From patchwork Mon Jun 15 09:24:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5146 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:28 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f186.google.com (mail-qt1-f186.google.com [209.85.160.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PRui009021 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:27 +0200 Received: by mail-qt1-f186.google.com with SMTP id d75a77b69052e-51956be1f44sf31010561cf.1 for ; Mon, 15 Jun 2026 02:25:27 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515521; cv=pass; d=google.com; s=arc-20240605; b=Ugp0GWx+qt+APcgUxiCbj3BNdJFsdyrqUUkHCjkYzVnRWUnV/qQcn3qq7tTODqVqGA Hm4no67FA73H15zrHT9QB0/5XdY7IpH9SU0tetvzjUdO99ex9CsW9f0et8GRQEZRI7N3 01VYtEyqIri/i1PA4Yb81a9PDjYmZ80K0BxqsOX5yKFUZvungJrFFtsbsKyeQ+gRe8Xj uL6RZjq8bZf0MPh1puymIS2dwckgK6Y9PqxkQykozfn3ILAWNWpsvdtut+tn8Su7jxHv OGr1jLB2TXh1tPbDS3RMdnv+RFSkS81+tsovVA5pSXz5hPyRSVPu1UtvMPIHpXoCYuZM 0a8A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=0RinG5POUa8eCoQFs/X7mIU0Hv6TVmDqFjCwP+bfuH0=; fh=5k11NKiJYU2XZuQrCWlOGqFNTKHoyu6JKIIbMcw0NOQ=; b=lraw4tTpGvzAZ6V7a1I96W8Z9q1Q82LQU9hyg0AgeyDfTbKR/bf6PtXxvu78kEs6pu 3nYJ6WG/g6aqbC9ejRsa0aDNeMhUK6QjfqK34usILrzmNHBf2HaiPNwV9aZBwmIdJk1S upz+UcSqMngKVeOXlrVmUysumMM2soZ/4vguZA+WP1XUYxKFXA+06CRKnvRaczWFcZWc mM+7/fvo1ipkp64YMnFsoPOEnfpdK4OH1uc9Dgkq6l9i3LI+9gAPsqcEe190fk68Esc7 zoMjxt13FbMfVKepK6/I/WfJNCK+xNb9LbHBDY310Vc2oR7APp1FWBPzZNJPFRoCOT9Y wh8g==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Gid01pXA; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515521; x=1782120321; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=0RinG5POUa8eCoQFs/X7mIU0Hv6TVmDqFjCwP+bfuH0=; b=iyr5Pk9qsGBSjWhQpQQ/VrAk06l5fDjqQUswUYIhNis0TLN/KuZT5HQiKzRO/aYy7N w+Xx1hUD0aM6k/bPMIPakqUa+tqh42P8iP0TOVFlPrGAvmJgc8ywxEthCy8AiIhaKgh7 ZJfsVYFHeXp7mYCrNbypLPZwo9LGoau3kD+OdbplriMi9kiMoIQY/fjR9dJjFA5f7BhP U8vW7BZQnjfllg2mR2RGa2QjePzeWDzL9w5Q5SJek8STWTeoSLAJbGi6xT0+gZDCgy6v lzFAdGFC3H1n0oEMuzs4gBYJPrTHBV5F0CIXoCKeB0WPsOdoXQzRX/AHo7E2wKXWL7Dk Ramg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515521; x=1782120321; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0RinG5POUa8eCoQFs/X7mIU0Hv6TVmDqFjCwP+bfuH0=; b=EC0IwD0idmJyGmibgIBUmVi81z8j2ST9AN1c0UGJOv4aDvJq3UbUK3u1kZ9F1WcXE2 8gaWvnv0mQqHjJkCbwQWUv76i6Xy5efaYqAme0B/Is84fi6JcBMbwEkSrrd2W7uK+qVf LskyCHrSQjLry7mOJmKJkWn1NUN9AsbpJhzBJfGrdxK+sx0p7B1z3676pwnMJwICeJIR YYJYHPq/HRXXNU7foSZUuWcUtCEGb0mr03XIfjdaXdmh/06oMhKwV3KbIdR1CwypqlyY U7U5dXODShdrQDKt7q+PKkACI2IJt1MaQfExTjDK4hZK4MLM/MVh6G5y+wfFQRfYCLMG VnPg== X-Forwarded-Encrypted: i=3; AFNElJ/q9aNJkk0F5K7TfA3PsDRsxHg3BJ2e8Onpg9EBdmzcN+0bCKYIHaFF5WWvW0DyzYdZVVAV0Jo=@isar-build.org X-Gm-Message-State: AOJu0YxLYtmFuAQPe4IsVVh5/00fvqpF1zIS1jp51lTJOMcD5utE+BHo oU1vUBSdk9KogMGW0vTvdGpqcw0Vl+ATsPNvlkw1VEoG2CfqFhi45nUP X-Received: by 2002:a05:622a:138d:b0:517:9407:5c38 with SMTP id d75a77b69052e-517fbe61614mr173049951cf.24.1781515521449; Mon, 15 Jun 2026 02:25:21 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUe+nz9QYI5+cee4CPE0J5r2VblDKoKVa9NGBvbS6cVmOw==" Received: by 2002:ac8:5dcc:0:b0:514:a39c:fe84 with SMTP id d75a77b69052e-517ec7a5801ls56859661cf.2.-pod-prod-00-us-canary; Mon, 15 Jun 2026 02:25:20 -0700 (PDT) X-Received: by 2002:a05:6122:4fa7:b0:5bb:a32f:afdc with SMTP id 71dfb90a1353d-5bba32fbbb4mr505083e0c.4.1781515520497; Mon, 15 Jun 2026 02:25:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515520; cv=pass; d=google.com; s=arc-20240605; b=I929YPZxpcsDVHZnDdG5BaOVIhXpfwHKPIjChfEs5qmQ/rmrYrPGC1Lcv4RLWmSmi2 ZDLcdjLb0o2VKQqj0K6Mp1dXUJEciC7aGmPuxuyzwNBbv/NdXLfYcISz5HHEZze0hZsv t2zu6AdT6Zt8mEIOS0uZzpVMRPJvoYHfChxB5HlhNskk9ccpDvQwQ7U45jNYPpHAum19 jN3iY150cczPmb73051NIibquCZWuT1qFXKpJ8FNyVe8zpa9Cng1SsHUmtlwlQ5nAyhY gmDtpxWZfbSVY1Xg4Y0JVk+SOJ0ZlN6p3DcaFP/+D827BalX1SxcwSdY5H3oynGTqFUO jd4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Qye41HXe9nyBRp1zBB99FnT8AJEfpJjO/ESN4oCJ9mY=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Rf6gmAAIvpCbX5q+TPjBpmEFoJeCHGj3fHx+y+wqx1aDPy1Q37QtxV0D/3b9xpeL97 lgdneSVadg9xrTGmVvH9mbbiIEJMlQBxdoY+0G1vszv1ZeVgFoPjd0dy7Ouz797IQ327 1iNg2+JmONZr2EU59Jl3SIslp9oTT6ZclsdOlqha/FbP3Cg66nDHWGdKg8OXb0sM2jg+ ZB+LRxUPPCADnT/H5Wy+r5qCuuMBRvuDH+zoVtZCJWtJ28VUFfWYplVxkl66P0d3589E Es3NtzfRUy92eFDvCziNI31GuTZyVf/uaTQh842iXq2VSVEs/FD7XZ2BXn/0ywq+Del2 msmA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Gid01pXA; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-5bb9018fe5asi125470e0c.6.2026.06.15.02.25.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:20 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OrUDApx5HE7K3L39gLq27jaxi24MIjIbH8qiGEtdQmZZ1A3eCzdCbrfDJbmqif7RT14W1ukcoW1KtQfGA5D80tJICGq5/rIp9engTL1NsY8TlX/jj+7tLnVvC/mr15yoMP4tN3F1+I12D6TKy9jAhas7PCZklqeeywNTZUVWhOKuD/MbGjWhRieWdMC+jr1JxX8QQVi8uVFrpbQ/lqkAb0gmDtIHbbtgzeQjq8lon8fq+KS9HX05CMlhhrwfzxgW/Xb/gA2gp1+iIOIkMRJyB3KHFRVk7pup3AQh6VljyF0ljhPbD1V82ChrZz1BOFSQpH9Bg4ztKO7gfGLykLhGjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qye41HXe9nyBRp1zBB99FnT8AJEfpJjO/ESN4oCJ9mY=; b=bY0bbCyp+Y6J6kKlmO4Dv2c2VLUiwKO4KLBsJxg8y8agaMOGvKB0nV+Z55q+ImqZl3+PwGI5xunqu83nZYDt+XCJ9fRBvmdHnzKHrzSrGiEJVdgqpeizVRWiSfIVPNEwQBeXkvYDCLtAwei47qnDLSUSQHOIZPr140l81fbPUgVurScb+K5BTOrIH10Kg6nc/OuwC3dqpB3qFHbdlNB18H9NVHx5rYQFhIAMw1AaIKovCH6wR9wNL+WJzl+tzJhz2ptvrh/T43aXbK7Zp5r+UFZQfdiibQ2lrnRBx+XNce+XyG5W9w+IC319gKgrI1P+LcZAjedc5csSr68yG5mrrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:16 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:16 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 01/17] refactor bootstrap: store rootfs tar with user permissions Date: Mon, 15 Jun 2026 11:24:42 +0200 Message-ID: <20260615092458.259691-2-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 8c9d416a-790f-4f6b-692f-08decac002b1 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|6133799003|55112099003; X-Microsoft-Antispam-Message-Info: Jx3exG7+Yptem7yrVMt4JBQtPgBFt4AfjzelscOtZ2TAqMYu0mLHSfnlj3AyghC/ppKj8yTAs1pzIzFq/BxMlRDwcrTXs/p5X1zfl0MRgxogvZ78ynfR532iUItnzafZp6hltq5y88RGoEx7fmxbRPCjX19xwYk5kFRBBBdkHL62I0usl3p7Jw/xxyHdVBR4yXVxL+ar4ZIQ1cUpV1phHR1Tc4ANQyx6UI3gpy1NlZ/Fi9RRlRQt0/Om4gmBohTR5QRHf7Wf9gEWwXARTQASMWkvBEF4RaljkjzJxRMyq8YpklCNDhzH3dmyg8qClEIuGQdWe793uNBGW+qRqSscJUxTjDupHIIJS6TvjbrPhEWDq5WImPOyE3k8gel6LfkSkVEKtJQ0zmJfGcYGmBzyj9StnEkjT7LA6OVDoysM2PwUGcAGljfa/s1WxJ8zSPhJhIYbsWKd/fbwlRohKMW4eaHemAtG0+eMwkt5BXE63K8XRIM4fa8b+/5BBxU26kynncJbfxSYe/yZuBOCm89a/xjLfcpqjothfsJ3bmLRhRGcC0yAklC9ZQZmAJMKAVzCclHVa7hvHpYrcTmvQCJzwdszKOE462/B9yVQF2/eXwTbU9OPnlG8GhLLvGIypz+jC/rVcXZ2jWQNqaVH+Tj4nKshI3/jEuurfaZXSzrUfz2pR6JCudEXm8L18eOJgpcy X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: wTVILIj4lL7PoDRbRfycc2ieR12CAKOIpwco1Mot4N1rEBAqPDKIolGbyzJ8Ysi5G8ZSi5z2uWxPqsucj7CqKHVUQzBznTpcT+/csT0IWwB7LSPuUWk+mB2qnXeiFoUiMQRXuBUAnrrG2BnwQn6BdnoSUp/aqf6VcJKm7Cxa7ZUhBOyGZTvDWt1euYrOJDVDk2bOwsliRRqZrfCquNgoMFHTpSGdE96BBknNd4L1KIT2NdMPtodmEy2vkF1AxDNXKlgQNNhneBgph98yhiDKU5IPbKl+vNKA7gAoAd6fJlHbuHTyNeBpbK6Owhu8VoukMEv7qqr+mlj7RsNFDqcC8FJTrx2jZjeYZsav1huGpiKlr9sxKOPI1vczeZS8AaXUnl33FGN9s6UClm36+vSeOxf3T/74ISHJtOL05xi9aD+yL/Z3oOUgvg1oW+jiMPfmEycuULaOF0EtKHgoRbscysFqOQUGqLzG/DGwuRVJQ4ObpcnLlCE2OXbdA3xWbJE0WLJbnDS8Soow6hVzMTkG5H1tBxhkJmjlkvd634ueSx0P9tm6iSkNlWb5lCcyFjryjOIOHOGxotFLJZH9wRbwR0n+gRNBYsjrgCTRuCJnl5ShXWA+l6HfoT6YvNsIp5VdW+fVUCLO3WWjLZgusKcvxvSQCGX14aDXTto6heXQ4z5rt2AENA+G0KKKulwsx8uSwT9X2YoIAw+iUT/+TREGZ8yVJSH+34orYFIpmJ0cIJFeWRgEZt8Y7gegXj2YyR3ga19JcRinMUIKNGulL13ftp5Oa7S91JhrMkh4VfmF2yx41fPo0oWMRiGvvOyhJRonumszJGGNCb+JKx/jNuWMxytifzCA/OyWKdT6CQQwn8GgWWWNNqkRZmC+e2X6AI33NDN+38lfqyNmhvVHpEujCZ+xk/w0iSLk9952zZN91U1yEUbABCIuRELZDq6NSVavNx2+EsvExaj/BAhFDpBrkU7uSiA82URP27z1YGbE1M69BS+s2UFd2QTdFz3yTPIdY1AZqzt2NEN6JYPZSEMzIFgMnzvLkKEqapySBzygEsJR8jXZmbjhSPNVPEV3huk0XFj2ox5USgwiqSfQvgOoFf72LAvmDuZiqZaP/pXnQOOu2tsApcQi+xtu0gHSjZR4GIWZ5oZbDb2dKLWuZ62n83gB4mVhS8pdOh6ouzgsInwKGKqHQHEV3T2BB8ERXoOmfYEq4KORfPz4pJP24o9qqgH1q6JbQ5o4s1CxYCGPAJ7IU6UQ6iQkv2YdbBOK/xjm5hAqK0GkfjQnxa0mR86oYV+ROvl0yyHd63xSJb3lqO/QlyUa5whJpTyStY6oeMwzkalcozlIJbGB0WZO27Wzo8vIf6lRVqh87np9vTtsrcFEuPI6fpMF9rDn5dX7TFZTMFblQ2ydXrhLdFGEhU+as0otCjBAqIj2kyiJ/r34aMGUZsjw0D9Z4pzO6EAI/vNmYH8XVY5aP4pbtxbrvKwQFPSADK5QzZtmS5n/pNNTkVtQOtiGxIw5J32zpSUbVeihYkhhDpoboCNIoj+daNM235DMXjGwZs/SAA1aje8g2eNaZYXHhRJHFgAxCgyxYiTIGARAe1aId1YQR18+YXH5Z132xPTYVEBQWE5JP+WRwkhEy1l6t0yEWxGtmm2X/ul6IV1z3dL3BMsI0Mzii+CALY7CnqSyXZWyFUkMzidax8zOuXK9UsVIGgySO0ij7kXmBMITuQO6XzPeDObD0hIm4UdeeOMmxlGtXnZi1yfp/uTOBNmCIbNnHd2C5dnHc2hTQ7YYqZbC X-MS-Exchange-AntiSpam-MessageData-1: W3FC5MVbfncc4QTy5IRs471eN9e1H/w2v+o= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8c9d416a-790f-4f6b-692f-08decac002b1 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:16.1947 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: VfM6YjXLlau2Mhpyt8ikhoQeuFNDYjMmGxU7KaZIIIHo6kAx9cnLkr2KWskpInlFxn6L1WC9YpSXeGHFzMXfn6/QOcBiueRd9O9n+0tjK5M= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Gid01pXA; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As the mmdebstrap itself is executed as root, the generated rootfs will also be owned by root when stored as file. To avoid this, we let mmdebstrap emit the rootfs on stdout and write it to a file outside of the sudo call. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index cef953ef..9bbc63d9 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -245,11 +245,11 @@ do_bootstrap() { ${@get_apt_opts(d, '--aptopt')} \ ${@get_distro_components_argument(d)} \ "${@get_distro_suite(d)}" \ - "${WORKDIR}/rootfs.tar.zst" \ - "$bootstrap_list" + - \ + "$bootstrap_list" > ${WORKDIR}/rootfs.tar.zst # Finalize bootstrap by setting the link in deploy - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" @@ -264,8 +264,7 @@ SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize" bootstrap_sstate_prepare() { # this runs in SSTATE_BUILDDIR, which will be deleted automatically - sudo cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst - sudo chown $(id -u):$(id -g) bootstrap.tar.zst + cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst } bootstrap_sstate_finalize() { @@ -273,8 +272,8 @@ bootstrap_sstate_finalize() { # we should restore symlinks after using tar if [ -f bootstrap.tar.zst ]; then mv bootstrap.tar.zst "${WORKDIR}/rootfs.tar.zst" - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ - "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ + "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" fi } From patchwork Mon Jun 15 09:24:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5147 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:29 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f56.google.com (mail-qv1-f56.google.com [209.85.219.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PS4j009024 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:28 +0200 Received: by mail-qv1-f56.google.com with SMTP id 6a1803df08f44-8cec4d27d33sf73345526d6.1 for ; Mon, 15 Jun 2026 02:25:28 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515522; cv=pass; d=google.com; s=arc-20240605; b=B+970wSUtTGalQkYqEFpKOqK9ab0/sfIToRTRlm/QgDSlOFfmvAjbEAV8c8+N3xTW+ a/7180NEMG36BIUk+WueNad5z6ssviqDZSPcpC6rFuHt+9rwgjP8S3APKKuJRxGS0YWL zdK0KMTWH0gsmMXIAy/sQwjtg/CDjt7ORjM97UlbcHsuUD84+jiNc8RMA51Ebw4vkCIa ZZXKtG8Ay0SlgLiHM5cpquBKhaTD4VrDw/yU9m3ytp6VJX41vMRINsMvoWBFTZ/j/Dw3 gmxOZeSqQXUA5syjhxKc6Jl4GaUcKBmfOAoBT/i9byDd+ztq/9BUvLjRCx3EiyqPQrYp DHdg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=w4hYf7ntEv5FOQ5sPAGfDBxyMZz8UD0Aaw7inBKRjSo=; fh=kwmorW1eqz7F91a0PgnzN2IHUTchPt3qM/4yjVvn8Ws=; b=BUYuBkt2prXy3fTVgQILzkC6UnCjD8TWM4OCtpKaJsp/ZBjc1wduIkaoikNTqjtbI8 pYcftl9SCHNUyQ34FnbOFCmMd7UFesISFegg9sxQCZiuh6OlCSfivTkoiWtyWQwFrFG6 NwDogxstIHFFJm9yCyPOlIU44czTJMmzF5XuPJ5Z4x4wJ9aze36PABzyPEZQ8mlphRNz cQXQma67d90Q1W9fOZqY6aEjLOh3WtvrO8cQn4DtgeGsfwkg4gx6uUUpgi/cptd9K32u yDZSMnfPwvbFZFcU+L7f2tvCg6fcafqUJv+LBsPFidiJM0psUExYs8k05gBnGDJkQ1+W p6LQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=vhCEWSOs; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515522; x=1782120322; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=w4hYf7ntEv5FOQ5sPAGfDBxyMZz8UD0Aaw7inBKRjSo=; b=C0jrGW1oI1i65hyvS8+7mJs7M3ZZ6XZc4OVoNsrXyG490GVShL5cbkmhwjCvpXWspm MRRSjDqGpZMcx/SEH6CcQZkCwfoy2EBF8ciM25rg8DR01XD5SfW63rRvII5VB9OMuiU4 5uO5HRQjwCI/b/pc/V2bzVCvtuNW59KL4Oj0PNBF/sZXqMYV7iw/hAvVcD5fnzHpLZYU kSiQmCOnlkd+A4q+wnVd8C6rvhAuNo9Q2wA9xkPCO4wd+3BcE4KofzwFFqJ3tonQEMrT WZt4agxq2KuEMkn90Xy+oBSp2IMFo1apXySlxT8UOzb2a5rjrUaP4YvGy0Ozq4H4Aj1y WMJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515522; x=1782120322; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w4hYf7ntEv5FOQ5sPAGfDBxyMZz8UD0Aaw7inBKRjSo=; b=KRXeotrmueodiibg4ZhJNwDcrHvaOKkGeRwOgr6/k+ovnU29Xco4V9QkVapv2S8o01 HZkFgfGEMPtgR8WeRaC/UYLY/WLFMKoXK/JzqtBMwcPvxOmdGkNe7+iqwp2ydYzt1JfJ q498Ed3aF+PIbPBIqHwHhw8Oeu1PpOdLu/8B/x3BQF7cnCk3WE+dpnIbzG2S04rfrpFT 5gHy7BOmLb8Bq5YaWaggZdneLekqid6/2Uq06caZHyqaw9lweSVU2abUePZAl5qqlhsu TdjU5JExo/PKZeLnXh6pcPWu/t6hMmLnrHLF/+ld1xedk7BVcBNntLhTFzV3DodoZb42 tQ4A== X-Forwarded-Encrypted: i=3; AFNElJ8nt/nUTUKi5j4NCT4E76tbzxnW6AOyNIWL9uozB6v8PN4F1Mt0F5J6viwTGczKlsjuv7A5MPc=@isar-build.org X-Gm-Message-State: AOJu0YwJPx98BBcoLP7WIEzKHjrSPTgzP6LNZyi5wlh189skEtqXIwBr KjNxEERM14GOrKJ3vprbo8SOxH4bugtD8Hww2NO0yGDGroaPf5yMxfD3 X-Received: by 2002:a05:6214:3a84:b0:8ac:8938:ee55 with SMTP id 6a1803df08f44-8d44d8fdad2mr185309006d6.11.1781515522355; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcaD073BH2mUMA0KJss2k0qurzvCjPx9+pK/TS6YYFcrA==" Received: by 2002:a05:6214:2481:b0:8a5:6ca6:535b with SMTP id 6a1803df08f44-8d2f3e082d0ls71870266d6.2.-pod-prod-05-us; Mon, 15 Jun 2026 02:25:21 -0700 (PDT) X-Received: by 2002:a05:6122:134b:b0:5a2:5c65:850f with SMTP id 71dfb90a1353d-5bb79bd1c26mr3698769e0c.10.1781515521302; Mon, 15 Jun 2026 02:25:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515521; cv=pass; d=google.com; s=arc-20240605; b=M30jo60boTEw8a8sOd7i2M8RysDvc33zhw8UdqEQ5IRMo4c2mVtf37L+WCrNF8CU4Y TA0FXADPjHxAXtoQXoIOHRgZLyntersvOBw6NMHbfo1dEpXouL/SB4W8AqWVIQxsXNk0 KS1yPY5+OFysXA/mmh2nD/yL9KdIe9zSMsQwtKFhErYbURKJ0t4CAJc4TTIbNwY3l35Z 9Ri14Zbyi+wMKYFua8Us9WsQ1WX+OD6qNZ/SKXTI26/9HozT0P7HU0wDjbOZrU1VCwLX XHjsVkR8r7hzaJcltKr8sBxmYixGiwG/01LSiMaVsX1u/ojXKVeAnCFG4bRomOPuwXFG m26g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=KjbDYw4pHRssAXH0te59riXxdPlsw1o5WFn+aYomoCE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=RNwKqNwjmNSXGWW6LUgzBV8Cb/KIoDFaCITb7j0IMbfA3I1qLgo5n71LF+z676C4eF y2avmFQ/wWcpiorNXburyN01S1YjeHQSp7y6wFafYuBQV6sTY8cuKfJujtGgGOO2BsLK j+++Ez8JQipHG2+NpJNTouIrkuwpFT7tNV4JJ2xxyXfNLMTf7pIVyDiG9w+av78kmjr4 ojWMy6/aCnvQM7SCNjMQYh49MpE2P+TGgtYK1jJc+x6rS5xr5unW+93s4ECHykxx3h/E 1JQ2DmwsbCQ7D2STP8fsQR+ynTiTvrYXPD/mLAD4U9L9eEF9sTbwz2szMwdtCj7lCDPA +dWQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=vhCEWSOs; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-5bb9018fe5asi125470e0c.6.2026.06.15.02.25.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:21 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TN0syqQIqODAhbcQn6c3ZiZYu/xZMBzDNf0I0XZTs01vzR2W3kJeca7f+BmAS9kzfZOf57K+GTGJKT8BdJXjw9Nb6RQad3uvz9TQ9F7bLg69Xzg/8KINLNWT5HqqhGBj0dzb1J7HxN3xXA23pqbJ1Gwzg3eAvWuqRei3TVXt66ANu5JV21MLIUqKJEc8v17Eu3kapfasANziv5v58W1JIcHaRUEo2DEuxYRHDiDhvp0XOr10nplDFI9YjwHG+1dGFt3TvKKIGd2V6lov0bRcMq4NIJdTxsCPIbAZaTQwA2CONkQva9kDTwuN4hyCk2FUlwfBVLi06B0GJln1+Jgcug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KjbDYw4pHRssAXH0te59riXxdPlsw1o5WFn+aYomoCE=; b=k95BvsVjpQwZKE/oZzb9QJ67ltsmuQl1teYcB5ywcPdOiy35hPhk5xjl+lY8lHeJptmOmY+JoPbsSndRAiN86d3el8gWx7P7hBZ6i3DPLpwAebLmQAGgmLlquNhJPtpQfzbK5ENotm5Lv4F93+Xw0Y36XDsHAySFW9EFlqq+SdN2Ioac6StjkAJtkOoBf9MWi7XPkukgmgWyDEIjZ9ZJ4bmz8h9xqNqXJ21y0JuUP7Kkn4yewtS0JYiBuRpRAJZKsNC5HClqa5M5KHPYSjOt4wa/hjVWCnwT3q96obKeKPf1z/yfJiCQug9NZtQ5zvw4+oR6UosTTVEsvGIFhcimUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:16 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:16 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 02/17] deb-dl-dir: export without root privileges Date: Mon, 15 Jun 2026 11:24:43 +0200 Message-ID: <20260615092458.259691-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 2d9e5924-6f33-4c16-1870-08decac002f5 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|55112099003; X-Microsoft-Antispam-Message-Info: 3NCTPFKLfut2Dey21H2FhksUC8ly8WFsWLD9X/7hGobmIK/Zi9/rK2abQHYfJBmkWWa8CgQCFinBIbwZevt+JuJxAGIZVMa0soOqS0mOaoT/Fktojf4doqvU0fVAeIZJ5lFLPGEO10HaeOi3H6JACXaqpCkZaaBszAfDS1vflAP8YF3g6W7SsghqGM6adOPnOmoNfGG/uOD8xmd87Libm/tR2XEB9dpY4HxeHLd5S/adKeaLCrGsqHeXWPE4Fc2FB4XTTZb7zgAAh8qJHwePqI5SXQFtF9bcOcaP9mtYzefbXObCTB8mIQlyHKjo9te8oHosMLm7DQKeQSywGuUOWf2iD4S6e4vOQ9O9IAwLnXsXWsHGSD68qNDpC7JIlTsKl4Vh/gYc/+1ElHhElcYKm1Lxe0pKXRcHQyNa7bSA6kEhZRQqMyDXTKkRxyU87XCOSJw7cUxrcT3E1c0wrSy3rXilUiXXPQ6io1oPgb61XINPZBWoHnsLgxFqUQrIX5QXZiPh62VxgTCiSNwN+GWU5Ub8iawBZ2apGtoC3XJBhc+0WSHJgHBuf+rLquq12Lt6Jnj/nad0whdK8N7HrQIq6B2HB1lChq9bxu8SOZxXIF1VIW1MeN1am4gzS6gdt1eZaTliHnDX/KV5B6xnUS6uFvKV3/QLN2r2m6VrprCQ6SzfuaBUKNTu+jpfT2Ul5TBv X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: G5necjzxk8QtoEVe3roTIjzI36Kx2v55t1hox2S7pGyAAv6xGH6yUyLobnfLbL59c8j3Nec9HJl4r7396sfldkiGwcg2VCiziGFYzpkq8/+igiy2MD8DhvbqY6hFDKiZGdD6Kcif0RTyNawUVg3v01e0JfA5KIzFKO2XxmS13tFLl1OrbN4f2TvxBEw2w4+OHWYtoq/GRZ3wv59g1JVJ6UhGQy4DDNNFXphgmjOk/16zJG6iq2JP3GTgtrbNOMTbeRrM1wUjmc0WUB8tHUpEB1Q6tPX8WqMQUUYz937kjd1LA58WFh3h3L835DpjTEFh2+UkZizyM0RZfFixeVyUP8YN8WcTC7jV3lqT1BgdV0qo6igXE7dsEiMA1oMbGfsc0nZhUr7Kh4Ea8RChi/4Tn0uNCayck1GUGIvFMJiQmVykT+pYfofMxT6n9hir9a1/XujRI7c4mSPQQ0UOvcIAXKGCEx0oQe2aHG0mmpYWG9mWmRLgE78kMewnnqv/bf/wIrxYtLh1Cmek6OvatmRgfM79XbysG+J1Xa0ZHWqgAoRhEAGWU9/1h3Z8ulNp3GLEXuCz3Nu77vQcDV1lyTVCDxDQ9+fdriRiX0n7JqT3DVS7lcchH9w9Zlxm8LeoMRdYMPpQl9QB4Ob/4+wWO8rLU/UjISTY7rxzLRHCBJ+SG/Rge3rfe0MqrbxjC15ZkRrqUOERu2AwacLNc6pRUJVSmIBseuhyCJNGdrX005Y6FOMzKQFwKnYVM9ag8b7z+AptLLLwmLxDtXvdd6gFJoZwf3JYzrUUlc98NmHwK6+jwE+ucDbO0TEls9zMMYp4Wc0Lv6FB41JDOg74zvRP/g1cjQCZl+yyPOdBKfgemWZQGzh0QpUU74rkUq3MnK/reiaa/O5wL4ZwWIFYmzKDKaVDa83zAfWSPxCXyZsmaD+HSciA/PjFC0T9yCuAnDyvgOuYQUFj3gr4A4zrPOCYVH2LTuq4FAn1xeiVWNORD5wzvXf/4dHRZQxa+9PCwyUs01Ww59Ej1MdlSByqSvv6Tkue74N1y21mexVjq+UjZAj1091cHaPQYx+YZUpakNOFGElYLv382XTDBQj0N9HtpQKB/VdBJyup2Ph0O8YaHnB+qffgLgVFy/5YpUO/6FRUcvOTvifnmw0+iwEnniQHi/DiPB/Yqsu2g9A7bMHLczDJzSz/29Kmrbf6pfGoaZW53AlqdX5PHijBxh0LvM32KNQFFRb2to+CuFmj0esVbdVIDjLSavorwVqiCm/W7D4K+KYHvNifYcAT5wncC+Y5yCAqIm0a7UckFw+iZiCUNJvfxDBEYqKsJfi61a3FqmFx7/P2UfGlI6sWA43m0vgblAXLxdxS0Kk87f0rVa8sR7l2Jfvf7AT88toGYNKYJ/DeIUlP2boFBQRcqxppwPur6D8QlZCojyKo2uFVMoHNnnLoa5P1vCyBBWv+URMfO7r36bZ+js/roTX8qhGi0GjpzldG3ZDi4rtGtlB8tsx35JhaOC1LP96d+NS0aPlWxBW1mR2vIoXcmTJ55yzOnr07+ePqDEgaK/hss6V9lJXwGT1vIXbSo7ZTquLrLgo3FjlzTpoKBK40+jZzWVX7w3PnaPNrhx6DNvF2k6ySBR8bCfsgKsv58SIWRgawvZXY9IikX7ezuJxZkwI+detAmOG/ZvIBrf2N+b4piGgpjIasTBQWx2Hyvz/T76up5a9e/+Qj8Q5mnxX6XQ5fLEAqz4Nzskv1uF1GEBEkfS4OkJyoRwPCVGVU3VTKcNBX/mLbqzZVhcYDNJNTUGKL X-MS-Exchange-AntiSpam-MessageData-1: nTatV1GadBN3+XcxAsB9LkeVwtAHmSC3eTE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2d9e5924-6f33-4c16-1870-08decac002f5 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:16.6354 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ml1NUU9a9lURnr83HUXHyWzgG02Pf5G9NNCv6HJvc04DtbH7sWDR0RtLM79r2ZarRZYf0RQBvrc007Y8hWQ0fNJzJ+H9VolPgcG73aDr7fA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=vhCEWSOs; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index cec7bd76..ec08d739 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -152,7 +152,7 @@ deb_dl_dir_export() { export isar_debs=$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print") - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -169,6 +169,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF } From patchwork Mon Jun 15 09:24:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5148 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:29 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f60.google.com (mail-qv1-f60.google.com [209.85.219.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PSND009037 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:29 +0200 Received: by mail-qv1-f60.google.com with SMTP id 6a1803df08f44-8cea4854fe3sf76330796d6.1 for ; Mon, 15 Jun 2026 02:25:29 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515523; cv=pass; d=google.com; s=arc-20240605; b=lzEcvYdfCAk9qOTzieiu0VXmWKSOc8yUiMFmtWenNlENvf1EM7fNceTO709cc22XbG bt78UB9E1Dqydfp/80VptOR3ug4d5jecqu5bwchLv93KPs+FhD5v4Ebbu2O0uoXKDBsI JMssgvFmx4cz4/I+JcHflFKV7+VKPSKaD28n9E/kMqk8LYP8FMh9n3b/yDjj+Kgw1Njx NgGlbLUok2Ijj6fdFICk0R5eQTwYGp3sp/u0Er0tolbanBl5+GHGn18VlIPcr+tr1Wur K09DpEKjr/h/+h+Hn3K+w6W5DbvUKY2auf0slFsmH4lWuTaAsb9o0rfR+PN+/kuPfEir 48UA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=j/ZwekHYNOXn4B5X9cZ58GJpNJ/cpDbK27qFgGEBTfQ=; fh=ioy7vEzB/3EG+wx+owSMRXoNLxlQKwcReEx92ZRJLqs=; b=Qj/LG4SOPLKNGlm2kpNU2Y3rK+RZ++8PP5+TrFAduuLeOSy1wq5clsuUsUS+AucgL1 QSwqeOaICnrJOrywr3sd1uy28BfDTltRY8Wx7RxYzxdadPlLBDDlTsVSNMuq3p0eQU/C eqIuknvOHZAc6l/8nfA6cLNjyWmmM5vbzHVtAWdoAGhRNm5jMjha+nT+bRnv0PJ7b1zo gtzoL5eXXcCtBha+IIQaoqPPI0T70uu+E1pzXnd1bYYbeO+Xwg4Nqm46Z9jfixcyzkMF yN8eYs9FtrKMztI4g4ElrcfaI4E2duBYvVH0xZcgpKjGDXMpX03a1pfWAO/es0kL/ZIM uiGg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ygcQSDMK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515523; x=1782120323; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=j/ZwekHYNOXn4B5X9cZ58GJpNJ/cpDbK27qFgGEBTfQ=; b=rswJt0NUGRUg/aRouBD/aLylCvB7jZs6yGVpOHpN1QnHNtmfn/VfN/D3KRAHndG76+ 4iGFrUp6niidf9AYQTMqjOGKXECmZxx/pp8Y07lYDtraZmTrIZLP/gl0jz7iWkLjaksw L98wnz70XqDYXARdWa5B31ugIai3gMvxIdvdw0oZs3ViQB8Jb5H4B996+iKAuLbK/JmX SKkKOzUlvML23Tcd85XDsORHyBqR6/dlnZLK6S7gvNKMR3Wui/+yyvy7AilwwNWPOzWF R4sB+N8FjSXIbL0zHtJ4IHECmTysKFJPT8wsYmkYJ72vmsKpYx/JG+QF/2bUnpUnVzKS wXDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515523; x=1782120323; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=j/ZwekHYNOXn4B5X9cZ58GJpNJ/cpDbK27qFgGEBTfQ=; b=AImIdhRV0EEOslBCfVUngDWY57SjYIolSZANlVwSRUSplv0xqFErzH0qBfPAMTI7Qt M/MJJ7tHqDddG3yeaDn+KRDCN6WhXFG1OHv7GSmftZMpjwmNTSCtDzC9cTdHD6Cc9clR Q4+StdZDf7F79HMXtjKer6tGptLRgjdJLJC86ubISB16IkgJ+HfmhAR7vxZ4LIm28ung xsfZLwldkjJQCPa1rj4ScOmDjoXpPX47jlrEFUScHugLW4jOzoOhs51RIsKNK6IirM19 bBqPeyJFZdXb7DYldNSlE5iTDxug9sDEhUF4gmExS2tGA454ASqnHu1DCbKT0apKuwBh CqdA== X-Forwarded-Encrypted: i=3; AFNElJ+HP6PprkWA3n36nk9/DpyvrS815qFjf+I8Eq4Sc53XROa/2CjQVbBOCgykvrLoMQ7l0Cz6vHU=@isar-build.org X-Gm-Message-State: AOJu0YwUGnIOy3bAjfsZWYBJy2JI7nO2iOObuEJ+0YFmQzL6FQ1qINX7 hBP+HxdDbQ8GDeL8XTXWnpq0ET9wq1xtONAWnFC2L45IFDOAads5F5BP X-Received: by 2002:a05:6214:4505:b0:8ce:9e58:838f with SMTP id 6a1803df08f44-8d32e30d2d0mr242390286d6.33.1781515522923; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUf+ieixppKkLuvb18qprtH7FLUB2W956fXFfqOM4Kq13A==" Received: by 2002:a0c:e012:0:b0:8ae:627b:b3d4 with SMTP id 6a1803df08f44-8d2ee562149ls74084156d6.0.-pod-prod-07-us; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) X-Received: by 2002:a05:6122:1788:b0:56b:1eb:d396 with SMTP id 71dfb90a1353d-5bb6c12fdc5mr7340088e0c.14.1781515522222; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515522; cv=pass; d=google.com; s=arc-20240605; b=i0t5jkQTB88vOtBAGcZk0h7IwDLmch5M4FSzWYjWwT6g8KN2Mbnao4q2X6yxZU9x/6 lsqVlv8GZNQEgGLinb6HaFgxJogbyQ1whVK+3XsAKvuoGJGJI8SQoyTXeo7cl95aFHlc RF8sA5HAXqmUBPtla/qSBh+svu3nrjOmzU8MizB5DuyhwAEfwX3+wVIqy50ftRqzViLW zHf3k5Zzq7V4f67PoDJfjDp/eQK4EJjsWc3/jYwVwNDuNJoMDdFYcTimgfRAjB//Dlla UgLs6lZKncDY8DD2uXGH7F8VhHOWVEhBYcyVdzcAEFTTt+H9dV3R4GJpyz6O6pSb37gP IL0Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=5K33bkBKj0fWsUSc/X558VUshtPzO9UwjiOkNMqPyzk=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=KvnUUL4ofZ0fooVij4UTXHrI2RbwMFMAZQcL/ejkWximEzobgiq7hKgwr8yBfACvrK y4XjaMJ5o2IhDGSQl3SRjUs0sDmhVSlNfd/1uloAxIpTkqLfL6uFG2TmZkSuWaMpXKdS 8hfNYX1TmrUXsakX/xrmgpdzS4YKm8Q/m7h6GdVvT/f7187lvUzcsHhKLZIJMljiC8WU /Nc7AK34goyg0E+1rwz52C5WUvpE5RgTUwaEsY9NwwhUqNSZL8Ut9CkqprmTINvLQpra UzlVax5tZtlCUXbGr6NsUKK7krz/XLIb01V9bKYxMzaHOWSRO9J8BiS2GWoBOCe96W6F /Yhg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ygcQSDMK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-5bb9018fe5asi125470e0c.6.2026.06.15.02.25.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:22 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mTbwWD9jnxm2c8fyMrGChaaHVq98JSeYT699AhEvsdVnFUdaAbo1Lgh5oXae3tFKm/vgnRcNO7WGSJzkGMNOhXsMaWD0ipDL+YzHrPTdNA7kZSd1cDEd6ojVGUC/sXxomUbu69lZDk8eLV1PdEU4+cmX6Z3QtBoIwOXYSFvEVVjXHIr5Yu2hQ6FSJufw9V1L+4k1Dxr6NSBiUSBa+Fs7k3Z7HSyTitxZlisxIKAaFaNzv9EjSFpVskP5vupZAKCZ9vnFajA/HkO2wCYFrcR9FyV+V4kcOir1vb4iwLpL2DyzmB3r5sO6CxAtrVrJ54IU8zI1j+BdRK0iggLQMZj06w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5K33bkBKj0fWsUSc/X558VUshtPzO9UwjiOkNMqPyzk=; b=EZp8uZkepfWhdIFzCm3yHOsoBbh5GdLgrAYQGXAfoMgK6I/H8/ePge4YcFqNSoNkA0X6mdalubj2cQkeSjEM76C1aNLNR93/4shYmPLUu6XZJWoZFpCmvNKLzn/7wGe4vvoeVS0O7Y5zReHEfiwgWgeUSM75BxAT27YnkEbOS6UclBOWkAz8YPyeZJhJmkCqfnIYnOHw0TBMEx84oAwcNRyVM3VCMnEo7gfJQJvaJb6zqgDeO+06ZD6c6yew7n5fdTVnC2nmtQeTF28Oraknh7TeC1NHJiz+zB3QEQuJa/2AO6DYszksbnUK1IgHq3argPUT3J9XFNB/J3uQB23JIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:17 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:17 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 03/17] download debs without locking Date: Mon, 15 Jun 2026 11:24:44 +0200 Message-ID: <20260615092458.259691-4-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: a792e419-b6f2-4b86-91fb-08decac0034d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|6133799003|55112099003; X-Microsoft-Antispam-Message-Info: 8n1bWHbIZek5QrXhhiYV4yG3uWDfQnz/6EKvfwyH10oZ39zRe500m4DyMF4XeCXBuFbJAZH+GV5rmzZM1wB3iIUXrylxUjEWiZfujSMHYXHVdi40fosBQ7VqAy+hf/hW6Hu8kltQ+3R3JHLetvEn6QpjXV2cjEqmq8/fsRZQ0f6Sw5m8PhJVmtfv+80LmXc6ybkFK2t8oRPdm/+1t/jfPykf3d0SjyHXtvFtVPfWEB18otoS+rQslaBn9e20PX3diaSQn/4Cjpkz4x7aDI4nvva4XBLlgPQk4JaDQGLEG2tZO8RXgogklcNR1aNM+EbZrt53OildUc+W4Z3IGHld7AcvR9B69ypZxiepxHWhRqePzbnTyxElYhl2CzQuU0hQLUE5AIorUD+NFPY47I4OAev6pm+NqG0otkFaHIWEAn7YOn1LhX2Lzhq7yFOY7uXr8VZ7hs3znyeO8Ne5aU4KEY7o5ng0pvuGIb8Na3qQHspOcY2EzkYvef1QuQv6xECkFZIOKtxaMXH8FhyBTPMJDNO4NdQ+CtQO047e5aZLNMNgy6yY6hE6MEnVFVX+KTDFzcoFb3KBTAYMG2ZTVm0w8j/xsjf2stDz1aLbVqw3kQhJUsZU1z7FzDMvNmiJvYKfldPEAJv+Vog6iS86mDO6I1BddqX0VErizKcDO4VOdbJRglk0i7plirr1cR4aLRrn X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: /rk6FWFYglXwFV7N0WaCXXHYy46zaG3prvdVNNn1bxqUkaW0W1fidweWIsKSLNp4SUD79t78n7bIPhTOnrHqGlFINPaivzkUOCwfgVuYB4U03vG6/hEDs1vaWxrzPWd1WgjmomTGj1nx4TWBvviRSf+WwCbzbMZJ99rMM5brz5MWnm3F/WMo5As6p14v100ZrPFtRuHC56nJWKLkHBM70zWZGxSQEJStVl85I+XXgdtlHm5f/QFcK/sB8rZGJKdM2SnAktx1u1l2sC+tg3oTD7w3qB9QQvPzMwrLb1CDbeaoEaacEcuNsl6XiawJBufUvOcz9T4TBtqLwT8m0dVKL1DBZjDw2/Snx/Dkr7w7xDKXgBU1oDOIrxJks8zt7Zecvj84DoCcNxListT4BJMRwc6WEX9GzSzw1qNGhEOPj1wPNwQym2XI3cR9nFk3SR4L5soOGW05LLf70LK9wSRk1/GZcRTkq44xJVC6WlIQDT6mBP8icUWL4t3xM6zxTHXGV/0sdJG7bxpYgHgnnTqKqlgXGrkQpewdnYH5mmx2fVwpt6Qok8tMGJY0uJDxuGf0u4/tFXyk4JSPOesoew9+Rh46jNMBX79zT7mcTLcZMRrGE/o9360e8MV0PE1xx46WhZkFRLUQfbJCuxbPsWjFB0Ab8VrH4dqXEdElQ1cNGwTEO4lWHpfaJPNXndtaW6qw6x2r8Wr1d0aFhLjyuqn2CnTy+XOHQjXqmnrF+ZGd1VyTbQWV25H2UiKWfW8z7PnaxtWTdciBICbMnWim705Z6KRkyElK3cUbqi2Un81fSnLzBTtsKe34zK5UW5YV1OOCibwnVYesL3rh1iht3jTKMoJsQx1tKrjALdJ7dkTk8oYBKFGEKTJP29NT8CJvBp+rOk8MEZ5IjrflVvJzwl5AROEao1f5JTkN1NiWf9k2pUdB8rwFHC9fNp5FqmGHV49KIwkdR0NwYycxvAT7IR8SZ+5hYwvLDBlwsFMwISwh82tamg8GfclHwX13xdK+r/KAAiL82ZtD9urBy/kqkuw7EWBpMbtL56PSw1d7JCLH5A56ru4jCN/d0UXt++JUz30138O3UJ7JbQD7L6A6X54whubZ0LzucBhtfrjKfh6orvl65a2KR/etkRtg3LddA0zsE4r6OaEMOo/b9s/xhoa5hn89XquNBtAh7gcVq4esNwfc2VF5PpkaCZLiBdE/JR0wSsLcTX2i7b/kxj518pnA1gi0S1h4euy5I2fVzeqnJhCmMpwW9JNi05HdtjjEVS33XNKUdOs+Qf1fK5yigfZDqNIHOh7tKT0FlgDykuZvfCaieH+HaOuQoMlkdwicfln8GIJM4YcUWBny+AnlVEmr5LSoXEzTDdFm/CQIP2xaGSpuSiaGDSL6VxXZkWUB4nSl/oISKj+KSfpbSATrBIurUdDlaMkqIP4qjOZ1YcOhMJGmZeamDHk4ffVydaRcYD/B5a8rj7WSE6aTahsaLXMAK7GwIGjTwOsd9kzssDf0TZg3AU1MdkqjNC3rfV/XPmnx3Oec9MTplBCvmkyLpturB+K6aY+qCCn4/JEsaixqHhQqvAyAeYtvv/stn3sX6C6H4dzKUFwdv97uZMBZKwY4luIthho0Iw2nwA7LcWWzfJc2xjdgorS/195uSv/Ag3wCvtISWGWT61PDy4cUcNjvi044aMQVIZlME65m7TX8dO5KSrHQKgLAKKIs/R1x2XieJRpwLDz3KDXEjbXXsE/v50dUMmS5mB91diWTXclMjsLSod8N4N0CLaUimurmhlLaV1atcImH X-MS-Exchange-AntiSpam-MessageData-1: dyoNXh88RJWk0nh23W2QcExW5i2UtktaL9k= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a792e419-b6f2-4b86-91fb-08decac0034d X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:17.2132 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +adTLnvW/wd75eWuQP2nd1WcGIRKlvf6M+7C7V25SfFIVzOC2bHvdKKI2MTU/r78BJJyYAKO07j0Rj+dpB8vVQDwqQCnzuqDj9MtiGWkQe4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ygcQSDMK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As we are only downloading and we are the only one acting on the rootfs, it is safe to not lock the apt cache. By that, we can avoid complex file ownerships in the tree. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 2 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/image-locales-extension.bbclass | 2 +- meta/classes-recipe/image-tools-extension.bbclass | 3 ++- meta/classes-recipe/rootfs.bbclass | 10 +--------- meta/lib/aptsrc_fetcher.py | 2 +- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index ec08d739..5b28c09e 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -79,6 +79,7 @@ debsrc_download() { --chdir "/deb-src/${rootfs_distro}/${src}" \ -- \ apt-get -o APT::Architecture=${DISTRO_ARCH} \ + -oDebug::NoLocking=1 \ -o Dir="${rootfs}" -y --download-only \ --only-source source "${src}=${version}" \ || echo "${src} ${version}" >> ${missing} @@ -120,7 +121,6 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ sudo -Es << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - touch "${rootfs}"/var/cache/apt/archives/lock chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index d14d56aa..629796d6 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -77,7 +77,7 @@ do_fetch_common_source() { schroot -r -c ${session_id} -d / -- \ sh -c ' cd /work - apt-get -y --download-only --only-source -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' + apt-get -y --download-only --only-source -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' schroot -e -c ${session_id} remove_mounts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 32666311..c90280aa 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -30,7 +30,7 @@ image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index ab616b7e..766f386d 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -54,7 +54,8 @@ imager_run() { apt-get update \ -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ -o Dir::Etc::SourceParts='-' \ - -o APT::Get::List-Cleanup='0' + -o APT::Get::List-Cleanup='0' \ + -o Debug::NoLocking=1 apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ --allow-unauthenticated --allow-downgrades --download-only install \ ${local_install}" diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index a58ad031..7bba1af8 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -340,18 +340,10 @@ rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadPro rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - mkdir -p "${WORKDIR}/dpkg" - - # Use our own dpkg lock files rather than those in the rootfs since we are not root - # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) - touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" - # download packages using apt in a non-privileged namespace rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ - --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 4fe5a9ea..da2d94c2 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -41,7 +41,7 @@ class AptSrc(FetchMethod): set -e mkdir -p /downloads/{ud.localfile} cd /downloads/{ud.localfile} - apt-get -y --download-only --only-source source {ud.src_package} + apt-get -y -oDebug::NoLocking=1 --download-only --only-source source {ud.src_package} ' ''', d) except (OSError, FetchError): From patchwork Mon Jun 15 09:24:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5152 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:33 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ot1-f63.google.com (mail-ot1-f63.google.com [209.85.210.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PUeU009080 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:31 +0200 Received: by mail-ot1-f63.google.com with SMTP id 46e09a7af769-7e6b5976d74sf6177258a34.3 for ; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515525; cv=pass; d=google.com; s=arc-20240605; b=gtIGPpsrG47jIcp/MFonzHks4sdVvdsoa72BuhYy2TT6/0lnyh745/By+dWCd8bHXL 3eZN9RWeKk/EZuMTpsD35zYLHnVggHslTulJQL25qu6nWOMV9uVv0e2MFFvB7NoR3kga HPiXo8iH/AVvFxy0bU7efqQ5woGEMFIFaxiDPrfFkZl8zkdkoOS6XDFiKiH+roN1mnGs AQnf8GrzFq8sW0EIIPpOJs16kGKAox465qhNZq92cGMzWMSIphXIcm8WKcIflcsH51zF +/G3gYySYzP8H1/yFUzxN+VxE7NCeBszQ2rMkTDTUURIaaUAxSata0Tn5EV+19DJECWh r8VA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=gE/zWMZzoarPXQtJctWodM8dY2YjAPSsPLPkn674N64=; fh=t0vf1scfQczZzzPpIdXGPRtOfp/lvh5WVY7ArIfZsDI=; b=UEuekccnVuAqymUfT8oScSXjS3cZanTqLJhovIpgQukJIaaUkN88LGwbiW36u6jHXx +RrYTWpsWBRDaJnFZ4AJMtl1K9TFiQ+QAnNediuupeoyprZ+zq5Fs5QnZu2KkFmhO0rO lVfI/cU+S61PPd1xylwuwpJd1pS4+mhb+r3H67biH46NuE4bqNbKxnr5EBetXCAOmQ5P yaQGLQi6X836o+FiKrirUu61Gf0KPKXNLrXI2j7z7605TbzF5Wxf1zzFIQykjK0Zg63B +W6mHW6Z7KluHM11rpE9aFfg7hAh8+czeF4JJhCsTUnHMEJ/PfY0BDQMoO+t0e4HjpIA vG7A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wlN2NQv1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515525; x=1782120325; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=gE/zWMZzoarPXQtJctWodM8dY2YjAPSsPLPkn674N64=; b=PINqZBINMyfh2432ojl8dSTp5NXfWrV1h0uWtROXyhDp9gw2o40EoaMHXM+ExuUFbz qAKokRLRufoMC9hWVNaH1bWFdPYzMZw+NQP4DVjT1MW3qQwIW9PE1r1OpN0j8yhxSQOE 6xrl8Ond1cK/E57w8hhYmpL8nus7iGrkk/Pp4feno8qrMYUduQrFMToQJliJMWMi2wsQ 7kJXXYWi25r5cSSeEFwocOaqpwjKV/QYE5kKVf0xs19/ef4+6X9jos1Vs7Pf60Zu7Aik yydNxZFF/lG3VzsBrJnYAN6jlCWsbhG4wcbYImIP0ai+km1IoDgJt22TjgALK6PhP6o8 /TQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515525; x=1782120325; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gE/zWMZzoarPXQtJctWodM8dY2YjAPSsPLPkn674N64=; b=RoX2Z54HgGCclcLaESqEDM7nKjrkyUqleSOzohSJsFP333QjNuwYNbqg2wws3t4T3c HJL5ZzYZh8PMS9opmqv1MzsLxb4zHcS31QFmDjaiuRrzoBt4PBchJm+xTHHISwh6ENDJ cjPjgdhu7XebUuUluJKJ8b3lQBzKCa7H9y3bnp/kYzyyQD8eRKPV5atb3JKrDCoES/a4 UFjY5m/xJPPbEHUBtufiO6FiBveqTi+twg6Yg1EOKMaA45XjzMthlqGDsRBMD6LGDZu8 uwrozYGHGgwsh8q0ya1X4YPOtzJUAqWozsZoe+GEc7ZOjTlMqFl5nzCCDdVbtGE7F5uK MJMw== X-Forwarded-Encrypted: i=3; AFNElJ9RwTT5w8iEKN5O2I5ICaGhSeTYvsdiHaRhOD8YhbZz1+s1/9DOkLPlbhaclPAsGzQ43qULe28=@isar-build.org X-Gm-Message-State: AOJu0Ywm7qdlMtOQ3tu1Ijb3Sl8KToroJq0kkKSYVh+KiSnxMpJmNBes nefOHsKU/VjrMdhcPcoTr6AtpZJlm8XDE/4Xf9Z+ZeNmgZDzQkxItJM0 X-Received: by 2002:a05:6820:1f13:b0:69e:3e2a:a844 with SMTP id 006d021491bc7-69eec9a95b6mr5968736eaf.51.1781515525083; Mon, 15 Jun 2026 02:25:25 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUeuGQqTKHolM8rONZorrg5qsXpIRibaQzAxhTdX+26qdw==" Received: by 2002:a05:6820:169f:b0:69d:f721:d559 with SMTP id 006d021491bc7-69ee8fd7d0fls1278004eaf.2.-pod-prod-05-us; Mon, 15 Jun 2026 02:25:24 -0700 (PDT) X-Received: by 2002:a05:6808:2511:b0:479:eb19:6e69 with SMTP id 5614622812f47-487419614eamr7435564b6e.6.1781515524056; Mon, 15 Jun 2026 02:25:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515524; cv=pass; d=google.com; s=arc-20240605; b=YSViYOjD8QMAFXjrz/Oi4NVl9/Xh0n/KSeZ9LMkI9I+5u6e9Qpvoz49Mi/9MZ1Z2vS sK4rAY68Rp6a/l2kc4Za502hSxDKjn5VVl46Nu+RX7EeV+xapLuM7EziJBpfLSrp/6Ud AReVOamy0BZPhOcRZC7xiRs1gZ0Qm1qrfFi3CjbmISq3Oi7qnZLxO0mxw2S08qfruqmX Gw9WfV4ZUL944jSO33jmRPKg9CmbuOiPrBDYcuApfHmvMIWk2pj4FSMmDTppdFde4mdk CAP6f/AQ7EukVw9zwpJ+5YZ3W3psI+SX/bPH17bRlP+u77nnPbVNAeTYNAD/93spnnYh o5MA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=7xrWXbfV+DpaTkLb/wMPCwpo1GpX4Ut4MXFS1RsHreU=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Y/NEXGZKK7niNUpcElCQOwiCGkcSpd/zur5/9udG5bxO6V+eciwj8R1yVZ2H5KmBZE UDEWzBjXnDz62vOE50q9i8WCcSqaMZ6PYxKywZoZZxAu2LX6jl1uBSGEnzQLOap+7u9E 54PMQGexrbJPP9GheWp0YExbRGYyu66rEuveM/H9ar+udDnw4EAZNSNVqTFfHKP+CNTs 9IEw5CSucaMZ0ZBBvDP1vBrUrjokyNM/z6zRlMehljcvH7Lo0SRwEfsj9hkL6HOmmQUC qG6kxH/xIC++2MoUt0QSQKtrVxkSwRWoh3Cbxp238i0Onzln9VxtKF76kx5nIMz6C6vt yiJg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wlN2NQv1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id 5614622812f47-4875ddb2f0esi130611b6e.2.2026.06.15.02.25.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:24 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mbl3kj33HFIymsxBQBqRBKSJ2tPvMVMNUYBUFzT8gE6vzIcPgmOXFwWC1d8HvlYkxXe7cpERcy0TJZkm6isbSp228AA/Ta9N5eo3uXtSq2wHuNAP/FdIa3de81UDZK0XOlVWxiJQqb5jJpx8xTjdYDRJher05Qdx0dIW4goGJtr88FXGgyTrr/YHD8UNC/nj/B6DGn8oSz3L7vrk+oeF0D5HOIRkguHmHobTDjQLtjHaVI7HvgYfvj8jTajuT/V+aZMvw/RKVV6rAcIe5EektgN3Kr3RSJT+0Bke0pcWjvBFeNYPeb1C/i6WXtdvsX40HA/5xk7kqJkA0KYMTJ5cEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7xrWXbfV+DpaTkLb/wMPCwpo1GpX4Ut4MXFS1RsHreU=; b=niT+T1pV1qvUkFFmQHDJYGhcOfmN97X8zCY68W5m+LJiZCqzmpkkbCEYSpL8s3wT4wmzJNbj2mDJH3ZLSAx4aQqTi4NzUVIGWhxj5PGSRRGZzgE6lXWpff2eWYC+wequ2oIo6vxTBRoJbiFwQb5Jw9R4a3X34dvgeG+SiROjBMlN26HTs5tGvrW228t5h9GMDh9BSnTC0qxQgMIltgD/6obuxrB9/dsplo2tAOmSPdfDfQc0kBU8McY8W0rmzXr8euwk/m6+6xzrk3G3LkfUYH8vgLLGhE4ynlD2LA0a+Uvl1gz3x3e4/ud39l/ddj5MEAdfS9Mkp5a26Q90pPRvYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:18 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:17 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 04/17] introduce wrappers for privileged execution Date: Mon, 15 Jun 2026 11:24:45 +0200 Message-ID: <20260615092458.259691-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 4027f0f4-fd7c-433e-38b2-08decac003a7 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|3023799007|6133799003|22082099003|20052099010|18002099003; X-Microsoft-Antispam-Message-Info: n5IlXur+ixx09rqIVNQ08qHwORVnB9avQ1nif3v9/zh6IVjJP+mGuk91xHRkk9mXKeCHq/yz8IeYrFEVKyLtLVm6q1G/Z7YHKiN5/04I983ReC7ZlABUjpEnF+8UoisEGDmd0Bfv39U6oGn3ZHajBZyL+aXzO0czsI8BIEoloWTxUuoOZaHWAPedTToLFKIicxiwhrwr5FeM+bagr0WHxXc/IQSklrXOLvLC+7prQY3UXbbLw+tOsz3d4ADjFfzP2ERRVtgPSgLW2mJ9E/U7+jkFDDleH9TDydY4kqp6oR9mjR37Hlg07XpnaVe5stgb2ayk6Hoc8np/Moge6sUushrRxDPNOxBMyEwXL8u1ZSn60la+n00GL/8nrZyEPM3yOpxUg5Ojx/GO5T07YW1Yt9iOwIGR8h8ZVKjbfg20EkRi8RwIiScUMDdUrnpi+jOUfAyDHHXErhae696sn42M1gVDWycr1Yz+ASKyF9fwOI1JFWURR++DhT79RFLNy6jr6knA3irTxNQxRFDXG7eyJRzgVHyGoAjH21k9MON/eO0r0+8mAH9OpoYF2Gh6kcoGZeBu7zuDu6B6PQc8lLvBvhyFEtUx+lEqiRSGJa+1U/ieM9d03ghr9VY4m620doG4XWgrOBz1xxPitCl2ErkaUMcvxBjAyYx2Eeii4A36AdCsoduLEbLalm3kA5eHOcP8emkEseYi13DOxo8qKFqfHA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(3023799007)(6133799003)(22082099003)(20052099010)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: HJOkuixopbHRswfajdAwnluCHtzhXVezDryU04aGDZmtD1tFY2dlsVvUc1IaFJYiSyfSn2aiNdxH5YbaucMIILG67PuHxpKgsJ51mPDawW/ZbD11+5lyV7aBr+/uuS3tWQcyJbX1Vt+WbLRrHYzcoiZFyBlEmSjXZlVMFQA0wC2dqw6rjxKB5vbxe8Cr/pkbrRjdHWId6lNDiilw/Xkqwvh31ew/CzY3Au5E4zQTGBbB3IeMM2blghI9/eFkL/B96RlcHp0LDJE5o0LuEuwwJCJjwiz6EI0rz4jn6hMPahEhAvvl7gMWST4Ke5kawqRcY3NyEMiMA87DWE890yf2GtXGJ9Af26n7gj+c2CujJfWF/zEHqMFsNZ9NG0MgaF5bWSvH+ZuRXaFCLtO95/xlg8/BnnCSM9lfuhAcTHOFmtsXwUgnuzSAvVNYbhkKvMMoLPNgsEzc2g5mAmOnzOPOycRR1hlBm8R/KFcIrGpQNmv9VhX/GwtGnK/dNHOCO5oZR6OU73mxYrBth/01ZSgx8Wd9cIu5ZAxWEnGGOYZJnMtoTBWsRTmpREiKufMCnDMoVN6TvFSt+P/o2hMjm2fqxSqbOk7Mpi0CT+LPxDvUcp/n1FXSrWhN7IRmE3btAl8Q5fRcJn0J2aiglbu/r1S3L86yZrf3C0ZVn+qILnZ5cAC7m6e3FFMymBBZwa73/JLM5lz6WtJo4lHD+QcOKolUkD4qFS+crLD1Z7BlsdONaJA/IaM6llBuypKyiWKUel/1A+4/daSh/0evRhrTnqfljS46YG/cH8LUBSsmEKP3UWiugoihW1QerJjdi7PTdlrZ1HsodvL8DM3g8qIZKgQJSlh9ZlF/M5TJfx7TiiJXi9vOMsKV7f7JC5rY5eFzCmvkC1NSJAlUo9y2uA7LSXkj6JDhK6YjXRqu089yjxmqHfoYlLTgBLGUP8YfNCpNN/cmJOrPcYumDa42lQs0jHeKEXcBJ7Y/NJtL0Nbe7FiNRJ/wtJ8kaQo2lR1XOZt/oSE65s8VoMs6GJomI6iIEMk4QDgtPTASJ8+SEL0bRKPqx7TGNYFvns+7H+UBzb0ZBP+NIXia4mdM27xVwaF8fYtdjU3Ch/f1/Iw6abwQ/I2EK73420K8RqJQBXBFj9usGsXPZadT9B5m99lIl/DWeb5NVMpZrYTP0G8x1qpAITs8vxvMWSDnT3cNx3OsCr3/JOp3wQZlAAAhiGkBRKCrzfjbkY1EC4A5GAdDGnl2E2lqRV9IQcsahC8gvJaqOe17NdBsixPKcnitiQoAEK7adZrPVN696zRc71KW2cMVNwnG32FyMnuQCbLGusgkxvdshcaJULi+BRFZjTGKrrNVwUCs1oOodoqbGWSgrEuBASS9vNDFIfI15+0w0SIT6H/ULDqvrGER0nAFXpD6xtYLqQyLLekfioOvy0CVs6MTJe86waPh0mFGCGe6GLgVwz0M2FfWcBTOz8DQPKJXzWe2EC7ta/nrRFLdc08lbDoQ3hTXD3oanX5AnPDvey+56qrQrYf7odYz8sibdO7D5GbK4sREftT7MlOpy6yj2ZQb7GQsaskjjAO9pb3UIzY2aw4A9onvo8N1sbYQMcL3URuC+mv7Vt/UR70d3Z7ftvjKc72hra+w0jZmGI2n4SLieLFfOVpTySR3+chEOM3uircM6miJ0wbaUUzMh4JUMlgEH0ybOucSY+F4VpwLbaMK8ogzbeiDsuLNlAygzfWbn/S6urVKchah5u14oWVtwWA1Z7FWbCKvVaUut1NMjHTm0f/Mor+77KtzY1Ml X-MS-Exchange-AntiSpam-MessageData-1: Z7YY1WloTIr3cVl1S6fRf/rg5h4rZ81HW8U= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4027f0f4-fd7c-433e-38b2-08decac003a7 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:17.8946 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: W/sdYqcA+69UVmNREI06u5m+eAeHUEbTV1bkYa0u7GzqveC8qrUt+AHlIdBGCSYDmNLtKjnHwt+fVdSE1XOS8U/RYgXxF+iVYzIPYkVzSVE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wlN2NQv1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As a preparation to enable rootless builds, we introduce wrappers for common cases of privileged command execution. The wrappers are defined in the base class where later on the executor dispatching will be implemented as well. The wrappers are introduced throughout the whole codebase and downstream layers are also encouraged to use them to increase compatibility with upcoming API changes. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 16 ++++ meta/classes-global/base.bbclass | 26 +++++- meta/classes-recipe/deb-dl-dir.bbclass | 8 +- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 2 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 4 +- .../image-postproc-extension.bbclass | 30 +++---- meta/classes-recipe/image.bbclass | 14 +-- .../imagetypes_container.bbclass | 26 +++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 +- meta/classes-recipe/rootfs.bbclass | 87 ++++++++++--------- meta/classes-recipe/sbuild.bbclass | 10 +-- meta/classes-recipe/sdk.bbclass | 14 +-- meta/classes/sbom.bbclass | 2 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 +-- .../unittests/test_image_account_extension.py | 9 +- 17 files changed, 155 insertions(+), 115 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 5d2514c0..552051ad 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1087,3 +1087,19 @@ and `arch=all` binary packages). Recipes for such mixed packages should append `PROVIDES="foo-doc-archall"` for an `arch=all` binary package `foo-doc`). Consumers can then simply reference the package by its original name (e.g., `foo-doc`). + +### Execution of privileged commands + +When operations require higher privileges than those available to the build user, +the following helper functions shall be used: + +**run_privileged**: Run a command as root while preserving the environment. + +**run_privileged_heredoc**: Execute commands provided via stdin in a root shell. + +**run_in_chroot**: Run a command within a chroot environment. The first argument +specifies the rootfs path. + +Using these helpers instead of direct `sudo` invocations centralizes platform-specific +privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged +in downstream layers. diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 70b4565b..d4dbbc3a 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,7 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - sudo rm -rf --one-file-system "$TMPDIR$i" + run_privileged rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -375,3 +375,27 @@ def deb_list_beautify(d, varname): if stripped: var_list.append(stripped) return ', '.join(var_list) + +# Helpers for privileged execution. Only the non-underscore functions +# shall be used outside of this class. + +def run_privileged_cmd(d): + cmd = 'sudo -E' + bb.debug(1, "privileged cmd: %s" % cmd) + return cmd + +RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" + +run_privileged() { + ${RUN_PRIVILEGED_CMD} "$@" +} + +run_privileged_heredoc() { + ${RUN_PRIVILEGED_CMD} /bin/bash -s "$@" +} + +run_in_chroot() { + rootfs="$1" + shift + ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" +} diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 5b28c09e..33630f1e 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -97,7 +97,7 @@ debsrc_download() { dbg_pkgs_download() { export rootfs="$1" - apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ + dbg_pkgs=$(apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ -a "${DISTRO_ARCH}" packages \ "${rootfs}/var/cache/apt/archives" \ | awk '/^Package:/ {print $2}' \ @@ -109,7 +109,9 @@ dbg_pkgs_download() { | grep "${DISTRO_ARCH}" \ | awk '!/Binary:/ {print $1}' \ | sort -u - done | xargs -r sudo -E chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- + done) + + [ -z "${dbg_pkgs}" ] || run_in_chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install $@' -- ${dbg_pkgs} } deb_dl_dir_import() { @@ -119,7 +121,7 @@ deb_dl_dir_import() { export gid=$(id -g) # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ - sudo -Es << ' EOSUDO' + run_privileged_heredoc << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index f7a12302..e5987554 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -161,7 +161,7 @@ def isar_export_build_settings(d): dpkg_schroot_create_configs() { schroot_create_configs - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' sbuild_fstab="${SBUILD_CONF_DIR}/fstab" fstab_isarapt="${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO} /isar-apt none rw,bind 0 0" grep -qxF "${fstab_isarapt}" ${sbuild_fstab} || echo "${fstab_isarapt}" >> ${sbuild_fstab} diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index 500aaefe..e693800c 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -130,5 +130,5 @@ dpkg_runbuild() { deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts - sudo rm -rf ${WORKDIR}/rootfs + run_privileged rm -rf ${WORKDIR}/rootfs } diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index e874f3c7..de01484c 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -34,7 +34,7 @@ def image_create_groups(d: "DataSmart") -> None: """ entries = (d.getVar("GROUPS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] @@ -72,7 +72,7 @@ def image_create_users(d: "DataSmart") -> None: entries = (d.getVar("USERS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index c90280aa..029caec7 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,7 +29,7 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } @@ -60,7 +60,7 @@ ${@get_nopurge(d)} __EOF__ # Install configuration into image: - sudo -E -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 diff --git a/meta/classes-recipe/image-postproc-extension.bbclass b/meta/classes-recipe/image-postproc-extension.bbclass index 43ab750c..59128c2a 100644 --- a/meta/classes-recipe/image-postproc-extension.bbclass +++ b/meta/classes-recipe/image-postproc-extension.bbclass @@ -17,19 +17,19 @@ update_etc_os_release() { done if [ -n "${OS_RELEASE_BUILD_ID}" ]; then - sudo sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "BUILD_ID=\"${OS_RELEASE_BUILD_ID}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT}" ]; then - sudo sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT=\"${OS_RELEASE_VARIANT}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT_VERSION}" ]; then - sudo sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT_VERSION=\"${OS_RELEASE_VARIANT_VERSION}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi } @@ -37,11 +37,11 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_configure" image_postprocess_configure() { # Configure root filesystem if [ -n "${DISTRO_CONFIG_SCRIPT}" ]; then - sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" + run_privileged install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" TARGET_DISTRO_CONFIG_SCRIPT="$(basename ${DISTRO_CONFIG_SCRIPT})" - sudo chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ + run_in_chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ "${MACHINE_SERIAL}" "${BAUDRATE_TTY}" - sudo rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" + run_privileged rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" fi } @@ -58,13 +58,13 @@ image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( run_in_chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" fi - echo "$MACHINE_ID" | sudo chroot ${IMAGE_ROOTFS} tee /etc/machine-id - sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' + echo "$MACHINE_ID" | run_in_chroot ${IMAGE_ROOTFS} tee /etc/machine-id + run_privileged rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen" @@ -82,13 +82,13 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_disable_systemd_firstboot" image_postprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_VERSION=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${source:Upstream-Version}' \ --show systemd || echo "0" ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then - sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot - if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ + run_in_chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot + if ! cmd_output=$(run_in_chroot '${ROOTFSDIR}' systemd-firstboot \ --prompt --welcome=false /dev/null); then bbwarn "Your image is not configured completely according to systemd-firstboot." bbwarn "It prompted: \"${cmd_output}\"" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index 26a4ec06..bc3f2181 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -363,7 +363,7 @@ get_build_id() { ROOTFS_CONFIGURE_COMMAND += "image_configure_fstab" image_configure_fstab[weight] = "2" image_configure_fstab() { - sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF + run_privileged tee '${IMAGE_ROOTFS}/etc/fstab' << EOF # Begin /etc/fstab proc /proc proc nosuid,noexec,nodev 0 0 sysfs /sys sysfs nosuid,noexec,nodev 0 0 @@ -391,7 +391,7 @@ do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - sudo cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" + run_privileged cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" fi for file in ${DTB_FILES}; do @@ -447,7 +447,7 @@ def apt_list_files(d): IMAGE_LISTS = "${@ ' '.join(apt_list_files(d)) }" do_rootfs_finalize() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -e "${ROOTFSDIR}/chroot-setup.sh" ]; then @@ -473,14 +473,14 @@ EOSUDO # Sometimes qemu-user-static generates coredumps in chroot, move them # to work temporary directory and inform user about it. - for f in $(sudo find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do - sudo mv "${f}" "${WORKDIR}/temp/" + for f in $(run_privileged find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do + run_privileged mv "${f}" "${WORKDIR}/temp/" bbwarn "found core dump in rootfs, check it in ${WORKDIR}/temp/${f##*/}" done # Set same time-stamps to the newly generated file/folders in the # rootfs image for the purpose of reproducible builds. - sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + run_privileged find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' } do_rootfs_finalize[network] = "${TASK_USE_SUDO}" @@ -517,7 +517,7 @@ do_rootfs_quality_check() { ;; esac done - found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) + found=$( run_privileged find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) if [ -n "$found" ]; then bbwarn "Files changed after package install. The following files seem" bbwarn "to have changed where they probably should not have." diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index e07ce8e6..8d4f8050 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -37,38 +37,38 @@ do_containerize() { # prepare OCI container image skeleton bbdebug 1 "prepare OCI container image skeleton" - sudo rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" - sudo umoci init --layout "${oci_img_dir}" - sudo umoci new --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" + run_privileged umoci init --layout "${oci_img_dir}" + run_privileged umoci new --image "${oci_img_dir}:${empty_tag}" if [ -n "${cmd}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.cmd="${cmd}" fi if [ -n "${entrypoint}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.entrypoint="${entrypoint}" fi if [ -n "${path}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.env="PATH=${path}" fi - sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci unpack --image "${oci_img_dir}:${empty_tag}" \ "${oci_img_dir}_unpacked" # add root filesystem as the flesh of the skeleton - sudo cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + run_privileged cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" # clean-up temporary files - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + run_privileged find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete # pack container image bbdebug 1 "pack container image" - sudo umoci repack --image "${oci_img_dir}:${tag}" \ + run_privileged umoci repack --image "${oci_img_dir}:${tag}" \ "${oci_img_dir}_unpacked" - sudo umoci remove --image "${oci_img_dir}:${empty_tag}" - sudo rm -rf "${oci_img_dir}_unpacked" + run_privileged umoci remove --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index dd6c501d..8b048dc7 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,8 @@ generate_wic_image() { fi EOIMAGER - sudo chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - sudo chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 7bba1af8..f6c2f320 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -136,7 +136,7 @@ rootfs_cmd() { rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ ( mount -o bind,private /dev '${ROOTFSDIR}/dev' && @@ -182,7 +182,7 @@ EOSUDO } rootfs_do_umounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if mountpoint -q '${ROOTFSDIR}/isar-apt'; then umount '${ROOTFSDIR}/isar-apt' @@ -225,7 +225,7 @@ rootfs_do_qemu() { if [ '${@repr(d.getVar('ROOTFS_ARCH') == d.getVar('HOST_ARCH'))}' = 'False' ] then test -e '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' || \ - sudo cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' + run_privileged cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' fi } @@ -240,16 +240,16 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - sudo tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" # setup chroot - sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" + run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" } ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_isar_apt" rootfs_configure_isar_apt[weight] = "2" rootfs_configure_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/sources.list.d' @@ -270,7 +270,7 @@ EOSUDO ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_apt" rootfs_configure_apt[weight] = "2" rootfs_configure_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' @@ -293,7 +293,7 @@ ROOTFS_CONFIGURE_COMMAND += "rootfs_disable_initrd_generation" rootfs_disable_initrd_generation[weight] = "1" rootfs_disable_initrd_generation() { # fully disable initrd generation - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -310,7 +310,7 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ -o Dir::Etc::SourceParts="-" \ -o APT::Get::List-Cleanup="0" @@ -322,9 +322,9 @@ rootfs_install_resolvconf() { if [ "${@repr(bb.utils.to_boolean(d.getVar('BB_NO_NETWORK')))}" != "True" ] then if [ -L "${ROOTFSDIR}/etc/resolv.conf" ]; then - sudo unlink "${ROOTFSDIR}/etc/resolv.conf" + run_privileged unlink "${ROOTFSDIR}/etc/resolv.conf" fi - sudo cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + run_privileged cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' fi } @@ -381,7 +381,7 @@ rootfs_install_pkgs_isar_download() { ROOTFS_INSTALL_COMMAND += "${@ 'rootfs_install_clean_files' if (d.getVar('ROOTFS_CLEAN_FILES') or '').strip() else ''}" rootfs_install_clean_files[weight] = "2" rootfs_install_clean_files() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' for clean_file in ${ROOTFS_CLEAN_FILES}; do rm -f "${ROOTFSDIR}/$clean_file" done @@ -393,14 +393,14 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - sudo -E chroot "${ROOTFSDIR}" \ + run_in_chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --no-download ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" rootfs_restore_initrd_tooling[weight] = "1" rootfs_restore_initrd_tooling() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar-stubs" rm -rf "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -409,8 +409,8 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-initrd', '', 'rootfs_clear_initrd_symlinks', d)}" rootfs_clear_initrd_symlinks() { - sudo rm -f ${ROOTFSDIR}/initrd.img - sudo rm -f ${ROOTFSDIR}/initrd.img.old + run_privileged rm -f ${ROOTFSDIR}/initrd.img + run_privileged rm -f ${ROOTFSDIR}/initrd.img.old } do_rootfs_install[root_cleandirs] = "${ROOTFSDIR}" @@ -460,21 +460,21 @@ do_cache_deb_src[network] = "${TASK_USE_SUDO}" do_cache_deb_src() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} debsrc_download ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -482,21 +482,21 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('BASE_REPO_FEATURES', 'cache cache_dbg_pkgs() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} dbg_pkgs_download ${ROOTFSDIR} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -505,17 +505,17 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get clean - sudo rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* + run_privileged rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* # remove apt-cache folder itself (required in case rootfs is provided by sstate cache) - sudo rm -rf "${ROOTFSDIR}/var/cache/apt/archives" + run_privileged rm -rf "${ROOTFSDIR}/var/cache/apt/archives" } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-log-files', 'rootfs_postprocess_clean_log_files', '', d)}" rootfs_postprocess_clean_log_files() { # Delete log files that are not owned by packages - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/find /var/log/ -type f \ -exec sh -c '! dpkg -S {} > /dev/null 2>&1' ';' \ -exec rm -f {} ';' @@ -524,32 +524,32 @@ rootfs_postprocess_clean_log_files() { ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-debconf-cache', 'rootfs_postprocess_clean_debconf_cache', '', d)}" rootfs_postprocess_clean_debconf_cache() { # Delete debconf cache files - sudo rm -rf "${ROOTFSDIR}/var/cache/debconf/"* + run_privileged rm -rf "${ROOTFSDIR}/var/cache/debconf/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-pycache', 'rootfs_postprocess_clean_pycache', '', d)}" rootfs_postprocess_clean_pycache() { - sudo find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print - sudo find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_ldconfig_cache" rootfs_postprocess_clean_ldconfig_cache() { # the ldconfig aux-cache is not portable and breaks reproducability # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034#49 - sudo rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache + run_privileged rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_tmp" rootfs_postprocess_clean_tmp() { # /tmp is by definition non persistent across boots - sudo rm -rf "${ROOTFSDIR}/tmp/"* + run_privileged rm -rf "${ROOTFSDIR}/tmp/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" rootfs_generate_manifest () { mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} - sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ dpkg-query -W -f \ '${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' > \ '${ROOTFS_MANIFEST_DEPLOY_DIR}'/'${ROOTFS_PACKAGE_SUFFIX}'.manifest @@ -565,7 +565,7 @@ rootfs_export_dpkg_status() { ROOTFS_POSTPROCESS_COMMAND += "rootfs_cleanup_isar_apt" rootfs_cleanup_isar_apt[weight] = "2" rootfs_cleanup_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/isar-apt.list" rm -f "${ROOTFSDIR}/etc/apt/preferences.d/isar-apt" @@ -576,7 +576,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@'rootfs_cleanup_base_apt' if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else ''}" rootfs_cleanup_base_apt[weight] = "2" rootfs_cleanup_base_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/"*base-apt.list EOSUDO @@ -584,7 +584,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'populate-systemd-preset', 'image_postprocess_populate_systemd_preset', '', d)}" image_postprocess_populate_systemd_preset() { - sudo chroot "${ROOTFSDIR}" /bin/sh <<'EOSH' + run_in_chroot '${ROOTFSDIR}' /bin/sh <<'EOSH' SYSTEMD_INSTALLED=$(dpkg-query --showformat='${db:Status-Status}' --show systemd 2>/dev/null) if [ "${SYSTEMD_INSTALLED}" = "installed" ]; then @@ -650,7 +650,7 @@ rootfs_generate_initramfs() { mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - sudo -E chroot "${ROOTFSDIR}" sh -ec ' \ + run_in_chroot "${ROOTFSDIR}" sh -ec ' \ ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ ' @@ -688,11 +688,12 @@ rootfs_install_sstate_prepare() { # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - sudo mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro + + run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro lopts="--one-file-system --exclude=var/cache/apt/archives" - sudo tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - sudo umount ${WORKDIR}/mnt/rootfs - sudo chown $(id -u):$(id -g) rootfs.tar + run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs + run_privileged umount ${WORKDIR}/mnt/rootfs + run_privileged chown $(id -u):$(id -g) rootfs.tar } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -701,7 +702,7 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - sudo tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index 95dadee3..d9ccce7f 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -20,7 +20,7 @@ SCHROOT_LOCKFILE = "/tmp/schroot.lock" schroot_create_configs() { mkdir -p "${TMPDIR}/schroot-overlay" echo "Creating ${SCHROOT_CONF_FILE}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e cat << EOF > "${SCHROOT_CONF_FILE}" @@ -59,7 +59,7 @@ EOSUDO schroot_delete_configs() { (flock -x 9 set -e - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -d "${SBUILD_CONF_DIR}" ]; then echo "Removing ${SBUILD_CONF_DIR}" @@ -101,7 +101,7 @@ sbuild_export() { } insert_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -112,7 +112,7 @@ EOSUDO } remove_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -123,7 +123,7 @@ EOSUDO schroot_configure_ccache() { mkdir -p "${CCACHE_DIR}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e sbuild_fstab="${SBUILD_CONF_DIR}/fstab" diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 6f09b5f6..16165792 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -69,12 +69,12 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "${@'rootfs_cleanup_isar_apt' if bb.utils.to ROOTFS_CONFIGURE_COMMAND:append:class-sdk = " ${@'rootfs_configure_isar_apt_dir' if bb.utils.to_boolean(d.getVar('SDK_INCLUDE_ISAR_APT')) else ''}" rootfs_configure_isar_apt_dir() { # Copy isar-apt instead of mounting: - sudo cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt + run_privileged cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt } ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - sudo chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" @@ -83,7 +83,7 @@ sdkchroot_finalize() { rootfs_do_umounts # Remove setup scripts - sudo rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh + run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh # Make all links relative for link in $(find ${ROOTFSDIR}/ -type l); do @@ -95,16 +95,16 @@ sdkchroot_finalize() { new_target=$(realpath --no-symlinks -m --relative-to=$basedir ${ROOTFSDIR}${target}) # remove first to allow rewriting directory links - sudo rm $link - sudo ln -s $new_target $link + run_privileged rm $link + run_privileged ln -s $new_target $link fi done # Set up sysroot wrapper for tool_pattern in "gcc-[0-9]*" "g++-[0-9]*" "cpp-[0-9]*" "ld.bfd" "ld.gold"; do for tool in $(find ${ROOTFSDIR}/usr/bin -type f -name "*-linux-gnu*-${tool_pattern}"); do - sudo mv "${tool}" "${tool}.bin" - sudo ln -sf gcc-sysroot-wrapper.sh ${tool} + run_privileged mv "${tool}" "${tool}.bin" + run_privileged ln -sf gcc-sysroot-wrapper.sh ${tool} done done } diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b220f3d9..b4fcddaa 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -41,7 +41,7 @@ def sbom_doc_uuid(d): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) generate_sbom() { - sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 9bbc63d9..596a6152 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -209,19 +209,19 @@ do_bootstrap() { trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ && rm "${WORKDIR}/mmtmpdir"; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && sudo umount $tmpdir/$base_apt_tmp; \ + && run_privileged umount $tmpdir/$base_apt_tmp; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && sudo umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && sudo rm -rf --one-file-system $tmpdir; \ + && run_privileged umount $tmpdir/base-apt; \ + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && sudo umount $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -253,7 +253,7 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - sudo rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/testsuite/unittests/test_image_account_extension.py b/testsuite/unittests/test_image_account_extension.py index f78aa7f8..ff0e47e0 100644 --- a/testsuite/unittests/test_image_account_extension.py +++ b/testsuite/unittests/test_image_account_extension.py @@ -54,9 +54,8 @@ class TestImageAccountExtensionImageCreateUsers( image_create_users(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/useradd', @@ -136,9 +135,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupadd', @@ -164,9 +162,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupmod', From patchwork Mon Jun 15 09:24:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5149 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:31 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f60.google.com (mail-oa1-f60.google.com [209.85.160.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PTsC009045 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:30 +0200 Received: by mail-oa1-f60.google.com with SMTP id 586e51a60fabf-43d1fa463d0sf2653956fac.0 for ; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515523; cv=pass; d=google.com; s=arc-20240605; b=HTXCsHOpF7Ez3E+Fr1289zJ3aN2kEaj0w8luvaUbOiDw4ycbPOqYOTuCbF9wjuTUaL hQfEzT5gSUkUmq52Wp7WCExvArQT3Lzt7hEtcSZPYXuczdCeq32mmqvQ7KuSB7ENuHcr WhvDqXHDTIpdoxUUZkmoyuiKiMUoFKUgwbwUP1o7fWW5PSEu+zkga7ptS+rLsZKaQiby uQXmaGJtH569G9HiTV3EqVRZI5rYf3dWK+mA1wk0ZJRoNmh0vKrF0mDTYQ+yj7bilsDI GDocY5l1GTPYc9hoMK1oxa56OEORbN9EjbQpSywgiSL7tblYOXFUNai0reQ2Q4foAxBs Ix3A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=nvqOO0sP2OuWxA8xjAck6AZT5IHn3NYGGFOcss7fQog=; fh=gD+re2aK4l2/5tCgZuVzd/+0jp+OiacyQ6qICcCBqgI=; b=D2F06vYWnRDBjSuh7tQgyNFc/w7BKd3765jvlvCWy5siJfy8p+kfe3rt7pc5a+Z8dH swrtKFOd+b9ONfaTDS1UJBRieG5nhOkpP9Qmi7frUfQYWEzUh3BvTbiYeDcGF1nR7/p9 VwrA2MGAEoNwc15jLlG+Nq4OKq82X/dMJ8CErAJJFFdKzVZ7WNnIBA0dAtvEqHcjJau7 I6zYL71rlQwdggT+br+oRSSWKfdwWwxKb6dQgTQ1jOTA33Iw0lGcY7TGeREtaTCoyYP9 8+dAWqmrkVeB6KovzvogjsTPoTkxvfwWwUSW19kw9se4MZqbM4Z3JvsqN6blQfw8skd+ bI/w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=LFl0vcPl; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515523; x=1782120323; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=nvqOO0sP2OuWxA8xjAck6AZT5IHn3NYGGFOcss7fQog=; b=Gb1Z3SroRWYm4mZ2kh/B5szAsn+ydXOfE3M7F1elG/C7UUZ3QQ2D+CmEeJQA998YCA 9EEAp33/iHfnGm2xhB/h4tz7ek7q1RRO/8tiGOpAQ9QKIGP3Q0992dlS0gLMcBsG6oON clU92+8zBjt9H12pLW7zRMdqL+LDPLXIwcIwVDPkddi5T1koSDZNBfYpCM0Y9c7c7zX3 /a5F7MkGu+S5aYtO19MiEJr4qCca4pMiFijzOrT5Oy/LDG9npBPdzal8WTUz1ResWNxI CV9selMrWC4Ae73+dIYjElitVlhRfuahqZKB08UWITMVPW5fYBuHy0hDSvTWRI+1Tap3 q8Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515523; x=1782120323; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nvqOO0sP2OuWxA8xjAck6AZT5IHn3NYGGFOcss7fQog=; b=IWi4oPACXPQqFZw11vDqt/SUqK+RIp+9BArzLnDijuciGIWvcQ7Ghf/7aTyC5vMU14 uU5blkNex6iYGds/qCu8avvIiCIr4nKRPQwQDUw38CP6cDHD/qSnyHNIQarym1s89CNE fkHMWtNDypBeJlwP5/TfCAEaScX4hp56kMKPtIv6qs9aV6hcnNqkuD5zAJ1UURBI92Dk d+fINb2dvVD6zN8cJFi3SrBWuUiTgr1dhoVJGU4fJ4MA8B09xgsFqKXIq/dlDuW4u0M4 D8romANWnHrOxLZoijUczDsgYOx4ryWlUCZW2aFW1nGtxObRqxiIkEUDL9aKRTg/u/yL tspQ== X-Forwarded-Encrypted: i=3; AFNElJ/6SwT7XSTeutV5qEueizw1iuO9caTkktLTPW1o85wdplQvcq2aNkWYjNxVyT7RbO4lV4iOoaM=@isar-build.org X-Gm-Message-State: AOJu0YyWTrI2uhM5IOTWJvMv1++fGUOZfs4WsIs5niEvJZoyIWah6J3h tAQGPRmxrlwcZPzKpFzRN39heBGzY4nBAhupV3TLIBx3ipceMLD5rzo0 X-Received: by 2002:a05:6871:5224:b0:441:b0ff:132a with SMTP id 586e51a60fabf-4428c49a898mr6247970fac.18.1781515522966; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdQy3j+ANY+DLJvDxrw5/us0Jv7fL7EyNSDDXloqO4Ccw==" Received: by 2002:a05:6870:1689:b0:41c:583a:b50 with SMTP id 586e51a60fabf-442623b3262ls1195310fac.1.-pod-prod-04-us; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) X-Received: by 2002:a05:6808:1455:b0:487:61df:b6b0 with SMTP id 5614622812f47-48761dfe478mr3305639b6e.31.1781515521931; Mon, 15 Jun 2026 02:25:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515521; cv=pass; d=google.com; s=arc-20240605; b=Zj5nA0HefdfsqKJ3moL9E0iBID5big4XfxbPfP6lrdzRoehSyslnyBiQKy7tUltVYB NkY9Ugw3Ej/bGztVAJEWwQT8kFiKb96DjOHXAmcGG4qs3xRdvLBfaK4gNMEgQp6Ujz1F Rt8ANYNBSa7lyB2sprgur0P1p/HlUajZ/zOjyOlTrcS7dYwcrsrP0xEUt+OHyP8LpZ15 PsHSqYTE/unD/txMB3tZu5EwaCjC5Q80C+35O8Z8VkV4nu7UsoQOjlbwRpGgRe22YWrP /3IKJPIOJ2NVMQx4CpE2ppVFvNBC87ScQYNaXgqlgSG1qrFUavYLK+CIgPYlvvRHxG9y 4n4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=wp2xaxsd4WrGtm0TxvQ0dsIIgS0pU6nhkxVgbsdZKII=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=D0vQe18oteVp2oEhTO+Y4o4cGj2FqBikP4FPdnSO6fK9v8Z2Ki+bwsoRwOM93LIJ44 137JK7TDJfIlv1qFfIPKP7yfJZkmIkb7GXCXIYd5hl9MLBpMzlLh4Ak4YbXuremu9dTG Buwx/a1ht5LwdtJed2UEUE90onfoSrUqgWbyZPvHsayM+wnikTOu0iVjTei2fv70V/QM SpbLV6TcBAFrZJKoFgFmnSrxyYIb3m7+aHrSmEaAeZaOF7iS1FT+zgPJfb+VsZV/w0aq W1sI0dNehRWvU0A/nM+k8GmsO6sBOpTI6tVzEoUw5vZp3aEGf6xeuQtQ+NFQwlgNPFnZ Y/tQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=LFl0vcPl; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id 5614622812f47-4875ddb2f0esi130611b6e.2.2026.06.15.02.25.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:21 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b4qEIfRNqn/FLh4vzky7sHDhVD99XVAi3eYONQ60dgd5HkfKOShEmn+8j8QinXq34O5/chkBNTr/EuKwq055dbIchk0Nl9AJ12C90o38e0o1IESnA8tybV8If5cAGA0tQz1eTunoVDuG1tSNGLphsbhNH3eQcJchJ8ras8oMmuetWWrAYbevR3bdaHmpV6hLVpQ2h7XC+UaYo8vloHT4vloSuF7zUxzNtLRxiAQL8lvgHkdPZdosLHhLbMdkuBNv1/qYKe1eOY3GEIIWuSwlTJrHqhAj5az+IMyJ7UWR5VPCewyo2M9SMLdmoYKjHFalDYkcL+HFndCzM4i/dxZswQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wp2xaxsd4WrGtm0TxvQ0dsIIgS0pU6nhkxVgbsdZKII=; b=ckNL+wakCwIsqh6nYvWpzLeTorQxi4bTlzvj41gSvWm5w2lHCrhl1e85Epr0/yVGGbTeAsWQBlbDE4E4i1aG+ePweJbgfd8uaV8gaCFQTB7Pdf5vYJpkW/DYlJr16ulsMluV/BRdFMBoprhTn8UJBtYWD9NhJ7E5XejeUE1Y0NMYbWJ0uHfnNgxVBUaQm2nUgiUQYjksK7VMBSlcDDRuCr9hKX9orr5/jJABEQwCf+Yhs20v+Z7UTdiFDMLmwa6/NctkVl8JXsrCQIrjBXVflxWQvVYoucooMJvABKE0ACYsamRw5IgJMKm+a5DYcBRct0zsK+pZTSunrB4OBBZM7w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:18 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:18 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 05/17] bootstrap: move cleanup trap to function Date: Mon, 15 Jun 2026 11:24:46 +0200 Message-ID: <20260615092458.259691-6-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: f41f5163-c126-45e8-8bf4-08decac00424 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: d0aYQ3Gx36QVR6ZD095d54WR4Fi/QZO0vO9Weq8v8jhlFO0YRqp+7g6Ton8hZ9snZDJxtwqzQteLFqM7d/7Tblijpeq6o8l151heLo9V60S+B1RuvYgGovbJ1VehX45PiNODLGZrr8lOO2mQXdZ2///1JtpxnXDxdO0kyIiMGlB9EF5WNXc7pvj8ES84Oa3Ms5Q0llK2U0ZeaW/yTi0o9ReN9HQbHv9W3DB6EHvD0oytyik7HqUb3Mz6a/pvAkJK/vmbCdFlqLOcViVkMsCykdS7h3HB8nrHxR2a/AZS2jiVrNJOCdD0UNGglPvYInXRbCNQnf2z8Y3xy0ls3sNEKp/cfjMfVyXokl0ZUiIMDnYmBqVnB1ihsgzMlgIW8BmsEweg1rGYivvuWPcBmR/CTp8WSBfRM2X+c3eIGTQ7WzrOQjd1K81v5+u6ScHkLDZWx2vPYpZPBw4mhzfaZFc/pT20JeXwF7nq3YKYFKavlgxds3up1pfDYXjOC3ziXXD7N3aAI0un7nto6Zw3h8vlXG9XnC4q6JfOsvt1wvYglPqtvy7cyGSpdoM7QTELIx2O1Zrojbvx+L1FWHv/YBzZSWKEob+AUMlZ2DGCnmVIyMMy5XjIWbLtJIERQN7lrUl/uVWqs29Oa6OXGvdrZ3tbelAKhkcIVQOISPA7SyP/eQyDS1KFbJDrpoQJwVhuz6Vj X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: XW61IOzFRI/pqjYpK/OIAYOMLyJ+ET8+a7FyORYsjnMq2QBIYX8rPR6Fd6aRTJQmIQTjLVrghJvL0XoCOfC5CjcQHsIFVw6ALQ7KB8j1LE9VG4DiCanlQHh4iC8mtHlep+NcvJjXrwXjs2Dj78wuYYwEj/OKCjIxjmBhz+R+/KgLWum3OjO9Eutb+trkI/LHJMTBw23zOTKSYgoZIhGrxN9Ii9Pgd/Ujlj3X1B/BSt2kHS6pRqa0inQdFV3DxA2x26QOzfdNOTArJU3esL4MLv5Zr0aiqyxBsvdL3jaDqdYS5HDM9mah1+To2pu9BliXbYHXY+iQbL53sFngO5sObL2S24bcJC4K/Xw6GlMWn452qxP1gjkEUQVa0YMH5lC5bgZg4DfaikvQ5mE4gQy97T4p42rIMhwA0zn5XbYj4pIvB4E1bYoNdZQMyfq/M/tagWMs+NLhQ6BpPcvMIumKu94tF+u+hk2F6XwDZcVJLJwXdrcUVCGNqVYMk4b9QMlIoX7c8KRMOpBWKa2NSdNW0WEVniUhI/MLLOaOF63kk8LXeRhRaX1YN87M4ELHcKdRtWO9G97taqA8wyDHzocFuHohMcKi4WcQawQ1IRFHRGrK93AfcT6P3LEpmKH43qpsVl5DnRHnjl7DStjxUV6EMm5MayAt4bvOi1kxfmuNzG6Ok576RQIPFoVqsBDaV3si+AAWEm50CIrL7FJMn9WEOyAk/sYglJu9Nq9ycMGizE6fsxjh7elMra2K7PARpffC0zEtK+/DrN4oEqhSWJ2VftowuddI1eEwWWi8mnTbgB213ukRRe1DgT63HSLDXR2vB4OuRPgwzKj1hi/gjZJ+0I2nctJEAHthzpgUkF8Cmu6hWt7m29TQVguF+tZ7PL0ywWk1kzUjpBzdnauAV+QchWa3VRvBM+3zeVPx2XMUy2OJLuQFYstGpUj4bgYh0kwGfPCKDtD7jIF4fnEa4VZIyIaJ3Ol7w3+5GQbGZqotBQBgEYRwGTXw1nO3VQGGO+nIc7FLWjHWUsLQIDXtJ2aquuHjEXQwDPAZh56XoZpv1CWxzw51SLLEUKXbogZLv5rolLC6kcBh8oLjmOuJxtDIaxKhaccS2mrRfpkorZBMoHiy+GkG5ciErqC7+7l9ov0Pt5pktjJfSQjuTUcOdk0SWrDJ23kdjRbn5fpz9mDxjOsrl5xWzbCV5lryjDLXSvNbYUWhMFx/Ry/mRVIw/NY1zn8+HHdiQsgLjaK3eoVgQevKrcTcJmmxveV4ZFMiozHy01V2gEGnkWlhNIaJYwshVJF/O0rw3tZeRlUs2GjZkbEixW/FFlrREcuJlpuJ1YBqGmZlIa+1ISviq1DWRM+0EUZl+gqLO9wbAiU6+fB+4Phcw/4mx0pKyzcXRotRfYGF1nTdeYan7PXEvJEV+ODATHYjZxrTWjTHlpoPQVJSBhYwHgon3WVvUfTAkrnNcxcvJib0yPNCnP6t9R5TTbvsTfhO/RNkpdOneTrmZudjjQ4Xfe4OJtqpRxNBtfuD4khkPy0UX51eVTxYuICUZLSs+RQi4ubOR6AF0YIZUcB9hwe9aegsdBEXxgvMm0pWwYyoKkSOcJYMF0/XMzcqQIHUL5AulwZ6A3hbX2GZl2Odm/fLO1vMET78PPuwlvk5OYtY2o0wtL5nLTzW+GpjL+pl8mYkbk6cgURrPV8EaCwQ3Aphg94L5eS2uRqWnVzzhNOfM/IzPq2VLX0l66FX3g7dD/uGg01amYkkJrXYgiFYwFIhu4ChPRytsCNHflvqCjvD47ClnvT9 X-MS-Exchange-AntiSpam-MessageData-1: eZKHYs7DTBKZ6zuGxL0T6StljsoNd4oK/8I= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: f41f5163-c126-45e8-8bf4-08decac00424 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:18.6301 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zTnIQdHOvxW7YlTXYsgqpaY3+iNlxHZMxokamzXcnV/jQD86ROz3b2nMlscj8oW88yJLqfNppYAOilq6lf4dtdBvMcr+dYNb+KUL41x+NAk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=LFl0vcPl; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By that, we can make the trap more easily conditional. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 596a6152..eba6ea85 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -110,10 +110,24 @@ def get_apt_auth_opts(d): f"--setup-hook='upload \"{workdir}/apt-auth\" /etc/apt/auth.conf.d/isar.conf'" return '' +bootstrap_cleanup() { + [ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ + && rm "${WORKDIR}/mmtmpdir" + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ + && run_privileged umount $tmpdir/$base_apt_tmp + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ + && run_privileged umount $tmpdir/base-apt + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir + [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ + && rm -rf --one-file-system $base_apt_tmp +} + do_bootstrap[vardeps] += " \ DISTRO_APT_PREMIRRORS \ ISAR_ENABLE_COMPAT_ARCH \ ${DISTRO_VARS_PREFIX}DISTRO_APT_SOURCES \ + bootstrap_cleanup \ " do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP} ${BOOTSTRAP_TMPDIR} ${WORKDIR}/trusted.gpg.d ${WORKDIR}/sources.list.d" do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config" @@ -206,16 +220,7 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ - && rm "${WORKDIR}/mmtmpdir"; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && run_privileged umount $tmpdir/$base_apt_tmp; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && run_privileged umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ - [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && run_privileged umount $base_apt_tmp \ - && rm -rf --one-file-system $base_apt_tmp' EXIT + trap 'bootstrap_cleanup' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} From patchwork Mon Jun 15 09:24:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5150 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:32 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f184.google.com (mail-qk1-f184.google.com [209.85.222.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PUuD009069 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:31 +0200 Received: by mail-qk1-f184.google.com with SMTP id af79cd13be357-91578c374easf570745185a.1 for ; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515524; cv=pass; d=google.com; s=arc-20240605; b=H6HhoRWaE/lfqnbPAs/D+Aidq76ITc+u5xNG4MYCoCy2O9rWaTqclVRV+fFSOgZKTF aIVdndtZUUHBnMrNt7HwVHzUGTQhQF1AE7SDIZ+9YKCEBKHnm59liBHdqRvvI4LUjSsd UO0LgYKX300elEPX4Ch3ZfhTftcSnUTlXS7k/RRwJNWymCXWirWDhMj0xULr4lkyupeZ EadCJptzUEvi6rIb9IdK3JQFm4uzLV2Nv/zhJ6ISVC27mSYh/D2g16ItnpjBlJt54LZ/ VHD4rOcut7hYvKWcQzBM1GOZ09qZrZcvOCC2OQjsJZY1lf6IOP1e1grjp9Ry85Yx42+E hJ0A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=tD0p8595RNMs34YWjRuoHlkYx3rOdpSGC9AfxXpCNf8=; fh=Ioap9Ky0I6O+nrk3ug1lN/pGy8nSqJCsw2RLK7Mq0pI=; b=GruhnzLrnBNpEQSyqrjL8PI3afS5fy5SE2NHTfjyV5dVMl8j1S5Z/mZ7qbj2rFmm93 e5U9qgy24YZft6eAFBVIkJ518WIdbV5aQoCsgeGrTqdGoxENj/N0PUlK2LJCwBkiTl5e veYNBtkd8RvWBXrAj762lpPEdEMvxe4Kk6+WC8m4Uz+h9b4Mx9ViLBj8M/RY96ZsaB+n 74MJUzO1br8TAIytppr9p7c2bOMVRTeeMa8uZKfNKA9Mu8dN7u2OUT3B0ZrArGpQ9jdn 8ErNl6TvLR/j84D2zaCRk8Z9GqF8ZGq2qBr3eJSyJD1j/axwJMgMnOwVqDlp7Z+aLLki U9rw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=NmMlfOKN; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515524; x=1782120324; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=tD0p8595RNMs34YWjRuoHlkYx3rOdpSGC9AfxXpCNf8=; b=cKIaprDOJw+qBeZQvi00x8Is67FL31C0qD9whuSUw/odHAzdr2DjGz6iPzrkvOBQ1s YZ9P3FH8ai07hWCcsXyLmeMlmlRmXbilwkgVd1E0xGYfAo/4apJiZbgnPYk1oOnXIrNs cCnArrBa36Ulgw9w4dUYsZku3ZBGf1FuOvd6JO/kI4cs4hTIo+WXuEJKYekAMozr5hre w3iMIoeCDVIBHVNZ7r14ahT9mMABuH9xBfq95ApIqvoc8hOTvYPPHioqz5ZGfnJqhGT7 UOjC2nfXCwQ7ZJ35BBQPN1/YnOzE+ftc2dPQbWZawLEm2ZOrc+kmN2LkCN4BYdYT3qjt ao/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515524; x=1782120324; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tD0p8595RNMs34YWjRuoHlkYx3rOdpSGC9AfxXpCNf8=; b=A8mlmmkzxwy4Wa1NA2wAehz5/0eKHPK6nYUkYc2XqWgDq2EWHbUlk198DEgn7aKW7q PZvP2uxTvgziSdLdbc7z9UhpV/H/q2nZDHJvguxg24lMC6GYTpLdRKcHWL4y/3LTWT8y HFYrTm3cKYZ8yvBg0LyiORJHMXY7NwCM5yKQHu5VlFL1zQ5CFOwno9Z5PD3D9ccgEKaj 8RcCBxR8gS89Du3ylkWXW+agB6O1Rzk0vKXffJ9HhEMKxF7wLZ+WsYBIsD+MeWMUizkl DXqVODb6GAQa1H+fvfNVfJfzI/ZTwF1SG1lQ8qNcm47ZcyTUIorUIQB4cb99CRzt9sVv y/5Q== X-Forwarded-Encrypted: i=3; AFNElJ+it47sCLvzqc8r1gWfOLPfVKltTA6ANvG2zbnSWcfYEpWICPTEAHz2II/qL6UBe0Vn6s6BIF4=@isar-build.org X-Gm-Message-State: AOJu0YwGnIDAgdAVEkfbhw6xndzl7esrUSZN/6lMcgod7dZ19V2Rs/6s 3arAr8nylaAWNvyvrHIxIhkW3bB0jF2/JqRrU20CFaCdYFCxL5b5/537 X-Received: by 2002:a05:620a:438e:b0:911:449d:98c0 with SMTP id af79cd13be357-917efbbafa1mr1619063485a.7.1781515523791; Mon, 15 Jun 2026 02:25:23 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcSLcvG1X4TKREGvlSZ05gjKDA4XfSGNnvUnHtpr3hMlQ==" Received: by 2002:a05:6214:4f14:b0:8d1:9c0a:500f with SMTP id 6a1803df08f44-8d2eea53f0als70381076d6.0.-pod-prod-04-us; Mon, 15 Jun 2026 02:25:23 -0700 (PDT) X-Received: by 2002:a05:6122:4587:b0:575:2072:54d1 with SMTP id 71dfb90a1353d-5bb79ad4bfcmr4761704e0c.8.1781515522996; Mon, 15 Jun 2026 02:25:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515522; cv=pass; d=google.com; s=arc-20240605; b=GW5Hz5cKocpNTJoELbaiblaSADyZ3vZBJb71FzB9G+5LqKAh3FWm4yd4sZqSlVXn/m T1RE89hDUjzNrdoeEVYpRJyCPSCFEquPkSCIE1SEa95ql5jlNRCexRCxp8nn81CuT4MU sBS7MqYnqUg8dzlVSHwA9dbp62Z41EHxV8TSHA/Ah1J4/9pW2UX5RYCu4G3cZYVFVmM/ ZKQYvRYRSaVApfdAYuL8gjwAbuwCgmIjY5zZ7N7qlFEU8XSnAKSaNtbFxyev91tS6kex f4nwS6ghqgriBWZquSV5n1PnHCfmfnhtCLBWDF7B62szoyVloJsGegG3vZkknPgy2Ncn KEAA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=jG9lQDGClcE/ZxIYqj1vWk67shwBND3aZpHdbAC97og=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=j8PZ0r8o6+1V72fNIkSXwihsimiTocxlYdiaQbyhwn/Nohj80qAuqSoS9RNAgiZuky 4gtQ+GF0bpVeVO+RT6zfZ2IE9DREQ28DsBh7g5C0TLAzID0M9OcDXZWsgAaO3pkZA8rc J8nd//viTQS7JW5kPejKdn8sl3IQaqn0r77R4m/kkNv5Yt4U3Jgtr7d6ZZuI0kJ1UIaG PczMKHX7qv453FWSAwOAPHrEZhnMaeS2tXvMKZvKb723Y/E2b1uKc9sxr/QMayg/quHq NB877ACYtI6HnpA228IZCHttvgI05/fVtX9YseorTeMAkPqQXWqEWrBSdeGK5YATUBOj tEkA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=NmMlfOKN; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-5bb9018fe5asi125470e0c.6.2026.06.15.02.25.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:22 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b5+AnR5JYvRo+UFboTtWsCkLLNyMc6KQis9X+pNuLGpluV1FxAiM4W6hbio3lu4x7XZXhetaxFHNuikH+FQQlbQung3o8i8ds0eIqMLURRuHlbrFfMQKvOp5C80tg1ep9hvQ9/CtV6S/hBoquGLu2Oyickf65GRkSqBTm09bwFYw7nisAJ9UgQG5VmxKrWzb2rmuC1EY1fmBsfWzRg/TUoT7S1EJMrHdexwVK649hFIgwQbQFyIbE25M1Xn0scVq/qhR2AI1MPH+1ZCpkuT/K+92siquJfpagmx+s6qSuodRo3L6plVXI1KQWG8vdUYccZZwlz7YfOr4xv9dAcc/VA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jG9lQDGClcE/ZxIYqj1vWk67shwBND3aZpHdbAC97og=; b=mh5qGw/mJEcWrBUCJy7dQg40to/uEoQTS7AoR3sb0rBtjaqHFgxfGS9abEX/VvtL2p0Yx5Fe2WVpcUGN7BO8LAoLxxs2BE66ST2NKjAFx1j6zz6q8uQK1zdUJsowj4D9KrbOoeuyubjcgbif9g+VvAjrhIWIy+pP8YbdfdmgbMqFboUJbNk2Ju61vReAvqnrWOuQP0z0vXXZibiHYidKHW2MSdb/v8byuoN6MTrph4Vfd4axcGVSB88YMafaAt6l0gzQPg1e4nwSZD/gRVk5W2T8NrM+651MEAPuAqsxg5X3sv6xv0HTQWAFc7DUxPhA+VaIj2DMDTcYlQ7sKpuCnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:19 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 06/17] rootfs: rework sstate caching of rootfs artifact Date: Mon, 15 Jun 2026 11:24:47 +0200 Message-ID: <20260615092458.259691-7-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 45f755a0-3f62-4d73-33d0-08decac0047d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|55112099003; X-Microsoft-Antispam-Message-Info: lObop3mcfUj8kWGd61f3EZpg+2P4WDPwMpStMwHZAjMpN7WoTrjF8V7joRphBjnJR5kLDtnhq3HtwKsTT8KXuYuf1EHFkiGQqHkHFZHu6zZAzHM7ZusgdrAI1gEgMexG3coF/u77AXJd3lGbTBDb7evqIIzrYVf3eZ37qY1zklHsopZ3Nr3vS2H9eT5MiLbdQpK0l3Z1aGg/EUDkln+KGrGMiqMAvkYzS+EwvswgG1VqTAdYcDcmLJgRlUb5VDtlbs9+5yi82sH/jAQnDnboeqgVZumb0Dj/5qlb+8rN3iLWJKpto42je8ugMUSGGWMK7R5anqW9u8fEGbZmhnXy4atRCZdRkBScmIWLbI0w6DMPgayaVuyZbWyzQcngn/Sj5yulwN4jvkCf0yO6IUp1s3SI8+N14wqc+luvaFYk5KvkzEjmPUUzxXA8Naiaea6UZMKmk1rogAiq6C0b+zqAsd+wpliw7RJyDTPyaebjyP7NN2imkOzW81JLYKBUA6YKn1ClOmuEBVkGrVZ8AZGC64D8XJ0z8DoAof7bna8/Bgak5G1dDiSqslwB0sCX84GqP0Ux3LS1zYXQkFTtogVC37E2Ol7zovbO/6HGSJbwIJ+m9U552XIXBRaWHMo72IOYLH2mI0hjbviASQN10ncnAZkDXvwBIUEASQiWfDhVb/MqennAx5E+JANvsNRn8Rs0 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 6nuMFqEmymx3jngXxYRpf7HDojR4/xaN1WXg2e8ostLqOmuImb+T4AA5T5IoTPcjCnyvqNXi3oDYudWF3JreH3MQ3g+duS9VAY4XLk76N/c0n9lkD65lj6fhxZ2qfhLGS/780bUOH8Q79LHqtgfOzp6cRLfh/OlfBLkW6J1dUDckFo/HIEj4U471mhTnW7rz078CBptwzssY5qL7kwHE0ZoLBV9DN8CKZBTHi4lyqdu5kWIsH93yDmvVtyZ/EhMZ6S/FfFfIv48eOZJ8BEGZbxO8Hno5ZQldETmuFP8dQBzso6VYCrkP70EuDh1ZVjzOaCWlbVYTWahs11xMoaN75Qw9oscomshr1PLC9tGbpyZuloA2h8l7mplsAdFK9RztzOB6pPDFxnkkDtD+aHVJD0DZ1S4jf8Idwr/9ebUVUkHISiKlNB7jMSL0/McLOXMc1CQEv2D8SBAWY6WsSH2T5Pqd+DHOeFMmbcESRId7BuJHJI4ccQN87G8+SGaozshL6DdmKDvuWao49etoDdLAhMspVgBexpG9132Fa9KEzdH4iSxkkYvOJhg56vB3ltTBlHEd7zWV7mg3GiceSplI8v8+g9X6LWSxiFQGT5nM7gmKoufYy0niShJ53AxLBmIQDRbYmRaqZu4s4gPsVVVQK1zr3XmsW9Ufg7LqA863UC2PEWX3GPd4Olq3NuQZRv1gbmJ47w53wiT+PyqfOMe26l5qmI44LiTKMxxzpjXQNzBqlHLhlfiKGKC/bOCn4pr5Cy/5H0MFQNotYQca+yb8rt+BoZC+klFBkySb1OhXaj8bKdwjqbq5w/wgmVdEnmE/hj3pg7+5i9zZamDr8tRfMiE9kGR/89CnlCGT3FPoICj3sYHXikRVyPuUknaSmH+r5agG8fxA6+IBbpkFCqnMuNfezCp8NNNOXZ0SXD6B/2DNk3rsrBCCDtufHezXSd+zWP9jPYWEstLKWxTjfoznMbxEIdmvIiO860XFb9CJr1ixJl15PLQ02Yq+SbW3WlUoxO2VrCuFjw86H2j8BIguop4uTumDtJGRQ4upNH2E+Y86r/TXKaBSqX4Go5dLp54mLfKkLaUl4EGbduEsGCth3stJB6gfghnrWo8IxmE9FUlyArDZ+G2Kxx/PWXxlUo+o18NGtf6oI7Zu5OrhSo/l0YoHfMQNGKBRjgm9FjvZL/Rj5TBnj8ErLkJ9BOUS6PzN2c4SJOYrhlZq4LMHIhgsmNmQtd13WmvCyD5OAgZiN6dxscqWawi5Xrj7/MrnSIAUR151hmH6Q2RIuX1tyz4JAnTtFFihaT/H7KFHfDoiP9T2SB2QW0pJaKM9g/httEdL9J2hMci8E0vX31cAn4eAknJKEsd7wx6PZiO0w0X4w7QBg5D4xlKUlb3cOgHSEpIWhsfVm4t2f5D39z+vK35a2nU2cV9jxSS0s5qeHvUyTvOg6jxCP+e6RDzIfLpmhJZnfHivvEOzZo+kJgufu4Su4+QvJ4AyJwdS3iOfVOk4jduJSF6BVcW7mRR/FTQtuQLCKbHrWHYlH+8XokiMn4O13QMI/okHYGldals8RAvRNucvW1wycDEm+M2TU0HbcbX1odMcRsDpdsTzuMy/ujKqTGf9ooAjEtnrBtprnfBsCG0lnOcrlkAyvgLql9zMVOMihLuzDVPSEtusTOUNOa6UsJDN4ohWrY4WEh+twaJLnoDMW9EmTumuYhG8wiGDz12TOL2Nw3liyYClUZRGE4dl2EJBwCVJxLTCBHjm3/kBUOQwaQPhtQuVdnst5SZkAfLElm9A7jL9 X-MS-Exchange-AntiSpam-MessageData-1: Dh+hcppOHtc1ZH8h81avebw6GBwu83WBuo4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 45f755a0-3f62-4d73-33d0-08decac0047d X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:19.2021 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qFYvcy8OJTAzA69urTxZz6Qc5zgoFFEPSMHApG4WEVqx82WPJoJOjpMNjJzeHWieAhOBJpcmdPxsC5mfCiqkrB1xHjDwJt8tbl+YNc+d2TE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=NmMlfOKN; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We ensure that the sstate artifact is always generated for the correct rootfs directory by using the ROOTFSDIR variable instead of the assumption that it is in "rootfs". Further, we avoid file permission on unshare, as root inside the container maps to the caller outside of the container. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index f6c2f320..c60812ab 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -689,11 +689,13 @@ rootfs_install_sstate_prepare() { mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro - lopts="--one-file-system --exclude=var/cache/apt/archives" - run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - run_privileged umount ${WORKDIR}/mnt/rootfs - run_privileged chown $(id -u):$(id -g) rootfs.tar + run_privileged_heredoc <<'EOF' + mount -o bind,private '${ROOTFSDIR}' '${WORKDIR}/mnt/rootfs' -o ro + lopts="--one-file-system --exclude=var/cache/apt/archives" + tar -C ${WORKDIR}/mnt/rootfs -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} . + umount -q ${WORKDIR}/mnt/rootfs +EOF + ${@ 'sudo chown $(id -u):$(id -g) rootfs.tar' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -702,7 +704,8 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + mkdir -p ${ROOTFSDIR} + run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar rm rootfs.tar fi } From patchwork Mon Jun 15 09:24:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5151 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:33 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f184.google.com (mail-qt1-f184.google.com [209.85.160.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PWBE009135 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:32 +0200 Received: by mail-qt1-f184.google.com with SMTP id d75a77b69052e-5175b7946d5sf25147021cf.0 for ; Mon, 15 Jun 2026 02:25:32 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515526; cv=pass; d=google.com; s=arc-20240605; b=GWZldv01uxGMFiQlvOe6HfhhXpQnhWajDkgOjJ7Kegf+UIXbLfRn8OXw4oUQr9f7k1 7go6zypNVXca2IBg8n7hCWgVn5xKV6B1vugv77kHqXhGY0pv8Po07BinF8wW9w56Ej8W 2SM8OPB5bvo35+AzTNVK7CutBXp36uE8pEY5DANygHoq+4vJbP7/ak37yhvKY/UQAy8b Kxp14H168WuQicWlXF8j11h0CuGKSV8aUw+1YpIUNTeOCRWehzMFPFCMQP7QUg7XRZG2 vwtGD66B5cIZou7xxI3SPsFTMJbDTRtBJT7vuYjupeDaEht0eGa/6ZoapdZygtGhFGJD VKnQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Yvtm8SEUlqDOQC4a8cmof3Rjzb24mo5bJLalF5TKMgw=; fh=RlZUJ7mpuyu/LaGwJhSf6bwfSQehOsx8eXGVBfm7Kuw=; b=WJEoS08aawpmzmvBljc/lt181qsbv+21Rg9jeJxcjyewrwmq29c5cm7/kVU27WdTvh 7hTreeSVcBmw1BfkTrxRntG14a/UWs2650HHGsR6yE/ujLfG/EIvM5PPtqavplD1AdAH syDNPtwDWjNK4sgiv9UG2CThWL0304PPNxxK+L2mDSVZzYM69BdIhXsgqKRl3ZRyg4bq X0ORH6MPvNhXSVfmQZsoNtY7QJe+RVBnlhTYZXOopSZcRgr1mkBOOkFFx/1s3e2thlqO Z2bbAp7RA9mHGgrO+a2weBE8T6FEx90vgMRStPrMFgkBlZ2SBGEofGdH7HmXUmcWlGEE wbAQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="KYhmOh/2"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515526; x=1782120326; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Yvtm8SEUlqDOQC4a8cmof3Rjzb24mo5bJLalF5TKMgw=; b=kD5gSa2Vva/hns2gv1ZXFvkNh2H3zdB1ZH4WLZcx+DSi+dAEbzITtCgiSuLGa91GFY DZmfLHLiMh2kD9r7wydzbxcRphNjRc/Sggdw1LtsIa/jgAUridFJqm3Jq9adMbLbhdsN k/TQA1QL+BSKPso6fgU1pRjRaoltF8Yafijv1oRCkggy8SGu+QBd8uYRCC5E5+Jx5Z1f oDcAKqgqWNUhlFPq+7DrjEPhNdi3vOYOYcg3yJTXPD9t/bsJpy4k/XLf8jA0Cp368I0B SdDKAk2HwH4m/oPzEmt8RIDhjSXTxGusTfRSx3frxrocOH+IZ/nVEGMJRYE4xkMP2/fF nYLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515526; x=1782120326; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Yvtm8SEUlqDOQC4a8cmof3Rjzb24mo5bJLalF5TKMgw=; b=H2GzoR5rIgPsQvo5YSEf9ijOcURcpbE9eUOaEzLfatoQkDkjxq+HYitrT2N2P0pD0J rw9N+CxVQPUYP4Uw81thrHym/vowNahRhlosOPLk3BuUO5Pt/yFfGd2xvKlsmjiqe3xO /7BzQJG34uQoQkUUJnFMiDBDDXI5x1wExuV0S0Z3xd6G6NkGFRmSLoDvk7EwfzT8qNEM yJizyfkF00Hg5Ho4QYTEkpplkvjTB42P72kKTVYHbewjMEHEflcKZU1+ZaFIhHobJe3k K9qyRpEOqz5al+kv1mTi/Kif3iZYlLKofCxgb3tTXeGB4ClG1zoQ9k1zLCGXuW2ncjXi hz3Q== X-Forwarded-Encrypted: i=3; AFNElJ/k/zVUGsc5jDcg75LUFcDNcKJahrSyRwbFJ42ZqdnWdYgPa+lPYjdcYi8EJ9atRntn6hQwcZo=@isar-build.org X-Gm-Message-State: AOJu0Yyyn9wUjVjqa4ydiVYnECuGqeu8PSHMKQqJQDVsI9r6SA0TcW7q LISHaiBGxNoFnENpPyH+x+UxNMX6D8rL8XRmB1cDdYFL9XD6lsq/2qtw X-Received: by 2002:a05:622a:834d:b0:517:82a1:351d with SMTP id d75a77b69052e-517fe4ffac9mr155774191cf.20.1781515526633; Mon, 15 Jun 2026 02:25:26 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUe9EJkpq/nDi9bJZKB0S44MliM0OLaSVYlyRwGiTvVTaQ==" Received: by 2002:a05:6214:ca6:b0:8cc:f0f6:2635 with SMTP id 6a1803df08f44-8d2f3b18475ls78923766d6.2.-pod-prod-08-us; Mon, 15 Jun 2026 02:25:25 -0700 (PDT) X-Received: by 2002:a05:6122:3b84:b0:59d:7def:17ac with SMTP id 71dfb90a1353d-5bb6c05838emr5275735e0c.3.1781515525736; Mon, 15 Jun 2026 02:25:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515525; cv=pass; d=google.com; s=arc-20240605; b=RrSGWVY3SY46v6mQQZO9Am5S7rHxoULYt5hoeDjyBeCLZNi+najz3q0FH3lTjkzZqQ eyzVACwfNtzIXOHrlyvGgSf1cCDQC2GZlPDn4bEl3cOMR7MGj7ondeLmNLxFtSg1k5PZ mzWRaWjedvFMuHqK8y8gCr1ScP1J9UaQc/kX/8YLzFZq/tcqOUxkamXTic59ppbIczZK NGyG0dz1ixIizv7uH9pCf1QQgZvQp8Kfgrx74e7caDPtRm3VY08hRR8VPPqtfEOAjEjv imApKoG32E/+ES4e13mBzjocoFAvpHTCYJtxTKD3Ha445IYzvG2XQrLG/vshVPrBn6lb Y7YA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=OotvQUq/uKcXJL6n/tfOztT53uibdeVbjg8REhsj8v8=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=B4ZFOgP6qmH4LwgiQbehYLRLJuunT1bkeiL1z+Nj7/z/pPbLhxag8M7++NviXDRDdH jh/gJ7VZjFXZww4kK9dT+TMTDbaQuc6VQS5sA2d8aBcmrAaKnMrxmoeQyfzzcI4Qn5kY vwP1jqP+1EVGNlvaZMCVtqgx2ItITNvXhmjiK/JsdwDdv4eh2UbioVUfbDkK1DAfnwIx i9ONvCBzRgHowbPMBcdYpBQEknaK+eoqVSQt45aABYGu1QV5mt9o+P6mnxKOoz7UaZfJ Vs5QjRqDMHN3D5ffO3PHD/e8D0rUPXqJIdj8uHe3zozelcB2UpluZBLKmPNpzDK0G9Ic y+cg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="KYhmOh/2"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-5bb9018fe5asi125470e0c.6.2026.06.15.02.25.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:25 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cn9KQBigtuOi9sb02Zh6mTWkvKgzxnWSOm5eGJTBBybGJfTmVmHRtu+WkbNbL1P+FXhHH7PIeYPmeY1ejctLUG46jufBtsP6R7MrOPlbpnb9gae3kJSX7upbepHf3JZIKBQ9sYPPcywxEMhYk23Kc7RXNgAIiSuQOVJ28/ZoMuWt/oIoUx/7KlbFlOPQ9wgHaw4DQL8+18oiZr+QWq13B1hGL0ZNtfrx8MP3+yQs6LrNi8Yx/TCdfFPkiyd7ghRxr7NJxWTfeUITPwtj8el6cURJDmS4hXPPyu/n74mxESh9Kv2qvkyHoIJ04VIJvz30hnmtl10f0hXyftcj6DFmvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OotvQUq/uKcXJL6n/tfOztT53uibdeVbjg8REhsj8v8=; b=oMSgRM2UbxGXITaryMcxdQE+Hw07YZw/usuAGQZfshsZ7e1BDHjW3x+IjM2PDO71mHxgCgZEzQRmUYFdiIdOkW5BL0nGWTIX6SbhO4ZMFbjzNaZqyxdqw+wed1nvkxwOey3BrGNDL9/6WgfZ7qkS6OLOy6Z2iW2ydIjt6lc81TApgtOiF7xsUOUzDKv9uJB4wepxwHLiw8cdNKQM4Ekcci1GTMV74j9f7KNuCDrZLKD7sEq3bojM5cEZFPDjsdkvwru8kBxZOuJAxuXh6c1x+Ig4KRbpQMJYJuFmEWxcT43ulkvLElWc0jUXH2+815sjbuAp03yPq4/nLBKwdxfFbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:20 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:19 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 07/17] rootfs_generate_initramfs: rework deployment to avoid chowning Date: Mon, 15 Jun 2026 11:24:48 +0200 Message-ID: <20260615092458.259691-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 505084ae-cf73-4862-887e-08decac004de X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|55112099003; X-Microsoft-Antispam-Message-Info: abuziFI9C2aQ7XSdjxyCC7jmZ/HSnL6WiA3QdbWG0aurClGQio15RiDBc5dInI7y7M50PeF2Zg/B63IJYfxKRLVSphwC13IomqYCDcZHqJ9nP7/eoFLRwRDQhUFPleh9RnCkKw1E5LNhVRORpCby3U7/iE3gaMBDDE+qX3RkkkIZRPaHohQq5huh8L+tdaXlhgLhXM422GmfD8UxGc60dCHdz2WhV7f5xkLvc2EUH2jVjTfIKq0/Armp5gwHa0njZQilg9eevrai842EBbRLDsp9OqJykfEntgJVn/84wc24iQcR0xnavlfZ0mcJE5WEMO9uSULY40IcbPQXx0235C09waYhtjyqx6SItAsGiVV2vKZnsYngb+OI53gOzsuclTt3cviAt6qK8mgbuFuPFTnITSBPYXmI8jGeUlIFtNtDogHOUYLBTmHNB0V9Y7XUmt/2wRuriG8HGaCnlBo4hfmSQrQwv8A+yUsa6DNZuz9rKCV6TVUw/dfLVRB86G5wuI7U/G4bPY+RTI5NiRJIk+Sxd1U5ck96QkWKGOJ3cVd44MKMLHFIUW3pdidArFhwCKGaAw9LR+dDXh29xG0/AWbg3PbcKRKU97ASLfo8+48wbSMMveA60Fvfkl6Q8HB+3a7P/u3ILJ1MtMLeqZgPjJZ/lf3T87gGwJM+v9OtmHd9Gz8H/4NrKLuKomLzzDBk X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: k4TBa0QmGPI//uY5P38d6DQo0+Y2pb1o0mPpWJ7KlDkCEnKwUFbA3XbzFES8nnvIM2uHCaUz0OziRm5wn988H0igMS7R28AacfUlt58m6NdM6kBIPCTlqPOmNtAc9uCwg90ppi15hAW/dqhX1SzudbDd3ny/VGE8x9xkixXn/zKwgRJUe2TkzkN74+j3f8KSGg2m3dAwItinDykTWLV/lgPIr5F1CyX1+d4eH4Q4aNYbmDPAvyYP8Is5ZFNaG4jCX/1c3qEn2oWgL5Eyhr06EZKqVL85/8UyTN2wqR2oW4fddxcWF9HBMOQvJoDhkf2FFFC4BG+dYsvPO2ssoatWqv8Wy7T0b//t2+HXvKzDsezgJxRSGt81vMS1q+lms4Ow6VCVABGvxEmhc9pLeJnVloNoRzz58E7/evTv+pGl253dbOKPeXAy7x8hHLIespf4nXEEviOB+1GSWjGT8LPUuZCDseWTjv+p5EDwcENq/Gmf4r4q++fixIp7e89YeZ7oIskdRVctXrk7RgW4j6UUlZdPT1KrlGyqT9P2zmDyK97MR3agm1gqASaCR5lxJsGUYaJefEJVPJzNEbvoKFtwAiTAP/gDtqKRPpzxE3N7Sqa+ouEhDUOE8fIRusPBvcRfX9QyBl+4fxs8FPuF4suKOth6oOUnkUR/olTkJtuC+0U5Ruf3mcMV9bW8GKPzbgT4Wv50caRPvtxNxSp7i6GGeJ6mjsvqLUMer9UIw3y+WB9C27UepdGWOR2v7g8lQvu+m7g9QlXTW3IJ/Dk6vvJ7Whfa+mMvLqH6q2YNrUXa+YxNBrm1GjcdB3DxzsgFY6RjFvctoLfi6ww5tRx55Z51+LCJlk41lPZaPkgHQmcq6pYAPN2gK0ftKqrcRIrZQXk6UhHCgXwQEZ0qPdtvzeEav61tBf4r7Gi1Si+u7N9t00yfqgz6XH1uXO4ZtwE++rI11d1frKEtIgfEH8AZ55Jt1fhV/exOkRLqQTOOSUSkJodvGlmFZ0D+4ZmDltjNA7ql9OoHdmYwC21eJGORmBbjgTDHDdowDIv4auzH7l8icKcgfVd6LiunOlRmTeoWNHhFjT7TO60qQRiO+poBqmOJb2uUPHwJ9Ty71yPnqltktjzpcrDaEk/qfm9wPLI3uAqEB9TM89IOEppEu44+oOh+cX1s3wDffpaueaB70nUT+iJYzVuPnfz84OTPY5OwCgLLCli6E1+GTeWg9d4bN7ztooo5+b0ipJ9QhZpKIWAWzMQe8ozBFE1NP+Q4HC+75Ledd3GH71oC7w98G7SuWxbueyL0ps4ihUPKzZClzA5K385/wiaD0frmTlizK6end07yZRy/tarJ9Chzrbz36fEXU+tMiMG4Qg5iGJG1dFENS/GUVPWfirZYgow7Flo0V8B+AVvg47c9LXkKxWLcvwRWR84CYgyLUbHxXfD9sO7KEu87zolhwsyAqcj+fLI/JdFlUHFIpvwXG/ShDdsknyB+jpuiBvjU+yNLwK9JPXQar4N0MU7aLG1fXTn3iOhXbFxiWpEbj3vkvjQ0Bqs9wT9j5cnNpRRhjuQl1fRFffLXD36+mZZL3w5LWSKjw6AvO0tConcNP9Hh/GtgG/1nIj1NZJz1zBHA3Cm9xIQKzNW9FRmrDn4lRTA2efgWxbdObfGQ54Vv6WfD2sETPuWwPJqXkj6FJYxc+b+IgcUojNeS+gUwvXJXN512+CoavlcHjhTksf4YPGBm9kSw0JtycbNhb0OKbljZ/+oqaFVpF66DOG1c/jArbwyg2jYlXEH5FtPLgfjTgYET X-MS-Exchange-AntiSpam-MessageData-1: 3UMp42N3dO+lbqdx9WwmRz3hD/i8fXB3o4g= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 505084ae-cf73-4862-887e-08decac004de X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:19.8777 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OXCM/7ouWM9fdONbcG6ZQTJW9IEwvJC+ooXVdvQi46ZuvUufurH/G1r/gXaxnaR52MpoKYuyIsg5QEwjctn7s3mBM6kWLxeWWUWERJUEx5I= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="KYhmOh/2"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Previously the initrd was deployed as root and later chowned in the deploy dir. This involves privileged operations which will no longer be possible when running rootless. To prepare for that, we deploy via a stdout and create the target file by the correct user. While doing this, we also remove a useless sudo invocation when listing the ROOTFS/boot dir, as this can be listed by all users. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index c60812ab..81f4d7b2 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -644,18 +644,17 @@ python do_generate_initramfs_setscene () { rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler" rootfs_generate_initramfs() { - if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then + if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do export kernel_version=$(basename $kernel | cut -d'-' -f2-) mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - run_in_chroot "${ROOTFSDIR}" sh -ec ' \ - ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ - find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ - ' + run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}' + # on dracut, the initrd is not world-readable + run_privileged find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \ + > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} done - install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} else echo "no kernel in this rootfs, do not generate initrd" fi From patchwork Mon Jun 15 09:24:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5156 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:39 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-dl1-f61.google.com (mail-dl1-f61.google.com [74.125.82.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PaRw009519 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:37 +0200 Received: by mail-dl1-f61.google.com with SMTP id a92af1059eb24-1382f39e4b5sf2098603c88.1 for ; Mon, 15 Jun 2026 02:25:37 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515531; cv=pass; d=google.com; s=arc-20240605; b=fvWhptcyaBWg6Q6owWxvu3JYEZrawN1Vy4PiaaAVscbSOhO3nD8SrNQONiekUacts9 r4Ps63ME9DiRrxW4WmoQ/HtuOmSukC5bR29pz9PsBJXWAdrwzfgv5tBE6Yi5UGQ/CQwr CuNm9M59agFAnB0skvgzqAx2kXemFsduu4HWPvwXBvxefCBEtiuAnxq6yWz7HmjKgbux ymJHRaT3E1h4Zys0E0p1OZFHot+V3uF84ku5Z0wKpOLJsWOD5vonfu5laHofDIRy5Iu2 PGDXLamJ4yBrpTX9SWoa6V1IYx03YuUKup4hmAw9nz6WICHIe2woUwh4vBsKFLngHmRu oUkw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=NSOg0V7QeGXb7t163NUEZOaAaTg1QC7GG8tKAC45D6c=; fh=BpQZIzbiVexsrKNbHY6xEXAJ43M5J9k8R2ekyN5CPjs=; b=RuAVk5Igyakf2QclDc0PYJUqrKf8yL/+wFkUSfw2DGBdACEHNU2+K+0pn4UOVaOyep AI3uRcMTBs+DCb21Ny7ZcoRnYxl+tmesCvj36H0+4hSW0WmyT0uuvCaYY9l7+dVpkV0V d/KsGN+ldNq9NByhzGr2bOsp820cwKn8bqGCSIzczYKSke949c7+PZWk5E7IA5VoW9Wa EtKlCtZDdycQvFONxU//8cjBVWoSLQMzFJ36b2wCPEgjGUkdzkW2HO4t3A206CkIfHHk OHeiCi2xSiEpZIQc3+mjlrVIAvnRRHXLTAUySIA8DDeN58nJaQfhYRrvA++bM9yWBkQu zxdQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wvWsodkC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515531; x=1782120331; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=NSOg0V7QeGXb7t163NUEZOaAaTg1QC7GG8tKAC45D6c=; b=AGX0+EtE+TWZ7/WWWVIvyDUnuWTVZL/cdPdqimkyQVzy35gZhqQ5/u1Bce3MOPRTa0 6oYgKhaz2EGtGdGI2N7B1viGgSQn2hDMYo58UOrjrSHnBgqzckSzbUFul8vUBlwYBBcs nNiC2yAPvx2D8TWOF82jLgEBefRbJSKIJswW+Vkj2q5mgRlQg8BQVF6s0/zvmLfhJIQ8 WD4TJNpZbgkYwGUxjLgNsHV1vFt0PmXHpTYmhn0HQy7eyeMPzukcGSvCpnkfl8/yruxX 62kcAFPrwjLvgDdipK6QYhlWY3vmPFSiM0uPXh6HtDOXUXTIWt4g73GdLH3TLrr/t7Ho twLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515531; x=1782120331; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NSOg0V7QeGXb7t163NUEZOaAaTg1QC7GG8tKAC45D6c=; b=IElzww0WQqeQV5nZC8fzhL5TDk6qkk/6RP16BP/2y8YGnJ1NBTreFzHD7NAgm/Gtmd ddJmP9erTBKicntHRHZW0YcgjpY7zeLgrD+JO9XE3OouKIjSwtPwO5PsWHuAliOMjL1Q RB5XC0XqXF/Cl8ZetdWlRNG8Y0qYU53Ut5OEnmBXykEB81uvkAn3PoO2mm4YBP7Re/8i SWC1X7jeGYjOwg6h8SV6mewYW0m6YGctAyg/5TF1KXeB3sXmwh26s2S+TcxUY7uiiYSE n3T+IhrQteq0W7VGdj4ySmGt4AJRhfAbL0VjxeFWicNSzew3Ri24KPVehtosgGS6VR6O C7Rg== X-Forwarded-Encrypted: i=3; AFNElJ+S9ZThHpJykZQ6DHHxhBlfb5jzgIU39+KZgd5kv1vxAjOKdIvhtjS8hE8ejVP73JAtj5rpPn8=@isar-build.org X-Gm-Message-State: AOJu0Ywcb2gOXqWb9mVUxjWTmspRBDqhAGgpB4YEO7e+6N0VJ9OY7iaQ 6DNG21Hy1+4gyW1Z2qv4ncUotLDGr2fmQZbXXsut/9TkmezhYrEKLmWv X-Received: by 2002:a05:7023:b0d:b0:132:c944:9ec7 with SMTP id a92af1059eb24-1384bfed50bmr5222536c88.1.1781515531193; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdoBo1uCmk+mOZtV5i37gNwv4ld8ksWDGaItYcbglNekA==" Received: by 2002:a05:7022:49d:b0:137:f497:56c1 with SMTP id a92af1059eb24-1384a306732ls2170364c88.1.-pod-prod-00-us; Mon, 15 Jun 2026 02:25:29 -0700 (PDT) X-Received: by 2002:a05:7022:ef05:b0:136:4bbe:9524 with SMTP id a92af1059eb24-1384b3b732cmr5415054c88.10.1781515528773; Mon, 15 Jun 2026 02:25:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515528; cv=pass; d=google.com; s=arc-20240605; b=J4HwmAilpt6BNhTz2EsoU7iRrMw7xN3kJi0ToD3sy+jWS1wDxJBc3cuUVqxVDdguZz k9OO5w8yNDCvoc4tohvBbKgvZ/mHXVqqmWsNARi8sa9Jh4+qhKRwbDDFGT9YaIHVZA2s pWXf/EcsnwDwueVvoJzwhaG1DkyB3yGhDP40syjXXK+okAtdLPvJ/whY/HLr5X20ki4V lOdDm41yPHcw0V6cFFgbnquQ69eEe2OZMHaNBAllnB98Ss6URX2tzFsvfIvSaDlnFv/Y A14UyeNSvAULrzTNTLZ4hn8OOMQBO6TSYK4e2tCAWQ7sYViyoa/TiY2vkpF2g/7+X5db GRwg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=A6HYDJplowSJTsZuDg8ASDLz50zB0lD0hUyhS+XluZY=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=jfWepMVCKkyaN2xR7CbboJhAh/+Gbw7EyE3wB6msShoApoeL+xiSW+kyU4Y+VuYYYB x+a3Jr6MMdI8x3BQuutM4PL5W5ahRFiYbs6gWqf51AVajxlRPjnGmt/lZMm52G1gLBQa f9wagKUNVmSOhobe8IE40xPe5V75B4f3a0Lye9XEA2gJuB+b7ye7HvmYurAXGqWnPsh8 VfSlAVN2ZoGy/W+2eyL1Ok0PHH4hhy5QdX7p3msBmhj6ZfMxH4aFJdL75iVHjnIA9ad1 hEZ9XKEp7Exg6wD/DpKs3zv2qFMDSYtlJM1LimzEawEId4B3ruXdjqFMlEQCrErixtxC jkAw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wvWsodkC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id a92af1059eb24-1397261c28asi191681c88.4.2026.06.15.02.25.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:28 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Jum78SJeViwLuILrga1mjH4tpd8z0tYyLUgrH45Qpj4mkLs9I0Cj2lJE92+E9aTvzVr17hMX7nDAcJO7Vu7rViWaOXYgiQk4zORL75uRU51m4Gll8knQMinTiEIdZzv+vVl4vnuR/JoNzp8O4+eZsio6WGNUhb20mDWox5EvNl8gznvVOdbNPSqmoDBAbh3SqM4AQeyd8FkgyNGb8JFNN3s5qZiu20XU7Nqo/pKNE0SYcJ5WQlM5XwTJ1A0sjZYf+m/DvFoWYDBae9MY9MOQgdw1SESENocPjxPQhiPSFWCK5lI+mQtIdLYFlbM+Z1aKy8W7a+jYGu2PHqWbBpTNKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A6HYDJplowSJTsZuDg8ASDLz50zB0lD0hUyhS+XluZY=; b=jC3cuqMuULHViWrF5RufrMAp9HWjrmZs9eqTWLWTRf/fzIkOx4NdHdGmwp9k4dsJMIEc1+AlF3YzNjAQqxDV4Kc7so8AHTW+Kbz0H/zMi+rrvxNLeLUjM9SNRiJU012YqWtHWAZXydMErhhceLhlcF57HGfbnmW21nSbyIDKVz6PYLevNMcJo2WU7OKIFOVk/lKlSvtj7u52BAHWruP7wONQc5RsaoxNstTzWYSrRoC73ntcD/DrZ+GCC7skOR/FoI2xlWOP6x1x1Dc80RWZJFS6B0tXywWkDaxPEO/9qjKwNOvtFooKQ6hVhQVcmrxott2mmIQ11zzWSo12RxYrXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:20 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:20 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 08/17] use bitbake function to generate mounting scripts Date: Mon, 15 Jun 2026 11:24:49 +0200 Message-ID: <20260615092458.259691-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 8998481b-c4e1-4fa0-8285-08decac0053c X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|6133799003|55112099003; X-Microsoft-Antispam-Message-Info: nzPI923PvtdCAaKfCSIZWdqTwvVBzTzl9UyB0OekJaRg+x5zJpmSLsyfO2BNSx4szAThqpF1pEHe027KdcqGmXLrEMEhOj/jzciU4IPvA9stobWF9LFvA3Y1V/LOGy15GUqKp30SOAGZ+HTYviRZOWTsX7qIFNurzl+11srTXxavxiuxaiB1bphufLYZApZx+VUfyZaHb5q2G+cQEh4Zl1JH5SZkipd8ptFGz2x1syhoBfdbp0AB3GveQm2QgTcq814DPKN1QVA8SscMSC0C+gKpQZmYQV6qHrD5364zrFqSm3LBV/OFki7O2PYAkWIpT1rJ06wzqUx8To3YJ39xC1v+0eBQVVrTeymcw5f0CUDnTAEY0I0uCwMhE+n7p+/USxgDBS4+7TazPvMUeMz4wIiWyAsNtcUynsIq3Ic+/kAATHwzBHFTWSvQU0mXklDXBlfP6AaBs2WJBaRYESt+7+xHweu+krmz32erz5V83MtW+wBBeKzq1jpG30gJkgmwxjfnFbVnh0YQT7RYgHk4VyKvQi5QL+F+B3qaizPF/Bj2Eb1VGFju2r8oE/uufELuhytM3IeB6qhN64Cln6SR/YojyShGVl5hI3mZwUVYI1diX+Mv/07A4G750ScYsdBFIPYyd3pJTFmA4X+LbYjAr70PmnwZsa3PZxtUvrYYCQZYVvKQ3xnqRNssjNNrFQS8 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: qT89AQlq59/uurNjEobMjOllhd3Ss8Gr1SjkhhUuyLQq4wft6Z9W7NB7GZ0YMwJO41t7pJftTj598Mki8s3aKGIxE0VfJoJOBwR1VAoWJQmDURoHU3mrLwadlesCByR54mXM0EKkUOS5zI4p5QSng1Urv4j7d/1MWeyASymyBzTRV4Wbr50FgbGGaR9wKtzfDbgtAhAFQMjtvmMDHQ5hB+gyDP3orKBPZD6lIVC/7JSu1bMu6K1tkeSJhVGTbRdZFJRhb4wUOY8TbobQ7UnXJEYtYHMBKnC0HhTJYDzfP+xoiVnGVWr+l6jUWobK4nuQPqW2EwtlgOd+aRYvdR5IvnCN4C04VmPFrdYijVEyhA/70oCk8uvqhnKeJu3rLqzCQEmoNcjyRyur5KWrxbPLdxrkQpFQ9jGOhEVOpQafz/0TjCd/0rGgGyFSRcbND+QGc+5dSakJ2MP6h2CtF/nsNHlel+2rftvoUjObi/PDKGwPKKrUL9xyU/2vtbib7iWc92PMbH6ATTcFQ3+wsUcT+rCLLQNUVoKDm+yYpnfy+0+tdAF984VbwbS8e78nBIPsMV8H/nDwnlgb8Kfqaa8TGZqz9POGHAwTcNnz1f+knE3CosaJFXk4onmR3PqKboHhJ6QSGiIIFC1A9KmgXHF5xL06FZ/B93IBOo6eZ8h5zFJ87BLVey6pLR8w+zyy1cVcFg24R+c+0o/651Hu8sZGjB9wFVPbBx5MCuM1KNh/BmG3monR5hbM0EtU5wPeeN0bdOtsK1YUM68kSI70TKMceiG7GLoLEUNJKoSsud7Zvx/N4dEX+WYkRBI5JwK3W16caFtRwXQBO+Mt8HIP4xbnLfGIOTYEZqWHOOuyaJjc0elkZ3Bsi2edClId3djhVjUHKJgaZFcczJv17yHcTNyvlP5zR4QwvXgAdR5zmK4tggxqeZwQIYM74qUiGqEpbv1+NVw1FbyaBdS8Mh1LuW0i5ubAiBxUGgcDhaWlNbH8Lw49GwiB9opbCkIgd3cVxCvoB5TClx8We+mSU6TTXa4AdN50ok4IUC/wP/zw6vypmypzviv662GhmXXK4fJVfbqLkndAwJ+3hGeS+Kb9tu89Wew3f8vkjIgQvNbeuRikjKB+f6pmjOpXUg1jZ/3tkM8hhODXyB0yJ41tx8tLFmJR9uvBXA80lueEX6oRY+aQITDsm83w1U0ojmDSfYUN06VOjJfhq5utMgtA26c5WiH7EZKSMgZoSENva+4TXtDnZCalq2Dy/38h1BnxpAnLVg98G3DbYOyVymByYbM9Alw5yaPqCHMvFeP+BU7WS36EEGIGPkQpBGftS2BsRhftA167LiiKvpMqHKfnrXKIONj4xWOH0GWZQoOQLztc2a3dWTu2gby1EzLgK1aAg3RrPdO+StvVu/Y3VSMHVMFPdb75Ezs/aV7/4TwyBb+Z9FIpdmC5c0jnygJu6b0OIJBZ6ybDl/UUBSUp6H7PjX52XSBVrLNyAcaHci8nJj21ZXussaN5R1CHzjcn4gQ42mu274yKraZMUqukUEb2v5XJTl3p27Hp7zoLbm1f0iMsf3dpvb3BGSvfBlZcIAKWgUOI8/pslnMio+yOxmhwGexFJuYG4VWnKr/miai2AYxpT4wPTd86yTl+zfA+KavW4sYSQ7MX6U4qxIO3fZQkW+g1hWeCZUyV01zJyYmsqQZ+K5oQPDH2njvbBlL2JFUBoTRt5kOm0u64GBIbEcsqMXdoNTwy9qjyENp5m6mJoWBS5R2GFqdjk+43jS0TwNT6i2ttjaaI58flLyT9 X-MS-Exchange-AntiSpam-MessageData-1: gYNfaBWz5vWO/BfquD7GX4BTxfDpIBHeSws= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8998481b-c4e1-4fa0-8285-08decac0053c X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:20.4734 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xmKHf3NObwxKVDkyfzKdcOhcoqgvkIHUVWt+Sb4P8RCwEAyJvjuIyh5qaEvb/0lMbhpyRC3pEbawdJW3k3SujjCraIUk1srvOmXHgeruIy8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wvWsodkC; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By introducing a bitbake python function (a code generator) to generate the mount shell code, we make it reusable within here documents where external shell functions cannot be called. Signed-off-by: Felix Moessbauer --- meta/classes-global/base.bbclass | 18 +++++++++++ meta/classes-recipe/rootfs.bbclass | 49 ++++++++---------------------- 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index d4dbbc3a..90e4525e 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -379,6 +379,24 @@ def deb_list_beautify(d, varname): # Helpers for privileged execution. Only the non-underscore functions # shall be used outside of this class. +def insert_isar_mounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + inner_full = os.path.join(rootfs, inner[1:]) + lines.append('mkdir -p {}'.format(inner_full)) + lines.append('mount -o bind,private {} {}'.format(host, inner_full)) + return '\n'.join(lines) + +def insert_isar_umounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + mp = '{}/{}'.format(rootfs, inner) + lines.append('mountpoint -q {} && umount {}'.format(mp, mp)) + lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) + return '\n'.join(lines) + def run_privileged_cmd(d): cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 81f4d7b2..411df93f 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -49,6 +49,16 @@ ROOTFS_PACKAGE_SUFFIX ?= "${PN}-${DISTRO}-${DISTRO_ARCH}" # path to deploy stubbed versions of initrd update scripts during do_rootfs_install ROOTFS_STUBS_DIR = "/usr/local/isar-sbin" +# list of : or mount entries +ROOTFS_MOUNTS ??= "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt ${WORKDIR}:/isar-work" + +python () { + mounts = d.getVar('ROOTFS_MOUNTS', False) + if d.getVar('ISAR_USE_CACHED_BASE_REPO') and not ':/base-apt' in mounts: + base_apt = '{}:/base-apt'.format(d.getVar('REPO_BASE_DIR')) + d.setVar('ROOTFS_MOUNTS', '{} {}'.format(mounts, base_apt)) +} + # helper to compute the rootfs distro also under cross building def get_rootfs_distro(d): host_arch = d.getVar('HOST_ARCH') @@ -154,50 +164,15 @@ rootfs_do_mounts() { mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' fi - # Mount isar-apt if the directory does not exist or if it is empty - # This prevents overwriting something that was copied there - if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ - [ "$(find '${ROOTFSDIR}/isar-apt' -maxdepth 1 -mindepth 1 | wc -l)" = "0" ] - then - mkdir -p '${ROOTFSDIR}/isar-apt' - mountpoint -q '${ROOTFSDIR}/isar-apt' || \ - mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' - fi - - if [ ! -e '$ROOTFSDIR'/isar-work ]; then - mkdir -p '${ROOTFSDIR}/isar-work' - mountpoint -q '${ROOTFSDIR}/isar-work' || \ - mount -o bind,private '${WORKDIR}' '${ROOTFSDIR}/isar-work' - fi - - # Mount base-apt if 'ISAR_USE_CACHED_BASE_REPO' is set - if [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')))}" = 'True' ] - then - mkdir -p '${ROOTFSDIR}/base-apt' - mountpoint -q '${ROOTFSDIR}/base-apt' || \ - mount -o bind,private '${REPO_BASE_DIR}' '${ROOTFSDIR}/base-apt' - fi - + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} EOSUDO } rootfs_do_umounts() { run_privileged_heredoc <<'EOSUDO' set -e - if mountpoint -q '${ROOTFSDIR}/isar-apt'; then - umount '${ROOTFSDIR}/isar-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-apt - fi - if mountpoint -q '${ROOTFSDIR}/base-apt'; then - umount '${ROOTFSDIR}/base-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt - fi - - if mountpoint -q '${ROOTFSDIR}/isar-work'; then - umount '${ROOTFSDIR}/isar-work' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-work - fi + ${@insert_isar_umounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} if mountpoint -q '${ROOTFSDIR}/dev/pts'; then umount '${ROOTFSDIR}/dev/pts' From patchwork Mon Jun 15 09:24:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5157 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-dl1-f55.google.com (mail-dl1-f55.google.com [74.125.82.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PcUY009659 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:39 +0200 Received: by mail-dl1-f55.google.com with SMTP id a92af1059eb24-13967c19ac6sf5106393c88.0 for ; Mon, 15 Jun 2026 02:25:39 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515533; cv=pass; d=google.com; s=arc-20240605; b=h4aOrfjSDxDpA9Cy/q5F+ohq0hyN5WZrep8ac/uztafqmp+WYPZYa3e2d8J4nHVdt5 dnirUEx5wCREs2f+VZsKMkYdW6OWLeirl11o/dkqalgjYou4TyOqe10uUETgqqGFVVWl Gn/qkADaNGq+T0fSqly77djCxe0r2l20Rp3OT0FIhy4SFEGKoTU/eiKex/VB6aBccqd+ XaU3dkkB9+UWiwIFTGdsqVw8xIYHmlQB5TvBUja4zBqgry+4c5K5YwyupuU7kDqB53W3 O42Kk7GrcVcG4qUKI4ZC3Js3avxmPWj4ktsxNRci+yKW8UkRdgqBHZeWxoF77m4DYQJQ Q5tw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=/xPImC81l/4EDBTVUK8Tc3HRMv/PMBnQnRIZzvokMxE=; fh=x5PUjmD8HqhKJ9zWrOAS4zrAuzntm76a/E/HTd0yGj0=; b=Ze6ZGrTtUWhi5KYg0YZeK7a1bu0hDtU6k1ROYN95ThgZZy0haq0Yy/XehXUpqsu4gd QiSEgArLR7+NhoKWIYoSeOxvoXbiLXOQ9DsrCUBJ+W1EFW+we/+taPRLOoHDGDcVQnqu HTmfEuM9h4MtV9wO8my78hzWo+diC5CWw6ES4YFv805oNc+uoDwwEifJ6etiLnmgkj8G onfc6G7PVWPJ9yMroSCaCUx+iT4p1QheXqPsWE5SbTTDgFgxVGw8QExEJn9EWmaW/BTE GYtTi11wOwNGA0CVYqwOn62fBuO5t2NuI+w8Eq6o7BqChnO8WE6JgXjHifHGzuqNZvdd oJ+w==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=C8ET7m8L; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515533; x=1782120333; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=/xPImC81l/4EDBTVUK8Tc3HRMv/PMBnQnRIZzvokMxE=; b=MGgVb5uq+B2BXr2gJvr/cCMCtKKlQIcixVGuYzFmwvurL0qk6weZWK0SPSo4ZSIpf8 Gd5m8jn1fY7KNPb4L9+RXzkohRa/G9ACSVYDX6iA0ZEz/mASWakyokvND58jUGEGHsY5 2LMwN41iJvon/mTARfFIDwDiRBLBlk/a2SubVd6Rw+dgrqyEAkFlptpvWV3AZa9n6Z64 7N1lZmYFJrKcKmpGuuU6kHnZsn9iHYnsXr5gMBDdnXXeHegryfwYGZN1Tx/aec982b5F agxNQFV/EncQ9TaiK+xIxbIAnX7J0KNIsf/s1LzOlj/15ou9+Dlh9g7rVlIIXtyKAz0I diDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515533; x=1782120333; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/xPImC81l/4EDBTVUK8Tc3HRMv/PMBnQnRIZzvokMxE=; b=nNnuwdSPj2kpmavvOZeQCQmpKWoa3axpdXyuonabrMNlfP/BX6ZrjOISXytN+Ra7Ny QmHx8bBaqoKIaF7JpGMpBS9EwmSI+Wd/z7lxUApSF9K5sYHKvt2GiHA7PszxSyy+on35 m65d9KVaS0p08yVND/LVuujvn6s/Ao73K7Vm4XETyC0JS/GIB8BSANeO/dgju+3DMkNn JtlFNutFgAbQoQYifHS4hDXiTYeaXPzDyqv1Max2Qod9nPocsWh8e+ub1v5wDgQmIn2E 1MULIJfcA2QzlmXArWCQpQpeQb9fuC/8WTXBvCikSUp+KMipe0j/n0SywNv3kMQxIXJ7 ZhMA== X-Forwarded-Encrypted: i=3; AFNElJ82zul9vZ1G6kMlu72r1DBEy9D2zXGjFvcge5VLAwLTUWFSKRK81/c6rVUi68PH0Jv+is/RcJA=@isar-build.org X-Gm-Message-State: AOJu0YzyytHF1sI2CQvvpRBRJJ89Q/3grfEecbaeFGd0OGJzXwH1/SoB 942FJTi/M3nzKQxBV+axlpMV5KcZ9hRDp8LSWr3y0f/kpSlOm+fjh2Tl X-Received: by 2002:a05:7022:e98d:b0:130:6936:dcde with SMTP id a92af1059eb24-1386f2467bdmr4743776c88.14.1781515532936; Mon, 15 Jun 2026 02:25:32 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdV9uKoB8xMLfXVVm6O47CTaf80jtm1HJAF63mBXld2MQ==" Received: by 2002:a05:7023:a81:b0:135:37f8:7256 with SMTP id a92af1059eb24-1384a22b5bcls2689456c88.1.-pod-prod-05-us; Mon, 15 Jun 2026 02:25:29 -0700 (PDT) X-Received: by 2002:a05:7022:113:b0:138:49ea:f487 with SMTP id a92af1059eb24-1386f234df1mr5189664c88.6.1781515529620; Mon, 15 Jun 2026 02:25:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515529; cv=pass; d=google.com; s=arc-20240605; b=GYKgqz4uXuBmKJOCNNYkEP3qzVqsVqM8gDPD3sGrwgZpYHpe8Ib821Ip+DVM7yy5yN F9smq+STD7bETj7tmNjtlmrLSd7f5fKNOhRWTQsr7lNpuxrESi6YSZidOFKrAcfMarz6 bjkgYFNqKZ+9TavmHTFdnhMRlRWNy4I5N1nn3MnhppWDHFnaR/FJPjgq/x1tLeOa0Qd0 WzsiKsRiOcvurAx/mxJvd5roRI8TReVFJxUY+0x9PHvzh32FTEA74c9OFwWAAoBeJtCh PmtoMTb0DFaCj/93VVOJhv02EFHeNBnSgLShR+mAHgmoYj2jpGa5/w9rTexZ+M04DgkG ix4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=hAM2PIuzFd1vHGTdqMcpFakq6eiTFzfRJMPcK7UOYLiodNfXdyc9LV4fP5QSR9//xD Nksj/16KyQdNdEX/G7bozy6P8r/VEDpATXnQwZUJ0b9CfH1oGpheLpeBdDzZKsKS4EG1 VQEnEJ0Gb8oXSTgcfjMdc7ySvRR/cP5q/n5dJAwD++l0EBRNeP561jlVhFN9eYiCFKlf KuzeaGHMXu/bEpzR4uILArjl874TZLcOaZA4kbGjhLl6Do1ddCS4Oopv/tGAtA218ZUB 5kQxQ9ta43ATdu9D7LWQ1vGN3QUj+hEb1kksAM5eTxW9QQdvCYCaAhoulUk8avyQFDcP ry/A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=C8ET7m8L; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id a92af1059eb24-1397261c28asi191681c88.4.2026.06.15.02.25.