide the `isar-clean-builddir` script that helps purging +directories with mixed ownerships (without requiring root privileges). diff --git a/scripts/isar-clean-builddir b/scripts/isar-clean-builddir new file mode 100755 index 00000000..6bc90b1d --- /dev/null +++ b/scripts/isar-clean-builddir @@ -0,0 +1,73 @@ +#!/bin/sh +# isar-clean-builddir - Clean the build/tmp directory +# +# This script removes all files from the specified directory, including those +# owned by other users (which requires elevated privileges). +# +# Rootless Mode: +# When --rootless is specified, no privileged commands are executed. This +# requires that the UID namespace where files were generated matches the +# cleanup environment. When running from a container, this script must be +# called from within the same container. +# +# Part of the Isar API. External tools may call this script for cleanup. +# +# Copyright (c) Siemens AG, 2026 +# SPDX-License-Identifier: MIT + +DRY_RUN=0 +ROOTLESS=0 + +usage() +{ + EXIT_CODE="$1" + SELF="isar-clean-builddir" + printf "%b" "Usage: ${SELF} [--rootless] [--dry-run] [dir]\n" + + exit "${EXIT_CODE:-1}" +} + +while [ $# -gt 0 ]; do + case "$1" in + --dry-run) + DRY_RUN=1 + shift 1 + ;; + -h | --help) + usage 0 + ;; + --rootless) + ROOTLESS=1 + shift 1 + ;; + --*) + usage 1 + ;; + *) + break + ;; + esac +done + +[ $# -eq 1 ] || usage 1 +if ! [ -d "$1" ]; then + echo "error: \"$1\" is not a directory" + exit 1 +fi + +if [ $ROOTLESS -eq 1 ]; then + PRIVILEGED_CMD="unshare --map-auto --map-root-user --keep-caps" +else + PRIVILEGED_CMD="sudo" +fi + +if [ $DRY_RUN -eq 1 ]; then + echo "dry-run, not executing" + DRY_RUN_PREFIX="/bin/echo" +fi + +# clean all files that do not belong to us +# shellcheck disable=2086 +find "$1" \( ! -user "$(whoami)" -type d -prune \) -exec $DRY_RUN_PREFIX $PRIVILEGED_CMD rm -rf {} \; +# clean remaining files +$DRY_RUN_PREFIX rm -rf "$1" From patchwork Tue Jun 9 12:33:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5132 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:26 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f63.google.com (mail-pj1-f63.google.com [209.85.216.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYNpm005805 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:24 +0200 Received: by mail-pj1-f63.google.com with SMTP id 98e67ed59e1d1-36b7f696b40sf3320339a91.1 for ; Tue, 09 Jun 2026 05:34:23 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=dT6AMsy1Z4XbyHRG/zDibx4KApZW+4vJ/8Bt00+W7RHIntU9Q5Kg4JAC2LMs4QZJ9R jIg/gX0RPeBGZzLclX6AZvDUtVwkQCDTQAS9ry4NigYOGS5NLeUg2KGACe3sgzYfzDNS bPF+N1HvZa7a20gtT4Sq7LOJkC2fDSzNO+F16Z4S2s3wzMgDkqPo7S3CxR/orUj2QOyZ LQM9DIT07JWSo3Gmz36+y+5yJ1IeWavaNYhGatS8VZxNf7zuQPQ1faWHpC+pzlkUR3vG Dez8IofmavvVGaGQuD9EZj+IjQ0q5IxgQli7h4isuQCV4J6djDzYZgY9TpSrPDlRyqlZ Ixgg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Y7YGd18/2H7C+0I6TXsMeeJwDboRpDG315ky8zcwawY=; fh=B5/nnmVSCahzOfTqF2vnL3PfHCvNl5BEv/kQYPSkSjw=; b=L/6amvIyASgYhA4kCjqOEkVd76l7d0OWph0pdkVDTIjhXRVYI/U6NHnESTM5TqbjvR Yd40dbpolGMXA/dgiCxXE2DwSQL7JdYR4VLCwV1VC0/pAPYglB9E+ozoeXUhlzRi6wcf Au+VHK9/8SR7Kc7AcZK3UpbS6o8tkt4xFcUOIMp/HqYinIOoUBg5jIjC8X+zpTKpg33g pOsnPRMWC8btJkkwF2Oh58sGCGfDSkJhnSg6pdRtbObrJOR3H82GHdxLNwyq6OBt84gy gDEh5Fg7QdS5VVazg18Oh4GJyBBhYHeogqvuDclfrTdW54T2KkePccNhQmHCbtGy0HY2 y3kg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MOUEU1bO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008456; x=1781613256; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Y7YGd18/2H7C+0I6TXsMeeJwDboRpDG315ky8zcwawY=; b=DwcZ0hpy0MWE+edT6bfjPgIVAX8ouSgLhsSVzded33rwMglExgrSr8qYS/SuLiQBLA F9KALqN3vdtqL4sr0lLCPmdgnN8Lw7b4rXDYrC7b63zH9o1/sToE4sZ1+bFn4hFhziVb VBbjtnoOPZ4rITwYn8yL8FQoK/mDIhC3Qaivjv9wl7cmaSCypsH2BnAurtlBL+fVje9e jrk2lopL0SZSG69ol8alKj6DblUlDzP1WZ74GUuEhAZmA8/m0rpqDW5prADObN6IDe+B Ux1s28+d/hpeX6QIPSKRX/C7yVF7NCkXwHQ4mUhMV61s+UoVZ4rwQ410vhCyFu1P5VHm 3+Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008456; x=1781613256; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y7YGd18/2H7C+0I6TXsMeeJwDboRpDG315ky8zcwawY=; b=UM8XsSN/ebiIPkIwkqXAu71AdpoeJUT58+fZ6cg1U4YYWNPKPRYINi0ap7ZTB+c+GE E7RuAQziqMoL4PquiLye7ZVkBvGkKNBJvpOKSQv0UFx2pttn+XIPQ2NEdQ2ooTl8ckpi QoAblZYkoknQOsjtUdeHDHNFlYte5TYUTX1TKXkWAhFJ8v76wZevAP0+Yqk96Bx/uN2x zzSBF82lOCC6Z+xV9QHPs9EnAr855VcXHrjEvHV4oQPK2zx7qNoz2snyol5DjUk7klz6 1ClpFRK4seH1A6XGYBWbCKEGU1XdDoUPslAYy7WQ2UGAfzEBdfcs21PY7uHhsC8iHnaG Z64Q== X-Forwarded-Encrypted: i=3; AFNElJ+Mw5fpOavlp5BYXQ5Iq8HntAe1thsCxpp6ec7qthToqsL3FEk3TlHRYHdAxuWVEWOOk+WUXwc=@isar-build.org X-Gm-Message-State: AOJu0YzOFAF9SKceRAn8CgxRvVvUng3W0iDltmXJfQNrVys5mNZ+9DOp r7IhZyf+OhTJTlk/8Fc8IUCz/TH8i1bsTF0nNDjx0YZzUFTiFn7iddwb X-Received: by 2002:a17:90b:35c1:b0:36b:71e6:3e01 with SMTP id 98e67ed59e1d1-370f0678ed1mr21285479a91.16.1781008456661; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcNcc8oMPXA38BE6SmUW7dZwFEWsls/MP1exzoK9gbEbQ==" Received: by 2002:a17:90b:4d8d:b0:367:fe67:da3f with SMTP id 98e67ed59e1d1-36f68de7caels7766907a91.1.-pod-prod-02-us; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) X-Received: by 2002:a17:90b:4c85:b0:36d:f28a:c5ee with SMTP id 98e67ed59e1d1-370f0f459eamr20905740a91.25.1781008455378; Tue, 09 Jun 2026 05:34:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008455; cv=pass; d=google.com; s=arc-20240605; b=a88IX/QM4OhH+XGrOFXeP8CTFep/ykRVXjtqjv/gjMubHZq+sem+BXmBdRLKVuLveM +FvN7tXTVOrzOyY8mhYQpmr9sbhUfD+Vc4U1tyy+dO4BHQzkL7Bks3g/lwwzkaZVFdkJ iHjX5ik17W6O/RxEUpQ3DGHU40E9RBt10aVm8/2rPTYw/hZ45xv5QYqiyISPYEGmDg/+ A6TmDyShXMtOpscqOp84Pi1mncG/mMIbRv7B8rtiPm3QTZePextWkxZI8nsu5F3aeL+I vRbZz1lwtYGhisSEgsVzoVKqGGsIvPyMc+8iy5LhUI6L76V5502WL14ohEeorL02O+Bq vn9g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Ujv5g2PEPAPy+DHeojPhICfD/v9qCjt81VWlQhX9in1Esfq2EHxXiq+1n1NL44C4sH Il5iCuvFGJG2KAt43fqevaX0KcB/Buib0MFPBFZoPgBg3r1DZlYbyxkhD5Y13SZ6VWbv c8l4kuxUqnedkAx07f9sV0DKQ4VzS0naqWnL8OQeNZjqI8Bwiw2JxUKK86yV3aEiZwEA DPc1b/LzdmcRZKcihrdpphWi38EN/U0QBs/E/oHO9MHAFpqtlXCIc/lxsgpa9HbPn41Y pHk9ht65dQqbZTixa1U9gWg81L9iDrJXrDyKIp2XtrdQtJvkZsMH1soDnuv4pHxjU36D fbEA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MOUEU1bO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:15 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Clh0U93HZAXXg/g2fPc2z8ZpdjQwa1i3YPJlLBRKTHAOGU9v/O8YDQ0wbkRyOjezyRwPVPTK0f/fx+BqN5Sy2hcLpNRY9SAXJyNNrVdNnnxRMQanz2HBI3qSpJZTcXp+gRMQLw5M4S1AZX2WPWfiiUiewWpsQLbeWxwmdOT2IYlEWQdFcF5MkbSGA0kAPVG9tnTsjIvJ8KlAvi40+arty/5YEmUj710m4IRL5+S+dQcB5t6Vo6fuhsTGkT9VHChmTjZMXyz55lg7Q/u5aZ271s6a97bblJQIrJHoy3jXKav1Zx4FE0uxCZhQpMrJT2/GD0Yit0RHJ4q3nEUPvPRcbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; b=SaP0p+zuZ1mJYpcWKkmEDgV4WI/VWuN3uVVffRoJSAy+vOuQbAXHY7LZioxDRttSvEZ3sHKt2NGlqUHySplD7vmcDovMuSv3w8SHJh36jdkrgqTB5g+rHdHgWNBg46puEnzK1NiGZrNZ61HeH3+0lpUxUxUpwDpJmv2a2eJIV8yF4n043+DFJUg2vb3ZZMAWgI14AcI6XYiFo+s63QPKDwh5dPgbNMI2zpnpJYUw9HsPJm5KzNCkjKZTR1R1S3Nx3ztUxETHvkGllzEaOGx2XGv2bKHMyLrfoAcPl7e85As3POyHDppH/SFZG7RO0dh6FEdQESSn0J+GFe7sxGea3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:11 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:11 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 12/17] apt-fetcher: implement support for unshare backend Date: Tue, 9 Jun 2026 14:33:50 +0200 Message-ID: <20260609123355.2368573-13-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: ebf77ffa-8166-4881-d46f-08dec6236877 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: pBpZ/TIuyMeJOL7NKEdjugTELXUJgEImiMqsCZOUa1TqdfTEkPw9Vbgp965PHgd1RrvX/xz6jExKz2Mrm7UwnpdXWMSPLLmSbhJOgDMG/El0fNji0dy7YuQoHKQjqGaHouGyAbSWld/8GzrJBffTbmGpLUWw3mNw0Amt/yNn4J8FQFfJ8fJST5kbgRlwo+Hi1KDH2ukdh3MPCKatnZT9pkyxkEBgt4phSeMrF1kVcq2EtfD2HrfXedZfUWkDBlMzLiGxMJMCLyR3aLRVydenq/YRnjVRa2cBzq+Bw54hH9oucOjqS4g+zLCvcPys3fVtRWIpgbyT4khuMuh3TTPxvgpG1jwuOsSJj+63w/7M47YlaULb3DFHRz7pJqQ1s/+lLqWg3VnCyhxaFtew82n+BZi/cleYp1D5fiWxMrsxteFUWC8bkXZCKsWVJaSnG69ny4CH/nbifPoHCOLIOXvKT70HCOfyYmm7Fbc4crd8O7Edd1ghW/cb9bkqd/O31YF+htdZDaIsb+spp6CNCxgMVhYiY21yslQ2LpHpVcULmwcftOYzNadvN81FigmmKJuTntMyW6ZSGIeqseAmq+bXHzI+C3iwVsQjhdzBwy73Z7nL+nN1QvB/eIMZ6Yy9GyvehkbqoZIg4h2O320WE9mlnswcKa6z6Ott4nAuESUAqkHqcEnYhEUFX/Mzb8M1wrIx