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:29 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Fa7rPnvtTEpgLvtiT/eDklgFHcgzwKNO2FVZPKfzRsmrAPr0R0Yue9fKoqwZDPEj1aoGJFbrsyAoIobcWC6AeKljI6B7eP9Yjy0BuJJmrq9y8O3tfaOMet3D9OXTNdiiYIiLLI2mroPSLryZmDiqWr6f71or5keDJ0C8o2nLUgbWm3ba4cS+zQagRWKfZUBVAFcSHnGCyRFBym5U5mpob2CTXbfhgDM6aw9VfVPEHX6Mm6tgrNluARZdLyyZlOd+/K+brAHGsFEriZn8m9zyrrjUNvm/JqxwqrxI121jPvUEyqLdA5Jxp2zywDlSH3tb8pZBbT7CkMwc2ytvtZjISA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; b=LJ9IYV+ZPnHrJg7siki74GgB8z8GXDe5o4Xkf7i49bkWb8SrlBJ9ZmHWXygDnyunRiToS8MRVBGpR2RKe0xh/7AOH2Cx+5gt+D5f+A5hK8KYXs2YYeMLFMmXQzdLiiooRlBnpw6Kpn2i7N9zgrW3W8nKGiaHJ55JOP6UY0I/at9adg3dKF2DqNQ8nvdcdWgG2HXsvWpWP3sTIHzPMS0x+aGypGYopHYSn2XzZlVHzq41jVG7IH0CS7eCx7TyH4MgI5R81/pk3t8u4YcOzYSlU8q1icQKQGQh3vQLt0X0ExZZimpXlKHVDzrrchGqAcaCrI5B4k/Pp8ZlOOpTuBVv9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:22 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:22 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 09/17] apt-fetcher: prepare for chroot specific fetching Date: Mon, 15 Jun 2026 11:24:50 +0200 Message-ID: <20260615092458.259691-10-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 916bb0d2-cb21-4146-1fa0-08decac0059f X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|18002099003|22082099003|56012099006|11063799006|55112099003; X-Microsoft-Antispam-Message-Info: 9cOL8eMDE5B5UkzyTTFy/BbR3vJu/9hrnQaJPJH7mQkJf0J7Ws3fQTkQFRXc3KvKmTN5wdb3syfj4PRXQii2NebiNEI1fSEHnPcqm9YQy/JOni+T5b7sEpFqYK534dJkDQpInolZagJswCm1JzzRutDm1UxxEFCvr3C3SqAAq8RlPMN94p77Lb1WkTAJYegouDr5VP++tVxdssjKq8eT7aKHhAULcfR/7clkHh/d01haZ/WxrUM55m2x31IHOl6xQt62xozqlFnHyU3ugNtdrzQGF+iObyR43Kta4W4C6zaUPnkAmFFhZdz4C8wdJVJDGfbyJgMaWI/BexCCKpjlsqxkS9kQEXRjtg4miA5TvDGYNCEkfonugTrLnMI+OaBmNW46nUUHpWZaAcIs1lEPaMS0lR+17hdjDVePXbPTXp5S39yjzjflYhCFQSN2wwSKJNESS5Zj4TXQn0zW9cxSc/9CVKvT1TjyCm7qxyQDBAbWO0oLnZF/tS5YCh2Pm+7AbZ/v6TpQU1pfA21QtrcRnDUTc9SFwQFRowkKw+MG4E9JZLrzKQRPEBxJ1MFfa7mhmnWXRLXF7/b0Bq/qw5pAIi/XR2py0KLQxzeHZZoWY0BMfYrPTlTJzfY0vUt0hyxk94FTfyq7vuooTVwWCuc1vpfJzkWTY2agfWC93/oYDmyFoCf3XRgHpm+TBPOiTpoG X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(18002099003)(22082099003)(56012099006)(11063799006)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: gVLwfxD+HQrzQ5aGudutKxdezAlCFeFPW6CK9sFf6xNoBNAHOa83b2/oH9YMk9fFKkK730vviNSEXfcaqgWEf654kU34H+2GfAttP7dYEgQAgzTgOan3mnRDk1SfShnqaeG3mlNc3owF12ae47wHETSW+gsvCDC+D7uol3oMGrzB8N3Ea7diwk8bqGGktZ+w4WOwPpKHX581KwCiIbdk9d5SEIDz+G72C2Dyf7oh1o59kPPwBYhota5NxdlRctiMCyXN5CPTLz2z+hCJIVHpaORjOdqeCUYsEtugFdOl1zcgOKLg7ExN658uk57itTpkJF/znWhmKj5fquslLcxVcIEhEFQAroQ3h8F8cySUOD/rzZ/LxEBqiouRWYR+d2aHW9DOVN7AhstA8ka5WuPflMgEQnaxesHCbjyLJuKLBb4YSC9GyyyS8Sx5rMcPvO4/1pQxHn9krO//1EV5u7tkwhDw7LN3kmY/wVpLXGzbT0ouuoCGc4TeleFvY8/Hlhh0ywzrMRg6Y1Pc78mJ7awk7XmicoyLA3GhYimbL3Y6wjkIkUCo4dJQJqXGl3m3RsTITbRBxrRc+2m8keYvxnG5fQmwLptrruOLX73oR95rTdUzFzqutKJlVkdMi2hXecfPgYQeBApKe5bvc7Bugc0jFEgFmvMpvtmTvOQY5ORxsZ/9RqgetESxhm24AFf//yVqxj1mhxL95Y6P1EgUc9w3G9aFMLPTkdQ0EtHNHD+CGviT2KbYJ8nF8O+91r2gYbOLEMUKPw6hG+OvyYNeWt+BE/a3ppM5KGo/8xDA/5Y2rDi8RNk0iuMsrDbmLNTCy+6GvrsIFvZElIdCxBWCajMuinD1wbL1kIVLpDukXTpZbyNYehs5wrfaeoZ+ZLV5zZks1KhfK1tjOeJalfLJQbWuwV4lHF5J3zhMog0USNoIkTtuIZJlUp8GrAuaJXIRH5sjLh/tvSgsigcq1sHQ4Ku1UbqbBnrfBAaGpRl//98BeDDkXPe1bJ5j5NZDWD+MIJxA86cfVP99YGYqWzKBiS+5/EpgSHzhpyemgte5QZstmsVhhyyeKd+3ume4UdAsy5nWhDsdZwa8eTqOt6FAmcxNHDpAXpV5x4r9DUucgZHvLnl0RP7rx/86Ajcz1nc2RBxxB2O2uJim7UdMvUFTzaGAWTysKzNJ2uYq5MP97H5V3SgesKo2PL/UPtxvogmnxhI4d0D9ZcVLpAeZJf5ylv9MrRqT/wTLhcqbH+9RM2Inddz5LoOGaO11cntuOzhvk3MtGZ1YjH6adORjQNidF0WJAdtXzUI0xgZDvRPwRfNk2zCal986O/+ieAbYaHeo+FyJIZhqAAP6UChCeO9T0mun8xTI8XrzZHKIqUds1YUhcMX5ZKnUWFDW71A6I7EIf2x4JuDoFu0O827dATrz9p4kgCA1XdVPd4D3Cix9FkkbD8tcgkp5nRyfKVGT5/Hqqdcdv8wJvuvUClGJxNlqDaXpEqtz8KI3nFhQsozpa06v1IolbTrezCUG2sz1vPoK10Co6G5SVswHv8iW36lpczeyOFhc5KA5fcSxdQfzIjxDvZUfUmTq+dVyTLHXAF12casepnQMqVlmwdITSOMfwUphRPy8ioXBDUO7QZLfGfD2qGGCp4m7HXVcOOCaX5LpSMayh0gfhoWEATs+/oS/MnMSGgrmL/2x8tzoUi9RA4S+STKAoNo4qwnZO2svom0h/mp+Vjt9R7DtLz7yX3HiTKfblT/2/UV5VZMgIr1jb0CRn4YnU7AiVQmNbQs6yOF0ZmU4PfgSfsGJ X-MS-Exchange-AntiSpam-MessageData-1: twbkFiV3gt9wWO8dgMYmr/nlcf4CqFMH5PY= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 916bb0d2-cb21-4146-1fa0-08decac0059f X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:21.1566 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: M8QPZ4Z0ZoceNIERJrESvDohEEE+FEOLLwBBZClNRvwIvG2WuZzOuA1yoGvYyS0+9uEDlAYr79iaqGSusY3dH6OmEvczNwF9GbcTl8fT4zg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=C8ET7m8L; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The implementation of the fetching depends on the chroot mode (e.g. schroot or unshare). As a preparation for the unshare mode, we hide the concrete fetcher implementation behind a factory, so that we will be able to dispatch based on the mode. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/lib/aptsrc_fetcher.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e5987554..e8721c79 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -84,7 +84,7 @@ python() { # apt-src fetcher import aptsrc_fetcher - methods.append(aptsrc_fetcher.AptSrc()) + methods.append(aptsrc_fetcher.AptSrc.create(d)) src_uri = (d.getVar('SRC_URI', False) or "").split() for u in src_uri: diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index da2d94c2..1d133aae 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -9,6 +9,10 @@ from bb.fetch2 import logger from bb.fetch2 import runfetchcmd class AptSrc(FetchMethod): + @classmethod + def create(cls, d): + return AptSrcSchroot() + def supports(self, ud, d): return ud.type in ['apt'] @@ -20,6 +24,11 @@ class AptSrc(FetchMethod): codename = d.getVar('BASE_DISTRO_CODENAME') ud.localfile='deb-src/' + base_distro + '-' + codename + '/' + ud.host + def clean(self, ud, d): + bb.utils.remove(ud.localpath, recurse=True) + + +class AptSrcSchroot(AptSrc): def download(self, ud, d): bb.utils.exec_flat_python_func('isar_export_proxies', d) bb.build.exec_func('schroot_create_configs', d) @@ -83,6 +92,3 @@ class AptSrc(FetchMethod): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) - - def clean(self, ud, d): - bb.utils.remove(ud.localpath, recurse=True) From patchwork Mon Jun 15 09:24:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5158 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-dy1-f189.google.com (mail-dy1-f189.google.com [74.125.82.189]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9Pceb009664 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:39 +0200 Received: by mail-dy1-f189.google.com with SMTP id 5a478bee46e88-304dd917645sf6686910eec.1 for ; Mon, 15 Jun 2026 02:25:39 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515533; cv=pass; d=google.com; s=arc-20240605; b=KFzP8QVc3fujYhiMta9ckMlaHBaESVUBVaR7lV6Ux/rDr1WKT3LXNx4hFwlIRy5XkP lGLZDw/MnHSBqV06iz+A+GrzSCvU9drTxilb2uDHiz2B+z85sdg7QtyBouwv2adoTh5t Xwj6Q4gus40aQ5BbQwetyLv0zRFK9b97eHjmWYi9n4SQMxdxVucVozuYHw1srGJWD3UN OFuyjF2vIJa8S+RyNgVYtKiUCuuU5DK1gwpQ4JFhSlZBOpNZmV9G/0Y4EGD0omXXU6Ck sJjEPNvvp+zm5tUhbzBNpSp3uUGsD7eGMOD3mn+xr4YThuEAn+aUvI8C6QhWGlc7Ymnm ed6g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=lzLWqtiB96P4R2rn+ns4O+PcnXIk8aMG5zUFK+nW3Jg=; fh=Pwe73Ly/2jPAp3k/GSbHgCt9F4R/v+J+bn6KlclWTX8=; b=R1IQ8U5hHb07q6znFuA4RbxC5uHSrnDt3yqT8HS6Y8lo98mzwiF++7dgBDhRG3O2y2 +2sLuSiTCaEn67MCTo1ZfuZdYbGEDzcFchWaMsZXIalAUJLWZNGpwd5yze5ZAuV/P6dB 9IjKlcyF/qcaYpIXkMpBtRfNtFxZNkB/ybsZpPDnbP+aCiF0YuMVguWjXwBzTL9ig3fd dHNpVlEZG3yGtOo/ziBBkCnGA846pKxm/U9qmclkaaJGzhOix7ysWcSqVFKVURbtaTOj QpvzC/366Y9MQwO6cR14Wp0bpy/oU48MpMW6ZA8hZON9hVcGQJJqsFgamuaNlDPwhz5e 8ViQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SwOq7Cx9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515533; x=1782120333; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=lzLWqtiB96P4R2rn+ns4O+PcnXIk8aMG5zUFK+nW3Jg=; b=M5sbV34iEpL1slFodQlw3TSNSUnqaxkFMrlhHQS3OMssn+N1keCDZMe8vrlFGJ7ofz gdYK0rc7d3TiZ67KynMkFQUr1sbr3IyI9sdXEAWZ4QP/AU1R8sEavNGA40oUj+wnRtEo +5wV9JyVCSA0dljN08Z+qvUiGCmV+TLh50mq9xsjOI/BQgjMU2Q3grH8QA5pHej0fKDb e/LfJOd0GgY+XtIurx2FNZ6scXjH0G6f4kbw0iii3Exgpypf9+46XWywFLsUMqqmlfN6 AjbQUgPnSpWshK8TTlCQqWWN+cDxwfZQKZ8jvhDBmHi8rn11wsCVzC9ceg43kV92tVHu aRnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515533; x=1782120333; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lzLWqtiB96P4R2rn+ns4O+PcnXIk8aMG5zUFK+nW3Jg=; b=OAgVISPe8X9KEyYG8mK2vhx/qtSkyeVFCpK0KM9TjT+GSQs+UcKTzaoiJSeNK9gGT2 itCMW9vpz8u8dP+H0ttNsTU68+8CH56UAw2feJQrennngLFShjFAzCkO6YOzbH3MwfTs l0yHLIO39m+5yStPyrYo8tpe93o0IUB6hUBORtnAYdnR7F/TiCvs5IjQsE6+u7ingmOF G82eNy8IQ19jZyNFb2bvkpPcm12cWGpVjZ91V6i8mHK9h4Kk6kP6s2Hu8uaSVAL1vZIj alcaALcwb852nZ+tundYbQkzsHhlf4kG8hHUzMfrapIejewQBgPCpJqFIikqAFIzuuOf Yj2g== X-Forwarded-Encrypted: i=3; AFNElJ+zAwQS2UH7a8/fH+Q2tGgP+qYLI+epIphSXWB4Y+bY4WMVE0BEPzit3MP9mzwgGKzr5x1mb2Y=@isar-build.org X-Gm-Message-State: AOJu0YxJmil7msnB60rCDH5+gxen5n/4Zb0wlxpL/s/t14RkMrZpB/5N lMGf0rYWF8wrs+AXCS0XVh0NOl2fheivK3sXscvw0tp5zCDPVxsTqn3b X-Received: by 2002:a05:7022:49c:b0:127:3f2a:af21 with SMTP id a92af1059eb24-1384bafeddcmr5618892c88.15.1781515532661; Mon, 15 Jun 2026 02:25:32 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcJHs8bQIPbcQx2ckZmcPKv03uiZdd9MHAlOqXQNwmKWg==" Received: by 2002:a05:701b:420c:20b0:136:49b7:f20b with SMTP id a92af1059eb24-1384a1eb74cls2083586c88.0.-pod-prod-03-us; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-Received: by 2002:a05:7022:128c:b0:138:e4:c44d with SMTP id a92af1059eb24-1384bb7e8e3mr6128559c88.25.1781515530596; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515530; cv=pass; d=google.com; s=arc-20240605; b=UPUAfGzszFu/+CYiJXOTXvhWwc3ybJDMN9XGxhHzjO/hI7bMztbmJ4LD0o05oJxWh9 xsV9ImqgENxew1BTOkBykFvFp0pKeYOv9FL8ACQoK2/THM7xUsIB/OUBVs7SbSAmRG7h wYEtyu1dzSL/sZ97sz/4hPAPOazG1vIiZpe/t9En1eYoPvjPZTKbXjR8hyUfNsWh2ZBz yFAKcKvny4EFtGTux8ZbsBxGKo6eAugGwGD7CsLag8+Dn9POzUKoq2p+JpVhaZI4mBKS glljI28zAIgu7wfhp1MSzchxmQYJyb383959bbVribVzE31bHqgzY6kyb79nBqEyZ3xD xf+Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=CAWrgaitu9xpKlZZP2y7qayS56wd3okaIy5mkLQPnFo=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=YRxCGHhvRGYYFsuX8BOlcTD0qBs9Vsm1RB3iuwRN9qS4xzyfZECUfVQJUpY9SB9/7d tKx4cP7kmT3nEpSRihw1/zEpIVMyzJIJ6NCfnFW79r3w+HlW077DFgZq9gen1yz0SAF6 G41pEed6E5w9ADV6CTzTn6cbT/ur+A2nwu1kn6Jg4u607DmVc5bRbpOF+s/KuO8cO+oV UetnRLPG4jSLqxCs1meBeYkTzOlenfyLElKzgdSoIkX1XOaam5OlJlOPycLtsEdlg5/K ij7Vc/6M4VNN6DR1Hgh3DqzeAlf7ZM9L3126lOXFfkMu3lDy+nf5QeOmAWK0uydrIRD3 iiZw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SwOq7Cx9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id a92af1059eb24-1397261c28asi191681c88.4.2026.06.15.02.25.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:30 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YVFA9Rhv4dkz8seYPC3ZHefZsIORDmIYu5V9ZCDKVCreUesSOuA6G7dlWx8dX9/mOMr4r1ISE3ldPg5403aeKQORwDH+eYYsmx725WzZCpjcnmqOwKqeD9ncQLRMTuAhTAuc98Jhm5YKLvSAdtwu70Vf3DjRUOWtEFkLKdNojE0xtoUuxK3RXXps81cd4t2Sni/5Ddq9M043sWZqh4SN0CC3DsAHznNUAbwObDY6VFQKN1UiiNyjrjHESlYo0oWmIbK7vJ1IymeS9FuCeMTG7KdMpFdMLe5z9XdUtEVO4/LbU2mJ//QASEm07h8weOlu7yrl6eIUeGYVgTvQ2S6ZaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CAWrgaitu9xpKlZZP2y7qayS56wd3okaIy5mkLQPnFo=; b=ZVu/eZ/jVDAy+vShyl3glAq4y9DVezebYODCibu8ckIBQVHkm7r7p1vMkVEIEgdADnMUmzEaO+qyB69ieaq4sUhLqr1cHVKQeQ0pzZaCRFvfOo0XmnMRlstMNUuTdb8gi3iYetEQcbP3pqdPXB2AzUaMYcusKNteh1OVfWvcX2Qyytcuh75IJGFQ1UTevJdPofzR86ZmjtTZK+9h4rgWb3+Zgby2UGPrS4Pyk7GwOJL2k1afmXB33TJC18ZGljWGWRgTdLhE7GbGHMCS3jkELko2/PIfp+HFXvaWxlYs8fdSSYk2fkbgnRm7pII4MKYZM9uumPNJfm/KqlQdnqEGsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB6830.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:33a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:23 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:23 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 10/17] add support for fully rootless builds Date: Mon, 15 Jun 2026 11:24:51 +0200 Message-ID: <20260615092458.259691-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB6830:EE_ X-MS-Office365-Filtering-Correlation-Id: 968d380c-aafa-4567-4d36-08decac00617 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|376014|10070799003|366016|1800799024|3023799007|18002099003|22082099003|56012099006|11063799006|6133799003|5023799004|55112099003; X-Microsoft-Antispam-Message-Info: CgQ1tFxK5E2+Y0MXR3IF6RwKSJU3v2oU6XV0+TJBgYgDhoY4kU1K8L//b/VjH0nupN4sTFWaxv9J9TX+5LRaLBXxNdF4s9PqJIdEqDxAK7vMidfjTf/GgtPpznZDkKfig9+TO4UE55fAv2tnHuFSupOTbN2dnG4O/P1c+utn/+o1AJsNPki48/L8yLYeqiUkfhJNQiZGmOVsHl0/MqZm6UfJHTNpMN+MPhLETBvRDg1zYbOnVyop5ztnzmWkpe4daSnQWpdXQ4h9xUy3Hx+y7on+TgLhRdTpVXYvlnjPqop5Eu91an9BYbtPRS4Bnw7BdqBqnDwy1x8MkjDssf8cEnY4S/IOU6KY5NvolIEk6xH70kjx85/mn3lebHJzBDyB7mKz9hdhEHYRNxCa+q5o33xD+q0r17WaWseG/FW8+k+haHR90zn2kWrNHWB4sfGpxWUF1RCNlGbXZchu/acLNLGpcFo2m0gH+EPLXiGDpPZrD/m+KrPVMd955hIQY5ikPqgbpTozM6SBydyYdcTEZA6GsVkdzeBBO61e8Qlfafxr8NqkNxNEyv04DbaH7r3obY6P5f6WziAQ/yyqNKbDue7Rb2sO5hBgzhSmR2jUglpmfZ6SQCb4RCn9IlygueODaHAYpw3vy039Bkba4JEQ5GfGUQ0S6Uki5YQskg/jGColk89V1RMyazxljUNl4XLD X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(376014)(10070799003)(366016)(1800799024)(3023799007)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003)(5023799004)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: BXpb82KP3u+A1GIM9SZn/Fe7voHQOGXmZVbdiKtgj9FffO9k1uV07PVjzMsdgV0AQqU+A9aKcX9/NyCJ5Uf+tonBaKwUrVMG+1wwRBcnnmnrxVKwZhw3ngxMSntprjnEDaRFOMSehS49NONdY2hyxJSjABmJBAVSze5a0cltEOzeQQjuZRTUtd1l0xGP+ZFsHITTK8sZUJ/XrFxNtG2pioduS4nK0q326+sZoGD84VxdzmUzh5HOWwvtHyznw6mVlOg888t71KunhPPux3CuQfDld0i7jdFX6giNnBLSlksKgcTaK1hXMWeSPPsyjIKI8lNNOuNzKb2gjr5FcR6019omWbEOyEghAb9SPaotTO0ppSQhfW6FmGvGY5wzye32YDd0CY6D9+opIkYwBupGbZ55C5tu/q9Ta3x3CTPIfkDd9JzQz7ZLxe8A311/PCnXrHPNKnqLb8d8zBfYTvngvzh+WrWTnbphMeTk3DJjH431soXvLEZVWjNWei2Yb5iebIcYxiNBLEAVp+Gn7oReAaLGTDlfIRvW6dYQv5oBltTPoFOiAwm0GBYrYwDTZ9DODyfKj9P5HlfW4grus6RdK9IsWlVn4FyPsp8nBLIEkLb7qugwN+XaKh2ekvt5o+ryKb8urExwPXRxyHlTXEAVO70zlfO6uUwoGdbbgm754olb85OeTggbYFeqBsb8IPWjjTtm9LyJbzvG2WP+1uhNlx+ky8Gftc2Vjw75yDEkwEDuret6qz1V1REmheOvYqxEjJ/r6h8Gw9QVvAU4efNgfqyBXqRRphiTeyaAdjV0kF3m6b9g2zcMKleJYBi3TCGzIDfljC4EePvVsHxkDv4k0py+JTdi6G7JfdIHHTDEO+z0W95hr/6KOw5RGQbVhrhxl/SJ/3o1CpQA6u2UabivWg0+GP811/Ew22Sn8FUaw74C58Cx8+L/4EfOd4wwULSBPPd5GIPdoOrknSK+lh/EdziUSShzFmebmFGeoPSXpnXjEAzdFuyCWiQRgTRh/Ycpv9o9psVarFRcsKDze+yFYsWu078qb150d0tawg1O1KoEPY0FS65nTvUTXDse9MkjG3pGus+ChTisbA2oesOCEI4mumVH5sO4FAC/0Kezd2v+rouN63NED/PjV/EEYSFu/q5zfEa6JmnHxwsNaqR2P6WztwKzEY4mdB2Bioja+7xz3sI6TUupDLiK02tPzTattpELR3D3gB1Lxdr5i3WxYf5sIfMYfyRXc/LWKa/0K3rqMlw9O4NQE4Nik3TGZPOFrx71QJopPOSWYL9Oi8jUD2t5/WW3HlV2bfVmA+yIC4eNaHog49KBoo7K8eqn0EwCaUg0kdS0onip781U/2/zyiHNFJb4Kj/PttFbiA2Gk6eyMDoAmvNTlrCBUfOaBp4qIWBFAatA116YGK7uc7AL3630I30faShe8C+jbpPWUZMjDyHG1uwmK3yVYknFT12paEqItBFjX+RBtNVPw3AOSRfm1M4R0qBLqkpNjyWgKnurPCY/+iZ/1ONTePt1S2u6BLONZ+xzrAHS/Ee3saI529k8SYxuo4L//V7nOuyYzdavFpn3PttjR0/oSRHGBQIzZm0R8N9mP4G1Z4W0Wab8b653uU35nknZfR5+XNN47lvW4x0It6G54j5kJfNuJVwfnL1MQDLeXYy9dUZusNqKlbB/Uo4O8D+NoGfLpvwRTyYsiUBBBZBPBlu6yZfpOXvLUQFBJbcQNPsqiy7B4IcdmcXSa/Yj9KxcE5VizphaJUFnzx5OcVRkpeoA4gj221sxJHA0JdME X-MS-Exchange-AntiSpam-MessageData-1: uFvOQbGuutPZopQEvZ+ueTXenurbVPIY9bU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 968d380c-aafa-4567-4d36-08decac00617 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:21.9858 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5cNg9dYWI3xQhCVVJtc9i7P+wxu7FbqFSGyPbMW0yz3dalS30/jwE0FeaWuFwvBJxVmVJq/Q++fZwrbHQTiHsN5IlIXwzT6I1oiqrL3XH78= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB6830 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SwOq7Cx9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Currently isar requires passwordless sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). We intentionally do not switch the build_system in isar.yaml resp. the KAS_BUILD_SYSTEM in the menu KConfig, as there is no kas release with support for the new modes as of today. We further don't want to break backward compatibility with older kas versions of the isar examples. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 20 +++++ doc/user_manual.md | 2 + meta/classes-global/base.bbclass | 86 ++++++++++++++++++- meta/classes-recipe/deb-dl-dir.bbclass | 9 +- meta/classes-recipe/dpkg-base.bbclass | 22 ++++- meta/classes-recipe/dpkg.bbclass | 17 ++-- .../image-locales-extension.bbclass | 9 +- .../image-tools-extension.bbclass | 84 ++++++++++++++++++ meta/classes-recipe/image.bbclass | 7 +- .../imagetypes_container.bbclass | 4 +- meta/classes-recipe/imagetypes_wic.bbclass | 6 +- meta/classes-recipe/rootfs.bbclass | 54 +++++++++--- meta/classes-recipe/sbuild.bbclass | 24 +++++- meta/classes-recipe/sdk.bbclass | 10 ++- meta/conf/bitbake.conf | 7 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 18 ++-- .../sbuild-chroot/sbuild-chroot.inc | 24 +++++- 17 files changed, 361 insertions(+), 42 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 552051ad..6d5b6ba3 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1103,3 +1103,23 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Rootless isar execution + +Isar is able to run without the need for `sudo` in an environment that +allows unprivileged users to unshare the kernels `user namespace`. Further, +a sufficiently large set of sub ids needs to be configured in `/etc/subuid` / `etc/subgid`. +This range should be `> 65536`, but smaller ranges might work as well, depending on the +ids used in the rootfs. + +A simple check if rootless is supported can be done by running: + +```bash +mmdebstrap --unshare-helper /bin/echo "rootless supported" || echo "rootless not supported" +``` + +To enable rootless builds, set the bitbake variable `ISAR_ROOTLESS = "1"`. +This internally switches the chroot mode from `schroot` to `unshare`. + +When using kas, the `build_system` needs to be set to `isar-rootless`, which currently +requires a development version of kas (for details, check the kas mailing list). diff --git a/doc/user_manual.md b/doc/user_manual.md index 396e1b90..dcc3f560 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -75,6 +75,7 @@ Building `debian-trixie` requires host system >= bookworm. Install the following packages: ``` apt install \ + acl \ binfmt-support \ bubblewrap \ bzip2 \ @@ -89,6 +90,7 @@ apt install \ qemu-user-static \ reprepro \ sudo \ + uidmap \ unzip \ xz-utils \ git-buildpackage \ diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 90e4525e..7167cbb1 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,9 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - run_privileged rm -rf --one-file-system "$TMPDIR$i" + [ -d "$TMPDIR$i" ] || continue + find "$TMPDIR$i" \( ! -user "$(whoami)" -type d -prune \) -exec ${RUN_PRIVILEGED_CMD} rm -rf --one-file-system {} \; + rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -380,7 +382,28 @@ def deb_list_beautify(d, varname): # shall be used outside of this class. def insert_isar_mounts(d, rootfs, mounts): + """ + In unshare mode, all mounts must be created after unsharing the + mount namespace. As needs to happen within the unshared session, + we implement it as a code generator. Note, that the random and urandom + mounts are needed for DDI images. + """ lines = [] + to_touch = ['/dev/null', '/dev/random', '/dev/urandom'] + to_mkdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('touch ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_touch])) + lines.append('mkdir -p ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_mkdir])) + lines.append('mount -o bind,private,mode=666 /dev/null {}/dev/null'.format(rootfs)) + lines.append('mount -t devpts -o noexec,nosuid,uid=5,mode=620,ptmxmode=666 none {}/dev/pts'.format(rootfs)) + lines.append('( cd {}/dev; ln -sf pts/ptmx . )'.format(rootfs)) + lines.append('mount -t tmpfs none {}/dev/shm'.format(rootfs)) + lines.append('mount -o bind /dev/random {}/dev/random'.format(rootfs)) + lines.append('mount -o bind /dev/urandom {}/dev/urandom'.format(rootfs)) + lines.append('mount -t proc none {}/proc'.format(rootfs)) + # we do not unshare the network namespace, so we cannot create a sysfs, hence bind-mount + lines.append('mount -o rbind /sys {}/sys'.format(rootfs)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) inner_full = os.path.join(rootfs, inner[1:]) @@ -389,7 +412,18 @@ def insert_isar_mounts(d, rootfs, mounts): return '\n'.join(lines) def insert_isar_umounts(d, rootfs, mounts): + """ + In unshare mount we don't unmount the system mounts but just + remove the mountpoints. + """ lines = [] + to_unlink = ['/dev/null', '/dev/random', '/dev/urandom', '/dev/ptmx'] + to_rmdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('rm -f ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_unlink])) + for d in ['{}/{}'.format(rootfs, _d) for _d in to_rmdir]: + lines.append('[ -d {} ] && rmdir {}'.format(d, d)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) mp = '{}/{}'.format(rootfs, inner) @@ -397,11 +431,52 @@ def insert_isar_umounts(d, rootfs, mounts): lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) return '\n'.join(lines) +def get_subid_range(idmap, d): + import getpass + with open(idmap, 'r') as f: + entries = f.readlines() + for e in entries: + user, base, cnt = e.split(':') + if user == os.getuid() or user == getpass.getuser(): + return int(base), int(cnt) + bb.error("No sub-id range specified in %s" % idmap) + def run_privileged_cmd(d): - cmd = 'sudo -E' + """ + In unshare mode we need to map the rootfs uid/gid range into the + subuid/subgid range of the parent namespace. As we usually only + get 65534 ids, we cannot map the whole range, as two ids are already + used by the calling environment (root and builder user). Hence, map + as much as we can but also map the highest id (nobody / nogroup) as + these are used within the rootfs. It would be easier to use + mmdebstrap --unshare-helper as command (which is also internally used + by sbuild), but this only maps linear ranges, hence it cannot map the + nobody / nogroup on the default subid range. By that, we have to avoid + the nobody / nogroup when building packages in this case. + """ + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + nobody_id = 65534 + uid_base, uid_cnt = get_subid_range('/etc/subuid', d) + nobody_subid = uid_base + uid_cnt - 1 + gid_base, gid_cnt = get_subid_range('/etc/subgid', d) + nogroup_subid = gid_base + gid_cnt - 1 + cmd = 'unshare --mount --pid --uts --ipc --user' \ + ' --kill-child' \ + ' --setuid 0 --setgid 0 --fork' \ + f' --map-users 1:{uid_base+1}:{uid_cnt-2}' \ + f' --map-groups 1:{gid_base+1}:{gid_cnt-2}' + if uid_cnt < nobody_id: + cmd += f' --map-users {nobody_id}:{nobody_subid}:1' + if gid_cnt < nobody_id: + cmd += f' --map-groups {nobody_id}:{nogroup_subid}:1' + cmd += " --map-root-user" + else: + cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) return cmd +UNSHARE_SUBUID_BASE := "${@get_subid_range('/etc/subuid', d)[0] if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '0'}" +# store in variable to only compute once and make available to fetcher RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" run_privileged() { @@ -415,5 +490,10 @@ run_privileged_heredoc() { run_in_chroot() { rootfs="$1" shift - ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" + + rootfs=$rootfs run_privileged_heredoc <<'EORIC' "$@" + set -e + ${@insert_isar_mounts(d, '$rootfs', '')} + chroot "$rootfs" "$@" +EORIC } diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 33630f1e..c69b7df2 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -122,8 +122,13 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ run_privileged_heredoc << ' EOSUDO' - mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + mkdir -p "${rootfs}"/var/cache/apt/archives + chmod 777 "${rootfs}"/var/cache/apt/archives + else + mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + fi EOSUDO # nothing to copy if download directory does not exist just yet diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e8721c79..a0d4fd05 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -168,12 +168,30 @@ dpkg_schroot_create_configs() { EOSUDO } +dpkg_chroot_prepare() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + dpkg_schroot_create_configs + fi +} + +dpkg_chroot_finalize() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + schroot_delete_configs + fi +} + +dpkg_prepare_unshare_ccache() { + mkdir -p "${CCACHE_DIR}" + # sbuild id from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110942 + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX -m u:${@int(d.getVar('UNSHARE_SUBUID_BASE')) + 999}:rwx "${CCACHE_DIR}" +} + python do_dpkg_build() { - bb.build.exec_func('dpkg_schroot_create_configs', d) + bb.build.exec_func('dpkg_chroot_prepare', d) try: bb.build.exec_func("dpkg_runbuild", d) finally: - bb.build.exec_func('schroot_delete_configs', d) + bb.build.exec_func('dpkg_chroot_finalize', d) } do_dpkg_build[network] = "${TASK_USE_NETWORK_AND_SUDO}" diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index e693800c..1b2616db 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -85,7 +85,10 @@ dpkg_runbuild() { ext_deb_dir="${ext_root}${deb_dir}" if [ ${USE_CCACHE} -eq 1 ]; then - schroot_configure_ccache + ${ISAR_CHROOT_MODE}_configure_ccache + fi + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + sbuild_add_unshare_mounts fi profiles="${@ isar_deb_build_profiles(d)}" @@ -109,24 +112,28 @@ dpkg_runbuild() { DSC_FILE=$(find ${WORKDIR} -maxdepth 1 -name "${DEBIAN_SOURCE}_*.dsc" -print) - sbuild -n -c ${SBUILD_CHROOT} --chroot-mode=schroot \ + sbuild -n -c ${SBUILD_CHROOT} \ + --chroot-mode=${ISAR_CHROOT_MODE} \ --host=${PACKAGE_ARCH} --build=${BUILD_ARCH} ${profiles} \ ${@'--no-arch-all' if 'cross' in isar_deb_build_profiles(d).split() else '--arch-all'} \ --no-run-lintian --no-run-piuparts --no-run-autopkgtest --resolve-alternatives \ --bd-uninstallable-explainer=apt \ --no-apt-update --apt-distupgrade \ --chroot-setup-commands="echo \"Package: *\nPin: release n=${DEBDISTRONAME}\nPin-Priority: 1000\" > /etc/apt/preferences.d/isar-apt" \ - --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;\" > /etc/apt/apt.conf.d/50isar-apt" \ + --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;${@'\nAPT::Sandbox::User root;' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''}\" > /etc/apt/apt.conf.d/50isar-apt" \ --chroot-setup-commands="rm -f /var/log/dpkg.log" \ --chroot-setup-commands="mkdir -p ${deb_dir}" \ --chroot-setup-commands="find ${ext_deb_dir} -maxdepth 1 -name '*.deb' -exec ln -t ${deb_dir}/ -sf {} +" \ --chroot-setup-commands="apt-get update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"" \ --finished-build-commands="rm -f ${deb_dir}/sbuild-build-depends-*-dummy_*.deb" \ --finished-build-commands="find ${deb_dir} -maxdepth 1 -type f -name '*.deb' -print -exec cp ${CP_FLAGS} -t ${ext_deb_dir}/ {} +" \ - --finished-build-commands="cp /var/log/dpkg.log ${ext_root}/dpkg_partial.log" \ + ${@ '--finished-build-commands="cp /var/log/dpkg.log $ext_root/dpkg_partial.log"' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } \ --build-path="" --build-dir=${WORKDIR} --dist="${DEBDISTRONAME}" ${DSC_FILE} - sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + # TODO: port to unshare backend + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + fi deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 029caec7..9bb43a8d 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,8 +29,12 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - run_in_chroot '${ROOTFSDIR}' \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS') if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '')} + chroot ${ROOTFSDIR} \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge +EOF } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" @@ -62,6 +66,9 @@ __EOF__ # Install configuration into image: run_privileged_heredoc <<'EOSUDO' set -e + + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), '')} + localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 then diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index 766f386d..cc046fdb 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -16,7 +16,14 @@ do_image_tools[depends] += " \ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DIR_IMAGE}:${PP_DEPLOY}" SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" +# only used on unshare +ROOTFS_IMAGETOOLS ?= "${WORKDIR}/rootfs-imgtools-${BB_CURRENTTASK}" + imager_run() { + imager_run_${ISAR_CHROOT_MODE} "$@" +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" @@ -103,3 +110,80 @@ generate_imager_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} \ < ${WORKDIR}/imager.manifest } + +imager_run_unshare() { + exec 3<&0 + + # ignore everything before '--'. If the remaining list is empty, + # assume a here document is passed via stdin + while [ "$#" -gt 0 ]; do + case "$1" in + --) shift 1; break ;; + *) shift 1 ;; + esac + done + + if [ "$#" -eq 0 ]; then + set -- "$@" '/bin/bash' '-s' + fi + + local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${ROOTFS_IMAGETOOLS} + tar -xf "${SBUILD_CHROOT}" -C "${ROOTFS_IMAGETOOLS}" + mkdir -p ${ROOTFS_IMAGETOOLS}/isar-apt + cp -rL /etc/resolv.conf "${ROOTFS_IMAGETOOLS}/etc" +EOF + + # setting up error handler + imager_cleanup() { + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} + } + trap 'exit 1' INT HUP QUIT TERM ALRM USR1 + trap 'imager_cleanup' EXIT + + if [ -n "${local_install}" ]; then + echo "Installing imager deps: ${local_install}" + + distro="${BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + if [ ${ISAR_CROSS_COMPILE} -eq 1 ]; then + distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + fi + + E="${@ isar_export_proxies(d)}" + deb_dl_dir_import ${ROOTFS_IMAGETOOLS} ${distro} + ${SCRIPTSDIR}/lockrun.py -r -f "${REPO_ISAR_DIR}/isar.lock" -s <<'EOAPT' + local_install=$local_install ${@run_privileged_cmd(d)} /bin/bash -s <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get update \ + -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ + -o Dir::Etc::SourceParts='-' \ + -o APT::Get::List-Cleanup='0' + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades --download-only install \ + $local_install +EOF +EOAPT + + deb_dl_dir_export ${ROOTFS_IMAGETOOLS} ${distro} + local_install=$local_install run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades install \ + $local_install +EOF + fi + + run_privileged_heredoc <<'EOF' "$@" + set -e + mkdir -p ${ROOTFS_IMAGETOOLS}/${SCRIPTSDIR} + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 +EOF + + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} +} diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index bc3f2181..1590f58a 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -188,6 +188,7 @@ SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" python() { image_types = (d.getVar('IMAGE_FSTYPES') or '').split() conversions = set(d.getVar('IMAGE_CONVERSIONS').split()) + chroot_mode = d.getVar('ISAR_CHROOT_MODE') basetypes = {} typedeps = {} @@ -263,7 +264,8 @@ python() { if image_cmd: localdata.setVar('type', bt) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -293,7 +295,8 @@ python() { cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index 8d4f8050..84ea63e7 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -68,7 +68,9 @@ do_containerize() { run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + fi } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 8b048dc7..3e261622 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,10 @@ generate_wic_image() { fi EOIMAGER - run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + fi rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 411df93f..e85c4fe4 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -145,7 +145,12 @@ rootfs_cmd() { } rootfs_do_mounts[weight] = "3" -rootfs_do_mounts() { +python rootfs_do_mounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_mounts_priv', d) +} + +rootfs_do_mounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ @@ -168,7 +173,13 @@ rootfs_do_mounts() { EOSUDO } -rootfs_do_umounts() { +python rootfs_do_umounts() { + # unconditionally run the unmount code as this ignores missing + # mountpoints but also does the cleanup of the directories + bb.build.exec_func('rootfs_do_umounts_priv', d) +} + +rootfs_do_umounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e @@ -215,7 +226,11 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + rm -rf ${ROOTFSDIR} + run_privileged_heredoc << 'EOF' + mkdir -p ${ROOTFSDIR} + tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" +EOF # setup chroot run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" @@ -285,10 +300,14 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ - -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ - -o Dir::Etc::SourceParts="-" \ - -o APT::Get::List-Cleanup="0" + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_install_resolvconf" @@ -316,9 +335,12 @@ rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { # download packages using apt in a non-privileged namespace - rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot ${ROOTFSDIR} \ + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" @@ -346,6 +368,7 @@ rootfs_install_pkgs_isar_download() { rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ + ${@'--bind "${REPO_ISAR_DIR}/${DISTRO}" /isar-apt' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --chdir "/var/cache/apt/archives" \ ${ROOTFSDIR} \ -- /usr/bin/sh -c "apt-get ${ROOTFS_APT_ARGS} --print-uris ${ROOTFS_PACKAGES} | \ @@ -368,8 +391,13 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - run_in_chroot "${ROOTFSDIR}" \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + find ${ROOTFSDIR}/isar-apt + chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --no-download ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" @@ -678,8 +706,10 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then + run_privileged_heredoc <<'EOF' mkdir -p ${ROOTFSDIR} - run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar + tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} -f rootfs.tar +EOF rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index d9ccce7f..8ca66138 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -7,7 +7,8 @@ SCHROOT_MOUNTS ?= "" inherit crossvars -SBUILD_CHROOT ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" +SBUILD_CHROOT:unshare ?= "${SCHROOT_DIR}.tar.zst" +SBUILD_CHROOT:schroot ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" SBUILD_CONF_DIR ?= "${SCHROOT_CONF}/${SBUILD_CHROOT}" SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}" @@ -144,6 +145,13 @@ END EOSUDO } +unshare_configure_ccache() { + # ccache must be below /build for file permissions to work properly + cat <<'EOF' >> ${SBUILD_CONFIG} +$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"; +EOF +} + sbuild_dpkg_log_export() { export dpkg_partial_log="${1}" @@ -152,3 +160,17 @@ sbuild_dpkg_log_export() { cat ${dpkg_partial_log} >> ${SCHROOT_DIR}/tmp/dpkg_common.log ) 9>"${SCHROOT_DIR}/tmp/dpkg_common.log.lock" } + +# additional mounts managed by sbuild +sbuild_add_unshare_mounts() { + dpkg_prepare_unshare_ccache + + cat <<'EOF' >> ${SBUILD_CONFIG} +$unshare_bind_mounts = [ + { directory => '${WORKDIR}/rootfs', mountpoint => '${PP}/rootfs' }, + { directory => '${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO}', mountpoint => '/isar-apt' }, + { directory => '${REPO_BASE_DIR}', mountpoint => '/base-apt' }, + { directory => "${CCACHE_DIR}", mountpoint => "/ccache" } +]; +EOF +} diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 16165792..7a8d5ff4 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -74,13 +74,17 @@ rootfs_configure_isar_apt_dir() { ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} +EOF } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" sdkchroot_finalize() { - - rootfs_do_umounts + rootfs_do_umounts_priv # Remove setup scripts run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 6db10eb3..635b7ea3 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -69,7 +69,7 @@ KERNEL_FILE ?= "${@ 'vmlinux' if d.getVar('DISTRO_ARCH') in ['mipsel', 'riscv64' MACHINEOVERRIDES ?= "${MACHINE}" DISTROOVERRIDES ?= "${DISTRO}" -OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:forcevariable" +OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:${ISAR_CHROOT_MODE}:forcevariable" FILESOVERRIDES = "${PACKAGE_ARCH}:${MACHINE}" # Setting default QEMU_ARCH variables for different DISTRO_ARCH: @@ -148,6 +148,10 @@ ISAR_APT_RETRIES ??= "${@'10' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAP ISAR_APT_DELAY_MAX ??= "${@'600' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAPSHOT')) else ''}" ISAR_APT_SNAPSHOT_TIMESTAMP ??= "${SOURCE_DATE_EPOCH}" +# Rootless build execution +ISAR_ROOTLESS ??= "0" +ISAR_CHROOT_MODE ??= "${@'unshare' if bb.utils.to_boolean(d.getVar('ISAR_ROOTLESS')) else 'schroot'}" + # Default parallelism and resource usage for xz XZ_MEMLIMIT ?= "50%" XZ_THREADS ?= "${@oe.utils.cpu_count(at_least=2)}" @@ -203,6 +207,7 @@ CCACHE_DEBUG ?= "0" # Variables for tasks marking # Long term TODO: get rid of sudo marked tasks TASK_USE_NETWORK = "1" +# nested namespacing requires this as well TASK_USE_SUDO = "1" TASK_USE_NETWORK_AND_SUDO = "1" diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index eba6ea85..7d3e8a2c 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -162,6 +162,8 @@ do_bootstrap() { line="[trusted=yes] ${line}" fi echo "deb-src ${line}" >> "${WORKDIR}/sources.list.d/base-apt.list" + echo > ${WORKDIR}/mmtmpdir + chmod 666 ${WORKDIR}/mmtmpdir # no need to sync /var/cache/apt/archives if base-apt used syncin='echo skip sync-in' @@ -178,12 +180,14 @@ do_bootstrap() { mkdir -p \$1/base-apt && \ mount -o bind,private '${REPO_BASE_DIR}' \$1/base-apt && \ chroot \$1 apt-get update -y \ - -o APT::Update::Error-Mode=any && \ + -o APT::Update::Error-Mode=any \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} && \ chroot \$1 apt-get install -y dpkg && \ umount \$1/base-apt && \ - umount \$1/$base_apt_tmp && rm ${WORKDIR}/mmtmpdir && \ - umount $base_apt_tmp && rm -rf --one-file-system $base_apt_tmp" + umount \$1/$base_apt_tmp && \ + umount $base_apt_tmp && rmdir \$1/$base_apt_tmp" else + # prepare dl_dir for access from both sides (local and rootfs) deb_dl_dir_import "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" bootstrap_list="${WORKDIR}/sources.list.d/bootstrap.list" @@ -203,6 +207,7 @@ do_bootstrap() { -o Dir::State="$1/var/lib/apt" \ -o Dir::Etc="$1/etc/apt" \ -o Dir::Cache="$1/var/cache/apt" \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ -o Apt::Architecture="${BOOTSTRAP_DISTRO_ARCH}" \ ${@get_apt_opts(d, '-o')}' extra_essential="$extra_essential && $syncout" @@ -226,7 +231,8 @@ do_bootstrap() { mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + ${@'' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'run_privileged'} \ + TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -244,6 +250,7 @@ do_bootstrap() { --customize-hook='sed -i "/en_US.UTF-8 UTF-8/s/^#//g" "$1/etc/locale.gen"' \ --customize-hook='chroot "$1" /usr/sbin/locale-gen' \ --customize-hook='chroot "$1" /usr/bin/apt-get -y clean' \ + ${@'--skip=output/dev' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --skip=cleanup/apt \ --skip=download/empty \ ${MMOPTS} \ @@ -258,7 +265,8 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged find ${WORKDIR}/dl_dir -maxdepth 1 -mindepth 1 -exec rm -rf --one-file-system "{}" \; + rmdir ${WORKDIR}/dl_dir fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc index aa62b324..054d7fc2 100644 --- a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc +++ b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc @@ -66,8 +66,28 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "rootfs_cleanup_base_apt" DEPLOY_SCHROOT = "${@d.getVar('SCHROOT_' + d.getVar('SBUILD_VARIANT').upper() + '_DIR')}${SBUILD_SCHROOT_SUFFIX}" -do_sbuildchroot_deploy[dirs] = "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" -do_sbuildchroot_deploy() { +sbuildchroot_deploy_tree() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_SCHROOT}" } +sbuildchroot_deploy_tar() { + lopts="--one-file-system --exclude=var/cache/apt/archives --exclude=isar-apt" + # we cannot use pzstd, as this results in a different magic + # (zstd skippable frame) which is not detected by sbuild + # https://salsa.debian.org/debian/sbuild/-/blob/d975d388a98627a0d7d112791e441c27a6d529df/lib/Sbuild/ChrootUnshare.pm#L608 + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${DEPLOY_SCHROOT}.tar.zst + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} +} + +do_sbuildchroot_deploy[network] = "${TASK_USE_SUDO}" +do_sbuildchroot_deploy[dirs] += "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" +python do_sbuildchroot_deploy() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('sbuildchroot_deploy_tar', d) + else: + bb.build.exec_func('sbuildchroot_deploy_tree', d) +} addtask sbuildchroot_deploy before do_build after do_rootfs From patchwork Mon Jun 15 09:24:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5153 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:37 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f63.google.com (mail-qv1-f63.google.com [209.85.219.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PZhK009406 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:36 +0200 Received: by mail-qv1-f63.google.com with SMTP id 6a1803df08f44-8ccdcd8dd3dsf68877386d6.3 for ; Mon, 15 Jun 2026 02:25:36 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515530; cv=pass; d=google.com; s=arc-20240605; b=JWoQ+mH3LflB8qmt/jQ/WMd3vuksDkJv1DSaFJ01Sho5UTrYTEQXOqN7zCUs12/A4Z uPhK0WOMzKrOuUSbs8qyVUSRYJ3v3iJ3gvLSBJJ042Do4nrl7T1olItvKmgmpeTbES8n dCkfpmRXD0qzx/DPgNsQC7Im22XGRkXZb9IGFhSUGjCw2rP70tVid0NLneIzMknwc42o QApsrpLhaiJCSZMV0+9XtaFcfftn5/97Sb+nbjxUtiCgxOJCwOFK8m509hyCQjVTnpzo iTixc5bLz0Pp1hKeV9lr2G1AzfhfLf02TjXRGN8aFSMT9hNQuEByHW85JLPcwZxpoCgJ blaA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=e4g1nvEuwFobxeNl2wZQyy8/ka3XECa4zPe4q/RAse8=; fh=AIXngGHHab1ZYf+I2NeBeyD2F/jxnk009FWv6YPSSYg=; b=cocX2VlWVq9lG7DWuOHaXiT4lK9TU5mOMd7PV963yZSOsdwekeWDKhUePk9FEVL0JC 7J0fKJDEBHxRE8dQG0swNdX7jlXMFRfDDXOtgoKaNOuKDj7mc+iQLtflRdya+/Ujk3nh L2AWUpfpAeSM+YFXdk2lDQ8YolA0lwdkAwXtUC2+eT/w05MyWPUHXTWQnhH47vx6ybdJ eNF0oMSl5ZzHYxd8k7rX2K467WTICzdzLufhOC4mkJ+sCo8JtkMJp2nh0G9DrXZXM675 4FV7Be12mwX870hFbI+hj0VvPnc6o3Cn9IHAWN9aUSL/sgt7P6XFuT/mtbrIOF0qzqjE kRsQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RlcjPytZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515530; x=1782120330; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=e4g1nvEuwFobxeNl2wZQyy8/ka3XECa4zPe4q/RAse8=; b=ydJ/xgsaaUlhM3xFO9tTyM++zhKYFy+8vkGktoanV87tYZF5N8o3lEdbcVQfEDkZMC 8QgVi9pnZ7h47AbGYg7n8mHnZJGkAgD8/0LDAErFx1qbTPDHJ7JafHU1gryLwfx2OxoT QWAwQmIDVMBD0v6PKZu/MXo98Y2HWZFi1p/7AiGHOgCGqdzTLKgpqe78ZHnuHjcM9e8I bzgwO0JZ4WPuMNH4JJ4AcKTsZNvslMa9e8s9xJSpMSK+tvFZxYx83FrsWi4Jt3HBOcb3 D8jllHbqCpt7gFWzb/OCza2LV1pkS0wGXdib6BFzkpyhdnZiO4zNdaeboV1c59m+hdKM q9MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515530; x=1782120330; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e4g1nvEuwFobxeNl2wZQyy8/ka3XECa4zPe4q/RAse8=; b=Bjh1tPLUDccTbwLINbsz+lTvStQEAy51eXxwGy+djBq9WHQM81Z/0WpT9czWncl0lg 6oHHYsM5WaX+3BsI+ZTQzicC4YfTYqoKvrYXgJoNuNYDFcAP7DyJRRn9pAeTbzMobu/N tbZp0VqywLdCfXwl6TepObk/7S900j1gKTMn3jeBWqk3PzU7HhwBVUSqJWZkJ+0mZ1aS QYd7iW+cjxj8S2jHnp+OaNUpAVuCWcMCnQew8a6p83Xj7Vy8I7yOVthe9AgqpJqu6dtD Misz7eDySUMzBaPAFu9eBP8csyDD4wPNe+tD5idhjytq1BraeYCu5e1PyHxcq2LQPKfY pyBw== X-Forwarded-Encrypted: i=3; AFNElJ8mQcHEpKnY8/KchJnvmwrfYvmY4hZIbpbFOxloqHH8LH1HdQ9HAvWkq8RrAlIlhuPrsu/+xK4=@isar-build.org X-Gm-Message-State: AOJu0Yx5l5li/g/GfkOF9r91EKGYfD3Ik8qcyzIqBlxVyYv1Hb1/rpFt 9E81EZP6R3QXIJxn3g1iti0LmJtSMzcNdp22IdiByvgw3y1B+SRlyiFo X-Received: by 2002:a05:6214:2c08:b0:8d2:e166:994 with SMTP id 6a1803df08f44-8d3289926ccmr241331816d6.0.1781515530393; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUewZWpT+hwboCu87NbupyMwfhIHaLE5xbp5soaHzhuF4Q==" Received: by 2002:a05:6214:4f18:b0:8ce:b031:e76a with SMTP id 6a1803df08f44-8d2eea55dd1ls56591836d6.0.-pod-prod-01-us; Mon, 15 Jun 2026 02:25:29 -0700 (PDT) X-Received: by 2002:a05:6102:945:b0:6ef:f691:7044 with SMTP id ada2fe7eead31-71e88ae91damr6591340137.1.1781515529568; Mon, 15 Jun 2026 02:25:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515529; cv=pass; d=google.com; s=arc-20240605; b=cVJmCLsrZTOI0EULCslTpx5NOlKRF+7dYMAxL3tT/C/+weMtBNU4VJAKjH6k6hkfNs MmLacIMfJSN3Fw06lp2BpACYpuK8oI8/7gwgNZuvQiLAF92Kd6UBHAWKdZdlNg0hm/dA qhEqeGApDghOpd71h1buHO1oEMCBIKLVXBuJZtTrjnvmmPwHXqoLGchyt2RQBe4waR4F ujJifn97n8fqzw30wFFQEuJIClBAyGXP+EVL+591GRhmFvvk3bl6JjCbFhtZw1zacI8h OiSNAlTroIXF75aPI4qjCgWVzh7RnbnHPWlBqgCIm7z9fcmXegLNaujiGM3haG2ico0B jG/g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=WrSupa5Ua7sDgGewyzsPqwurv9OsmMjTz8Q2jRj7JlE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ErPUZGxnkNdfDkrtnvQDDWLxJyDYVdx7yZXr2Y2oKC4erdDtwWg5BHOFmzMXxzXjj+ AuEsY2n83ev7usgPlieRHkYkygVUk3yVaO/rprzLdU5vpjeHuOfkZN8VN0WI0REABiWM iWKLMhmF29S9hWDg6aFW+7l01rjIOPkCmcsbnEvapJ8O7YL7Z993biLtZiuFvkRaRmEY MbUtr/vU0EpM3H2L3vVZAvxTmFioMg/BXyrW51R2YbmLHfE1+rPjPGu3Irkg+RghjEkL aJaTLobE/5uSSX/B+A9abXXaMhMgzOTQULfIdkDpOIkvTbdvBWiTO5zOXwweIVwiM+MQ cswQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RlcjPytZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-966a05d589csi133727241.4.2026.06.15.02.25.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:29 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nJPFFtMJQjATmecwTgF2wdOt6y2/rHCPZeH35w/2SoynAURDmTWjzSP+HjPnt9xdVVvcNCL83C+1n9doCQ6fsjtKWAtELGn1FSTuJ0/OblIYzXbuq6NlpgNfSsgW0K2W1PmCH8FiMgcTnv2/2++f3Ntl1jAs2Djlic5VcxDSGoEAn7PND/S/Kah0ktwwYeNfwpM6msyJ7+YKHtXW5NjasJ9Ud1muwd/zeb8cVA4UxCReAT8d0K3kCF3fbNnKyIqqngiLujCSNqqNUtG8xgJsoFh05y/7gLFRrvahZd9RIsmVRZJjHT5pEPA+KTeVw4Nui5jr4DH8hmxgWjJWpT8vQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WrSupa5Ua7sDgGewyzsPqwurv9OsmMjTz8Q2jRj7JlE=; b=W0cqMAK3/Wh9Bo8NA6EAmCUqF+hErSqW1qSOr693j0NKzQ6/0TdjXfez4PxtmQIY+Lgt51PTkQ/7vcOn6ektBeYwPwMwiCo6ziM1utxOmhJBB+B18HfbgwJSxRxQo/MATeUns8fy+zUvPXvaPPZ8tDCJIR3TXsDwup5QsuCxPzXDHR+1Xc2VKBgu7zHaPBVoxrgGy0qo7pbYq/MYSObj7o9NFmQGGLurx47zMVs+9xULBvN24OWEOAEvLW/VIANMMAKCpo2jHeV8BH84s4KYoNCznDXkoyd1Q1zdh5fl7kX9iRRpXb4Qt48pSqXrG+XFRCNEhp4y6GyoZmjLJAA3wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:25 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:25 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 11/17] add helper script to clean artifacts in build dir Date: Mon, 15 Jun 2026 11:24:52 +0200 Message-ID: <20260615092458.259691-12-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: b512a160-02e5-4313-82e5-08decac0066b X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|3023799007|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: acZSe7brA4uAG9kgMukA1Y4fQKh4/z29si6K57rvlFHQtYpyug/hOOgkbtRjYaSSw1aHKGJHzOobA9C/MktYujH1cotk0x8gOZYuT+iBsHiQXppnOyRZzNtN3ACvUHYsV6bQz8nb1mzSkd7jeol5Agx1RuX5x5IIcnJOtaSJrc+6bLvoq+48MAgo9WMH2U5RRuhjLJHhPRk7kh/6uA++R58clhxGC2b9KjyytPRSFz97LJObrKsBIgELQAE8BSD4qvP0eaezgdrljGxJvSiknvRBjUvhJlS6rKt24vpK8XgNZKootG6CbHQ02HeqLzIxvxnkJIOBZqHRQbf1hnXDCUs3npPkpkVqzvQgPp2BruxJXnufvaSIJTrz7+9f1rGQjiaBMtWlrOgAnzNtDEPEO2eqCtbY9vfETPsw/NOA3GFYHGlJ/hBdq8FBq58hzjgZsGXjBraJq/gDqjVMSoARMt208943MYgU0gB6JH3X2ZGkcP0UFOiAPJKAbEs2RjSJtLIkuJAaxbkbxtXkgOLEKKl+HOqUW0uMWOHRANHhe4y5SsamNeicJNtY7zNdBOVFIemEFUD/t73t3QFYVCqEaY0ninsQ7iXfzxwyic4Cfj0hEt9sRFCrkTk9W132FKZm+oM1Izq/Udma66ydGSKnHRGWqiyJ+5Y9sEwSHMpN0QGmIX+uxNr4bFsoGUe3tzIG X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(3023799007)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 7nykMAMnhXxthSLiMCqgR8kMgnQB00nUh26z1Za4Tahr8ZuoH0wy+6kIA+EJpZ9alEwjLLIu5tOPXwgMcaxtcu1CVSHvm5bCCC58TYHZaZ9hz1nDZrYnZgvjfdFIzC2V3nsJQBkoVgL8SsDOqKeeNHAQWyNnwXlbButTbhNr/CgYqmadt7zR3CCYTfc6mB2zDAjwLoRFPE/k7hkOOd5jNZg8LQS6eiieL8jYIaek9CgGIAZ0eaj+yWECxfSY2JeB9Bt8c5dUdZL3xStgB9zbECzwjNcua1BkjouAd23uJPdZoszDONl72IyIkwA3MXTfGR9C9Qh9ZKCff1YwKsLq3jlP1Wdtq+pC1ul0OtvBXY7SsxtbVDEv6LxKKz9T48ctZ4dErmGYmWxgdKDQK6qWtabTfeFLFCo833d+Z29gPmhMGg98ZTeCaOrRCGp+A8vv9eIBXcwri6PpsDRF/+RvBWHzt4jyrTiFUmOh59NzuxHmfNpnKRKP9ZV3bqlVKZoj+KVh0Nwf47I29DNTLBdro6MzGwoE4MLwDjgyFySOV4itMvrPbz8s2ptrf/duG5Y4hy/eQQBDmyLaWW+jjz91JedIq3UJ9UBZW+03MPIKXJoGz2mBeUM4sbACDu/CDm06QrsL1t/dVitZAaIh0lU7GZRlBxgklZ+4fy9PNbxRBnjWPDvg1OwGgZ/3bkQgY34ck8/18NMXdXywhuKAMQh9Y+77RCI2Q/dXEjUGYroEM1ThH0OavaefffrtQzcSBbUU1Y+pZcJTiJC67hBTnusDgmwOunYTB+i+TS1M3WeH71leI4/ARJQwGRNLKRUk0FjRJDf0/grp5sd5IGyQdVDyOcvtNObjPb+7/h8pikzaalsyZXYy229mrDRTLhDTLfgFCXk3fEzQHlC8U985PRljiZ8aycE9qi7ZrPEmULfoNWVEkaWBiH/ymYUHkXZ80ogRpYQDzFIYs/D6W4aXuBZgwL1boAKMonkH4Qe517zAeHFGQRMCWLl2EPQDyS0fOAd0xeIWWxasYj3NBUQOeg1nl7ZVlml08FwSL/NQ+LBo9qrFgZYa7/s8pL6c85inwNKjTakWQtaMsWBKC7O1sfjdRIzSGIxCQKgL6aGzLKIYJVozSDwaxcfCnNJzuqHgGhLHZkDpMr0gfFdqJGUWoJkkmh2P1AXGLrkxJb1YfLhNgxAWmTYoMIQuJ1EGIcKTiBvVzWECxMAUizlsHeETP5No36YbC2Xl8BPBAp/K14mzErgllgLZFlZoZTVMjbkctdsUhsQ8/MLdX5u7LfwY1e6Td9q7YeHsM0i116BlFWGx7tiRRCbJV2yade1hQhbOC03ClBVuF0Q6ZmazqU81Wp9M/lv2K5+Dv6C0rjeNvSBfIDthPeLczMC7CSNRWMkZ6iIrHMeaPL291GI0RsPmpD/4S8cYRUaG2bE3uDQ5+5Z63KVC/tyL7vqEH6LrloZAqtZMU9P6KQpAW68LdSm6XKMhzCk1VlZBD/BeRqXCynYx8jX5fROY4i6bs/s1m1vocXxl+3zzvR2kqvzX5jX9fVmlDDpPWHTSZjiLY40EcSUNPjcccHkN675yOTtf3N4BATBFfj8Dp4op9qCKGMmX1G1WUr7y3//N4EovFzc7yMee8rvCU3VU+ClcOIAP6mY2lam70O/u5LCSiGQIeOqrDuPGJfQ0ci6JMTSajDCXZDzp/LVlaHgwAh9NSfz9lflXoh6DdkTOO/ZV/zIWofl3yyKZu78TVXzvnuYlNDvpH4K/TkIEzQFkK/AFMvekOSTimfjdrCdmcL8V X-MS-Exchange-AntiSpam-MessageData-1: C3JTOaUQWj6M34fzTmbDuy6SWVs2R9gMrEA= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: b512a160-02e5-4313-82e5-08decac0066b X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:22.4655 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bKFYqp97CAiGbBY7oRlPGc1IqWshvzK5HpBfodJ5LIeF7m93f4tWPy7cu1EBhQe2l8c174cbs268lCzLifGzgxvyE7B7gaJ6URZdAObb/TY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RlcjPytZ; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When running in rootless mode, cleaning the build directory from outside the build environment is a non trivial task due to mixed file ownerships. To simplify this, we introduce the isar-clean-builddir script that can perform the cleanup without requiring root privileges. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 5 +++ scripts/isar-clean-builddir | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 scripts/isar-clean-builddir diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 6d5b6ba3..dce28af1 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1123,3 +1123,8 @@ This internally switches the chroot mode from `schroot` to `unshare`. When using kas, the `build_system` needs to be set to `isar-rootless`, which currently requires a development version of kas (for details, check the kas mailing list). + +Note, that the build dir may contain files that were generated within the rootless +environment and cannot be deleted from the outside by the calling user. To simplify +the cleanup, we provide the `isar-clean-builddir` script that helps purging +directories with mixed ownerships (without requiring root privileges). diff --git a/scripts/isar-clean-builddir b/scripts/isar-clean-builddir new file mode 100755 index 00000000..6bc90b1d --- /dev/null +++ b/scripts/isar-clean-builddir @@ -0,0 +1,73 @@ +#!/bin/sh +# isar-clean-builddir - Clean the build/tmp directory +# +# This script removes all files from the specified directory, including those +# owned by other users (which requires elevated privileges). +# +# Rootless Mode: +# When --rootless is specified, no privileged commands are executed. This +# requires that the UID namespace where files were generated matches the +# cleanup environment. When running from a container, this script must be +# called from within the same container. +# +# Part of the Isar API. External tools may call this script for cleanup. +# +# Copyright (c) Siemens AG, 2026 +# SPDX-License-Identifier: MIT + +DRY_RUN=0 +ROOTLESS=0 + +usage() +{ + EXIT_CODE="$1" + SELF="isar-clean-builddir" + printf "%b" "Usage: ${SELF} [--rootless] [--dry-run] [dir]\n" + + exit "${EXIT_CODE:-1}" +} + +while [ $# -gt 0 ]; do + case "$1" in + --dry-run) + DRY_RUN=1 + shift 1 + ;; + -h | --help) + usage 0 + ;; + --rootless) + ROOTLESS=1 + shift 1 + ;; + --*) + usage 1 + ;; + *) + break + ;; + esac +done + +[ $# -eq 1 ] || usage 1 +if ! [ -d "$1" ]; then + echo "error: \"$1\" is not a directory" + exit 1 +fi + +if [ $ROOTLESS -eq 1 ]; then + PRIVILEGED_CMD="unshare --map-auto --map-root-user --keep-caps" +else + PRIVILEGED_CMD="sudo" +fi + +if [ $DRY_RUN -eq 1 ]; then + echo "dry-run, not executing" + DRY_RUN_PREFIX="/bin/echo" +fi + +# clean all files that do not belong to us +# shellcheck disable=2086 +find "$1" \( ! -user "$(whoami)" -type d -prune \) -exec $DRY_RUN_PREFIX $PRIVILEGED_CMD rm -rf {} \; +# clean remaining files +$DRY_RUN_PREFIX rm -rf "$1" From patchwork Mon Jun 15 09:24:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5154 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:38 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f187.google.com (mail-qt1-f187.google.com [209.85.160.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PbmE009541 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:37 +0200 Received: by mail-qt1-f187.google.com with SMTP id d75a77b69052e-519851d4973sf3456451cf.1 for ; Mon, 15 Jun 2026 02:25:37 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515531; cv=pass; d=google.com; s=arc-20240605; b=iyjKy4qtbh0czlQWqC7yxeRQwpEZA0esmwrAAR1FUrMUDJBEzr9bKgUrqS+TASRCTG FBBKO0U04dU/RVnPk+xYz7hSOoim0NG+vJlYW7QmAXeEPK6NddeRe3br3d/Mkj4KHpwy 9KlEoVMfWPnTz4KMUsdHVJN8q5jYxbTQgBlZMNm0x/DQoy2Q5eoFfMeNcu3+uCxzx93r WCX2yWVl6qfnzbdOKeuFFz9prr7B906wfMN84oZamlpMIp8YiDsX3MxTpvIPoBRVXduf W4ItMvOJD2HVL72ITHkSzVIcDEcsYhvTJZcbtn+ZrAQsWgqc0+mDqRF1kJqOioHl0rPt hjJg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=1sdvrCtgPqcqbS3d8G/wEpMDPkeMKIgnOIVBrVrUdm4=; fh=BiPWdT+vyArGjp1MoRT5KMTV1VtftTfxuMKzkEoag5w=; b=IvgGxv+Xo4MSM5gu+v0WP0X2C0ETeXbGKrOLM9AS7W6tA1MyTMUbdvMCzukunLwd8w buEwgkJefXXZ0tzkBjevtpLYbGqjCHp55BXvD43D2H3DeiNmzaSjHBI7ZUTTjksMA07A B+KFJKs6daFHy0wpkPwLhEw1EA8+yEwxGyhpn3e9ZjcOgoLTFEpFA5/Ldty7uZdI2d7x NIVF8pDE9Nq4VBXgWpnSiVl5xPBSDyTI8JPsW4jl1aPd03fLYIMZzWahEKP/f9jV9gDo nC7lSDQvdvYgjlw73G8xSRpJhFFmoYvTcVxcmS+dCJAKoiaM7o4E1VBjJWAW2Dog2mcf vYRQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yNRTR+Il; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515531; x=1782120331; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=1sdvrCtgPqcqbS3d8G/wEpMDPkeMKIgnOIVBrVrUdm4=; b=vsJAa2La/D6YsfKtw01QLHWmwElQEF27Inx4BMeumRdiPxEWJbE3Ft5Rog7evT4T2M gpf9vzithUuruNR3hiolMGWs0W6ZomtsUo4E9yxhGtyndsSeEYW4jjveO0EOMCeH4SH/ aivd6uBUJQt7UX5naTVh05gzDLEvCEm1QqbiDRG8iiqgfKGCEGAzufOpvg9ItOEnojIV KFi6F43jq9fvmHINJjzLhWOuiS9zzy2rJtraoqmkf7KO8COcrj6h6wkGiH+u/gCeSHyN ETs9/nKJ99bLQEN5SFITs0HIdTwOZyjtTR0xIIdztpztvcDwFY2EYZ0Eq7z3iINv9Z1P gMSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515531; x=1782120331; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1sdvrCtgPqcqbS3d8G/wEpMDPkeMKIgnOIVBrVrUdm4=; b=fpcE7Jcw30nVDcqpdjTLQnd4Woe35qXj+uyIGAeTXL2POX7eBms6C8jPfgpXGQWZJS uHb0zJ2TW628rZad0BbS3e5X2ylTj9q0MR62nXItNvCyzQXkg+YniNLIcbW+qoVpcn1r qPxrGWdLuJSN3s43f15e7D2FAPlVP3YyBaGYxiwAfatUmRqg0Fd2ilskVe7djkl/Y6ir 0bMdHGzEVzCpXyFkpBCQAaBPJRPFecMq7zrf5AlfNUy9EvMfL426RPHEN3MzL+b6kVxD Z9f7MUKqhQh6D/yMI3oG7xAvEWEhdwGJEYQgH2pzL6ueWGuVuJFYjhBUKtNxKUqyDoDY bVUA== X-Forwarded-Encrypted: i=3; AFNElJ9RBi8LjluReDj61zjTAVQ0NfZXEp3ffRXfqSYhe1kILlD+LeAE3U0y1nP1hEmj0qL2rwRQK+I=@isar-build.org X-Gm-Message-State: AOJu0YyqAIHhtPnSGLpLg4/1MnfgvNNuLce7tKGV7lE9LowOwmUYAo5L Dj7KqoQ/GOq/cokQ7ua/8yuYydfmleFZosQGwUrgrKdES/6+xWjO9k++ X-Received: by 2002:a05:622a:e150:10b0:519:51aa:71a9 with SMTP id d75a77b69052e-51951aa8044mr83976181cf.30.1781515531327; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUc/zr6SnfyGOdrGoswxlMqjsBOZGIHuw/lXvLNulLn5aw==" Received: by 2002:ac8:5dcc:0:b0:514:a39c:fe84 with SMTP id d75a77b69052e-517ec7a5801ls56863171cf.2.-pod-prod-00-us-canary; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) X-Received: by 2002:a05:6102:168d:b0:6d2:5721:7d6b with SMTP id ada2fe7eead31-71e64bd4509mr3994581137.4.1781515530280; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515530; cv=pass; d=google.com; s=arc-20240605; b=WDih5u/6EG3qzuHmvUVrzIKzWRY4Vxp1SC5Oy6MqYZgYOuBGnQNtJ9FU/GsIUlNmHa c70QRvli0dECBH/XTpkWiyUnmDhj04wCwM6Ua1csllfxA7YiFjH8kPD0jvpREkqZqKvD n46D1asRjNl52QZFB2kf7jz9FbrLoYCk1OkHO3j9DVLUA8bs+f8yaccNGT2h2zJQS289 dKb2O3PP0vg2k04kUEWpRLoTADFwJmfJh6xFiJuhOzzEvi/9KdDeYWFkHzZVkWquvcy2 8IYCDfGXMJ9EppYYlWXDbOIkGv4Xinp6cRYGDBOY8WKr2xbEbz/CjRe1agEbVdliPn7U eSqQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=YtLY3IDphR62zccpm3ltuPtTSMZ5ihBYg2oI96ARSXHuWgvreOCzmiSUZ2yAswSYff p1eODmn1dNzdpoWpHx7sJluFr0qqLNwJ2Y+za0DnVWdISHyUEngblj4dat5zAyD5bnmq awn0wnWOlX/S74R/Tf8gm9mdo7suavnVvMj3p+iQsiM/s0cIMICUBNBRMY3LZ40v2dAx C8RQDwBoFmcohJZ1HYaEtGdgwSXQSg3CMxIIt/vWWnBlTyLJmvoeTLUwGiXzzYT8exD1 fsjxUHENZG1TRQYbKc67lpNOiNtofIQSn+9KHZLwKPam3H0Jqhe6wT8/s7ioVGyA8Qg1 wvHw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yNRTR+Il; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-966a05d589csi133727241.4.2026.06.15.02.25.