X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: dnxb/wQfgCS7OPNTxAsbRXhSYhZf8wWPe48QlPbnXuKVj5h7s5lI18I3fM7BnJ/J01vvOAaQxxJfMl1MDi7U+wBXTUWJzuuaxbqs6EjngZXsFGG4f+v45LYZgcr7ove/5+SjYOszhQBllismNbJGIs7J1gMZjrK4ZYsnVl36X6S7MHH1RlAyJJ9L1gtr9+TNX9zrC2AmandIM27lfDuc9uVFgYi+v1oXMngWyVNwfye1+hKAW4vWbi562o4pnQT7AqOcOJ+HkpaQ1NnmLH0XnngNosXRRzwZq2psO1w5VR5wDT7PwDpls+IJpt2lMDA0zQuK2VzyJApuxcUuRvi+pEk1KvzZ1Ivi4KnBUMWQn5qpnrHNUSkVxy7DTudOWWYI9mcfhHM67L8foyhbLwsRNC5D2QIdZxdXQOPDutw7uOf6fhnZowlQqRe1uD9tJhjLCRzrt9muGFuDjDV3R0tBdlOAaHc2fqxf1hN3hWXK/N3XJ7525uSzZJlfzKMKRdIjrktP6Hsxkwv+VlZGP9HaaKNhT76TbR7IcX7YHnPSynYuscNX8X5NxkSh1BxF/a+0yCGzjDZkDMGAdjSDLLLmWgwQkqkxqoRqwLo9820OJLKi+F3vsYwMj0MTwVGlMoHhFpvkYQlR+Bvg7hOkF06Dbs+QXuDMmAJLE0chFj+vctDYhnrao15xBhqVBwAG5EtVu2VMLknzHALBBxCHCMk+2f6sdzyWXf0d9jGfZXUvhi/Q/DCRGJJ+PNtPmKHRv0iwTdBkpUSLdzvJ0TW2ftOrR2ByGzb3opTWbpiNf6qBrWbfChiYn/5+vwH70jNVg5qI78qF+Nsg8kUHeubiO2Jhi5tTN5mjddM8pEJGP+vpXJOX2II0jFPhRsbD1t3Cj0KQ869cjBP+AYjy2U6vuRtzD/GrGnAHAvpS+YLrOglBDRN8SOTssCRGIkfLGdWx0Svmt+ZplSWXGCsz/WP8JbKBGMVUjEW3MvjJ2z1GVyg3y2HUejADOkNyR7wHMLDv4j12WET7LS0f2mBwu5RlsluB2Tk5bTL56y4Y3tNbaVsJd1CozdOh5+ojMcjFaX68nklernvQhRP3Ulva+pwLoKJkvyi6EbPR7TW44+YoeoSsldYttswH1eZ6KXHvbhYJdRLn8MU8VFNN/uX1WWCTg0AVZRi2IGm7gYs3rsFxialzw8OFq2EZNq8MrlrGYNvAACxBfFwbD3Ryp7MkrH9T3u6QCZjnXvubMUCCVIooxnMyxQ5JjJKLvoGjEp7yrhGjSXNZNqOCsVypoXo8MfKRXDBi6ujqD0Njs5QEtzdziUB8qcAYSq94Y8Jf6lfsS05B4w5Ma6DXOZ5m6MdP5tHGSiEdvxp40Z0KPQk/auoVMN8Y0hHa9JlHzwMrZR97rDgxFHbmThGW/qwqNJetvnKXXeA9KwSQtQEySq+OGay89wgeEEK6U+fk9kOQOP/5/+n80BUHW2TjZ7Mtqd1owbMCqeg9ab0J0atqT2H0dlEe9DGIBhfuyde8JHuxiJP74OORI4xSjhBxLkr9oA2d24pP5mJZormGnmzz6/h3fUjfiNaqy5OpCyKz7ZAf58K+jvUzocuNqKzS140djiwu1zOIHLOrZLIhrgfozctWkMqeHseXhmbgK4SqaI1mnBdPOB6Ni6SEfwh+LIJ89guhOaWrjnXsvG3BtbQAWucDL+G+jZbt1KA1w4ZOtYLuyeIkQor4KDj6QEynmxBe9fwDqup4zODhLPIE90ORYNuAP/yIskkYvhE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ebf77ffa-8166-4881-d46f-08dec6236877 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:11.3415 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Scbi7jOvYqyEljk7xBA3OAbE5O6QYtlNJmdf6rCbWF1AOHtfFQmFtLA+ZPmYfi111CyCNVPIxQ/bxKTSHQ7kC7vsSNjqrgMaDsAJd+Tev9U= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MOUEU1bO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/lib/aptsrc_fetcher.py | 75 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 1d133aae..933480ea 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -7,10 +7,13 @@ from bb.fetch2 import FetchError from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import runfetchcmd +import os class AptSrc(FetchMethod): @classmethod def create(cls, d): + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + return AptSrcUnshare() return AptSrcSchroot() def supports(self, ud, d): @@ -92,3 +95,75 @@ class AptSrcSchroot(AptSrc): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) + + +class AptSrcUnshare(AptSrc): + def _setup_chroot(self, rootfsdir, d): + sbuild_chroot = d.getVar('SBUILD_CHROOT') + unshare_cmd = d.getVar('RUN_PRIVILEGED_CMD') + + runfetchcmd( + f''' +{unshare_cmd} /bin/bash -s </dev/null; + tar -c --owner=0 --group=0 --numeric-owner . + ' +EOF + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.unlockfile(lockfile) + self._teardown_chroot(rootfsdir, d) + + def unpack(self, ud, rootdir, d): + workdir = d.getVar('WORKDIR') + rootfsdir = os.path.join(workdir, 'rootfs-fetcher') + extractto = f'{d.getVar("S")}.dpkg' + bb.utils.remove(extractto, recurse=True) + + try: + runfetchcmd(f''' + set -e + find {self.localpath(ud, d)} -print -type f -name '*.dsc' -exec dpkg-source -su -x {{}} {extractto} \\; + find {extractto} -mindepth 1 -maxdepth 1 -exec mv {{}} {d.getVar('S')}/ \\; + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.remove(extractto, recurse=True) + self._teardown_chroot(rootfsdir, d) From patchwork Tue Jun 9 12:33:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5130 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:25 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f61.google.com (mail-pj1-f61.google.com [209.85.216.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYNZD005796 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:24 +0200 Received: by mail-pj1-f61.google.com with SMTP id 98e67ed59e1d1-36b982ec338sf6424929a91.0 for ; Tue, 09 Jun 2026 05:34:23 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008457; cv=pass; d=google.com; s=arc-20240605; b=VLfrK4NS38Gp/vXL2srZm/s6+Cro/SfAb3zouyJrvdhlam6E+cqj/F48Xzmu5qyNuG 9fUGRHhaPtwIXyLG4lgFHyM4T7cJdgJ8uAG+qh0hCAwAfEaJklMpiwKk8BQWHgyJHb2t Bsc0yCIsoP5hd/fPqw3wvao3yno4N8EmpilpK03QzS0h537sOjSSXLDSD7ktPvnepEMP u9BPg/hGv1lT003T681bvwziw+T/fd6oF0gILeVlIQQCAR4M8hJ195FOxB3Q7jAKkgk8 DDVd/10yvvW6Z7GiioPJeWsoKd8/uF9cztTDdcsVbAXDovFzPz63BVXeezkK3JSPtrQh K6aA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=WJ04uR5zURox5Euhofh/nskRn4+6453hj70nTVQB0pg=; fh=9rBMNhHEf8g+RE0S23uHcdn5mB+rk87OMNU1pbp2MFU=; b=iBtWGWtqSWnkVU+eQNakjJhOLV/lr9mV6jBTjvEuQHSf5A2Ul3p32ZOiOpRZfgGuUz JD9yujbBirQ0IQ62KI5paoDyjzRedJKx3Dlwb8mj03DVmvW+MqB4/K0yI6PRo6B+JAgo wn05yCSTuIbEO9kdEqqcv92sH7wLycoNqN3KC+wU2NZE3kySGZoxm/+mxZc7W4RngTOR UK+4P8LM9vP9KPAlBpt6fhPQ618K4jM0Qc/MZq21KosHhrfJWp6Nc/qyc6SWo1oshfPN qCNLMQNUgpEXc76HVUcX4xn3utz0K8Nw1wuAsUcUQIFNDh+Fi2LXSnPI2gC5BpGvkShF DJwQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="ZwsIDo9/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008457; x=1781613257; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=WJ04uR5zURox5Euhofh/nskRn4+6453hj70nTVQB0pg=; b=NqtgpPOG7C8WnDRSvOtJwAP3uNCXxlzAFrgcb7I9yfpuzljWLBPBD1N9CAh6cyE1N2 2gFWV89L9olnItWW3c002EqvMIML/FxiFgi93x8JNmxpocBm1h7mNKVB5Du8ru1eG7xv JVeyzzJ89foWq1hWw4ExnEX/WQsUGEnqwd1xXI5ML4zCtZVWoI/Lms5ooAxLHPdgL2bm gm6zscLMlx3iETERiPf//NWmCiS4pfwp5L+TqC9l9GzLthoU3IRE4F6hRYs87faFVHjm ForoJ2Lapxs9GAqS7PemXZcWZ1XlRMiAp3uJpxttP1WdMig2VOawjbJxA3y7bJNhe3Wv VsbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008457; x=1781613257; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WJ04uR5zURox5Euhofh/nskRn4+6453hj70nTVQB0pg=; b=jkoohGbc/+PMLS10ogYs0bclUHZjYx/3qjI4LqnOuy/zmnq30poZ2fbTxCTW9gi984 Jsb/5nPaCvvf6+ddWB+W/Ltfv0tYur/m1GSZ7k0ijyK8v9WUUGrN1/xGKpHuP16Zn4Ed Zb6F2mcy1E4mn1wp8/vdlrR+G5DWIYRxr21WSZFi2ObVwZ97LNaP8YBrY99Vk1IrdTSl CzyGi6LF8KKYxxFgdKaagkWf7JEdGDrw7WNy6++vmqYkSRMkTi9qNaftjCgko3Al5Gyl G2mSWVe1zxYkMXmDteifYWDqZ3hNlkYZ6s1o70fTe3j9k1CNlbHl//6XWeJvxdeGZ0C+ taTA== X-Forwarded-Encrypted: i=3; AFNElJ+x1auXSjLtJi1P4JI1HhoktsUK3XN9/hZNyXyX0mu+U5NufjbYUsxmLrNbdzqly71d+OvszLI=@isar-build.org X-Gm-Message-State: AOJu0YxH9MluX2b0JFQjqrlALMjgBmY6cuo8BooKhI4vw0KyvnABOZKm /tEsQnJ4mCClAX6xL9UblyQj669tqbjbk7NSiR7yWBzXp4WVl2743YKt X-Received: by 2002:a17:90b:580e:b0:36d:5d1c:c4ad with SMTP id 98e67ed59e1d1-370ee6430edmr21803985a91.9.1781008457441; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfC8AUxFFAqUG8IMqcGnp70sbguJ5RMhMZxVN9ul8PhXA==" Received: by 2002:a17:90b:1ccd:b0:35e:581c:79a7 with SMTP id 98e67ed59e1d1-36f642f2158ls6356165a91.0.-pod-prod-07-us; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) X-Received: by 2002:a17:90b:4990:b0:36d:649a:39f7 with SMTP id 98e67ed59e1d1-370f0579c09mr21839449a91.22.1781008456006; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=V+nrdAYvELalE4ZzwJp1OmI4Ch2dUXYaN0pdUPGXg1/dWeLSHS8UUQG7WoMSxoTtYe cl45wWy2bdFNWa4YEnaWgbufuzI2Gqftb4i8NJpEx4DB9nrSlqoALrG/SP+b5cnnvUQ5 qknrwCSvcbaBpycEwWtHxZ88M2uQqalir34uti1e9JWQ7tpqqQBtJHO18jquONKZeKpO nP3XGgeWlFuhTZqobDoXmJ6ZMCpTL68oI4SWMmvJ9yqe4gaUmKWvpiZYp6muXL8wAWpv /2g4NPU7zCUMMlxqrHVVjDkIB0pKqjXFhZgDTvdd+4UOgKlN/KIGDvUCoK+SiaU2MzQX ik0g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Q6jse/4f9A2wSApQX5Kz+nOn64i/DsVS8NrWqbbKPwWKAiaF5dIp6EddswldsikeZ4 fgvmVekOZyNfMdVabpI5dMhurdgvarvqZYj6x7OHRwOLNMSIirnSEeR4JiIs1l06FyTR 4aRCyW1mErJqXvosBk9Wk+seM5wtbzFNGKJ57pSjaVQFymVTexO134PYMvd3XaFSBJSs I68y0BCasqPZt9sELDRAtPQIiLi/iH+JVFxADniE7qLWN2Cy4ELPxZ1p832/GQaeHiKJ xxu3D69dKC171HWCItUmH/Mg/yGkh0FIIIyQD1YlAhqRcpInZzGY0hXDbNE+TcHGvo13 RACA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="ZwsIDo9/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:15 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=r5A8bLPJLIfQHynh8npVgejhjfUpqiqdEOsHy8E9WHvD5qE/bmauIPSSk9FwKyHlNarAHEBYHpYFfG25ODQ9+SUIWTqX0ZTyHvGDkTe2VzY6gl3246S2oExYdNWOLcq3GUHQI2iwv6KSJzLhqmfsBzGv9GqzmTqIoy1BvehA9Vt9lP0Ly3vnpO92YJW3VxY/2ZW7I8Mz2D5B/hGTxdRiM7rCMKIjbrz7jX0GFnyrvXYpVuW03nQ+HEN3mJbzcCTJGOisENWSypZe+FFcuutL2QdLMbgad94b4Q5VW2L0tKVV62ebgUYrqSlBo2uYhd+qGt5P9WgzKbjJdcHlo+P/fQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; b=zKtDpPPzhHBh8x8SPHestD2Cy5cduM0elcWzXBIy2pP+3GLtfYCf0kUhTwsVnDZOzzPDYfJ86PIHJ53YK/y+cyYB5QRbBXE7zAyw3e4bKxV0gs4uM8ETUv/O6/k/JGbxS2EE/l7JwdyYoZrOWMlGscFQw9HA1ptcpE+LGZ2TnGEcmsV6OVKH/PrnqGCLSPw+W8A5ocGJbXvlN9uR++62BVnj+P7SbUViERGBAB4jcRLxyBA1zXjpyRdR7M93+JE95iqDK6xqBxTyI3sPJHz34Pzn9d5nyr2s8JHEfjr8R/uKcpEkdmO35fRga8jRuOzMzJooPuZ173tZO9e1AtMKhw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:12 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:12 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 13/17] dpkg-source: implement multiarch support for unshare backend Date: Tue, 9 Jun 2026 14:33:51 +0200 Message-ID: <20260609123355.2368573-14-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: 59a7792a-1410-4166-c5a7-08dec62368d2 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|22082099003|18002099003|11063799006|5023799004|56012099006; X-Microsoft-Antispam-Message-Info: qB636tirGQK3mFJqBOuYMyahZGf6Ou3st3muZSBIw+8BxeWJu/e9yXTWj7E2GMQhfblpl8xUNDVIBmzWj0MU9uuH3nGd/OMhTPSjXBpcJR490uGV7wq1EC8Cn1nqUBpLzg3Faz9YomarSpYWgSUxR44BAqXJhFxtlBBc2xCEOwCZ9W6lQLZ3CD3ZPFMbUNPRuqrLwaQ67++c1SdwM49chRDBprExE/yQh+46J1J5upOVo0DQDC4ULvJv6n2ntqymsuRuObJAsbwJQ5rvVPuhWThOIIMm88y3505Y+Ik20Z1OcIyKDKi5yPKaTC9S7ZC6TB6amBPJAHXvg5C/z6zV/VJQl7pzj/lrKHoA42V+sWbV6RTRw0msGZB48dTk9ZvsRTzRmR4iL557auvJrQZy6p+uXJtT6dGNtwUdmX8Gys+Soz31L+S7ckB22ekhT84XN3d/hSn7t1SZa/G0Ph9zyE7CwL3ApR8LxWNqYHJDOIttbHmZ8sv8umDB4zY265Ot0GQt1pm7ihTj4CsgOQSur8NFR+tRIT38Dw9TqAxEqnuoqiMMxbgftXnxEdQNpvXBuKBi2GypQdWa7E+0qrRMank19/8WqBV4sQYj5kdX39YMcZwE98zIwB3GLYPH0sZjipQb5BzX7GKPxD02EKFUwDjTh2BNVAumZGusWpSBCviB6k06WpugQZ4rQ/voYaLN X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(22082099003)(18002099003)(11063799006)(5023799004)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Cqid0F25GzmRfBuOkJab4dxiSj5rTfcSxbuQ0MM7St5vM95lgfRt0CpnS6+sobGbXo2b7fiMfVN/spisBgcOHwPP8x+LKJFojSQkh5FyoqaemsaX/VoSdUHNLC7QOiDg7w3RNOtEU119uA+ibveh1SgWAn23m+WkP/gciMxouQogKR8jjHCrGIbVKdelH7OTf9OakwQdvslPW0+a6fxrUuS0FQswXp5G+y1EDezDXYekjCRnRin7YFWMvaLDNWsRSUeLbVcp0oXs/YBcAOt2b5kmkSzsxW9q78iMp7dBf7/BZivryh/cDzUHnA6Q0fC95G16Yt6GHOcgZ5vqX/3H7G5S/qBjVyZh6cPZw3p4MnCgdDaGNWpVQn1qu1lokAVC5hRhvMKUSgIK35y3YgyjLCl8jo9kdvW6lVzwydWlPot4K0vMWoQLQrpD5X6eKJLDBlwGXS/JKx/e+CSWLv2xIFIUEXhfWGeaxPwvXf9XZNSYOvOeEP6IoqI6DM8ZNBsgOEp8FIhLiEdfagq9sVcYz+NJu4fPO2es8MlNXeLmpm3PVHeh+4wWmzMAq62CTClfl2v1/46h4EF6hR7DK7ByEbdLufUQOxokPRHpFN2LWoC9ORCqaRVVLcRtuzOM6eB2uH5U4rwsvLkEC8OEYtv0XYyK96LkflkDHrhi2Ymn/uFY3BX2EJYinvuCubsMdrpiEdilGITxZ4ag7r869y/iV5TnLvEEbJvsEJKjcbmgEmUFufDKexSU9ZbxGuacj0e24tfSvkJut1LX9zNJPAbqkTClFylEfJsp9yp4tJ6cuzn4bvMFe7dxZV9r9LRu3O90LsVry9NT0mC0SNiMn7YCSie7FBocjTr7ZqTrRmbQUSXN5KFsSn6wugpSmyvMGKxTleb+OHfal8jnbctkTw2h0hJ9UdPinFkmsu8hd5VXBT4k9mgJ3Fs7XUaI11uJwKh1lT7uonpXY4cVux/qCrMfS1DWpENDPo6R3I7ytK3If3/EweIaSmWE3mK/5qkCvZz586j0F9+ISDsVm/9/hbTDGBqWAJcvIRjXm2s36AmmxVMo7MAg7uPAHHi2rXuIuiRgXQX6C/fseXyh2yQ5mBG8CK5wXg4jTLji7pDRt148VpwyQLMX+kB8tYCSatGg8Eot5VXuu09BpDeKmPljdaOfybdUmgYP3Uy9SPkyws5I8FOhFgSjL+NT7mwzXxK5ajF9z3xxyUh29aJKnYe+P7JZl9E9wDZ++h7hpBHNHmpvvuDvcyMa6EpBD2oXKnAbQQLO3JAT1YYajZK5ESo1KYDzeR4B87+qZYomDAvtX7tf9ksUePyU3PfSxhUiGz6y8q50l0dQof2e7u2/DafOG0JuqHqX+gO6hZUSckYQ/kiEN3LwSN0Tui6X7fcun+y1MSxnRzbR3YNV+NaCCS/IoN/ndCorI9y9jMJKBQ4aEELWrKwxiCsqIZ6KwP4u/ZKrHZRiqfN8sK//uTBbXevfe1o+ZXN21gazd1oW55Bpr3vGLldU3OL47Hqj9jWchVyXgjkQZpRMkIEry08XQk4rjnq6gYMfK8z1Y7KTh7g12yc+QdBJsAd/KPnvAUe5m12BXiqMCWW1optcFkRI4yPL6n0YV+Z2BKZoyjq+HZMZtzoCp89yR2hFitmcpDTF4zpT4s1sPegwaNHzPzGgaxVa6LtL0NnBp5b2TGM22zdnh7ZVaN6VBKh4kszKw3wpPJ+tyQaOhy7O+n7Z95Oh43IN7WxV+8xdmNOiYxqbJ22dWuIzK9o= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 59a7792a-1410-4166-c5a7-08dec62368d2 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:11.9604 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ff0CS4FXkZbnoe5amNAUVQGqfowVBf+fkoLVfJjRszQD1YJrUC1cCZMuX+UW0CxTIBwgD0O5ZpBm/ghnXmfgQS+Q5/lCAQtyng3ktXuRoWg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="ZwsIDo9/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The fetching of a common source package needs to happen in the chroot. Previously we only had an implementation for the schroot backend, but we also need one for unshare, which is added here. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-source.bbclass | 38 ++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index 629796d6..a1848473 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -52,10 +52,7 @@ do_dpkg_build[depends] += "${BPN}:do_deploy_source" SCHROOT_MOUNTS = "${WORKDIR}:/work ${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" -do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" -do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" -do_fetch_common_source[network] = "${TASK_USE_SUDO}" -do_fetch_common_source() { +fetch_common_source_schroot() { schroot_create_configs insert_mounts @@ -83,6 +80,39 @@ do_fetch_common_source() { remove_mounts schroot_delete_configs } + +UNSHARE_DPKG_SOURCE_CHROOT = "${WORKDIR}/dpkg-source-chroot" +fetch_common_source_unshare() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${UNSHARE_DPKG_SOURCE_CHROOT} + tar -xf "${SBUILD_CHROOT}" -C ${UNSHARE_DPKG_SOURCE_CHROOT} + + ${@insert_isar_mounts(d, d.getVar('UNSHARE_DPKG_SOURCE_CHROOT'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${UNSHARE_DPKG_SOURCE_CHROOT} /bin/bash -s <<'EOAPT' + set -e + apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" + + cd /work + apt-get -y --download-only --only-source \ + -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" \ + source ${DEBIAN_SOURCE} +EOAPT +EOF + + # run cleanup in separate session to ensure nothing is mounted + run_privileged rm -rf ${UNSHARE_DPKG_SOURCE_CHROOT} +} + +do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" +do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" +do_fetch_common_source[network] = "${TASK_USE_SUDO}" +do_fetch_common_source() { + fetch_common_source_${ISAR_CHROOT_MODE} +} addtask fetch_common_source do_dpkg_build[depends] += "${@'${PN}:do_dpkg_source' if '${PN}' == '${BPN}' else '${PN}:do_fetch_common_source'}" From patchwork Tue Jun 9 12:33:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5133 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:27 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f59.google.com (mail-pj1-f59.google.com [209.85.216.