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:30 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wxYwmW/4NWE0Fhh02BxjxmHJEwFpFo1YQmkC0Wz9qDFUKHaGV559M5TjWg3N2hoOlty+nttHn4yNj6a9bs/l482nqIN5u5ax0jkBJj9aDQnyk4JL/NQZ8vUsZmGIZj7ScDrX14ZAvZ4x9pCyFVFgxOu565EjK8tpQUa2xFz2NIpe/57X9id+/FPx6ExzacTlG4lTivudqafy9y7CXxRQErbmQmc8wb/UZaxTWzMCPNEFJtAjABi8OMYVV+EEeVy24e+wFmwXcAyjeCNDqAVQxxPThZM2txskhp3MEdlLwK0CFHfnJjHEZ5NPgg/cyfawBjR1vZUB0r9uZYSr/uJw8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; b=uIJj/avQbK2T1Hz28UYljcngCVkCM4FctWABZI949/HeKFqh/1yEDn1UiSx0/8mAcCb9k+EM6Doybug90GpWWEvulISlzb/nAdUUivEppWzlAASxrof8Ie75Uct6KpX1F/KhpZv1D/m30Se+o3NvK3+rXUF2CF3M9UdaHtvMjinzvwjVMRHMlDUSsWryvQkx6PA8LrV6s2/bye0UK8yhmhWmbhszYlXDBRmqtoCTefxYx+aU+y5Qiap1biDDEakeY2Df6uX57DU2GEmOPTuKPhW3wiMki1KyVAqozGQDdU4FzZCMcnUGWCd71A0y9IdAjaIRtCcKopbkqlLVQG8K2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:25 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:25 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 12/17] apt-fetcher: implement support for unshare backend Date: Mon, 15 Jun 2026 11:24:53 +0200 Message-ID: <20260615092458.259691-13-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: ca60a068-70f3-4110-a835-08decac006d3 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: MhWchOh02QTVVVMggi3Z3wRrazFHoxSAT5HRhikDqSxPlEQkfTb0RH+m1/uD38Gr4iVe72ZotyoohySc6qJe7AxosEwm7b36CYi+ebt2ShCMc9b+1wAbuul5PJO7pzpwhjQOqZmrzD13iu09bvzYznDdg0Q++d5T1g+QIOhdIdQl7U2irXc/W1p/HgEf4Hvskqg6JkJbJnZu+nqXN08TIoBewmXnCDFuE60DO2dmwINT5Kil8UQ8STzO7/twXaHcs7p4fwrGoYNn3WMEasS2Fwg/qEj4Go+NI4uUMo3u6Jyx/Q8GwrMiJqCoz6AzaYVRkzivUC8X+IS2TJv3r4D8rPKO/AJNshFnhhZDDOAm06T66SSDRGkZ5LiHpxB5NUgjWufOU0Jo8VcK1PQCHypFDM89KCtaBMOQXsHYxNGPrmlruelYt6w5OXpXntIfrH24gXzvJ9/mUQfMt4Yehu0idtRQ+hiyMVHFPpWUpuUGwPyo/qGbKqq03AtAEUf6jb5aFo++XF7KpjdDnFp3Ppvv8rxEZCLmJHm0RKOSH00uwQYnoPbuhmc61/O/6TWXEsyzLOJHZV++qKO/349DEOm52A8dIo0jObRlVfZACQlFkuxW+Tnib8rLbK08qfUE4cC6HSn3/xfvGk415aVawcX/iVn3/0a9ULxLyRDjLwwlrcPsVYc/l5JqBvi0EXjdLIx0 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 9i1lrFKvMUPm6xeD+4A8abnV7Qc66YP4KvZw+ICsEG/jCEbjuyrAWcp2c/Qh3me3T8uYxeoW4SA6jiGQXRH7z2tcp2Iq1vS8rn5fizyLsfNKfkzHJ5phxYPBGCK3XXeTy+Ku/jsCy1sfCPdwYLUgpnvETzwvktIZdoX76pLb4EkqGa1kshZC4ABVm5xR1+CqFl1QTYpTd5tM3LBJDzoqotBndE6ig7Fus8r0dx0q8STGUCH8aJYM1VQ45EBJChFOYhoxw8VRhK14KREo83st6rcGVap1BdQkykqNOlOUFHXlfKRP0bMTPobEA+eOmyyGaJBSDGHsAofXcS28NGx6Vr+P74dS6Ftvd1nCnhZBx4Sw0YSxZFcKFJqa9bcT49gkJo9gxHAXXyQS/ELm0KBsToD3u1r6wE8wpKKBCJz3dIqW71hbrKdWELZ6o5olr6qOHLawDadUKC23HULYecI0Ihh8fED5z8Lmy/uFewNVMqPyZ2N6jVNZcUM5XjEKYOM8HAJf1hlLK/9Ik9vxXRMTcPtqIysDYk6dJvdf9eZk+BRbp8Oj9EGrBlvYvQzq3Yzn7YYITQ88JvSajujvp5YrmbBZJOYH5aMKigjbcqQ3LEHkINNVcE00M7LJSE96S3iXlp1gpdEcgB7ZHOeF9BNAY5CearCsnPJ0/NQTQbK2Kfz65NZl8HGpGMVpurcfS0We/bMlgQ+gyRa+e3xrwUmPbcR2VsX/fvfAjV2Fdhx6dnLktlLOhb8fT2A9Jd8KsMflqRj8rq/RCWDki/Bse2F5xBzwA/XlSKpK79L1Q/O6cyoBIG05Geq1qnyvYIG+yhL8Yj2E2SvyXFWpEvhXLL890RjCcY1Wnq+9w7cEjx2m7dOmFjEMFPnU18JifpLPuVCZSY7EB+MJzqooV4VRumyAHVco1InY2if7Il6ZLFoR9/GJI1nRYoXTmqcDhyFM+G76pprSFVMTLACCzgrlABYKnCLDJw7XhaC0/WpnnhnNouzixmsbp8PKOOSTLZPqaKiZHJr4kMgcc8YhiIhHd1XgMteX/hbRjhv6UfXj9qiCKgWOr4GItPysI4cTCRStlVgoTqVOHtqvXxwDgUHhZavB6xScP01U0YNBvi6EyJQAE5zXeD853SXmmP1TNG8TX9WuDv/ZVOPOyPGirjnWM1r+mQ8V/RPez7056y3bo0a0U/IcdH5ORMsefP9oJZqODT8R3Jh7hf+hx/K0c5vppjL2p8sl4LzdZ+//7jiN5jC9p6sa4vmpZwwlw6yvUlNVVLj2g+pGSYCDHieJHk2+nULFR4WfIN9LrWDXL0g1CT4j+0QnLHNOyqEe7uFGdA4KYZaBnCcpjMXx+oyvflSa2b4CuMSeVT/UX6jQdE76u5yshBr5cXFepQKMwHvUspOf4TLMg3z/NC/c2cKgVse+qAfvZF1PAwLBnWEek7fQJN21qcNEUMft0CtGhVikpcgkXjSs/zQYZSnOFaWhJRHOu1jCJdLRmtdbNHlwZsX4ANGkU1dt2vxAIEqOBKRvrhtaLoMSHg5FQK9npxTzuF4fjsRzcNm+LzIfHAYeopKTi16PXSy9v47YSgsQxXLH/EBMw9KjMlxYIvFaGigcyAk0qIhJNbJAdTOlClaP7w82T5lcOmy2fOXFW+x0IWgGwyfKD7mfrN4GCIM+qt8ob2KwXM8b7Lsm99rwCeCiUVoIoMorb4rjGzr1YT9nWVSKBO2Gv9aN8BvOETcyTZq0oDMT5sBAIA1375GdFkgn/R8BroZ6CYL60+pdG2ShUlbbXOOOBeKLEQ3r788/ X-MS-Exchange-AntiSpam-MessageData-1: 5q/xsHPbOCUWPhMShHA8dJ237vSrom/FG4U= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca60a068-70f3-4110-a835-08decac006d3 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:23.1401 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 07frOHSJoJ11DRndBda1aKmd75J61SX4PactZOjJgQJefaSXPdua0gG27b4KIwqYGC8rrjBF8kAZdINH/gKDXzCDcMi6EsGMa8mG7+vwHDg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yNRTR+Il; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/lib/aptsrc_fetcher.py | 75 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 1d133aae..933480ea 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -7,10 +7,13 @@ from bb.fetch2 import FetchError from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import runfetchcmd +import os class AptSrc(FetchMethod): @classmethod def create(cls, d): + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + return AptSrcUnshare() return AptSrcSchroot() def supports(self, ud, d): @@ -92,3 +95,75 @@ class AptSrcSchroot(AptSrc): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) + + +class AptSrcUnshare(AptSrc): + def _setup_chroot(self, rootfsdir, d): + sbuild_chroot = d.getVar('SBUILD_CHROOT') + unshare_cmd = d.getVar('RUN_PRIVILEGED_CMD') + + runfetchcmd( + f''' +{unshare_cmd} /bin/bash -s </dev/null; + tar -c --owner=0 --group=0 --numeric-owner . + ' +EOF + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.unlockfile(lockfile) + self._teardown_chroot(rootfsdir, d) + + def unpack(self, ud, rootdir, d): + workdir = d.getVar('WORKDIR') + rootfsdir = os.path.join(workdir, 'rootfs-fetcher') + extractto = f'{d.getVar("S")}.dpkg' + bb.utils.remove(extractto, recurse=True) + + try: + runfetchcmd(f''' + set -e + find {self.localpath(ud, d)} -print -type f -name '*.dsc' -exec dpkg-source -su -x {{}} {extractto} \\; + find {extractto} -mindepth 1 -maxdepth 1 -exec mv {{}} {d.getVar('S')}/ \\; + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.remove(extractto, recurse=True) + self._teardown_chroot(rootfsdir, d) From patchwork Mon Jun 15 09:24:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5155 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:39 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f62.google.com (mail-qv1-f62.google.com [209.85.219.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PbGG009562 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:37 +0200 Received: by mail-qv1-f62.google.com with SMTP id 6a1803df08f44-8ccd69b9a10sf7501316d6.1 for ; Mon, 15 Jun 2026 02:25:37 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515532; cv=pass; d=google.com; s=arc-20240605; b=ZnkEQtM08JNzpxpMjAAdvEKFJ3Jcq+8PTniWl/6TIi0EO2lRyxnO9K4e2wFe8xfoQ3 nLkQcOxI+XhQN9XpImhsoRzt1pxTpkaF/y89iK1lUO5fWYf0IYrVvPjSm2JC7vCaQ5Ov qU8u5xrFBDf/lFdbz8YsHhIyxyYR0XBEnBc4b/0K/xDT1nO22wj6jJnX3xYBWYTnNUJp RcOJAXqb07Knbr8B1L77MFtmP5jtEexa+xSEwLcTzw2gBV12mb5wivLSZoPPHAiOi7XI Ix7B9MFhgpRuCEzeg+E5YQs6ZBmDQPrX4ciHm8FMQhuisnu+xoF/+Bh2dLJalJEmDeNn EVaQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=2/aTbrUSkBcGwhHGCzELJqjCJd1EszfZtGfcigC9xko=; fh=m1k9Xado/h13ObNqmq3DNmsScgxUntGMx60DaxdDwIk=; b=WJAxg2ghCNuCv55dy1vHcx/BGN8/mx+VkrsyiSbdUkF8KTTjbgYDPeFmROZInUvM8P IvVBAIOolrvn2IIDyB53oRIu2RwFiFjkxqwkUSpzGwtug8Q8j8GYs8iJ9v7PIWSoetjn 5Xt6WwEieNnMBIlYrw5rtC1mB79MIHtXPQQHWwNZGXVJ70YOycUta+4od66mNMJfkAl+ K7IxUOvAZ7LuNBP9Yl/OvG908EeoYbuKnBjWCZCC8XApumuLyKq0zFH8HjVi3TjUUEu/ swx7yYalrt7z/xxOI9npcw/k9njYUpJTJtXvKf/Jy3e0ORGeU3XsbPpr3pdCozOrAMT8 Cn8g==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ePY9P6a+; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515532; x=1782120332; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=2/aTbrUSkBcGwhHGCzELJqjCJd1EszfZtGfcigC9xko=; b=okXvSJKMej/SwKqC/QjyTY5Et2FaS2sW1SSnNdhA+hWNAvyHTbGEW6fuUjcVJpPTOU H21yHheuhNL3j9/CR0Adhjp8GDUf76eBBy/KiNdcSjN6hJ1QJDkuk+sQZ78K0xoBbmkz vTm3R+yQNamN7kkaSkVOICh84a4cXXPs25nMhLu7W06hZYmGattlKuAEhcFqMRZlzYek 8CoewKyc8jqW/xMqQdrSXBoQYZvuseN8+l2O0Rda7kFTkB+56vso+glmMsNFGgYH0Hve N1Tj48YGR9sfLGv0loNSOgM54dUfKeS3QRTuXri56b4QnLZ7VZ3AjGfZdwxOwmtoahCK //2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515532; x=1782120332; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2/aTbrUSkBcGwhHGCzELJqjCJd1EszfZtGfcigC9xko=; b=X6k6UxQbruoWnJERtHHt8ymSlzQp4m1d0ZSwb4XgF16xga/CQhBuB8ErIarrBzutwv E5ZafgbEG42NDKm6oJfPpozRhN/7Wa41dCuYyMtUAs2OAQ8uD+Kzd1lxTUtdmjrEq4UA yTjXUs5HF9grteFkAGlVFiocUuP3AaB7+wnmtQgS/Ge5qzgJY3eDOS6nicp0FkM+hDfH 3xBau7BSWJMQh7OM3tCa9Gt2AjIGJtJ8paNTHs2N1Z4CyYBLhX9iVber1lcX4tlMeoKU 6SVW9jGBvPRvnGR0b183bD1wQJndDlwCsh6BI3jXsXWui6/8PvZVMjCbqX3JaH3yB21Z ZPTw== X-Forwarded-Encrypted: i=3; AFNElJ997x4y3lOxXxAxqC1kpG3lTc7pXHuEwZkLs3GcZUeyJQoeIDQr7n7E32UoFuAyL+7PudWi82o=@isar-build.org X-Gm-Message-State: AOJu0Yw5/IKxE12HaXhzAw13VwjxJ8Z3IXfKSPVeru/i2//ct+tJznL3 t0lEv3Dw09oS+teo4jCh28HSoofg/LRtJrWaGy2ddWMmSKa9Bfy52j7W X-Received: by 2002:a05:6214:27e6:b0:89a:4741:2147 with SMTP id 6a1803df08f44-8d33091a028mr145174976d6.8.1781515531779; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfr97U4BL/4sHGSG2zRQUXsbBDMft1EXUm02hGNvq6bUg==" Received: by 2002:a05:6214:4ec2:b0:8ac:7f7d:4a02 with SMTP id 6a1803df08f44-8d2f3054464ls51083286d6.1.-pod-prod-03-us; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-Received: by 2002:a05:6102:8085:b0:6f0:6293:747d with SMTP id ada2fe7eead31-71e88c388b9mr6234449137.14.1781515530992; Mon, 15 Jun 2026 02:25:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515530; cv=pass; d=google.com; s=arc-20240605; b=C7tarWCze25Sn+OeOdqK3rtD8iSxK2t2VyOPqQ7SegBANmTiULj4dhfCI0ugLgHZeY t+TqYnrImmfhj0N7jxm9BjnFxvSEt/H3czObXo6T3mI7wsg5sfYCx1KrQzXtSUAITWy1 /+G2iz44jp0TkHDZ5c6rT6AnxetCu+abw73KJ62JwSprST/fa5ud4PaAnvZCf2PaSSJe DDqN8esjHpeZF8bgNPLlMBDEp13iOVUAyNwpO5d8q/M57fQd3WXVdBl/AXahwmhIi6Wp bVA7YqQ0L8s8CNO9iyEtZsSIaKHdyVCVZNXlfVVn4rPJucrydGRXxB3WwYNcyfsFD1jA nRcw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=HTgr8wxfwx27VI7dtU4RA3c3NhEh7YzktZR4SnjhkretwIabcHd94rJ0QnjXoZhRC+ ioXHt5DjV6wqlhumJlNOYPyplnopXL7K3wKolR4O4nfFJ7QcTCL9rLuZ4RbeM6EVEIOH FiJcghCt8JVMELInNjgaJW/L4i+u4wECUesF1aM+M3ZC1obTfzYAavB8pR7NNxf4Tmed RsWxHTqPg9+/3CuWNQ2cjmmR8tZbi2Vyeh+cWPqh4cxs/uPUu+FBbl6n+XjAig6gjrgZ dwotu/uHzVf5mV65KfTBbW91EYcLHL/HvNd1Tdky8xUmJOYLLZ7E32xSSeuPTHMDzH+3 LuGw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ePY9P6a+; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-966a05d589csi133727241.4.2026.06.15.02.25.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:30 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mLDT7l0RzB2wx60TSFSbSBMF4kYUNH1wAgAOXqcylj40Dh6uetPpd/siJgcilcvBh6CRoJH6xVJMqeokaw2rOQqhJWe0tJXMN7fEt4V9+e+i77lb9GfzpYE4oe3IRhAnS3Wq4J29ws0xNjQVdIXtoiNpZlyp535c0Qqpl6Qx7F/Mojq5JxHRM9VbNxkswHTohF6Y9/bYyJScWJtJHL8F2OP2EPqzUfH9XX5/kpuuap352x+Rb0ltrXRO6/puQBEp4Ocuszp0ZQr/Nkn8kjSj/IRNq8ytzTp8RtU6iFnePYWwfEp0ZSxgUzIkviN5xviGOMZKlQNJ1iSIjsdrlrwxUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; b=irh0i562Au1icR+xRt+daleCB+8it+N/M6yWawhe9jdLKPRtX0zDRmLrbo9yWc9+lkEo+yMz8ta+hAl/iGdsMvtNt+cM4eUL1zUvDEmZdmHWgkEEWqRWV7ZaBJtIFrEx+Q6dCk80dXoXbG+mUwuDfdZ1Q+7P4k3x7imHL4tWPPl+800o3Y8ieH4XlMqI1KvPoeR2+k86EzS0uKoG46dPhgr/pkTIcA4RwNR8/TayelHeM8Xwex0YfGMNbLkUdBYkxiOPmMBM3+NAxEAy3MCYBFOdAfYHc3k6d7ZkZAT5CloARAZcP/j2Uf8XBNWoSwHxGnRRQrL5WewftEcybtgCag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:26 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:26 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 13/17] dpkg-source: implement multiarch support for unshare backend Date: Mon, 15 Jun 2026 11:24:54 +0200 Message-ID: <20260615092458.259691-14-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: ac0cf417-7416-4cd4-34a9-08decac00732 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|5023799004|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: +hzYexcgzSgZMl2Mx2E2YSr0YJb+s+XVS27IQZF1c4HRG8vqBHaaYmd0Kq3XkJVrQSZoMxGbop4GrGp4+a6fulqhwMpc8wUpefau+6pUBW8g9r6yN8iygR7A9HNK+dzQe/kc8/3IQgamKRcb0arT9Rc8b0PTLum2BigJZbIPPcMuhxL7D9oaDSHwtPe/ulg0YpDuQ7aJmjSza33gCZCwecFlxddSH7b7xa6D9fAiq/vfhO7tIm5aRF3mVit8R+FbDbTMMqbtJ03GWbkElmVwxs4iHdDHathvcrd0WvCYY0H3eMFgfraPEOpFMDrzGU4zJ5abEJXzfletDFBZo/D8dhWPdxQyL/HlmGmgIUMtAqQa0+RIgPgb3mo8l3B2880YsQw7wOCJmj7BmEqVerVNh6j5RLjDRjCQtt7dPDm6twpCVSoHgp93BdxH3/t6vkhLArNPGHQ3wzw1gWXlAhQjyye790PfKOcD37EZ4sIIqqQb3X56MTHqRLNgZK7MLEWEL0UylavckaJwm7VtILHHifi88orZSGwHbEdbaE7tWYRaEy6V/l2P3M/Zy0m7orgrdGRsoYvM3UnhPmp4OrEXae4BMu+RWLH4RE0CfGfnXUBFvGfwu0EH7IQeI0PALAbmVRzf/xstEV17QHngk3t8aPpXRkkvTMp/QGIR+yZcMTHiM1B4TfddweXeuFySeoYl X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(5023799004)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: UxgP5TNDj6ZKFOA1CeK7N51cPkex3yGEljMfz7jrcR2CeBzNgndA8Q9f+mhjaoGpvYM8l/tMI8waJobdo/qKmkW/RnNJ4Y7auHCt5ngmUQ95cvI19tu4zGBkf4JB4n1RC4UroqqGryqM+cj3gxsXiDl9PC16UdIvw9QufB3p2Vo2+xATCnoA8CDPsegIcq5Dny6FqSEHLM9WGpPkGkYFt/gcYpmbtITyWxuMqQlz+wgemDgGqUUHJQ5twleFr4A/veUlEH2AwJTyRZdl/lxVYQhBMu1LDMaPXJstq99W/EqkHi9iLbQnsJxGqFFdjgKwaYQvSsAaxVfnV044xJzsrvFRPthNwS13Adg6hUzfeNx0OyXK3bTGEGR6Vp8FtE3Pl40i+nlXbkuOSS3JEWh66gRwMrOZFqi+HKAytVyHLsQEU+mdFkOnwDV2ALATiJKVCgR//eMPtFcMZkEh06FwVt5R5QgBk0KYd/SGYVuaZlyvFgIBBI3/oJGyVYx2Wkg0V5dBVfciQ4Owaz8haJqlSnQ/LUP1SVNczS79PC4In2YPSksMU5GyJp0w9grRy9Rn1C/JLCTOuKI2YQ9cx7zxd42aKnePN0cGPW5ntQ8BLkkQjYvEuqIO7GKKaIXNEGLWxo2gaM8vFeBGBOCJIzTKo5UCYaUHUQJ8XTZ3GpWPSLBJV2qRG6gYCGeZjcFX+ZfzbN3uW83kN3gztgseZXUbj9bfGJ/IzbCgRqjZYHfrNHQa/E/VR9H188HIwVqXvzp9TMqQvlr5HVgaOvvtIzzd5jj5MFEUCpp+n1bDqmytTw6IMi5KH5uxCDJSm1YuRJAWB2ZU46RlSOmHW4nYgMlGMUCXvTpdTJxBK4JoNdVHqnKuDwinyFKlzAdRJsm3r6O/IMl2zBqb3dDiIGOgGcBLUrHd16Wx4env3UE98csMfa26HUhqWociiWAwX8BH6h3Epz6SB9ukw3jtm5kBpNFjjmoNRugmOYqSshKO19CK3hlT+0AhHnUfrPzFWsQPCi5wP368o+gcBZ+Bx/Adnst21kmkt6Zugl2J1V1xXSATXT7Hm5bn9PC0VZLij6j9prnuJTPjXf1GDDcuSAD2dB32nU3pt3x7HPpRBXG4Fr+XMadQGhjNzftKFGi7GJEn9QQZ72VHDGQLAQgFqEwDvuRjd46EkzsR2W/M56ij4drF8jKdP+xq7zh1Z2KpKCQUS8NPy6i/qFlcu3hGqtXwwUpBmR3zL7LYS0WGaVK79USJ2/jOBc1FI2wzAd/Z9vq8uV3r/9Yb9D62a92Yqqs7kF7rXdpznKpdzGdvrV3okfkm942oObQGsLb4WfuwHAVTiab7ehM7VhhB6wf5/kCBw3rr6QPdloWo6Tyov858yycY4cd6S5cNC4pmvKSGt4rn+SHi/ayv3lLMFwv4ckZVMs42aJUkJswsBO3HvPk2Ib3Vks+XoD/7Z6QUlACs6/jBwH5qWkvP3TwSUc1aNxkfg9G5CD3NMM/eNUpMF4igFQLWxb5ilhDmzccwIPcc+p/xPkIQFSkwAmfGKEBGaJrQRocS8if2PFeL0H80RxOhjIAM/66iJe36i+5C98R4Y8CsXo7KAV7197FnIfDExk76gfI3OEx0mjYmLLUuvvRizuqpnxT8QchlT25WkHNr36lxN6DCBGU4dzOuvH/b7GdX6vN3OOK0nQUh1rJ4JGHKF66Xt52Y2BWN/yGHN/3kpOvVHll8qRXpUknFK1KT6IjMywFAErYkAa1s34OGA8b0dmDgMnlcsxK6irQ+24/BE1IsJiG8xzkBqom3 X-MS-Exchange-AntiSpam-MessageData-1: /GjOA+HsAHEOQJmf/C2b+7iDCCNJqhanoVI= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ac0cf417-7416-4cd4-34a9-08decac00732 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:23.7563 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZwsbsOAuxnHSqhyE9KgrS8sOJjS/0WO0dxf0/03AqAuF2C6XsC0aLWl9p7mTI9uJZcD37h16DDHU693s9+pHsl50T7Dg5s3WTEe3+YPpaGI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ePY9P6a+; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The fetching of a common source package needs to happen in the chroot. Previously we only had an implementation for the schroot backend, but we also need one for unshare, which is added here. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-source.bbclass | 38 ++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index 629796d6..a1848473 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -52,10 +52,7 @@ do_dpkg_build[depends] += "${BPN}:do_deploy_source" SCHROOT_MOUNTS = "${WORKDIR}:/work ${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" -do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" -do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" -do_fetch_common_source[network] = "${TASK_USE_SUDO}" -do_fetch_common_source() { +fetch_common_source_schroot() { schroot_create_configs insert_mounts @@ -83,6 +80,39 @@ do_fetch_common_source() { remove_mounts schroot_delete_configs } + +UNSHARE_DPKG_SOURCE_CHROOT = "${WORKDIR}/dpkg-source-chroot" +fetch_common_source_unshare() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${UNSHARE_DPKG_SOURCE_CHROOT} + tar -xf "${SBUILD_CHROOT}" -C ${UNSHARE_DPKG_SOURCE_CHROOT} + + ${@insert_isar_mounts(d, d.getVar('UNSHARE_DPKG_SOURCE_CHROOT'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${UNSHARE_DPKG_SOURCE_CHROOT} /bin/bash -s <<'EOAPT' + set -e + apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" + + cd /work + apt-get -y --download-only --only-source \ + -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" \ + source ${DEBIAN_SOURCE} +EOAPT +EOF + + # run cleanup in separate session to ensure nothing is mounted + run_privileged rm -rf ${UNSHARE_DPKG_SOURCE_CHROOT} +} + +do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" +do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" +do_fetch_common_source[network] = "${TASK_USE_SUDO}" +do_fetch_common_source() { + fetch_common_source_${ISAR_CHROOT_MODE} +} addtask fetch_common_source do_dpkg_build[depends] += "${@'${PN}:do_dpkg_source' if '${PN}' == '${BPN}' else '${PN}:do_fetch_common_source'}" From patchwork Mon Jun 15 09:24:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5159 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f58.google.com (mail-qv1-f58.google.com [209.85.219.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PdYa009690 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:40 +0200 Received: by mail-qv1-f58.google.com with SMTP id 6a1803df08f44-8cec2c6b821sf68546976d6.3 for ; Mon, 15 Jun 2026 02:25:40 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515534; cv=pass; d=google.com; s=arc-20240605; b=AlnpaLuFO2wmqvpTpy/2SOwca2FNZZtGmI8XKSz84OCu+11gjTtpeuTMJKk/OKiT5Q XYjOyDPCt7LFgQdUUmp9FzYvfAvt5HaNkdCQ1jOn1qwviheMC9j5THJl2VQd2Gk1PEXs fQxb17Npop/942zLNIzS0/k7X7xqCyUHc7qBrVdP2xwOCuLLimjVE8eFEZu3oXJdjT6S Q7A8qEBqzjYsyovWtzjiVWQO31WmdzIJmwFxMUnWyWdK8nWGQo2ovmeUimyjl9HDo+sg yftEwbHGmqIFRzNadZlKBdGAkRXC8xlPqU8eV6OMaou6JhYij0WgGc2jOn7hkz56S+EH B6OQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; fh=6oHEZ/4vkD/a/qrXhTzxEXkO4YfmL5ADVWDH4u0yUMs=; b=RQVgT6YlVWU3r6Fwtr38bNE1Y7BD7ca4DqX1BlIUqE/UaiSaCk2JqsBEXunCU3yjUp VitX38xCpLKNnBzgKwu8TtaCuuN6AD5gIsQQDRNGRKtz5U+iqnN0t6MMNlJBG+VJARvb AwLa2neV5EvCGF7MqZJ6rOvtZrlwLGi4wFS34ABzTlRCv2LxhrnXLi1Ksx8+s4sHdk5I lhwq3N4Vpv+q0TROmv18bEMXg3PBROHIxanpo5V6Zmghd41MZIN2fFeuBgWT0hLdTDB6 YWQIIL/9sfm2xfqc1lzHJiO+2VbUhjPEZ5OdDmcQafqGYLvdCQgwp7m3eNm8CRbf7uyM bmLQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515534; x=1782120334; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; b=Qc5mzrjtGB6CzIcrvt8j453ZGOY4oYvxlEazOi5aUFd9UNvvLU3UcOvfkvwer+2QPM i/HDpG+CRppKw7x5ngIwsQ9DytCPuh4WquqUM73Il7GORoPOmFKDffVqXwImdFriR7cW lbNsgvaNRtDbeLHywwIA+8EJnWpEpFuviVh0aAFGoHwUApatikbcCellvH/Og51gGgtE TQUjEk7CDRG1s58QRxp55ch1wV4BxKJ41717xqm4t6KevVSCB7v9U5Y+zUDX0jsd36/2 +6kBTzqwBlnPWOfFVnPF3/Sf1ug5itjC+/8HDI53v+IZpZgK04UBjcddLgGn+KpeblVx Ubyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515534; x=1782120334; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; b=OHSZBVukfR9mUe3lyGwn3COvp20xSquftKtNhtd8O5ubWBmu22t2TcrxhGwUca2Y3m 1jyY0jeTLQH++CifX2cloEYMg/ZgExOAwimwN+FbjS0166VO9Zp0G9A+lqh+yVPmYgZp fv6Rt0G2TqmEBrRDHIv+2PhmhZ6AZbO2eXh3ApeqOWN2zs2p9UvjTZRd017Pj5g8hBQU zSDiUoVxHdtagwrV68QDQjMo/hc7P5Ojb1bqfCQ9lOyTglB+EdfW98IQWrrxl+pGNNm+ t6Q57RhSPof4Z76DlPU+MWJU+JRlVgQam2vhWyNRj+2f2bpHfGd9a5MtVmKt68IhoNdm NeIg== X-Forwarded-Encrypted: i=3; AFNElJ8voTpqPU8emvUtMXlp4t6oY77wicSRWr2p2+vRu6/ZetaAGQgSG+/QBsZOCUHwIFRbmuppAbQ=@isar-build.org X-Gm-Message-State: AOJu0YwoXTjewHdaPu7naDNTa59uQHxIFZLaE3xhyshUC8s48PfpOOOi pCZ6d4T1wyzvoC6yUVaiJ31vZhRY35XrmWRKOLRtmex5sKdPoREWvskz X-Received: by 2002:a05:6214:5d11:b0:8ce:ba04:7bcd with SMTP id 6a1803df08f44-8d32e9d9a25mr220724936d6.38.1781515533909; Mon, 15 Jun 2026 02:25:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfBHkq4iWcF/wmARz7+mglOvrBRZIjB3FKscb1pOkHLAA==" Received: by 2002:a0c:f102:0:b0:89a:a50:7183 with SMTP id 6a1803df08f44-8d2f305509els57931666d6.1.-pod-prod-07-us; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-Received: by 2002:a05:6102:1613:b0:6c1:85f8:29b3 with SMTP id ada2fe7eead31-71e88aba610mr7317545137.6.1781515531789; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515531; cv=pass; d=google.com; s=arc-20240605; b=CG6KTs8rB+HZQ3uyR374332RjWlJTT5wl+Cr7PD8jsOJF5MSsH4fBp4HhY0ua3w4N8 lIMPl1pB9h/n/PmfOoWBN6bhikBjdls5go+pHFlC6K75zY0i+VblgmpQ34dYUty/nP2i PONFL6/7GKbkBwk+MuP9rkheKf90R5/XrPY+tu5//vxRx+NpUMCjlva/m9yhoinJJsJO REhewXDRbwyYqGQLbg8YpUmeCBFzGk6u3op++HubF97UEvFFnTXdBE5u3C6gRApqa6kt STCC1+bV3OKReTyNhhqHinzv1FG7DvBlko9NtxWEdaIFt+Sj3gf0T1cltuLPPCMPX37L 2aBA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=OuMM5joRoQ9znUDt8LQkbXz3TfhPBMFIdVJ6xhZOedQspbrU4kLUpNpo6Sz7Y+K/2o sIXJLJUg+WVr8kMGQU3IH/nWZf3lFAkjk2bzlxAAcppDiNh+HnMC14M8y3UZFqHqpPCD dZMvby2XI68n/FSyRxq6edLJvETvrsDx/Zd7SoRp9n1aJbJKD/sNVaUFWjKEGoedSEYY LWBD592SxNAHoQ3kWryWza3lb4fElraSUvNB+ai7DVIE9s83/xHXEJ53tKMzT9OoBSe1 aEYarbPAdtrSg7IrGzKDWm2wGp3IMv7N/5u2Vwd8/iann+dAYTcBj9yqQ9oxsswxTL9E rvCg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-966a05d589csi133727241.4.2026.06.15.02.25.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:31 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AAxygSpJEkZqByMmXFZhHepxxY7XKh5Lg2jRS6ZnqksE7hVgONGE075VHovNEwc3AVVtW4q6pE/sjMIM/8oQBbaA0oaFhqA6DUSpYXfGOdg/+YV4euIfe6sY2AWzyCzKX2/cKofCy+DbuCVuGgqGznMZE9yU5wYdRYpxu6yPhr15lsNVz0nqjdO5H6rOfZ6e9zXMK+7C6P/Rrfslx7Bk58NQyXGOJHmPMfcPNqof/lqYMMEr4QA2H0/NDwg/a0tHsVm+S6r78QJEKXw3j6RSkvUfbc91ZZcijOoN5Bh3ycBL12IPLCOgaOvt6vY4SWlpcbXXh9BhG6XBxXC8pUeuFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=mpk1Q4R12Bh5lA0tm4SENwEZJ8J9Mjsc2SyBjayRdBaAGbtp7vUKZ0AocuVCuyKNpgTolz6pywBKaqFvdCyhCDfEF4gh1196iNV8MJwOSbITIMgyZ4vhZ9irNWwxj8kqubsRuVJEKou21Ns2H4GBmudptibLd59MHlo3kvl2IhJf50BKDeD+nkrrXL821pq7qL+cA/t2rawMNOUubLYd8qSlm9UjmfVNYm33DKdC3womj1ZLPgc2oM02bHZmHy12JIOpKsRC7oAqLcjpiKuhC5whLoO5Y1EXdunOXq4OR1jXMxy417NzU+TGWlnMuXVkflUYaCsBMV4h/lnAfVQX6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:26 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:26 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 14/17] use copy of sbom-chroot for sbom creation Date: Mon, 15 Jun 2026 11:24:55 +0200 Message-ID: <20260615092458.259691-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 8f05e475-8bd0-4769-2634-08decac00791 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: B/kUa9vqR/5AS1aNcIP6HVhu/I7WcTHI8ILwV8ZA/C8s24+xUwmTHR+P8Xgf2CFfPJc8MoW0zLNVga8oiWhQH2Ir41522Tti8/D1Jy3ijhwc1Tpl14z35rime1cBK/6TKhe+R+8Q0KGQ/Lhnusoc+ckbkw4z58QveTcyeUIlx6UgW3d1Qmld9AK5NQ5hNgw6iDLubPBpn+wkP/WUcUGOa52kBSA1sg+Jhj+8pkbvCAWyN++zlPIXYWCAbUHxr8gpIrrD3Bvq6K3lvuglIwF7dNRH3n0nBMH5nVY5LWz8tH91nbG5eZwTXc+Drtw3KPjTH8LEDy8NMXmybFyqnyDk8dYF6pHZ4vaUs8Kj5jiIGecp1g4di610ze7sPiAF+Gvswg3VplqmFhJE4/I7vED4PhBgXOXO7bDX7LhihVRf4Dg74azb9Yxqy9eSfqLGRKgo81e0WgiKLCEQCjW7j9wxoOUeGIpitmWnJ3r9jbWYjFwDReEBLquD3K39L7LC1NSwjpAf0ZYUHcarNZ6mu67BVyBBnHEdGszwxxHWKA6k9eUBCr8KUKDuM5aIwPg7WjrjBCMpDUTcgNPfbzCiEPqQQmcOIpXJdUtc+V3sEsqEiqz7xcYHOjDBEl/U4vGSjbDtqVYCesFQ+cZTaSAoM4q6LRumlxeDjgv6UOoyEA64+ouZpgs0ajC0gjUOZ4N0MuMg X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: J75+dQxTbVt9RyXyu5jV1a4DZLC3fYZGmjig6d04RPCw47FIsC5bXktBOEbLJfka8RkdkBgHkOiJQh5pzVNt00Y5ALxD+jd5LoDcZi1qGK1IIkLL/TNhjcVuwRB8Vo5hEdPlln8/oveBT3+kYbtZsN9+YRo5g9IJCLXh0u98MLDqpu095sghofvhzsKiZiV3irj7o1XycGt9azrF8CTa/BG6YQhSFFrSY2CTVXmtOt0ASWfoK4dYRpUjtor2u/ez9c2kyCrMxKDkuMDDLTXl7Nf+i7hO6gf7IVc6J1I3E/5JCvREgoCYXOUBSIRYvYPZpKyzP5G2CxE9HhXyg3k9dlOmV0AFXkHFXy1qJMEV6LugbQFVxlp8+XZT755QUKdh9vDJUe/CNEtCgaZc2XUohbhO65ZQ+ZsmslD57EzQKctFmTpO4WH9VEfwLi21sKxmf7I8IRJETSsO8Sjhvs6HRdU+Pao70R1IFybr1IyO4O7/YgRhGUfRnhdSl0MCsIWfSFSQZAegsaeKVpmUIMYMjX4Q0F5bujqtlXLFy1eJDkuRgGUBAEsmX88KN27JSpaaLsYsE/uUIY8rU+A3Kh1y4Hv0Mzy8Jjd0c8uypplh+DZoOGgtrpZ7/iEF7VV4G2JXQu+hPti4MX1zHVeqhGuMdAqVYAbrVibkmKaP4Gn3mdbZKckPYa/ZRP6oUFZt4zysbj0NPXUV2MuCtfjcArHONPuUeYPMWLA1lDCml7mKdLJz3ClNeKdJqRKydzOoksAaNveqfrtMaHfNMa4TrijVcCgXTdhMCvXfaYV2AVbLvgpCEtVjvvVMzkZfe/hx3n7EANtFjhxciUT9JZmkZ3OZi76WYjP4x4NCFS1Lf8zdxWIitD+TmTEs3uFdzeRnlHNpMGlvY2706f7rKRtDaECCJuArEuQ5LuHigpInlZsPfw1skiuONqgIYSGSFpB+ibfjeH1BFupsBzl8U+onv67TdknZmvQ97E36Qpr8uUVm4JH+VHiRSkeVVMUpyZe+ZnJROKdiCurKUDtNqdBRvcUhNzOwcEQWxbaU4DcWnX4xGuzxvGap5SSdfaKMQ/mrLiKuOg4cxLf04nwTygc2NZI/owrlZQQxFf81ptCdNLqHVehmJXsFnSWM+rPKJEXXOhxg499IS13DC6ASFLBTr+P2AlVNqHOH0j2fgDQ7Nymw3oYVCxZvnwVJgDyQa8E/wXp++9cKpCpOICnShcxyio6YRNOdW30e169GwyP1avvh/X9e3iw88yEVAVmZZazsLsvJIUplqI8YaHmVLb/XaTjNIvW+MIRaBKydEYp/0G3ttNe+1UAZ1Ns8sDcUI1V8ei2OChX9UogFSfCFzWyYGYTOa/bGHLSRea55QFZO0xgzOCpjFkP0W46AMusAG8YXmAKzhiAfekmXLKoTCNQhTFpCp/JNEFOEZ7T2YqRrjV7uMLhYI9d2U+mWxGQOGzjiYZu7dq2B2mx7xZahvXSHJZ/PPiSRz2P4TKrh+YhghlL4uKyfTPEA4QW0u0cu+rWHHbq7wSDA9pcUvrc+oyGd00+RKCJunxHpNBDRbkn92ogQcQ/hcRgXar7aU7GRsQy9vGNTqF2fwu5eaaFgXe7kg+48d8D0oB4vM44EHt7EGeO66jbZslbuidZcV+ueWDNgMmtQORhcHaPxHdiU2bWIOaPInWRUO8qJkNmzlwu0DJxdpZYOueJT0zeEqvde8J6oGG/FQ7jICDgFhDUTITiaaaxx4772r+zczYHjy9y1GdTUTmygvIxm0uFNod6IV2TlfHNCA+lBpfJ0 X-MS-Exchange-AntiSpam-MessageData-1: 9TI5x59lsmF377vNt1iF4LVlKHsSYeTrQqw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8f05e475-8bd0-4769-2634-08decac00791 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:24.4037 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bTncdaER5uU2VFkrNfPTP9+AXjefxJqiGTppXKic/7ywzw31k4cF5vV6LaMDpnk+wGLA8BpiC3EQyXsJEStOi7QiMNvjIDEz6mkk359p9Vo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs From patchwork Mon Jun 15 09:24:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5160 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:26:45 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f190.google.com (mail-qt1-f190.google.com [209.85.160.190]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9QhUv010123 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:26:44 +0200 Received: by mail-qt1-f190.google.com with SMTP id d75a77b69052e-517e054fe07sf80981511cf.1 for ; Mon, 15 Jun 2026 02:26:44 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515598; cv=pass; d=google.com; s=arc-20240605; b=Jh42GyMuFPSLxV/GU9d/fEznj95/MgRBolqCvkMSfeO14UBJ/kKqqMXk5SP/Ing1zy yOWXJQyhHnoZVVEr2y3A8vncg10kJB1Pvs4PXIJoBntI4JiZINbhiE3rt6vtVdt702dy Qj7Q/RNxj7yojrPzx+vTlzJsgf8B531/8dfMR/7II4wmqyY/4XSKsrOZ7L4VNx+hUFSN ruc1Ub1UtMqMKy6L3gSU8Qq2QBv89DpHDelCf3PtOyFTemL9KwQ4JGyxlPHNRbr8WR08 C8eo7V8EZbFArGvvZ408Ne+V2EuVff8CIFcKl0hh3wObtN4fYuUve2VOfwDIUnMdWkWb KGNg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=RRC87bk+vuepRRZj7118HnJTfuIqINFmAQK64qGlKFw=; fh=6z9HFpRr6LyUMRLm3eAXmtoR0hA8tRYGnTCo5m6FRLg=; b=jtwpANfvwQWQvm3xbr0dgOjjnBFdU0BoBjnzs8HqFi2boEH8CGVFt6R1ey1QZoqtW6 oE0612R1Utg9aSSjUpCGf5s1oJoV2UDoZczcKxTJgzmJthg/itDDnTTgzlA9OhOfJGb3 HRSHboc4agvigHiie45wOivv4x5U/zP0kGWd7zFm5MZYX2HnhAHOPBxXhuqiA72Lr3TF vBk9cwRPnner9+55xIpUcTRJy1KqFuVxrxDp77f73Xz6QfoslD/QPDBIA7FQd6+AsKWp kzkOK9WXRfVqefDlsCgvay3e6hrRAFD/g4GnMdqxl7UsbCGDOgOx4nMPXA/7JhnLfmMh apIQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=qluDob+L; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515598; x=1782120398; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=RRC87bk+vuepRRZj7118HnJTfuIqINFmAQK64qGlKFw=; b=KD3U4+CAiH16f3hLD1SEzyj0tNTpPsdKUvqXBeej0cPQH54F9sc09SPkRpVDIg2pT3 UdkO/PkNiuHotwLSKHvIcKsAPVJSPu9xwWlxtTpx9ZaWznQFaTu3fVQ4GwPwHKJbMcxB WQ4bqoqee1mSjnq0773mQ0ScokmuudVMF1VMFWevL0X3sOZYDKRqpcJsl+tym0+dL0Gb X9fmU/kOb4ksmknhDvZomCBt/kcL3wUq1ib0JpAXs3RbCFIsRFIQ83Fc2Rt1Si2U7yi9 Dwze1bP3Eo9eyUTxdfMeEWK0oekvW0vbqRjeW9cwF88v7Kx+94HgJnYHoTbL1qf/tecs 746Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515598; x=1782120398; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RRC87bk+vuepRRZj7118HnJTfuIqINFmAQK64qGlKFw=; b=S9hxz3G/RtJdirPdVdXaaFTtzIOt7YuP0ZEw12YlmQ2OU5uewDWEjckg5eH5t+cGHa wTzHT8GntsfRofRD0qmMmoLgvpQu/Uc3ZOcN/YK/jptFPGccvd/kqMUzd6j5u+XB/aue mnBx1TtrwFc+S9oR5q6pIara6qqXBlsjFBbxkRngp/Jw2ry7VS7fpftMVaakPWqF67OQ Ne9Jj6buYWXaW/meISQrdgk5ylSUTRjcT4kfzop/9t+ur5CuD5glsU34HzXDwk+7fzwj +ayUw929VR4ckwJ0n+Wju0hGDt/HD7GRtNLA0SVSbjVwEju1kBRQQfhyMnYgLQVkz8cj WZNQ== X-Forwarded-Encrypted: i=3; AFNElJ8pi3vf0rV/KpJVlVS5zaQnYwVsZG9FcqZ/IqHcScuC4ctlxjfUb/84/hY61xkM4xf0V5y7aWg=@isar-build.org X-Gm-Message-State: AOJu0YzcajgvOOIhLU2uPI7QSuakRfhighGJewOlRXDW1VxZhgHG9tiQ Dlx4ZGppFA0GN4+aGkL0l/PKMsvPJDxvFglQ6R0oYGhWVIhw9QLKzrAp X-Received: by 2002:a05:6214:418d:b0:8cf:361:ef7d with SMTP id 6a1803df08f44-8d44ea7351cmr175099026d6.20.1781515598319; Mon, 15 Jun 2026 02:26:38 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdZL1U4WgcrL5fa5FJmIZRaIpHfpBxJnt3WCYnLqQKFmQ==" Received: by 2002:a05:6214:6008:b0:8ce:92ad:795f with SMTP id 6a1803df08f44-8d2f3a16cb0ls75469506d6.2.-pod-prod-06-us; Mon, 15 Jun 2026 02:26:37 -0700 (PDT) X-Received: by 2002:a05:620a:1a1b:b0:8cf:e0fe:f217 with SMTP id af79cd13be357-917efcb242dmr1469467785a.20.1781515597361; Mon, 15 Jun 2026 02:26:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515597; cv=pass; d=google.com; s=arc-20240605; b=LKlErjLZ4Fr3dcMZ9MjG6mUk0+EnpgR+8euhx2uxhfg6PGE/uqTrUqE0avv69VHlZU LiRpN2kYJEcC70RQCNhzoXNiS41g71hXKKWy3OerAWbRzcWkxsFwfc+fMLXJK2yxp6v+ BvNc60FaiY3nJTWDcnj3UzAU2/U9QwkfF3ZcR80q4U6MdpcKdDokBNpRFj+fRoyM6d33 +3gcE2mSEJegiMVJewDraYdSWyWDnP+PxsxYM1RWQLECB1X409gDpxM6PtuH9gy2Y+4e I3fSx3cWHyJVECjokoWmkTY/mF6yN7/GDETmZ2dEPiXdCMbxU/5RbdhFdJCkEIdSQg/X QHzw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=WDF5JoqJRo5bAaPxyuez/ZDbs5UjdCs2B8UffhraSUL53aqff7ZwSrVfme+Q139jMT oJSPTjlJEjHmbv5PfEXN5v90wSnso/1yH3O2s6/VKL8+OG8dxdMEG8l+KnOO8TN041fs 2EYc4Ybx0Lt+GV1PhE5OU8LHgGJyMqCdl6vYvCZ0bo79mK3+WV2u4N7wEM+yHn8N4mcj gJFHEFibwtjmyX7RrW6qNTljba8RkcbkR530xXm/59SziSG2ICurxB4jsMm7fgG+etbY 6ZZGXMsvNad72Vj0rJXSZF3K3REfpfwpUfpcBD/5DfGTLP7ELoOLaagWrKbZKLLzaQ2C WeCQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=qluDob+L; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id af79cd13be357-91619f27818si35427185a.2.2026.06.15.02.26.