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYNJI005842 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:24 +0200 Received: by mail-pj1-f59.google.com with SMTP id 98e67ed59e1d1-36d98b5a68fsf9739520a91.2 for ; Tue, 09 Jun 2026 05:34:24 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008458; cv=pass; d=google.com; s=arc-20240605; b=hncrug038CpVeyPKoubqOuISuFwoLVmyjQ1Ve/GyC6oTUSJFhHr17w64yyNTH61fJe BsBTFI2SWTkHBZReuHKG/8QbIxrv6NWyF+Ii9oXV7NbcW4NqY9k9DYM4OEuGbXeFMhGl sRR1GAEj+Eiiru7IcRMIixz7zDWCx96oeEBLaqLJJojo9OOQHN4lJnu0kHNUTDU1YpzJ PXjwYK7VeIFWzwKB4Tx2RYBaXH/xOF9I2NCjylllYWBdm3qMLludGntgbRaviTc6dDkq nau9aEOBwLWGZUyn3G7qg/8S/FHO0rN+uV66djHrEUeIROIcQr0EPAnWYofBBzhH+etV nM/A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; fh=D10KXZ44SPjneXFRiGxL3DFjOBNXEPzaoqy3zGZPy9w=; b=W4g22IF/V5x8qTqGi4ugiJk5McRGDu/na+1jG7etIztTAmPT4mrzB3afARvR67TBfz jzo+/BJqOGINHAsdCuwMKWkNQQvVpNGdtBMwbi5Z+N7mZXMeMicX1NdhZTQ3pAi0ME7X WYiyKy4lUyOAwp24f7qgz4bEPi0BABD4kvaPmUkJ0DfTfl3TwbAPQnVG1VoWGg5WeUfy 5u5kNSUmyn02BC90PpoV1fgmUVH4mMDgJR0QPKZyYoDCm9UkF1IlaMqliu9lTUjytQ54 zoaZ/b1v/wJpCcPwiOqbF7A6qAae+/kxt2Z1T8rcRulbx363ShBVudRmcedBn/zvI0iW wm6w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008458; x=1781613258; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; b=o2Vek0Nu6Qo3W0Lzd8te0xJ21+BatEZLWjv9ZanPeeKcK4Pe7e5keCaVmnZjr0glcT FT6ZDcGeoxKYkYRackDCDQOEKl0+9Riz51LuKtine/L122nqa3TkXMp0ULGsBxC9J/QU 1lg/7Fwswz82RX3pEKBaiNn7oAsLnwUNwZPiZD6n1UfFb8UOVR+pLqHKFRJphq7FMnQf R2/Krtmogi6G5ceXZE+syPaWMxXwANyf3XRhPgCM1eTZ7aesT/WCqS+lgEkdxxOcZAaS Vnpf8JC/deHst2rPY/GTbv2Ddu/kahadKec2quKFBd0WjK97nIS45P2xDOKN6qMau5tm DqlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008458; x=1781613258; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; b=Fwk0TvD7F46JaZ+0ZbzRSyuO55bXYCUYzKAQyR0od2lUG/49fHs9zpywojtaa7pktQ 4KoUQCLJB07rzjumjN6GskoCfYY6dSDHDpviyrOA+ebnNi4DZWb7w2AtNkAlQab709RX 3JsULxfxJtB/KPRZGj+Vw+Sig3jb++vEKziarAZcdVoGWv++NUEtDs9s/owfdtlYxtal JssDxy7qJ7xc9OWkzMSVVjzHpOPWbO2XlMzmcVKr9C5doZIzk+u5/ZFscExnL2idMiY5 KiXXbnY410YOknLzrp6ZMaQUJwUAum9Ippu2RByd2KuRiYcfqwBCftu1Oh8Tbcj7S5sK 8aLQ== X-Forwarded-Encrypted: i=3; AFNElJ8CCvOMtfcdY6b/v2IwSXZTYb+j08t2MOqao7L326gIFDLqjsoaUYUNW57x53ZQo6ap38ly57k=@isar-build.org X-Gm-Message-State: AOJu0YyCQ2O+ds/VnktAhASRQ7osWLx3jeXXZF5p2pUBP8Ar4m+zDkAI KTaM+rc9BFGxeJu/KCX4OoSRlG0Ju11XuVeoLBw7bLnauMUu8qX4vM8a X-Received: by 2002:a17:90b:57c4:b0:36b:75:6387 with SMTP id 98e67ed59e1d1-370eea202f0mr20776491a91.8.1781008457979; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfQikucPpHx7psw52kZvozEvZJMWvawihLTmk0QJpgkPQ==" Received: by 2002:a17:90b:1b42:b0:368:e574:6b68 with SMTP id 98e67ed59e1d1-36f66221805ls9046162a91.2.-pod-prod-06-us; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-Received: by 2002:a17:90b:5906:b0:36a:5d1f:7ac with SMTP id 98e67ed59e1d1-370ee344dc4mr21170819a91.3.1781008456668; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=fWiye4W9W+7OXIESWA2ZUhCYQrEKr5D6VhzFIfVS1Dhpivw96HsJRB5JUnbUwzCptA sfeE+ypKGw3KYj4JWhS1PefbnnrW4fXnTwKOemJyvChq8wnk2vpJSUZT+O/23PFQ17AS pjKdBPTVaCYf0MAFGO6DXq0EGK9Ta6AWu88qH9/84nFe7L85/QTQDGG20uXLYcawu9K8 z6zf9+hTEQk8FbNodyrz26FW7SE/5i+9avj1hiPyK6DW/U0gx9pCCZt4T+tz1hzkw5rZ FMBa8zejWYAv6RAe3n75NVtEocpQm7dlO7E9wQWKaVxVQE4ZfSxiL4OfTPwYNLCLEx4s 5stg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Ap3Uy4/8RrzzuCRoQW0zA0kEePzTd+HYYtYltuWpR7szqGIsfY3qNVM7jB8sRbXTIJ mESpgAugXnFAIl5S/Zq7lCNSUoP0SH8PzMY0pyBBijr/IemdEm8Tf26iCbXCt8MFlRfa fyEr7cD2tTQkuX96bcH3d+h9RGR3LH9gEfOfu4SUXV9rwAibHo1lD6ndSYH3qULP/5gf ep2gvsHX1E1wOGIjhy5A4As8QI4nL5cd2YughW3xX6hVxj0GHCRrLDLlhRXvkT2N9ESN 4qwwLFPu5ttbHnV8Uarjjcx8XIBELNC1G74cN71sPw4q/eOMqG5iWJyYAUT6+0SKJgol 2SIw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:16 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qBd2q7rq9Q+qczjHXE8u0N8YxDmBQvaRfmYdAymfYcxau57VmuK4PnpEt6wcCRad8uWVgefMGqbyi8rJgt3VvxswaaYZqmit4C2TWfJ3UPQJ2BQcBrMYajNyVbrzlu0aX2aYnAsWBcTgjzq3n4kyuSc9Wi7ILh6jf9FYot0JTgimBJa06gxSbQw72fcXc1t/7zAOiJR5xef5g3h8XqKO0G2WpIxOsUXFiESwTgbE4Mmfc5d59M6cMFmc0FhMU3//wXGG25IMlBPTdXrwHcJm/OvQIL38qYcAfSY9M+tuImPb4Oa9ereMmFy/F83lQHYiDAnjRqxvR2aDPBJ8Vk11Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=sZupV37qCwDmtAkw65X+F5mxADdcY66YpA5fiTe2rk7+u9ESNNj7szx6QcFyDUV32iHMwQqBQJwiRWwnLYtPhHP7z78JcRI2UkxdOUxv+A4y5H+7RQDWq2eGl7Ok0V7IGV1CrbFJEYoCklBjXBtY+XngqeQZoBC/Z0A8Y+nRb084sWUh7Nx9+4xRQpXopa12pnI3IHLjIRXlWfzQMXJ5l4sK3WDPujzWqz385QROPBxQbnT9axYTg90Mq6FLkTokvHa+ySn2/twZV3Xte6pQ3HciEOxK/tLCgh1USkJItg5XTas7xG0R+WRyfeNSkmDJGMBodmP/gzoL8/F6A22n0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:13 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:12 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 14/17] use copy of sbom-chroot for sbom creation Date: Tue, 9 Jun 2026 14:33:52 +0200 Message-ID: <20260609123355.2368573-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: d4fcee73-8b71-40de-29dd-08dec623692f X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: mikAWhWZ9/RXCWXTPiYeratDhO24/Rh9i1gxQ/vv7w2mC0viUJwJS6AC1YAJa6m5huzfH9/z7KaCi8fcKDxynwU+aKM9w68iyGbIeUHSiIrSieBbe7YNHdeF8Jz0g/DtmWArFGH2kW6GAe2wjpfceajacgKISYwKGScnQLX3Agmlcc+2aS0y1yjB6zdU+LHS2KgyA3QLgx8poPdam9lqQzXBtvNxUbGAsjPXMVXRZ+9DOZ9op3isK35Pk/a0IlxP0dlQuJVatIN2jfzS6qtSPjom2fRnb1eMdMTz36qzlXATdtlFUQOAtbBAeu1Fe1hw/OBxhhBCvZOm9UWkEO73PVo8nPAxx0Lo0z96ZYHnc9zAhTsUVap3eoH+iy7sF/h3/dGbr84u/QEwdrR2AaPZWDnPh0hkVKjWZAVcWHrQmeCjNquwGRg0/qpgsVIyS3848zy0xt2MPFGWstqFMZdIe0TQJ4hamCFCjX4zi8oTG4HLXlHr+TVV5BiG+enyp6yYoZYtmzOEmfb0iYZVV6hyMkUyHWoOPkuBcZXENIXdEpdTnpjPQGtRUJI7gd6CdHDPj3JqMKvI86Xj4nJLDam3h1/OSAKNZWXFGFlrjFmXl7JWf7wA9EFFFoPlvsQAJBiZMGxPsikYW2LYI5wM45kvK8ydjHWiFWO4H+vuO8jdG4lW7lk+j1USszErXCWAavsM X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: q8X8ZRHSM4H4FVrji6ckjdf7OlVTzocGFZ7WYHeN34iGVeY8rsHnsE1Qkae1iXY7Mk+/dF30GAis0bHThrPW7/fVVk3v/Fh7cA25dxZt1okWYN+nOnTdY3N/5OlmO95Vgln9Ybq+wvvSkPAoZKxA5XM5AYU1L5wpRIdN8PIbz9y/07ychf6jB5Hte8Hxm2sK7/ANoKjFDH0/Ps7iElmMgrt9Usr3wvjGyJVft2fVDm7ttUUgKg7uTzfjO+6FrwzG7ysmcMJ0sydghcBUwj/YGrUJScrqyOWmbZpVf6rN51yhkXJXtAZ+lKvMXNo6A3QA6JS3jkvLJR1llacnrdfZMefKmM+pWT7RtDhola3oW0aC10TzhATJ35thRo1R8OuxKjrhJt/Gs9LCvWnK4cikzsk6SqWOZ9jLe/9kcdcQ9J2yjWLY14VGH8g8YBhEhMSAm0bJTJYZgrvHIQ7FjCzfoqovtGS968ojP+qtkXeSyMF07cFzeBniYHWJSUpaRj3fQ2kd51xn9AaQ5HEYdVADNj56upng46p/wvEW4QnTc0LTdqYGWzuC7FoH8cO0QWUL3rgmzDe6qNzl+l96FgD5wPHHvmA1+ActFagd7AF+InDuNHkF5P+kTtpT8JEoK3runK02pbJ6l3Cbm4UpGxZYrpAL2v6g3+5IGHjKbdhoum6U//QLe/qoIC+7IBGQVzZvvimAvsM/IMMUv5NK4BPpEHsWzJAANtRGQpDQpqWvT2OWBT+W3MsDvkdXNaSCiftLntLHDL8FgksKQytGMmCt1QQ7dCWtwNia0Jfei5PT78/ecKelnkO0I7HYDJkfiOLKpBr4k8UMTBVJ0UL6FTNlwHVhPPE+Clm0Je9lVzMyZsdkOZ2D/hR4ME9Dl0BkfRgIS4vKr4pISw2odibVFcZ1lhFZ1faSJsXtJvOzOo2pgyGsBgp9bu1InStIboGbobqJv0shy1CCPgav1X863DxQvUvtxId8C5tCRCQNBgFE+hnW2pOdoxhr/fG21BNXglgFXGlbzqw9E9QnOAiIRs24LgvQvLsqZmdiIm9D2sxEbcnd0n3rSOT2MkoU5l0z9bORzqK1DV5ZMuNiyTjIkmDnLBzOUCqlzF2YaQyFl/HkbR3OdkUezZ27oIWtK3R5hG8AimwnxwfDml8JnI+w56YTfFinElYBoGvPyn2z1JSv5Px3PPIUBNkdwbhumUnn4mjhExbUjn58QT3nk4fXgNS+BV9KEuDCCt6Ai404u8B6ARCpQgctvt2uAjlKHkMStaPp8tVHvImsicIefE49XofK+LsfKbuLFSFgdydpn1SXkCTcM5ZdJ4YRA5qbVMgdpeWjqC1xDudNyB8RTyKNvoETVYnhQTgxn7uymgkyq36YMrJrgh83AgjBxrnaX/j0HbcgSDIINbeucjXpE4cQDfn37oWwoFmrY/+vOGyBULcq06l09P6jvzXSAq1rojjO9rQup0+oCreC9iwY1sAejuZ5v8gmfqnKPBd5WqDVrVjprSz3svDFSg77BtVDjkr9X5LOP6siccvNbOealDOkeSj94NuSm6EnylUY9N8DNXxG0hDzex++wStaJ+3uBqSKYABOl9kpOTrjsjEZ2r4epPilH00TyrcIqRDXiNjcC99xdUEVtGhx+6m+WVwh9IszZeaOhe+p/kXMVStdnl5m2SPT/AU84tdvPeAJ4DKezSyWTKVSoTSV3YJHl3rUxjD1RD5ozmTdLuHt8z7mQTYGocycFvhL1OkUqVhTWLzF2nJKWZ4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4fcee73-8b71-40de-29dd-08dec623692f X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:12.6114 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zdcs7USd8Ytmf/Mo3SI50QQwmCSKLdD+5TsemPB9xULO6zYvPhkEJBDKe2xubQK0e5nh70HLOOfpJdHeLnt9oYv8megVdGIHfhW0t0exlHU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs From patchwork Tue Jun 9 12:33:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5136 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:35:32 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ot1-f62.google.com (mail-ot1-f62.google.com [209.85.210.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CZVmt006522 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:35:32 +0200 Received: by mail-ot1-f62.google.com with SMTP id 46e09a7af769-7e757d8937asf380888a34.2 for ; Tue, 09 Jun 2026 05:35:32 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008525; cv=pass; d=google.com; s=arc-20240605; b=ADhzjT+mCfZz6vZKSWTvOOM7W0Lrpchxk0AVplhFNc7p3we9+KGmo7b6pGiSFL4/My NFMR/cIsrehXITyNrYlUbv60+JHjd9svhyhehaz4pWrAE7Cey+sqBT+km8rA4wYKH1We ioKQ/BATSaXAtP+JBKPVByFqIWkqJxaVRzpQnC8n0LKQxy/1YdMN144IkAdQUnjqeDBm OJQ4bPE9DQENM1Ezs+esY1ZeXKhqvkz4taFXTM/2EUAolrvoHn4EqqLLA6gQZQW6SBoM TjL/ZMmGN4OKRpWNl1mfXsxAG1Ukj66/kCT1q5D+L32P2+b1W8olQ6GVapSZBOYJctEn RzeA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=RDYEgO91wSCWN2VnsYcnKp/f/DXlKGUB4H+4EXDLgDA=; fh=dhZNw+f2gYBwTY++3kewrUfYij4Uw/bjwWBO4sTxFsU=; b=BrX6eunVc+ynYf1SXYnZPH3BEAM2WWKLqMnfZyTlg6Q8ttpZOgpbWwk1pkfNdmDyy8 xQy2tizQPL/r8iu6p87KK9yZzWtWgFiCQcSYYC2kW1nmbu2BmNlYeSPgxyChiXVp8pv2 h4GFlBgNvLRwGysttB6h8Ha9PpowPOounHhhXGpyFiVvmfzTIKz7tT1Wyky6gzOttIfG PEHvLDUwuHs7uw2ZhgCvJrtLfVF9EaJaNUVUT/p+jg6XgKEqsf1MMoXcC24T6s7OJxb7 1byiU5zAFMjZYZtboI0VzIW2owUbfVt6XPHdkheWG3G3dm6Sm5gGgEXku2Zcbq+MUY+w yVRw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=iq69+3pq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008525; x=1781613325; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=RDYEgO91wSCWN2VnsYcnKp/f/DXlKGUB4H+4EXDLgDA=; b=kwRHBi2XO/+2k+EcOU9u/QisxAA2EMEa0vF0zOs4poEYDeiTv7YnhMfv7BSTdeGCB2 5FWCK/06QjMxTGc04sN/4Sqhftr1gGyyXhcvyAvLYnprZJwrhM2yfC+jM7ePto6uaju2 WVKwJEztFVgJXRQQ+d2yfS1smQqg4T4Ib1s/08KJwda7P9ITetnZRmffzA+w9RHD5cyo 9iKeEouJ0xFg6FnZ3TsDJgAHRNdF/DDyGKfDk+ol6xU/LO4To2xrw7mekMIeZQYnuA+t QqWz0OutdhGormixPNnHh30eExxMwW1zxdPIRqJGLEI0Ar3Tx8QeKa4EsEVPTfilRlWz hfdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008525; x=1781613325; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RDYEgO91wSCWN2VnsYcnKp/f/DXlKGUB4H+4EXDLgDA=; b=JgQfzR37FcHiTYWN2RK1pLiv3aQ19P6nyn9Qdt6qHhJescp2EnW41f2+jDNPT7RusY AQS5dsrIbBmR1Zbci6xBaqu3kxpAD/6Ui43de/42J0FubvuahSipgjAs+IOjWgZDYXr+ DE4AaFogMO56TRURSdTO4litaO1eSfHxdYbQnsjpb2/s1loclgbOTbqXkOtPm3Yx5NC1 TqHiPxCj4nXAYlgIFaGFRIqvpMT5diwCOeJF4f7mNvxVZsdvSmY5xwAu0d/vPE/8DTX2 G9Jk7NwBF1MTDZGzVk2F9xhQQe3UmiUeuUv+R059VHBv0A7HopYSC3ZK361aKdqL1QZO pgLg== X-Forwarded-Encrypted: i=3; AFNElJ9wo6doPPXktoiS+OSNo67GXCqP23EOWMupJTO2VSjerMtsGiONWQh3X15d3y+BpPqVqRkknvw=@isar-build.org X-Gm-Message-State: AOJu0YxvtqxvWURoRIWX2D6TkrHIowifci4eG/4w1QBwv7o2ZT7mBn+e Yszh3xm72F0WM54CvphbmZNmVT9M1/BrsiFSaom7MgqybssANK3gRUPs X-Received: by 2002:a05:6820:1609:b0:69e:8976:77d9 with SMTP id 006d021491bc7-69e897678c5mr6617802eaf.40.1781008524174; Tue, 09 Jun 2026 05:35:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfPuUqRBO8gzHN53ftII0L1Wz4BsDlz4FulzNjGd80USQ==" Received: by 2002:a05:6820:1c8c:b0:67d:fa47:dad3 with SMTP id 006d021491bc7-69e59201164ls4685139eaf.2.-pod-prod-03-us; Tue, 09 Jun 2026 05:35:23 -0700 (PDT) X-Received: by 2002:a05:6820:4dce:b0:69e:3e2a:a838 with SMTP id 006d021491bc7-69e68c973b8mr11079160eaf.52.1781008523157; Tue, 09 Jun 2026 05:35:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008523; cv=pass; d=google.com; s=arc-20240605; b=i8RnaptJ5k6g8nkiRbB9RFs8VI/zG37OQj/fgDG/p0FhlVK8uS5tZ4eooeqBIMhbui 0qCcUF09ebyidugeaPwUZvVLX1cr/3YjLd0cC+IlNIk2lnWx7ItNL7498esTPh0CJpzc 6AvYLpprwnwUZ6krjwgs0JGjA1DQ+sbPHpHuzHmdm2aun+3XCN+djxHgFgQPife7vv6g 1SBGKVL/qzzuh+Rvm/yaDTUJx66eMFU5pKI6zFuXfGWi0SLOry+JBMfwBDj/gmOKnPo1 dx6XYCvZRevOHi2FCiPHDawBW78QyFSaKA5VRg60UlOzz1HkAO87ZDyuAMh3333fdi3l A3Qg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ItxrSa7tFvarofdSbngpC4z+Vzg5+FeqvmByFC5kevAfpdc7cpNR13UocXYBmWDbWZ aDTYfZaKUcwHrbVF5XOgYfdUDJbSOhukbNcr4aV0rcPi6H1BEB8BWOvjfCfu34M3un75 qpUQhl3YHyPkFNJWvj1TGv6gHgschKkGmLyhdPC11lc72MszlHDBluD92rJMJaOdDHtU uK8H/meUZZzSfcFCgLzjqhV8xIdhNaAN6vdwv9RIKxEIbb9aqXU2q4606blZ6YK9yf3Y sp0y/F6lHeHdVKsGujVVRghsMmn6eX6ERBf5ezh/3n4va94RHkA/QWpVY63QeCFZmMxK Zt/g==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=iq69+3pq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 006d021491bc7-69e464151bcsi639843eaf.3.2026.06.09.05.35.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:35:23 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nzNeLwgWHVdt0KtVuZ2DOn/v/gE3/ndL1pt0Hv9loaEpou5QwzBuASEeoEzfEaANdmm4O/7jEZlT7giRgFWAaWtAW3ap3/AAeFMhL9RsGCpzJ6dpnKqPZBHsiZOARbddJU5bTaddTjYYZZi/sooZmyN1JpYKP7j7xwwHlnUC+KTQ1xcQNHWsNap4RLVNVHH6pa2RSY/ESlquSZdZ73aFjVVCiY74CJOpLSYr8EX23zvPxufAFqsB0QYfvRt43b2YxwzSRlG4srrmdo5shVKZ1Xgjiqw+BwXS3kegQITkopGnCmvHI65My3gOXjQ0kZv5kkGTYE7hEfeAcfcn2jrLvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; b=PELkLs/m2HZ8WGtNifSeeAODqLEFqMUBwcuo0XPF5TwRTQyLVkyV6CXn/vMGt+B5ZduIZyF/txOCj+CJSF/nqRnJu7ghonbTzRYowl9wc/EwyH+etJ3Y2quQsjXwW5jT1ksHF8CwPfQIRxaX7Lbndri+/w5eSXRbMhGzQ0s9SqOOt0qSFpD9oscCRq+oJA2dTgG4Jhf44lz7geRnaJiGQBLtdUpg/i1U19q5Zf8XQOcrykV/eM56Zc6UovZ7xltQidnbJ1XAx2tLJEFn2MFVJN0ywcnz0tav4uU+MppRdFdktJnqCpUY5zMc+9CCmP/Ln+CIqvTbubjyF7edayKLvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:35:19 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:35:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 15/17] add support for devshell on unshare backend Date: Tue, 9 Jun 2026 14:33:53 +0200 Message-ID: <20260609123355.2368573-16-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0347.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f4::15) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: 664d2a3e-2be1-41a0-0418-08dec62390c9 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: 2my+l9IMikV9epLVe1mRRmCXJtc5x3jeDmHPdHSD0Gk/jmjjpELM89SHvQ89YoA4Mk3qwkTQfjhE7THb5IW4QVMzjcVGOD96Oi4achC1bnMmSI6JMOsgN2B5cNOKNwDXH0srvd9Ml/XYBRXCpOW9sD8IdSCwfdTSSEb6ZamrazA1XrKUo9yivvtThJkZ8SA+s6JLzLu7q2D3caqSK+NlXHE+e+zgBJddRohFu+dhzPI6ixAzce1RKoml+nfQUO5++BzBPB9mUyKfMLZ3iNiE/f+an+bzOt4ut3nSLYgAjKMf/5Ws4vqFs7l1gWOERc3toaKNyxjnEYKD52iQtifMxcxKwapPktMDvmK/F30Zn5mThM4HniJ+zUAhhFCiaBZx713H1HpbN2B2inOI5TMSMR7dermxWU68MwZEEk5U5WwS1qHrQunWmfx/PNeCpGBiCf2JCPsYMBFwH47HAO8GhFMCvjFGz6CzbZrvs4nqpQ+5+N5LjETizgdbPTWd/OdrJio8iPbnDvmvyss/RtSk8zyQq165sMHUeSPAq+uGBdDebScJmbGAXpR/o3n/K4Ml8BuV20/WCyVsD8IyMqMfcBcsCjgS/8w5jpJd9Qh/Vcz3drHTa24Z4mH4nzJ6kIONW4wzcf14FtkAPm1I3kfTcsq78g6d8WXKyABjNmQbkZOmJYb1uRSTejIZoF0eTvHC X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: idJYmPm/oxI0cqplRZba0TrAHnheCVAwluKYxQUm3TwPo+dyTcG79O+WdXVlpHkBOZhvKe46kLIl8dLxJoC5Z++UCleL92GfERZKlVDsEXKWLDKuo0eSZa3+CzFqplg05aYa8DlMrgfL5sbtm4vOX0+fY0IgGqTDXqZ+iHFObjSdYjLSiqCJ6osNvH2967lwGtFgq8RJqa2c4J/KiKwwD+bJiefuKPC7V06BwH7a2XirECvpRyD9Xc0Fzl/cq0HueBrl+lwuJEcfh7kWpYyTg6nbWm5/wi2R8yEzXwvrjbNaC9G0HIotT1MZXo6YBPO+RkGeWxG94EydwtN8nDtwluY2i9GFIsxtsf23aU2E1gRqiaz7Ud4/9bR6PIL5eeqOM7QFcB5zsDZgsJge8IuYeB8BurDXjLoc4pSLbTFLq3utTMUQeNqKgvb/VCDoAH2OKYRuW6KdIFHaEdjPuvu+4OiMzm2tXLpcvuwnbarkoKatwRN8CqPdbMMDh4T90+4E9dOIIsJ75LGFeXAO81B72OCGZWilKkZ8O9Mbasug/l294cwrOzQ9AEob8vrfDZZCArXVlMdJ/0G+01PsCDMMjQrcVAagZF3MADIdKLBTIDChsYNv9oxYOIYNVwbCn73cHzjorOJ+4zUBEqHYK1HIlnl5sE0f5ZS91kYq9Rn7qvbWua0B5kxHzioIXZQpQJaEkPIOmbPZUiM3np28/YJyob4XJhwNpTP0STy+WZmcQ9j4cTEWpkboi53Tp5DIuciRuOeQCZu1Od7vis2g1rtB+UZRYxtvy4U2Dvr3e5KHS2A8OTM/uUyzJ9HXb+WvBiSqjqJhe0bw6Y1uquslRFYLR7XPn+xGWoG8pvb1jp1CVoT4gbShsWKX7x7+2LPQXSbKr/gp2Jbwx08WCvNIBCJT0cBOB5VeOChzPOp3aMYWPQnvvLPKT+RwRLnovDu2glQ/+ddgLuwqcdYLenUsTTamx7i0CbL0Y4EQXaNsntWSvjEp1Ham0CJqSsTYN7pZcJL/kieo6wQ4aY6XgxVUG/kklPVAPFh1RMuZ8AoJ3F43RYMzI0mxqX+XuxjAcc+gYXF+8yDBWboQ8Ev7pP9pHY/rwNn1xJBM1nOlyVvt33jt5YTQu5+mpLvUgnrF/cuvmyirMJt9sjZlt6kfoSc2faO5q584fRnS1WavxEfIbQy23z8T6QSrjm9ytjEMnYZTIOVQnFzsL8bIqZP+hDmiiOsBbPO+9O3wiAsexlxnK9DNrf9E94mTZoJWXEGfj1yS9X8ZlQEJuf0Mk3KfBxITHoJSv6eDiMaOAIUcZr3KzW+LEcgoq3XLVLSJ2XIFhFVMsc9NiIL/YD7rFzkomAMXNYiSXScSsTHt7cln6CpVN4U7eL/o2sAafE+E1eT69YyoDyrGq36DWlsr6bQgCnrTDGCw8XpoowVSaOw0PHvxEgJ4GHTwVbso3MCFowSIltgRoB1CDL9xSXq9xefvpuK3g/O4fZj2dSyv2TxER9DcbyyVOv+qN0qo7DfZkL00+dCsCULxfhkKsS9ZMQyTl+KeLoMrRLdTheuhcO1tusijqOWvqutQjbM5qjrmHcoeq7L4b8ryllHuwEb8qUiP5wKvY04G8aAa2llBBPag+k5PhUAd/1ZRxs3IfcmJqogUX9iLE0ec7jxfpKmlClRMZCElkAJxPeapO8MiwchLTAF2nVgBDGQxM465Ko1EYFaY3UroBAhslnohBguMvNPJiszpUZmD1XEypmQCkSwuUsmjUlH/3SY= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 664d2a3e-2be1-41a0-0418-08dec62390c9 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:35:18.9880 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FojgBfCAad7AMIT4tuoh+Gp8HlV6ZLhQ/Pl+f8fu4YbaTOGlN7QN9Z2mOw8WEiaQu1WRjv2kJcTk97Zm4aHtIHcjLPYlRBHUc2m1U6OQ9N0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=iq69+3pq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 68 ++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 12 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index a0d4fd05..b3583373 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -253,13 +253,11 @@ do_deploy_deb[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" do_deploy_deb[dirs] = "${S}" python do_devshell() { - bb.build.exec_func('dpkg_schroot_create_configs', d) - isar_export_proxies(d) isar_export_ccache(d) isar_export_build_settings(d) - if bb.utils.to_boolean(d.getVar('USE_CCACHE')): - bb.build.exec_func('schroot_configure_ccache', d) + + bb.build.exec_func('devshell_chroot_prepare', d) schroot = d.getVar('SBUILD_CHROOT') pkg_arch = d.getVar('PACKAGE_ARCH') @@ -271,21 +269,39 @@ python do_devshell() { -t \"apt-get -y -q -o Debug::pkgProblemResolver=yes --no-install-recommends --allow-downgrades\" \ debian/control" - termcmd = "schroot -d / -c {0} -u root -- sh -c ' \ - cd {1}; \ + termcmd = "cd {0}; \ apt-get -y -q update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"; \ apt-get -y upgrade; \ - {2}; \ + {1}; \ if [ -n \"$PATH_PREPEND\" ]; then export PATH=$PATH_PREPEND:$PATH; fi; \ - $SHELL -i \ - '" - oe_terminal(termcmd.format(schroot, pp_pps, install_deps), "Isar devshell", d) - - bb.build.exec_func('schroot_delete_configs', d) + $SHELL -i".format(pp_pps, install_deps) + + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + mounts = d.getVar('SCHROOT_MOUNTS') + mounts += ' {}:/home/builder/{}'.format(d.getVar('WORKDIR'), d.getVar('BPN')) + + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('dpkg_prepare_unshare_ccache', d) + mounts += ' {}:/ccache'.format(d.getVar('CCACHE_DIR')) + + termcmd = """{0} \ +sh -c "{1};cp /etc/resolv.conf {2}/etc;chroot {2} sh -c '{3}'" +""".format( + run_privileged_cmd(d), + insert_isar_mounts(d, d.getVar('DEVSHELL_UNSHARE_ROOTFS'), mounts), + d.getVar('DEVSHELL_UNSHARE_ROOTFS'), + termcmd.replace('"', "\\\"")) + else: + termcmd = "schroot -d / -c {0} -u root -- sh -c '{1}'".format(schroot, termcmd) + bb.warn(termcmd) + oe_terminal(termcmd, "Isar devshell", d) + + bb.build.exec_func('devshell_chroot_finalize', d) } addtask devshell after do_local_isarapt do_prepare_build DEVSHELL_STARTDIR ?= "${S}" +DEVSHELL_UNSHARE_ROOTFS ?= "${WORKDIR}/rootfs-devshell" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" do_devshell[network] = "${TASK_USE_SUDO}" @@ -299,3 +315,31 @@ addtask devshell_nodeps after do_local_isarapt do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" do_devshell_nodeps[network] = "${TASK_USE_SUDO}" + +devshell_prepare_unshare_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${DEVSHELL_UNSHARE_ROOTFS} + tar -xf ${SBUILD_CHROOT} -C ${DEVSHELL_UNSHARE_ROOTFS} +EOF +} + +devshell_cleanup_unshare_chroot() { + run_privileged rm -rf ${DEVSHELL_UNSHARE_ROOTFS} +} + +python devshell_chroot_prepare() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_prepare_unshare_chroot', d) + else: + bb.build.exec_func('dpkg_schroot_create_configs', d) + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('schroot_configure_ccache', d) +} + +python devshell_chroot_finalize() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_cleanup_unshare_chroot', d) + else: + bb.build.exec_func('schroot_delete_configs', d) +} From patchwork Tue Jun 9 12:33:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5134 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:35:30 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f57.google.com (mail-oa1-f57.google.com [209.85.160.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CZSXA006493 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:35:29 +0200 Received: by mail-oa1-f57.google.com with SMTP id 586e51a60fabf-43cce86b0c4sf8404377fac.3 for ; Tue, 09 Jun 2026 05:35:29 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008523; cv=pass; d=google.com; s=arc-20240605; b=DU3u2JN/rR4YiLNCwOF/fLbUqzulTLB7jaJSwPhSBsabkuV8fXTS72Jp5KBu8gy380 s4l73nAC4x1e9cWmOJDGwtzlg0W/i6HS10edd8wjOLw/nXLGLOfi2GGq2ZC6qlE9z77b DejwVIJW0bXrWQHB2Umk+T4HsYqiVCLU2PloNKuicVBLhOgf08jf8xOsnA06i5s3wbDI uZjVe4I8LmEPWpvU6bZdiqFwE4OxMNdtLmPvUEDd/vYrBvDF2BCq4LLOkfYLUsImu+2U 0MqZzHWJcBmnqoADme4SaAH1+4uXkHVfSjVP9MODLTZL/Fs91zxmp/v3Cenm1jTeDUHW rOng== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=B43Uh45Nk0N4pKWU1gHrD7VHt0NgbJJ+G0q6zHePFDk=; fh=u+jMCoKTYubQ/HKHclV9uGXWf4/DDS+WhavpYOc5fyE=; b=DZevbKXE+LdsGwrm12qPUyrJIOEd6bT/YUc7KMmOzV7XjkUsge4GGBwACbqhD6tV4Q UGc4I0B+i1e7QmYhBFVtuX0JIWcMaLcBpNm2bGMAqo8RfKm8BjYSBH0bAB8rHA0PrAE/ Uxmfmc0WoACCpTet1zAaRjGLPm1wL9FxtrBZqjo7SpPrsP56mIpcw+wX5PTx8EoWU9Kx uIe08WDNCaeHiRnudpF8vFq2ao6fzYh2LV8yfVGiFNGzg5I4rr2E3SivSJ6Hd2LAm2Fg K2gZoWUbq5yPy4FX1fhthmjPUchyA5K5EEsRkBPIiPQIGrFfaqJGmUWNh58agI1+7FX3 Oi3w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JEmSy4ua; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008523; x=1781613323; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=B43Uh45Nk0N4pKWU1gHrD7VHt0NgbJJ+G0q6zHePFDk=; b=jaIHNzKPltfvjadYGY0SWtZ7r6BO5Qo8DAqj70sOQ9cRm3ktPPgAnGK4iE3q9i+LcI Q7mI7jYZIRjQ0B8o/K5RYadxv1v8s3H7blSgAAR3DBwzJHGlwxgzfZwfz1TrhmI77Hrh KaMqClmHY5h08qYKn0vKUizPITwH8ZE64On6as7hEssBtunrWCrBCk56iwz/4FE+kKI/ lbNECX7Ow5gzoOfCr2qBJga/nqm1G32g0kch2up2pI2DgA6IYOjb+2DvkbyUyWgIoMP9 2Mctvd3UegHW3xohJPcMQX9kN1n8Ah3IR56NB6pUnlXiesewsib+SAK1w3L5CKJERyZK hsaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008523; x=1781613323; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=B43Uh45Nk0N4pKWU1gHrD7VHt0NgbJJ+G0q6zHePFDk=; b=mXvTnz9UQYSGmhVgFPSvenmGSCz1OlIvB4vW5VqkcgmMgoXAJpXGmatBAS4gumZWms XLnnuOZ14bMNl6SGWz13gQT3wOva+AtpRONXd0RWBBPHgL5LJnjCwsUPtCeCUIXD1Z2M uUPddKf2Q7wFNLMmhkQOn6WatBDgR9Y0tK4TAVCy7Dv85lzwD8xZHS5I1NX/s0kqYDZQ h9njbMZzelc4mDi83G36338lG65bvlC6vxKglpbgP8bO7BRgoRYqdZVhbjQ7ciY8FhOV dnb6fpX4JCWP47N05ZylSsWojOpgDhyfaYoMijhNqSkh4UJtBEq0Q3S97/rSChvPx62A r4sw== X-Forwarded-Encrypted: i=3; AFNElJ8Ke0nWV9MLf1WnydrHq7DcEm6Oepehs37qoFXb1l/OftgrdZzSf0Ij8wfFSPR+FmeoDOsXzVo=@isar-build.org X-Gm-Message-State: AOJu0YxhLI2egedYudqaHBeEy+SoM3GteIAokGJW/KJlUBuJJSofre77 eZsGuoCv0fQy68vNPGqnHB+XHKvEm52IqXvwzZRAHNPkMOn4ocd9jTsW X-Received: by 2002:a05:6820:3084:b0:69e:461a:d845 with SMTP id 006d021491bc7-69eac8dab29mr1730451eaf.21.1781008523335; Tue, 09 Jun 2026 05:35:23 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfDO9OckT6SrnnmC6t//mBaV+3OLfaNQ3EsCc3iSnZXJw==" Received: by 2002:a05:6820:1c8c:b0:69e:4fd9:c5c4 with SMTP id 006d021491bc7-69e591ff2fbls3458300eaf.1.-pod-prod-01-us; Tue, 09 Jun 2026 05:35:22 -0700 (PDT) X-Received: by 2002:a05:6820:1614:b0:69e:9a1b:5c26 with SMTP id 006d021491bc7-69eaca48607mr1816237eaf.45.1781008522483; Tue, 09 Jun 2026 05:35:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008522; cv=pass; d=google.com; s=arc-20240605; b=C/8GGTZ6OGGThyWZVgDTfayQN/S328aNZlGrmuO4ptWe/sgGI8hoG2Cr1GXs1izAyx sQovyCoY9GS37RdzBrh0RVdxHLGlD4LsgFlRjbqoGFM5r1zSu+2BGm5VaEZ4f9+KSk4s kCiHSqI8/GfRBokE+sZgtJgXH5eQC6tGqv2UAuNNzP6nDHOehXopJzhXAUPIfo03LN/A uQbGuJhndrK1qgc7NjvWZLyWRte7PEquq8SYTNKUBncEIWthDD3bcyCbK++Gjogt5aqR 7SGpEJjU0aCfJ4/2UM0c97PAKGbGd6ZKR7GRT5c7aVL1Gr4Huvp9tu9ekfZH4Je5lU8+ 41TA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=WdOFN6uUGOPsZON75+JwePPxRIm4LCI78E+YC8HylGrB4wh4pkrx9IkNh+gBiXsi5w EB2lid7bwWBGC21lT/LQTjq3bs3Uf80V5V+VRhR+T3N0S4xLrDY8XTzbk3zy8UbC5ZEo 4k59CVBl7DHpyux8NSCtRCQRCopF6knRTimMgzAVILObiGjcUw20juKnkn/WQBRq7pws yHiHtD0CGrFQ/XZqy1buWGQGP5dbHZI+vbbuiDDTgns/0INXHuHwz8uZEbQlDBIg9rSy jLnhBmczqoI6jAG66JyIEBbBKkV89DM9HeJM4/UHpoqHLeVKxpVh5VjafjUuJNMGUD5w gIeg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JEmSy4ua; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 006d021491bc7-69e464151bcsi639843eaf.3.2026.06.09.05.35.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:35:22 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WdIh8+Qk0W6iab8YFTxt25WixwReQEHlat+NCiNWK8bRBasONajMZO/3FoDhTxMHm1ot4pEfMvJ4eAiNEcVZb7lNVZsQ0qHsOfqPuKUV4984MjfK7Foz9rhdA7lBGNOcw41EcRXhosBtktgAbIgALzyzuyuDWanZOpTZco/+gLYBv9NWXc86Tb4cA3KQgSRXnje+JZhyTXAuCvm9OS8LvZcN9E3gwq04v+RMo0f74sB0WngIe1OGkAvUFsgA6/xjHCkFWY+au2y5+BhB48wu/v+xDAwOdiMLdrTAwIF47xlLd/ZI4LzRQxakKVg9ZIEpxl0PkALEUAFZ3ey3QefIoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; b=QUvhNQWI4Kl3Nhm9B8ufxv/jVf4vMcFuZE1EzTN3dTz2uHG4EY3XGIJX2qpwNsmGKWU5Ib18shF21PNwIubte+RBHgMdmPlWWc3n6WndHzqFcHQ2Zk3h2gjVx8p/YrCHxbO6a81rYlJ5vZHStB1JN/3M90RVY04GcMpMJGj3c4BPj6a1PzGHhx0MMmhj2NzEdxy79fC9fkCkURFNdwbHtU/b4tgce8HzjnWDaxSMZSyb4c3Wveg3W4yiYukey8C5TMyRhKLwa8sw/XsNffhJDJpJJkV7+4xzI4FDoMT8EXx2TojAL1OQlMA7XkUKCeZQ2RVb8/DaZt5m6iK3zpo6CA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:35:19 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:35:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 16/17] testsuite: add parameter to run tests in rootless mode Date: Tue, 9 Jun 2026 14:33:54 +0200 Message-ID: <20260609123355.2368573-17-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0347.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f4::15) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: 931ae8d4-2d7a-4d7c-c7f8-08dec623910e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: ESeRg0R13ujNZZbJ2zHdmjxUXxXyBKON87652mKJChKPJejt6xFd43k3JY6ZDnErRpDQqUE686Gkpk9xY7RQzLcUUDYD1aC3CAG74ubBMeXdO2uzRiRazOC2HN7V4aO1Coh7agh88rJ9wKmWTqMY2szKlZAPK6xvSyYg70LdPqMzQfdOKwiWRbdT1Vx95eAVWTJIubjkh2xVJQK9roI/K0trqjb1XXzdP/GLH6rt9EqVX/+r7BN1KVN6Yr3A+qvU20fIxREDLqNGVQxHWYMPTM0NW0Onzr/c5lyOJ1r4OhZllMGswB+WCZwmjSHKNj/OExeRj5GOoZwofPUx2M+pPoFfY4UZAJH2+riG+WwwOKe3KxkT83fjeuXIK2RhPJyRmLi8scXULP8GpPLas7M3FWS8DzRTCEitVHOCGYt71GD3mucy7Es9zepMI6hg3uWKcA5F5lAH1rD/lwdf6YNXuNXyqtP4yHdBDDZPgrsLxZ2EKgWQ5pTMfTuFow/rTBB8ZTN3hst16/XFvZRv7E0qaqAqO7cWrsQvA38D+bILo/M+D/sSmlbTinB4TmYnLCdfzln1gt/BThxAgUnRusJ9XqdaslJS5ysBcVwNW5iuQkz8026vIQiZ63JHdAVanID4oKpqnx+6eICG8hRgmM0Sm/dMUIF/1QyMPBUFURnpsqOGvxMtoOImgQehbMyZgiXJ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: d2zHMM689DrjTwhoNmvqnSuIUfSqeTE2WcS1WaWVvhmtPXg0P5+cPdWRrWSo15IEH7HHxUoMr3BSdrVAl3pYpcnRqNOtLyOQ9Cxt/2muc1Vj4vZM/wB+35RmIFU5zdK4Z4frZU2orYMXaZvHxVrdV4JTumWvxvgXfBugg0uYuGtb1MWeUFRWxWVlU6y/mQVjQBJmAXNdpboPlF8MT49PIOCa3Tfs97tnrm4wyDm18jFEzFnVGpN2/WLAhQqUUuNQyhUwayQv11ozPegTp6Xv5Nge5D7II4ObqeKF7A//7+6m5eOex/xoAeI3kWGzF52DQmUUymEynkr6mCNWcoyHF17QSdrfKXvebl3xCEr8X3jKZ12fnqN8fktPF8mwWJTraI8LfEk4iiJQy4oJyXPm2Km6O/AQ7z556Jv59kuSCifrsOvSltlT+OdY0+JGRBfV3un2WqEtDtl2n/nsZhHgL+QJ/dhGuqU4i8pVZgdcsa0A9t/UNKpDejgI1ZaBmdrTLkhIrqa6jAGb2XT301+gjSWAIQWbCLcay04m3ZaNflEVgDSUKg/caXq47zIsPuFg5DE/bRNDnykHAElyayVF/uQk4ebkkZV5Ho5LWj/GErxH/Q9ie0IvTOsZe34J41YVElBQffmlDGOZvZa1pzSR2s2j/4FGAmINMgDWZn+PUobJeUvScWWKYHkxcBdjNqTcbKd/kjgXsnHAghZzp6LqbOVm1kFekZm2gF3RFrxKiOYnBy1HPC6UXIEJy7AG5kOuEB1t2fDqHCu8uBUuxnizTggePi5x1O21Fxmq5Fk15UnOFZRNkmxO8RoidVjhEdhDPR4eit0UNc5ukEfn2hCoIpaxKMgAc8BLXRdZ8iNjpuePKncMhgNuixX5qv+JbIQ0GxTZZF/xkzGdi+e6pJvjNbiCITeXbYku9795Am/egk0OIrEFXaH//mskcMecmdRwlzWFr83NOETF0S40znUyqdOGD0zA/pdfQmkqBwvMk+R/LCqzWhTyJpd6uwHXwazFrBQtpPcyb6bom2XTNxsTMkEEsBSe97yhGNYuoITLBvuJl4vD9KxfRTCdk2dckPBgq2JAKPFAmpAXniWBz2xKpWK3XKizLtud1Wh2lk9EJ+UpkQk70L0639ZXES9QY9ac9pCeVkSmCI6/061p7Sq/clRLVnU6JRexn2oVMzvoKM+Vu71vpGW0LLvNsI3Zo2TJY1riz8NfLSOLcoQnryk9Hp8twepkdocg3sexWe1O5WO1eqBFYkLTk9WtD2FFhh0IF3HW87XkE1VM3dapFn8XCyTX4TsUo8DBjqUldAoRDmmbmbO1EVjYLrr/3echzfIS0eC0/G8kpWD6HL3i+E8RPUgdnzj/Map76jafUQnMfV4NUPkMHGBG0N+Gjc+j+e1LuX6YLzFb5wGBcE3mdpkac1Cf6jL9oPHs122DIT/sxX5ghJd9Ti82rQ0x9HYw/pxUl4/OfjD5FFiil2Jq2f8Lx2V2h9wdVkCxMpAmrVtnZJp1/+0fsH0qFf0A1WH2bBsUBUoKA55PlWK0tdel/ysvBKqmR03kvMrJlN+4HJ5FFG4aPyZLAkm/wxsAhFK0tqn/TvEOTrYAxSF3+8l3Wr25iPiU2iCS0agXpMKIwdyAXBcKfKiJyEf2YUius4rIQFnO8uS75b7GLSOS/rM0XHCqkBSLPHEhdmVat/THKUkNsxLVnTXzxqakRrfOGLMreqJHrZVhaJ9n1ACJopSEMt/de6JQtMjXpgkffZd1JdzwvSM= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 931ae8d4-2d7a-4d7c-c7f8-08dec623910e X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:35:19.4548 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pf7jNcebffpzv/dW8ANl9zoJneteflStWapdfSusM7h8y/OzGQAwxbw5DESfUGh85ypyKjNI7zjykXcrQdAe3s8AgGqw00eSs30CGwFIb3c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JEmSy4ua; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= While the build mode (schroot or unshare) should be transparent for the user, we need to test both cases. For that, we add a parameter to the testsuite to select which mode to test. Later on, more fine-grained control over which tests run in which mode can be introduced. For now it is important to get an overview at which things break and where code or tests need to be adjusted. Signed-off-by: Felix Moessbauer --- testsuite/cibuilder.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py index f9cca0c7..cdff86ec 100755 --- a/testsuite/cibuilder.py +++ b/testsuite/cibuilder.py @@ -128,6 +128,7 @@ class CIBuilder(Test): customizations=None, generate_sbom=False, lines=None, + rootless=False, **kwargs, ): # write configuration file and set bitbake_args @@ -140,6 +141,9 @@ class CIBuilder(Test): if not sstate: sstate = bool(int(self.params.get('sstate', default=0))) + if not rootless: + rootless = bool(int(self.params.get('rootless', default=0))) + # set those to "" to not set dir value but use system default if dl_dir is None: dl_dir = os.getenv('DL_DIR') @@ -178,6 +182,7 @@ class CIBuilder(Test): f" installer_image = {installer_image}\n" f" customizations = {customizations}\n" f" generate_sbom = {generate_sbom}\n" + f" rootless = {rootless}\n" f" lines = {strlines}\n" f"===================================================" ) @@ -279,6 +284,8 @@ class CIBuilder(Test): ) if generate_sbom is False: f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n') + if rootless: + f.write('ISAR_ROOTLESS = "1"\n') if lines is not None: f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines) From patchwork Tue Jun 9 12:33:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5135 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:35:32 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f57.google.com (mail-oo1-f57.google.com [209.85.161.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CZU3G006507 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:35:30 +0200 Received: by mail-oo1-f57.google.com with SMTP id 006d021491bc7-69e81dbd136sf1800048eaf.3 for ; Tue, 09 Jun 2026 05:35:30 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008524; cv=pass; d=google.com; s=arc-20240605; b=lj6f1wSlY59xqPYZ7QVV0UQVqS9OuWQc5T/cgo2ZeJUlIRMCe9qVac3D8xGs/nviwl jmo22fTtgDMfRI6grpIckVjF+o0480kH9lj6m/s03g+ele1XAvAL7bisc3WUV5usivCG PtsmSgqV49iP6xLPSvBNEN9cjsQvdPXdpeCikcS0G0/oAF2YtDw34HRIfUT+PX8+0YHI f9zYOXU7DFRygSHb1SXZzjL2O7UB4V5DHSwcpS9oNQFBc6fmlouNkaDZyPs6uL5bQVTh 7MlvNOAIdjfX3UK/Fc+n41bm6IMHVz0dXiqmerSlZDpNBNYz0qS+jhF6R23DytQyLsCN JVQg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=98NOud1rhTcqmn5RoIflrsWv2tFLMlUuyp6R8ZcxZJE=; fh=ALAO3dPcPnkzJZhfIWz1hAFaonzYaaO2Y4TSVMcBWd4=; b=V+PXlvr0HsvV23beqpg7MANUzSswWJrlJdMZdgNzQ7TwRwoDSwwdQmJ/Jag1GY7gfa H0XoqWpoUxQudX0y4XZzO1A/n6pCA1eprHIxNNQ2JLkz9zf0KdrvfQrE2w8RUqAOzxwV lISV90WpVIMlaK5UgH7nIA/ia1R3KdEPJR9G8AYR1FbJbcXE6Su2ILZlMGtlfbOB792P RdS+L3fEbr1r/GbxQ7wsG00v6IRioIqljzlltK6zCW+AQtptCucdZeK+8Xyss6k73RRH lCvIprzbbAOpZfMpf+KscUIuIV30DWcrjvQcZWpYWZJdZDka4tEfbusctuRqFB1HuSP2 vPMw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rs5u2DZq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008524; x=1781613324; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=98NOud1rhTcqmn5RoIflrsWv2tFLMlUuyp6R8ZcxZJE=; b=ws4qxiAcB9GCPcKQT+Q+wCoMCj5Tw8hpaw/TIb0xEtnq1U7bnhESk4i4QwygZCzgbf taLK97AIo61H4s3yFz46sBodaW8Mx3/PUlHLhTbIHHD2s2drNWWtCuZgdF5ZVBLA+xJX 6QtLuMtH3uljCSC/XWfQG5FoklbuzOuBWg6zy5wYUumrywFn8/57+VxVDaWXGRh1UNNN 7B9xoeKuMCI1ZbXyCfeXHvNaDI7LkeWJ9zwcuF9m01sKsNvMOr6qicDYEzWv9Q/G9HBE 7Iq/YVDfvpscGPxU+uo9R6TyqGA1gDSNR6137EHrTk0/uYehR64EiKcmBrdiytySUQ63 mOoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008524; x=1781613324; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=98NOud1rhTcqmn5RoIflrsWv2tFLMlUuyp6R8ZcxZJE=; b=VZAyh8/izety7Xa4itbq1xt23zX2aG7akq/Yhwlii39tYlAcU4/3ML4qocqBjzU9Hr UApGk1reIm6xjiIQiDCsahEE7c3luBzF4WeuLXNOHAQfKgIOHDRGvRzV9plkPs69Muhl p2nRg/s9YHLAKUZukJkg+DUx0AWB32VjtPZoo3IbveRPHPNkfNngnc6RqEESuV/0cNb6 uSi80NMiUACNcpPH0pKEQueFUmpTkA1UjDrtYFhetbTCRQMo04tU4/QFi5Fem9kmtcRo dIa5XdUTX2Q+deotjlXmYvj3lL9eLHH+FI8ZhAij0duCHT49KnGel6eisk4WnSsSm6GO cAaw== X-Forwarded-Encrypted: i=3; AFNElJ83i/rGjOAF3r8mOHZxI5CkHZjo+370beR/lyeHq80GJHvf7ol9uzTkDzvgAhw1b+WkHcCRuG8=@isar-build.org X-Gm-Message-State: AOJu0Yzi1ekGu0+yUC6cucfs2nN2wiiyK7Py5vGmTI7CG+UnWZRWNqOZ 0Dw/2RbXJiw3dqkP3wsfvP6urAL5Mk65uxpvs07Jhpyc6c+BlffRu6zH X-Received: by 2002:a05:6820:4a01:b0:69d:82e6:69e4 with SMTP id 006d021491bc7-69e68c7ecaamr10359250eaf.47.1781008524687; Tue, 09 Jun 2026 05:35:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfueFtQNpY28K2EttXXaDg0ajr2a88Q4hZcBtZVvaC3Yw==" Received: by 2002:a05:6820:814:b0:69d:6be8:68a with SMTP id 006d021491bc7-69e8e13ccdfls1701200eaf.2.-pod-prod-02-us; Tue, 09 Jun 2026 05:35:24 -0700 (PDT) X-Received: by 2002:a05:6820:200f:b0:69d:9547:c961 with SMTP id 006d021491bc7-69e68b954ffmr12026397eaf.22.1781008523817; Tue, 09 Jun 2026 05:35:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008523; cv=pass; d=google.com; s=arc-20240605; b=fgRlpUqhRCybFRKYfkDENfUcSSryXtDjfNycaQc8vZgJmYK3UdSd65hTVvehuahBbV Jpabs4FYofLg8ZFHJt/dSCa3ONFKt/t2/iEJBm4At0daYD6JZx1HLUOL9c8LhBd5nRfT UJxAFGkiGz3/WlBS4q8z1yg6pe8yMwhzH//fb3d0C9joiTmL1A+qPQL6bami95LBwj43 /Kc74lGm6X/PvTyHSfia+bODoasFK9esbSdh5hP8qDvSQO0vwlbCq5BUbByaVkU4uBxx eNw+Yf23n34j5ibd8D/9vwSJWqNGQD14Exe0pnJKjxBDHt/yM34oBRAML3KPNG5MKHu2 N8/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=OVvfch+5tZ1oawaI7lB+Z7tT/ydyUqAWmdNbPnO73hh1LjHfwVp9xopQgSnB4U0/hd 7GdZfScvr08SnX0ObXRVRl/kY5L3L8edkveUmeQH7JxSL0yOV4qWFWs3Kapes4y0+0/j NCvuKVvOZL7GG84cnXZBBAb/YLEbq4+odrr3f9a3kr8yY6552OnjbY+jJmVxCGZiVB2P xSj6XRV6CBfnSCmYUJY8JiL1ZHYcFQLNRJ8QElXhxw4IugU41DjnVorC+4T288Ghor0j l72EmWK9QV/zaoGEEZ2q/Y3s+imfQIo67xoG4tDxBLK8eCxY45OXA8Z6UJVIOW1Iuifr Phtg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rs5u2DZq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 006d021491bc7-69e464151bcsi639843eaf.3.2026.06.09.05.35.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:35:23 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BkBe8YtkQUDVfHLkgVyh7F7jiay5+jW5+/cnRV/57JX9lc3u9WSAfmYiuCHHWXkuldYlMxwjLrXx5NaNCgXbQSdQXv9xrhyvFqGfpF/AIieimf5DzhcoeCxBCTQOYH9elMe51hpCcDU3KMI9MHr6ENrpq8j2eDTFJUYouVyzwlTABw+0jzCjvnoRN9NP2W70x74r2mrlm5rC4kqFYeZzGlYRSUcbn7+wm4gvwv5z07WaiPS6922ZmW6tfyKNSsJkCCT+u2Hg9clUQAdpTxy93iXDVDJpmrWxJqLQfmT6WJ90fRMyHDMp8jLXscLsVQmnrymVHUCeAjaQmebXQ4bl0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; b=lE151SbMx3wgX+A1YHL6aB6N8WQpormC6BdBztFsAZgBZ+IDTHjm5SnUlDvbWeRJRdYQOUGTBjynXaX7/soz+aiMU/D2gUemtLUEOM0711b3ukf2QG1avwKyBi7UOMGiuQbvbfelWjMDvHVXpP1jnjHJTgIjCbDIYV1T5kLrxepHmVKtX7oU4mYJrigwHY/T2vDbUUrLqqJjGbZ89sRFwIhVA1hQRjvwxKypnidMSoTFX4bw+6lhzcL2gFrUz3PCqrlv/HPuQab7wOR4w+68Kwe62fV3Xt3TXp3mJFRyRq/dFkZ04oEdTlBjky5h9Q4ekqvyRm90PEXx4hLpXOmuCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:35:20 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:35:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 17/17] run-tests: add support for isar-rootless mode Date: Tue, 9 Jun 2026 14:33:55 +0200 Message-ID: <20260609123355.2368573-18-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0347.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f4::15) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: 4fc22aa0-cbf0-4fef-ad9c-08dec6239150 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: KaXJif5UrYa8Py+mFzoq/3TfXn8Dek3LRNoV63DMJ2zjYHcu2O90Z5GZoOBw0JmTUgYCLB7bmlwB5J6Ir1qhJFi+8gwQ/+jBKWOemFmJimoyL/gSVZesWdL7JQkwAYWRF515FHnf9m9XT/j5i9Wol0P0sOadRK6MO5V7TOQwLu1NuFkjKGVf6EdSziILAfkv6ZS3cioHMMUAAZ63Ad7kS96bubYnFGVAkzvJmqvu1tTfj9Rux4J0r32iML1n4QQp7k1MWVRrZz8IFnVGOljtuO2fDG5qPYWC/9L/eqBugTByFlygEdbsvRgBl+FzJbEuud1m8nEtsvYPDFtvTKIGdQYyiXQIZrPEc80ox4O6eFaEPBvSQzX1J7IguBjDHVsk2/knM0T9KhIKfZAqRjLLCGcotFh8Hqu4I0owNDz5vgY0ERmieKfA0hRdvVG9GeJ3QbLN/YqUzvcHy7aJrz9jE5aKMhAo6Zzm/AW5RqgKs04Tn7nd9h38WLjMBygnuNZyrc2fFO5xb3z2TSLZGusFya1dKY12EToBoQRoh87CyUo33mqckPErCE31y8kM3omhVhFozsPBIi6L5+Vc8Jmov4Mf4En3xyxdb7X/HSIHacTT5z+B0hN1GgRwcQM1yvHyI44J/bav2NKNx/PgSpE7VQjOpp5yVSfLYNPRzw2HlfQwLjVng4GsYBdu45THNu6v X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 31MEmYILFdwXRZpgErNo3eA2kRU2Y4NcsiuNXtOTXO9bBGiK+QT0JH06Mp4El2B9xYFj23HTY+Ci6EYPgEdwmkP4Yx4azx0mHAMpdU+at84tPnPr+yh3DOBlzttGdv0RhAYIOeXppsDhRSqGgPhQrJC3bsFqyw/s/qDCDdovaUpFcW2j1qd9dBiQ7+rqes3tDQa6uZ17+NDhTKdpwCrwg/tH5C1gaz7CGOwbAibQR72txUXxvS9+KBbuYDah39CzORT45y0JjN2huCR17GWddOAgIbugWptJ6f48rhdnEJEmdQrpywfzuMxK347jWoTxsdBuwx2jUN+cYZl6RTSyYKpyscZSP+No3DaHiCZKLF1VE2DWHnlXB13OAW3FitNSZa/3nCRaoAS7sTi2Bq1eh1LXQDX0rb3hhOpRHsx3O3/M4JIEZQ7LeSuFeaoiePWWBQ0g/Mlh48jcWHmej8luOq8zG2O8Y3Jof7o9peFwmzsNKUErqgSLWCTXMGAkpeLswzT9lhFLb70D0ZLoy/Ebs3InsCLkd0RtY44EBwLwovJV56d5NBCJ4RbMYw1Xnu4zIW5AezxYaUYIMXAX/oi/JKv2V7ssPfMzt+i5wCTQ9brHd/b58GacxQ5iT7Mg4AkW2FQTWjrJMXUZfuXuIXrKpcTM749OrSCr2S9Rr7gHUflsGxeIh6LoDtlwsJbaGMy/qZAYEum56Oov1VcSFVcYLvh9At53phxLN9w/s4Sg/3l8HlnfvM7I2k8iIMPaXSYB7bRF7tkiWzCrJsarSJPwAQP4E3Lr2cKJhWNN4RgnkGEFTRZsy0PI/MCsk4J6MmBh8O1BlDuUk+01SHOuR7xPkdrdd4oe5sHZwefoW1BDnYX/qvz/lnm/95saA4AREaxQTr4zmUPI8mk4BOXtusLuwLxuyFlcNoVqmZY6NGc6foSV/2TJiG51EV6Yb9tuEPD3YVCirJvK3VIxUd0WMC75P6SAcx1FrAlQDBMmqOk64gDSqIY8BEdnaJlhnM3aoH9mLdy7hq8Bjcyuykkohm0RVIvp3T7mC22JMuFH2HhU7XKYf8nFxRr4UY+7bXHIWOpmYiaKePMGOwN7Gsifw8ylj1fPXCOYLu/54eQ23+OdQBlfrTlrG+7RWi/FyySq4giAboH66D2dKxfvs3oUCJ8UedSWSYnCQS0kDKdW6e/Q5zEsiTmXszpOTZeiwZEDy8otWefH+46SROH33AKxkUL82Im+JS/xFQnBVUuxHgq36hleHqV2/2YhLZjaildQsoERE7vDG5OEn3dLB23m4ki1QNmjCMf8Ny4jaDcWgSGMEbs4nbvrQDfXOhA3J1Va/iS1gw0jFCp0kkDMemfh9sS4JlzZNEr4HmA42nR3usaYGy/KB5NHJG6zftLf3KIEB19XjiuuY9xlNQQtfufyDajddSGOJ+GplBPXO4CC3FgQuHcNXr4AvRuDeqr4yjl5K4+rRTB2Eu8pxHeAjeptNYABq+ywwPfym6trLPSymHOnBgKYh55ZvL1g4tRphHfIrnD+a+UJwfBX6XP5WUGc26US2bWY2iykBb6v7pTlo2TwpjUQ/pXsaHVSwt4Bc0efPYVcRTRQKw3zn+rQGhzZLTzHoJi2r3iY6se76OOvBMdkz65C08J4hwB5wXK9daltXpokBMmUpyY7qLeq45RqPu1U8wfqpayMf0fFk9NI7FwYkJ8ixQA8NOxT3Fz8dR9t/YKkpX/qgpwgQLnKG1x/vWicow0MO1i3X6BFoz+qMKlj0cU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4fc22aa0-cbf0-4fef-ad9c-08dec6239150 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:35:19.9153 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eF1jOz9HAKNwJEqQXWrFQ/k+Yj8HGevzh5ayEs0QdY157zjBuPI2NkQlfAebnBpkUw293H7akcugvQO9B25tA4gQkzm3wyL7MYU6M9jxXuc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rs5u2DZq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= If the testsuite is started in rootless mode (-p rootless=1), then start the container in rootless mode as well. By that, we can seamlessly switch between rootfull and rootless mode when testing. Note, that this requires a recent enough kas-container version (>5.3). Signed-off-by: Felix Moessbauer --- scripts/run-tests.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/run-tests.sh b/scripts/run-tests.sh index bce10d70..ed373af7 100755 --- a/scripts/run-tests.sh +++ b/scripts/run-tests.sh @@ -15,4 +15,9 @@ TEST_CONTAINER_VERSION=$(cat ${ISAR_DIR}/testsuite/dockerdata/version) export KAS_CONTAINER_IMAGE_DISTRO="container:$TEST_CONTAINER_VERSION" export KAS_CONTAINER_IMAGE=${CONTAINER_BASENAME:-ghcr.io/ilbers/isar}/test -${ISAR_DIR}/kas/kas-container --isar --repo-ro shell -c "$*" +ISAR_FLAG="--isar" +case "$*" in + *"-p rootless=1"*) ISAR_FLAG="--isar-rootless" ;; +esac + +${ISAR_DIR}/kas/kas-container ${ISAR_FLAG} --repo-ro shell -c "$*"