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:26:37 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=J/6BehHKzD50BpDTkfrJ+xBtfdZkzNwkUS/5B//J6NOOy5zm65fHpfQL6RXw/YTSLuTKactKDOGB9jOuxX7YQfsqk12UUSewwoIBIQsRir+ITh6KKLRTYjT/z8ch4QN7zRGdSH0LRV5xjvFHWimtZ+VwVN+nIN54J4HXL8foetebX8Y88QQWg8o9uaHLLicC8/2o68KVuH0HWK/ctBBP9vd0mbD9PK5wt4n+V28TUKoFp1AUHLBX2O+ektvz06JC0Dtxeg8f4b2f5htrCTQUUIiHSgeuyCTKwbi6eCRSwIeNPfDUoperdAUNgitUiQKTnduDKdSHDPkElU6Xr0IQlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; b=PPpl+dY89eVYSOK+lT63jOi67/krR66cgP/Uc6Q+KqLvYkmJ7OvWurcpqPtjXaDs7Roug6ZUCUdjX+L9VnILZz0ixCT6Xulw3CaM7UecPwop/IPxmzIIkabNiVANZnsCG17hcwr5Or5pVV5xx+ccRjKzFgPF1b1DVePAkLbkVtEtZg8MddUpjHxoDt/4G6MwV3sGWe6XjrVllbcH44A4B00dRfEpyzBXrVTJ99tyzyyvxIXRv9YQpz+RPrfAqDcRMIKr+ah/WPAThOqljcJWLL+vKTN6dFcP8vrvX9Lm581lIiSOxnC16rHbIBi62Awlax7R2gugP6KeE8djN/mwOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:26:31 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:26:31 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 15/17] add support for devshell on unshare backend Date: Mon, 15 Jun 2026 11:24:56 +0200 Message-ID: <20260615092458.259691-16-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0225.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e4::17) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 2057fb41-3e4e-4f3d-fa41-08decac02f70 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: TqMV0ywWLHNzVITjiXLL2yzrbFp8Se43dpuClAHZosTbZTg3xrwOF4Y/DBHJsvFCOJSSWy+JpNjzS7crt65WGF8mOWmRM6HY8+qzvvJXytjKf8VGaoVSi8LwGBo7nHabg+PHBq975OjdRN6VKMOFkMrsfxWkAEz8FICqFyAlqgAW7Js8eZiQyDMjVDyq/rm7E0zic6ZJlFWRGOaKi/Czumx7YjS+C96Suy8TpdxuwdlllJJud1/NKGEV13U+4chGpDZS6DcTViDlNwtX61bt/RMJ42TfL9hAkDj0i9dGct0SLagNFrVRhF7OU13YgBBRPBfliRObowIXygqAWZDLMnMOTFmOwmV1gSy/9i8OM2ZuHuEaKL4nLblc/8TG3nct+jlDogNgsjjESOSnQ3hyQrfIaBkQ3+2+6ycsPjp7b9sTYOhGktlz2L1Rq317Ba0TAJ620D4fkd7jN20rukBTgrPKhcVcpNOmI9y4B3ZecgkcfVCT0xdFCyA74yAHzzmO4fmq5pvzH+qlgZD7SgpqDTmQ62FFcuMRlzamiAfsp/L4UWZSvAPserkvO+m7wU8gt61qjAz8VP+CWz8n+8aMjQoMS2Z0fqL4cFPtqPIYYP0AhLfRj5B8LlphdBSPGPKkyOaBdu+/BXJqh1J/Bb5FHAQqd58/kU2xJ5U+mcfLgE/9oX6sBxEYtlcFkufq+bQI X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: GrGkLd5O+v9KkKLgGl0IC/QXI2WWsUEiucrLSRFCBIYCb+67260T8ObFjWduPHGY8khDKd9jWEtg4L1irUY/6ayw8/3edPiF7WLF3//dd47+fEKF7g+EdPqwNsoCZTFNwGQBjiZ6ONw8S+9z3dRVFEH+cJYKzchKPEHC7GigCG9thM1BfMp7QboiEO+F5Ssc5ryHUYb79u4LX4CB8s7h0nCQUnpoBbX42GyrYtChvTucE6LrUIzGw7GfHpWSx7D2iciZVJi8k3zTB2XY0F6jNo7ztrRlcQ+Fs36SP9eDVKZkWDTjGwBcT+emSvhzzMrGQ2jUAJX9cyOqdpqLdmbYYBN9LDZHC6na1jGn0Uh0S0nBQKvGAm2L7+JI5gHT+Smq9Py7SRoz7D9qXmvOtHyKpYb/13tl3tbpusQOd7tsBQfswFBajXNGVjkM3WMr/WU1Rgbxx1sYgzrGAhoev72HWPtbSQqvQIVW39aVDskcepPO8b/zf27+lFLshka0tf2Grim1i6fnj3YGIZHWj4Wm18H6bI3n4R41ROzzVGnCzRgXqUbwlYLas6e8H1ySS1STHgsrcTXB9PgWiRDNfLKJ5cBhENBN4GogLgqVzbljWFU9NKnTA9PN4EEWwF/GY6LVZkUFJptJkYGcX3y+oESB4KazH8gCc1knVjNHv+H1caC01wrZI1xHV0Tg7C5+7OeZS/qC8Hlk4sHyMyybq4zrjN/FAjIxocH5ruxPFaFnnvbm4HxWKkF4Uo11thVyHelKGXrFM7fC3EnncWGSGC4i2FHVQe/WBeJQQ8i0uHmSGJUCO+tMqL18SKrmrMUfXw/JMXHkIFNU5yAssGW4aenUofB3PP5rPzt+F0QN8eZG7lUNLkBI1XSvh41EHszzqTPAX+97nW6Tj7yaV6YjIHpw0YayLje7hvHHPw5SCIBsddvVijeU7zOILI4Jvff8F00pdau5Q0+MxJJLrQ0tvA1qQUNAE50JC+dusVrcEwC4hyDE3E8leOoW9mFz8JnWrgYPTvoUGxYxwjCfzckon5GIoGqUKipWjHQbGU0dBX1pbaR6v3PCnz9nAmK94++TgqBCyObK5F9/VvYIoAEAUQrntTlJlWhveLQtQUYRsP7YY8yqq+VFYY+LljEuwjSpZVhYu0rvBvdUL0ubruvd2lIaC1eTSXaqxu5+g/cVCquC5ILL5H24o2J/wtiaOnXiO1DacCFEAnbrvNQURXD4SNbKuvGo7cv2iVMXgw8hqj0PiyzfYaoFl5h9blPPjPVwwF8XQNKVlE/yDXKxtT+q4eEARe5Ke+2e6xlatsmG4Prvd3IBRp/y1PkAyIOC0ffZAeO/3Ju9xHmWBdKmBZyYHNmXxkO7lMaw6WcyK7wpbc4bhRnF/2jToF79PLtiw6jD8PSy2lMyQtgATapxP7+gyKpBKj17dpU3ep9lYmDcZa+I22AUk4UYp0YcVIJtsdqIZl9BIe8gdv372ncNxTvQQNCG19WkXYS5eYI485gB6Pemkb6Etq/FRrYYhNWGInLle+NZ9oIHWpWIc+/zxRB3yKBmNxNICev71LEeMhdBB+/2iHfFD7hXlRZApRViSAREyFSvLD0uhfKw9tQDYKqjY1tyMNhD9ktdcU+3FeA/PmCXqN0TBmQQco8RGj8+TZYQHjrHOoH4cQ9ucdDI1XnBLpxDvfUJXD3y8RgE6Ch6XBwVhMtZOjYESNBZEylTg0jERqqI32wXA4jVDvp7pvjDATf7NFzn5a7GRSpRagCX+3Tv0OTC8s5kv5w/zmn6fw3vd7pBdpdtFNLi X-MS-Exchange-AntiSpam-MessageData-1: qm1VwgyUcff+K+e7MILo8jlhfeNuAYjYlV8= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2057fb41-3e4e-4f3d-fa41-08decac02f70 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:26:31.2523 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6bHcq2oj5htfCH3Nl8gtj5Lw2pXFEDUbHtd8qATmrA5mJHqPmiaW9ZY3+8PhofKGPk9FVBkcEtWpfXaoaBpe6+bG4esQ/+BjaXAMwwB5Id4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=qluDob+L; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 68 ++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 12 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index a0d4fd05..b3583373 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -253,13 +253,11 @@ do_deploy_deb[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" do_deploy_deb[dirs] = "${S}" python do_devshell() { - bb.build.exec_func('dpkg_schroot_create_configs', d) - isar_export_proxies(d) isar_export_ccache(d) isar_export_build_settings(d) - if bb.utils.to_boolean(d.getVar('USE_CCACHE')): - bb.build.exec_func('schroot_configure_ccache', d) + + bb.build.exec_func('devshell_chroot_prepare', d) schroot = d.getVar('SBUILD_CHROOT') pkg_arch = d.getVar('PACKAGE_ARCH') @@ -271,21 +269,39 @@ python do_devshell() { -t \"apt-get -y -q -o Debug::pkgProblemResolver=yes --no-install-recommends --allow-downgrades\" \ debian/control" - termcmd = "schroot -d / -c {0} -u root -- sh -c ' \ - cd {1}; \ + termcmd = "cd {0}; \ apt-get -y -q update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"; \ apt-get -y upgrade; \ - {2}; \ + {1}; \ if [ -n \"$PATH_PREPEND\" ]; then export PATH=$PATH_PREPEND:$PATH; fi; \ - $SHELL -i \ - '" - oe_terminal(termcmd.format(schroot, pp_pps, install_deps), "Isar devshell", d) - - bb.build.exec_func('schroot_delete_configs', d) + $SHELL -i".format(pp_pps, install_deps) + + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + mounts = d.getVar('SCHROOT_MOUNTS') + mounts += ' {}:/home/builder/{}'.format(d.getVar('WORKDIR'), d.getVar('BPN')) + + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('dpkg_prepare_unshare_ccache', d) + mounts += ' {}:/ccache'.format(d.getVar('CCACHE_DIR')) + + termcmd = """{0} \ +sh -c "{1};cp /etc/resolv.conf {2}/etc;chroot {2} sh -c '{3}'" +""".format( + run_privileged_cmd(d), + insert_isar_mounts(d, d.getVar('DEVSHELL_UNSHARE_ROOTFS'), mounts), + d.getVar('DEVSHELL_UNSHARE_ROOTFS'), + termcmd.replace('"', "\\\"")) + else: + termcmd = "schroot -d / -c {0} -u root -- sh -c '{1}'".format(schroot, termcmd) + bb.warn(termcmd) + oe_terminal(termcmd, "Isar devshell", d) + + bb.build.exec_func('devshell_chroot_finalize', d) } addtask devshell after do_local_isarapt do_prepare_build DEVSHELL_STARTDIR ?= "${S}" +DEVSHELL_UNSHARE_ROOTFS ?= "${WORKDIR}/rootfs-devshell" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" do_devshell[network] = "${TASK_USE_SUDO}" @@ -299,3 +315,31 @@ addtask devshell_nodeps after do_local_isarapt do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" do_devshell_nodeps[network] = "${TASK_USE_SUDO}" + +devshell_prepare_unshare_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${DEVSHELL_UNSHARE_ROOTFS} + tar -xf ${SBUILD_CHROOT} -C ${DEVSHELL_UNSHARE_ROOTFS} +EOF +} + +devshell_cleanup_unshare_chroot() { + run_privileged rm -rf ${DEVSHELL_UNSHARE_ROOTFS} +} + +python devshell_chroot_prepare() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_prepare_unshare_chroot', d) + else: + bb.build.exec_func('dpkg_schroot_create_configs', d) + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('schroot_configure_ccache', d) +} + +python devshell_chroot_finalize() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_cleanup_unshare_chroot', d) + else: + bb.build.exec_func('schroot_delete_configs', d) +} From patchwork Mon Jun 15 09:24:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5162 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:26:48 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f191.google.com (mail-qt1-f191.google.com [209.85.160.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9Qleu010149 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:26:47 +0200 Received: by mail-qt1-f191.google.com with SMTP id d75a77b69052e-51949579e09sf52383221cf.0 for ; Mon, 15 Jun 2026 02:26:47 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515602; cv=pass; d=google.com; s=arc-20240605; b=f4Tvs+qe+X6BxmiI/7ZXgzPxghXqQcqPq91e8nsL/FNSZNkKxN/mqzj99XnCodkBJO EGrc1FH700ASdD/uoHdnDMg/jXhtE/R9IbsoxuflwGvg31BwCpYOgbEDTdnLI0Qqv45a CuQLn+kRZEkMgmZMJWgpriTusGl6w+1GPFrlu9JUNcZ73NWuMbCIBvHvWX2qyV9x29Rk hFFu4Bh/vfz2t3Myi9RuhTc2fmS0qPayyR7oVXBtv6XdC13DGUIy9R60X9ZPWSTPtaxj ldOO1rS4UBK+KpWgsUkCjukPByJb0W/Ik2+NkGPridQw5qpX5ds8Z3GbwazZRgKj+WoM lLlw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=RqJgCGqAVVUV4Q3TGsJhtFuIKVyBUyFVCP3F+lpm+BY=; fh=f4+h4daLwvKgJWK7bBQFYpIlQfVWDtYiIfxsGPbZWQ0=; b=jsO7jHNS082dJ9YtpKx2Ij8djIL+swbVuf+hUPeZmqH3kJjpVq6iuQSOWpBx2leLr4 PmivuuFaVWo2Zp929scs952Shf8lmn/Ew7dTfZcksNi7eYSnhDh7auNT6C+AHpGrq80t 3Y8l0OeuZjTJ2pVon5kcNkeTkS6/aYu+Y9YEAlk0ifqvS0gnCRR5wZfeNB5DZYv6lYM2 Evogiv374sUmbMbMmgEnxVgWw84nk03T6nICVnhHc18bKKIoOEi7ekkWQf9Skz0spYNI BwmleK9zfbHQkxedfaU4GXMOVHIDMEfqKOaF/Ybi9nWsnPXiDPDkZdDLzk4Jy7AKUq4l 29tQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wp5QuEg9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515602; x=1782120402; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=RqJgCGqAVVUV4Q3TGsJhtFuIKVyBUyFVCP3F+lpm+BY=; b=V9zkaAZYHonmIC9w6zlUtB9lKnyQO3cNhS89tvGLCRIScKrko8+SS3mchUMBdg2QL3 4H5+4/wbnmFXcBMIyZul2g4JQ2s3Z6oCPXkK/bfimYt14tU7oivUQETSXzGwaa2lYVsG lJtEQv5I6SvOtVzaqtitM/FSYcEA4U67aYvGzpd2oAX8M/zpPkaBhrGuSXGWK0M8rtj5 rQiPEze/1XILZ0wNTYwbIeBtY/oPFr1/bVPWFq9m5KfZGMlIaqebxLXAhqpGQUZk8Na0 I/Lz8Nd1MsfzIaCtzy1t+LQa0rZpe0FhDH2WSOrnRV04hSkNkB/JiIKIe2zFPZuu9ZnW pw4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515602; x=1782120402; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RqJgCGqAVVUV4Q3TGsJhtFuIKVyBUyFVCP3F+lpm+BY=; b=oPlD/Hd7PqI5kj1SI1+5o85jr9hGqYhNDw9RKe/cNVXTY7KB+ax+5Ih0dLFv3aRaEc zf69GCHx8Q2A2HLQX40ihAFKuSRbUVPRkPu4isQ2J89mJOCf4baTgvVyWk73CVv3VOm+ 2UJanGIEbZUBTydVl/nKIxhmr6DLenTOUYaTy+2vnwid+EaAFxKd/tzTLpmExhfHIej5 1WgKyDf/SJ33bRB1FrSyUwCfU7HDQlyN9lExqNbMgyC0VwUxfuEqwZWSABpsI2SLi9T/ R+AE+xLkG++ba8jVRE+p6JUJ/EQUqIL/T41cF2X1/99JgwL35UHDYpyGgf+JnMqr/kfR xC2w== X-Forwarded-Encrypted: i=3; AFNElJ/Ks3GmGIjwZvhjG/0GIhDkdlWAeWya8/mx44v8Z8jPwoBU/TziKj23joeZzYfVPF4SLaK7sCk=@isar-build.org X-Gm-Message-State: AOJu0Yxu4wU17k2P1f6k+iD5IF/vLL4fBVeSYbudD+/UeGd+4wcdAE6i V/iQAVSHj8gO5Kq8f4UtGihPKfmTAxw3oAr9OYQew+Gi86S7u3S50/JC X-Received: by 2002:a05:622a:418f:b0:517:b68a:8d8f with SMTP id d75a77b69052e-517fe51b676mr203588811cf.19.1781515601729; Mon, 15 Jun 2026 02:26:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfpdMBbvGU5iaMWm5lU4czLuZ3vCmr5CjrkKCKd2g/6/Q==" Received: by 2002:ac8:7fd6:0:b0:509:d0a:5648 with SMTP id d75a77b69052e-517f9f46528ls79733761cf.2.-pod-prod-09-us; Mon, 15 Jun 2026 02:26:40 -0700 (PDT) X-Received: by 2002:ac8:5c83:0:b0:517:8541:8b70 with SMTP id d75a77b69052e-517fe604967mr192956081cf.45.1781515600780; Mon, 15 Jun 2026 02:26:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515600; cv=pass; d=google.com; s=arc-20240605; b=kZg+rMCairqjdlFFXGAmKl38fYzo0JUHm53cSNOSK1QY+79fqh+9pDYCQ9LenkNK5n DMOoRpNQms/waI/gq8hY9aA9tSBd0IEAJO+flKeYDKV0/R0nO+ZXkORYh2cruICTpIR2 2P4m66MSh6BlvsIp6UV2QUZrQQd3TZ7rbNnBbEP/jm+3yJtMR/aNX5b4fcfh3jBP5o+c IzJC8fhCgfyccdI6keWTyWBrlBfA5KsKKkY6I6fX0QPa47ARzDMSsWoI+3MK2Cyu+vCf 5LQG6IV4SchJjUcFxC6igpO82u5JNx+cbxFxkooKk7/pn2Idrvnl7Zqba1b5NEjEn3Ra SMcg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=FD5Jq7PxtATlJtVkOTCTPDR405q1Ay0NDCdE+qE8zaVW1LufsFpPQD3vr2HWLEGIJl n+m+2Rx4PaQenyez1wJMVjN7g+cIgEvdkQdVFtRKpFPC4cU7sE/UciT810vozOa0p3Jn PFAY5yQ+pQbP1RSlhUiByvfpZFpDVdqQE15w4rqsRMyQKvMUIFcK+UAcgQKKs9D7uK97 3WOGlM/+pjcjys9THxuCzL+0LdMjZ1rAJEYaeBeE0mO1ttiTyBhvbtkREQrhjqnXvAxi kUOz3OLGeQAW6hoJKY7PMqy0dCMPQDsYsJvfgFgAtN3NqSUAPsHHiN7kncRn2D439vmh sisg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wp5QuEg9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-517fb5ee7dbsi3507461cf.2.2026.06.15.02.26.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:26:40 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AQLtU0/c9LPy9VBTEDJqYDiHnD6+Jgg25Im5Rck1X2Y/g2pRrZuIAdRbxTEx+jXo8CzM7J3GxnZ1JFulp/vfrYCfdd03DDmEHw7WDNZe/luFDNAgC6+VlVoUEabVSdkFhfHdcu6fH5fBDHleEtSdhrCevRH9wRNzXz9hWTLDg7JEZyDBs64xHJ8KXCofKRsABDPWWbeM8mW7T/9Fz2ZWxI5qcmtiwfgXlUuxy0V5azs+wxkV6EV+x+OHt1aMc/dDa0PwGFUIPcCRvenGlNyKhbGJ4XM8L16/pQd/s844FhJcnAOFoXt6L8hMake/gx4dIuz0jNoNDYTm16fsftdbJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; b=ykx8jUiGxDf2UC8toWLrq9Cz3/CyumqCBHHDd3sQYWOk/Joqh0OhBxl8QZ2OsUhcidW5JrovAvNk008Nv9WNVt7hPNWAKMiMFs18rijTGJWVZnEVKzZWn1f63zUKNMvIRXlkMaxgTwxPmvnaMAsnLkS5Tl3KyXpy+kAIJNRyrBzAqWmGBreljylr1tqReq+21zaPEdsHa5WBCDSaZy+ZU8mUT5tCAGG09KuP2+RgizV+VwnOgqqnT+ftfGQ4NSgbiHhpyf8voWx87tN/0mjwHIaMI+sDxJ8+Po0KeF9RpFDTCqdsV7l6ypW8cFiZvmAddDvGDgooABIRbzOEehimBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:26:32 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:26:32 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 16/17] testsuite: add parameter to run tests in rootless mode Date: Mon, 15 Jun 2026 11:24:57 +0200 Message-ID: <20260615092458.259691-17-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0225.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e4::17) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 658d555b-e973-4a4a-6f52-08decac02fd2 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: g1KD6yB2BplHhtoyj7o/4SHqD0ukT+RvLp8XWn9vd/PnK2cMIem0/4Gj0GnJ+mrpOKc+kQy85Rq83JKYGWICk067zfEAQQw+IPyknz7s91nUEGNT+5QY2wPf8NsKEw2egNB/3NoC2QzDRFuHzUvNMToYUw7eVDMwdiWLUkiY01D+EOWlNdJPiwOEqLzn9soD/ISipf6gLdZCE7DKGx/cmLJ6B+nrwnyuLEyiNaGKCL6F9oNy4y0YjSPplmpzEj8JDxp+AdCz+a4Mk2m+2Ih7ami8iGKspXStGNG3iJzkHLzyPCPJh2ImKuFqqSl7jrsG9J1xdGWSCCL5gDGMoJzXyONdtBOSWWfMWbGsOFvVuAhZHqMpbvSiPM/6dS3OCMc53j+xpGJjoNoE15wxLtPQDzinT76x9xMKXjliaHYyUuC99e9OHIIFBCpljiLYL4iBKQJq0o+wqeCcDyr6hh9iSO+/GIpq9MlnVvA84CokoyvcEcNzWEiRcXtVEaUZc6lgwZl+vpsbpLtRdaXdY8NpzG5NAMnTH5L6DUzqiTBT4z4XaXAcnrHp1AjU5zN/8gyv0MQ78wuOwmjT+HYKIyAPY8pt9EsTeYs3eFtSURNe+XXX61xwdWlk9Re0uT7kJfm5kmZmDMbvYuag5QXLhTB1bT6mPo2d+6Cb8TUea3dqTCm4oRDz3MVrlBuBziU9Hsox X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: ASE0zLJLYVFko5543TSSeRxTCbwSbloWTnHQUe7Dgqumo0urRBtFcRfWLyXdq5W02GB7kEAQioKN8Yma91lpOXnVlm8nSvEK4VxFqIqEVozD7iCa8btk1GQN/TgOIgskf7OxyRvAMsX3r6lmIjumo0TDFR4QnPZFny8GCcczm5BjkZO2qPH57iN3/RLHisOzHMC44c70Y7AwE8k4emLGEYn1m4KGugT4sHzX6TsqfJF2l94ixO5wWuQ5BAuJZV3xA36KjboX0KucXl1pQ6MzFiMp4QUKeLDgEHv2+vQ1iJgWSMAXf5VL2rEZ15+t4wkYcL3CZbumY8zB8WmYp9uJlkrAGLCjClRZ2I2gNuC4D8fBwjSO9KFCSpdZmxpconoO5QR+9xRVIdb2FshSlAILKkeJFgndf4CYk9hnlrAdhehQ2S1C+zeD9pfLbPdZ454+tx31uUAOltUT/P9mEPKpaBaC0IqWmJ01ke6UDYNkBcpADnvYzv9PpPq9g4BSmyx4W2d0DqvwFRILhb2ClFHTvd0b9gNtpiWxtppunFGpsdFZKc6JsoDBOvSN/2UglkvmRTvhyMdRMJ7GhbN5iBJnZn06jPGdsSDnO2wlyGQBgFdPctGbt3ErdzJrOsHhn3OkuNOj4z9K1BD+fU49+E0mcg6c4ONigzOotXI/DNE0W4Tvw1DBUDfY8ZA+eYyGdTWfjw2SWDIgNHRiBe9ULynTqX8Qce0rOT/k/6Fl9cFtPKrk1hHjSVYIDLsida0wvg6wD+yRSSHeIxrtbM8GiIzdGKleHioqLjDHm4itNmy6Bl3AbSoZcVMoiN+ec0z+81zBGGNaZo8ZPRFxw4zNtXZ4AENxtmPKsiG2RbsBLTHnRXH0Gv1uyBEMwHjXwadD/Ej8agpWkLjPE4OYbbIsxr5xZBkU3h2iCmDOPVkmjmOMxiwmnvxt4RzGsbFHu32RCYP5g2fjzMqg27TWtvvQZscSGO8EHQfwvwkdX4pWNMWiuIvhJyh11eG93HlTyuPGs0CWP+5cKxbcz3HAg0sxRV8Be1xSnVQXSBgiT0gJuIlDjrTCbX5TfN0uJZ8AjAPhNs/bs2ewV3opKJd4edmo/yzECnxmRZUamN0jHNDZ+2I88gWQuzRycmKwk+el2SzRTz1lfs4jJcOCpu8lVWg3Saggvo86iAG/ti5bRYxPirU7BKtm21hkPuzBAt/6IBr5OFCn95C/fnywwdf4gnrWD4dnFSLMlfmBed+BRY0Dq9MS0BKUxpVXGCO1vmsfZd6pSTplT7k/06mYmJkIVsKiNpV2522fUcoU9AuVWMiA2PrfCrlcDhsf7nDK7HbBu07ZB9MM3aCOQW/Dt399lBAA4TfRIA1GZH2+SPtTux2PpXJH8u4m/897aZr+TR1xuO+VU9WpbxEwvUjtdZAj52EFGLsSVPbsnzN4opArnkhj1Qw7XbdrhX/JSCLahrHG05T6oMYTTU/FQIJe61d2tpFFYJpQ4ARrJ+Tg5R7BBUsQ0na3KJCcMPprIxa4doX9bpT3QQURU3vaKjJaIelJXQxsfTGO5p73anUIR4BkL9OOtd3rpjiqcUgpAHBDBK3UUZevvOVExIpqb6PX+qJ6pR+xfCDsXQ1CF7lM1+iOU6Y8qNi75/ihzdIcV8y7jjLQoT1Z6zZiJFCfJq6OyZmWRePOf2jE6AwOZ+l67j9YV2ZsRV0qFxSYgw9c+sYZP80ui/DD/Y9wC7eiiiXThsp/2v9lqBvJa0PJly57NhIYp1v0i4h61Xhu4154y1jl4vcIUba6pSa9OQbsspVc X-MS-Exchange-AntiSpam-MessageData-1: wt6ayx+MZAmuTMZMVGWSzK9gHyXBT2qyMBU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 658d555b-e973-4a4a-6f52-08decac02fd2 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:26:31.9061 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: US984+U15KPHdTyTO7pf1TJdlsuvXKZ+Li00R5UtL5pxBfTpCo1lJTkQ4FkSYMLtlx56KpspsVK8TVDnDUdKvdOz3JXLbCfv2koxirhQb8k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=wp5QuEg9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= While the build mode (schroot or unshare) should be transparent for the user, we need to test both cases. For that, we add a parameter to the testsuite to select which mode to test. Later on, more fine-grained control over which tests run in which mode can be introduced. For now it is important to get an overview at which things break and where code or tests need to be adjusted. Signed-off-by: Felix Moessbauer --- testsuite/cibuilder.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py index f9cca0c7..cdff86ec 100755 --- a/testsuite/cibuilder.py +++ b/testsuite/cibuilder.py @@ -128,6 +128,7 @@ class CIBuilder(Test): customizations=None, generate_sbom=False, lines=None, + rootless=False, **kwargs, ): # write configuration file and set bitbake_args @@ -140,6 +141,9 @@ class CIBuilder(Test): if not sstate: sstate = bool(int(self.params.get('sstate', default=0))) + if not rootless: + rootless = bool(int(self.params.get('rootless', default=0))) + # set those to "" to not set dir value but use system default if dl_dir is None: dl_dir = os.getenv('DL_DIR') @@ -178,6 +182,7 @@ class CIBuilder(Test): f" installer_image = {installer_image}\n" f" customizations = {customizations}\n" f" generate_sbom = {generate_sbom}\n" + f" rootless = {rootless}\n" f" lines = {strlines}\n" f"===================================================" ) @@ -279,6 +284,8 @@ class CIBuilder(Test): ) if generate_sbom is False: f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n') + if rootless: + f.write('ISAR_ROOTLESS = "1"\n') if lines is not None: f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines) From patchwork Mon Jun 15 09:24:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 5161 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:26:48 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f192.google.com (mail-qk1-f192.google.com [209.85.222.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9QkNq010135 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:26:47 +0200 Received: by mail-qk1-f192.google.com with SMTP id af79cd13be357-91598ab3a1asf365820285a.3 for ; Mon, 15 Jun 2026 02:26:47 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515601; cv=pass; d=google.com; s=arc-20240605; b=EdxgRSUr2xXiUSYaxL6gqquWc+JwhFkjyzRPAK67+/fugelJDQJJDGi5OksWFscY+v de2SXfiRu55pa0Z6z6klK4jgbzG+oucdRSif5VUOr4jw92SQE2lT2q5sJvjtBN3lHlGb h3NiiUlpk/XteVjRldeRAES4Z+sgaqSjnH0a4Qo4A+6Au/Vi+trDtwIGqULvUyblfupZ 2V8V/j/EJRYxw3A8iHb045tIj06YIMj0KFfJL4ruEmyOMwyOUlOzS2nrICPSzMVYgfqi yYgMunQDFnM0/Qmoo4wZtbsJf/AUGqfhvvLUQoKLMz+7nUt5o6b5Mgq42nn7TSEEqwp3 4f8A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=SdtGPSs+FjdGqVrVAjyX3jMaoaD97o1aBznJTQU0wCc=; fh=Hz+kxayqGKQ7XcO8u2LtZ2m6nSy1404Kc8KhppGOyoU=; b=URYDPSBmSwk/3ttdsTVCP4FETnG47p2HySmCByYC78/bysJ1VEwAKXm3qa9Nsnxr8r o+D4d9IM9tb8KprKTbgtTBThX9pFrL9L49DMZmYCbWwUj54BKQTrRcRDCr4sVaAhpPg/ Tdh5cy1CdWtHYV1U8+/qGHk0nr0mJHScsbKE2CgCTi8pJMoAE11up0M9WFWlwq6uNseh IIea+3nh4GYyuljgXL/nIdphvDmcO8shBXVwhg9PhR6n8nLNXDicxA5D522AMH7FRFLw 7SPSZTCovoByoHSb5OCBtJEvDgU5ZRBGEyhXIUGjMdOEcKnGDjZVF6i9yndqgqazkXCu GOYg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ocbYRY06; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515601; x=1782120401; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=SdtGPSs+FjdGqVrVAjyX3jMaoaD97o1aBznJTQU0wCc=; b=FxKBORnY4xGOneZgGfwQHP5xljWLN4cFjfTpQEH41zxXr1HJBxVn86dG1mGXSyIk0K LCJaw8aFWQD0AV6RMVqZSoXtJTehhyMsjE/KOvDNDVpf8KvDC7mDNH+dgLys6fFZ0gMs wXuprFdiPkPToiXx6h63gFqXEpzKX+vFF99wK38u/J3fbTyQ9m2kLJ42FA8ypZhITM5p YamEcLW5xZqyXvdyc++KPjf7i6gVJXAmlIJyiIlBzFRH5UbmRkACJlxeNKcvV8sTKFxH wqUxsQDfV5v+Q+KGNwiCptpSZ4ibBelED3aIWhsHXlByAsO19mDp1ltZRGtzhAbucuYF 2qqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515601; x=1782120401; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SdtGPSs+FjdGqVrVAjyX3jMaoaD97o1aBznJTQU0wCc=; b=DPFj3AUfCUVyvPK3voy/4hTP6z6yj8mica7m+bywqC7Tb70XPmSzSKxrmR/vjujyE0 zURQjvQObZTTWX41EZfSLpVP62nnIKGxg1TYjG5Buwc0RKT9P81IhsxIB0G4T+QrfRBz Cp78O6IN8hYpnwYXPwj7sYB1uw1Xf469a1xAu746Hz3pJn7Iq/qs5bfjWrLXcLMYZMPT PGE083mnMu/oOYMFAQKerL6zU7MWXvtLW8GW34LIBc7qtfwnK0wWdaM1punSGaap+j+B r7WA/l42fHytwocYSlPSY0V3gycHqvTk7JPbFWNvtwzuNBfp7R40zVV5OTmdcJPkyb5b K17g== X-Forwarded-Encrypted: i=3; AFNElJ84doV/kK4gKiz7YGC7QVfunM96fqxVX96hJv/GtxOcMM1iA+2CAAaE+dcBHSk7PnXR//74qa0=@isar-build.org X-Gm-Message-State: AOJu0YzZ6pYo00/+9W1kkMNUymYdteaLYiB4/3iN8a8hpwhprAqsNAUL AGvHXmnJx9GalHROOtyI72/I2Hrdrrlho9JxaGZRLfN1ymtx4fewZB+n X-Received: by 2002:a05:620a:390c:b0:915:6758:222c with SMTP id af79cd13be357-9161bf7229cmr2016181285a.46.1781515601045; Mon, 15 Jun 2026 02:26:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdNif3/98202n3PEDEIgXeM0Om/d0CUKOvGIRUX49aWsg==" Received: by 2002:a05:622a:8:b0:50e:5f76:d8b2 with SMTP id d75a77b69052e-51983382433ls4549121cf.1.-pod-prod-03-us; Mon, 15 Jun 2026 02:26:40 -0700 (PDT) X-Received: by 2002:ac8:6f16:0:b0:517:580c:bcd5 with SMTP id d75a77b69052e-517fe22aebdmr189763581cf.16.1781515599944; Mon, 15 Jun 2026 02:26:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515599; cv=pass; d=google.com; s=arc-20240605; b=Yx9Gkef3IRgeLNWI40dTJ7j6SXt4guoVc+liJL4SdWkcq+xG4oWoEIuhGmVwS4Y3Dx BSBBZlvzR4fomiEkcubNq5hMBggEg2PFmtSTnooYvN+M/YwKNitSL+x2YbAzu01f1iJj gVZ3GOl3e30ppX4OJNLy0SbkM+cNS4m6DlloxpIHGwc3T/yv1RdqZLZPtu7Nb6xj2E68 aPTQZ3MTwKXcUIWHezdQcdEaAhfYCWsFlXpdft3p8OvyY7aUCn4maJSomEsLTHmue6xh 6O80lD61uaq72d57B3nni2SywSbXPCaQs8RoTPMJgt4ZNBsQK59o+uZX1dhWEenUK3pR TBEg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=h0jtZJp0eLcVuJ6jShpkgbKGfX8sUbhS9tOu5qzOIVTD67fD/+qKPC/YHKbQ3nzjki dTjsSWPiWZSHa7AeXH4tMzM7tdqGGAX4ZsLsyJ3CuPgiJ1Bl5l0ytuKXhgM8M5FLBQqG gvfprAm+VB7xoTPrC/B3F9sqeg6QVgbeftR/j2v63+WqYrsN3zSelC9LUX6QnnGobKy3 lthe+/qz4hLk0D3FI9Xh45F7XCEfNIImlVE2Bt4Wk79Ft0BjGeES3NuJi4MvDh0Tbl2P G8AeJD4DfMOJRYj5XbeRxLQN1/ojgSmQRZ0aC/vbCmNvA5lUY8GaKMagBCwTZeigQLXe w3YA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ocbYRY06; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-517fb5ee7dbsi3507461cf.2.2026.06.15.02.26.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:26:39 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LHnjys0/vGswv7kn0OuLKrUnsUHg4lebzjUfCvA3ESAROfv4CtOGqaDoPIkevMT9Z70IYKuFoyil/0j7lVLLMqKz1qVwcE4IKhd6YXCrd4RcqeEGNEArWsx12jOkmeD9q4Z40zeQxol8igbizpmwelegORxxQ9mIHJbiekaotN/1YIp/2HuWCmokGS/UXuBRiG3G2+j4/oQt5pbQVXFxNHgGHzhZDuk0ggDq3c9FhlKLenm2/QXWhYWdALw0iby3K7ZdDyzjLaRlARrpDp76/44IBfF1afzmCNK1pSYd43MvwBjcn8/nz8e3qBbxYIqE4KxjWR9arQ1OkiowmxSvug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; b=HWwooGyx33LdtDfz0TUDuAP79EAF+roxtPFnK8OJGphBDuKTq9srs99FB+K8dC8WPXdEyX5MiWpaEbGjYcVkzFT5td2DWrKMtmXjiV5udUBnL3KWUo7fyrUZpwWSivqEeBjLBMjBFLW2Bj+5G9QmXvU0/FGQP6z4MBfHjPpu/p7er1fS/B36VYwVg6TW91zxieNmAnKpr3uCgBkw2S/V+WWyouii2mpVDb7D28Kfc3y/gpPxjOCUU802Z6rH0rwQF1XHOLiDLVWJin1HpDyp/Vh0+f5175CQzmaEHBx7uR4SDFP2VbvOsdaFIYNszE8ecIFdOccWhJk24XGr7fOB2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:26:32 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:26:32 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 17/17] run-tests: add support for isar-rootless mode Date: Mon, 15 Jun 2026 11:24:58 +0200 Message-ID: <20260615092458.259691-18-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0225.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e4::17) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 87a74221-5a5a-4ed3-0f60-08decac03033 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: 9Sul7qsLt9jTD+XKv9mssD9C4VhjxYxOX1/saAmPJs2NbCYBkrtOVqtwPf0RWWWw4C0Gg7L972pDPhiDZX51Zq2ebjAN2E0NDMbBTvtW8EL6ZS2LRsVdBtk9wSKk646/XCv2p6UNdxTtRNb1bgFDpgx0gMaj73pERWl77D6cFlg2WPpouA0dq3oWvd3HJYBv/FQLlnHirOqwJF4JRi1lyNfQM5VB/Fnz5nw5onqB3PmUoFEoOq5bGUiMIdw6M0MGXU/GZA8usXnAKDif9eSHFzTYZZH1aisEQ3DecG4qi/fxfIERwSoTNMre0lYgL+ipQ1hIZlCw0DoRuyriv/ielbwyXf7Xn4yUE/GT+eIZnlF5ZjjdRsRMaY/WYAXA5qWr9aYTrx7lsYbVt+97MW88hzG42wpQn31yKnuvad43mdmuBukDhPpJl/1rnCKa6Twh62WcBm167tAIm7QKmj4rNLa5DGlpN8n7yOBYUf5zy5e0Hj19rdZu5Y++kyV5eT1XOk3O/0b5chA1YlfO6rV8K343mSdCM2++LjqFaqm8gXj/fdSDiDAEQ34Uy6CU6MO6omLeONc4O7dU8smIegyuQdgeGEQ4sjMsWLavySA/jGnHeWFTyYbmCxrL5SpoPM2+odNW4b9Nk+NkuTJaGVwQvGKHjYXNpfjs6AXRj9Dov6U2ei73mzlVeHmPSeoaaYMt X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: GptCX+jBXyI6uG0Jsfx0SEdWyWQlrQjAV8CPzjfTJTtp3BXh7BhB36gZ4jiaKrUQL7vmsbR59/82y2Ape8PLzs8w9qbxJSCFen2aEcPpc0v/BRUSeCWw5haks8U3q+DJzqhRAPLrnRBcU1ipJRMZ55sA8cZw7hYH2FhLUHWAE1HizaKEITH0cgV8539iRsC94KPoGc5pvqRV4cu38NAcV/cRuuc7GvsmfOHyGATMViThW5rx51vz2dwBHsmFWPqjR2tusSmXWPxyOxQKDoka6YDjywZe9WyfcKW5nY57YRtCxa6w1bQ5lwtlQxH0wOrddqRinbs1NwAP7pes+4b6vb7WKS35haQ5B24Qzs+qryyVm84tr4G4Gf8OA6e5DAR6+qdrbvLxdjoWp/VDFjbH19F9ME8+wqMWvY+Mw6skmV0etwTNiporxg4slGgXMbRIvim6ZJNJ325WzbuzSry/K2v+vLH7wyTY45HWW1Y9q76psp85JqUaHU6TDgE/oNaIApOIVC00LpKWMlX8GUmhnn+SU2XI+WyZhZc3vRdHNJxrypE1ebSwfzMMPwdUDcbG+jSk3F9yqO/6BXvKZXjsp4HGnpxzkgdA3xrQpBiBwugNZR6QtODMLnVuT1HeB3n3uds07tFs/EkzEVBzPWb6JNSlGNLvbUSq9xWcnwCdJkyjN/UJF9WY5Dipoa2PJsYre0dSc4xUyXcHxMTm9OB5rjn+88fxz0XG7EyaB+93TIoC+UaWZm/VHGamiF8Xxz17URZsYf4LPs0JmbSoULxIsl6rAKZ9AjYzWMZa5qCjUzgyGIVcvwAsu5x6TxQT4F2g5dXcuQCF4aDa9poCXbjVaNfpQvOWHJb+lLiMnEECdvVSOH4pkg3Y1k2QkF4yTuNcttZQXY/VwPZw2Opxk8zrSuKRD/d9f9SBc+Z3Q9BcwrhaYnK+hsYVRm4yx+cLkYD9m9TZpRKYTr+lqZhvXZOFf3ny8e8ej3C5u1Z4Br90OujdabflPiiJvA1Rw4HRImDNxi+fMGfjYHQhdAISrP17GDCT7A/NW6/lPvxwJo0lYbavssrnNkI3I1X04S6Z6s/86p7l5A0WGI6QhkFv/I4OzyLXo65cYbpG04NbvdwJbrbrx5yFwgKn+91yhPbG15Lgik+4mqMHk7v5kMC4lfAZYsx1+mpp2QMyGWsriuARu/ddZKxwOs5Fr3xNvNbIq2jv6VFxlI9Fq1CXbTQt+0Z2FSAiVX22p1i7L5++B/UB2wEar5eoAUwXycAVsdBBhs0y50dE3gi1YtH70MrcwOTWj3IEDiZcVThIqZK0fi5zwWJy4CaNJ15SlY+YZwNGZlj1y8zmEymQQ0F2l9FKHTAimhwMdyMNGs0hJh/2LeQk2kYXHEzX+Gx9Y3Om6CnYfP9cgl/ezMUoGC1cGGACiKT1LnnSxYfuxrwnP0QxyuDQuf20vZWktOdKA+ZW14yV+Bf/pQlbLQCd6qjUWTG3hIi0vRK4/rHWq4S2/YJaRE8Hu8Ogo3roJzpRBZKWrd4nx7DnWsB1Pcrn7OrJw0M2C8kh5sJp1I0zMKMaZ2VxNdjNX8hxHg9zGRK3Y2jFSkVOwTrn6LJnRurmsh8IZQOVYB03Ih5GPrUJpDhe0tdhAmiyQjn9cgMK7+IVZPnxMIU3Dnoql0bg12IjYkT8v2FGPIz6wvnhH6Ym7KVAJiDr6JRIrnyqMMFIdrUJD4tkoOsx7MEnSMwlPqyIFTk1W5U/oFBBjGTrOC47ej64m5ZiYfOsZWiZXDiKurbTRmkY8mZ3PL3W4ivh7l1/ X-MS-Exchange-AntiSpam-MessageData-1: rIuY4Hu8pZQxcOSkhe04nFjgQbjF5gwBe3Q= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 87a74221-5a5a-4ed3-0f60-08decac03033 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:26:32.5357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ruHzCiMhR7z0kfVaaKeC7DEBUJNL4iHVpI60n7yW3+vxho1pA3AMJcBylbkT1JeNkAKzlUGR1XLIIlPGayYRTASfa+OIMkUWfNTGuG9JANs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ocbYRY06; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= If the testsuite is started in rootless mode (-p rootless=1), then start the container in rootless mode as well. By that, we can seamlessly switch between rootfull and rootless mode when testing. Note, that this requires a recent enough kas-container version (>5.3). Signed-off-by: Felix Moessbauer --- scripts/run-tests.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/run-tests.sh b/scripts/run-tests.sh index bce10d70..ed373af7 100755 --- a/scripts/run-tests.sh +++ b/scripts/run-tests.sh @@ -15,4 +15,9 @@ TEST_CONTAINER_VERSION=$(cat ${ISAR_DIR}/testsuite/dockerdata/version) export KAS_CONTAINER_IMAGE_DISTRO="container:$TEST_CONTAINER_VERSION" export KAS_CONTAINER_IMAGE=${CONTAINER_BASENAME:-ghcr.io/ilbers/isar}/test -${ISAR_DIR}/kas/kas-container --isar --repo-ro shell -c "$*" +ISAR_FLAG="--isar" +case "$*" in + *"-p rootless=1"*) ISAR_FLAG="--isar-rootless" ;; +esac + +${ISAR_DIR}/kas/kas-container ${ISAR_FLAG} --repo-ro shell -c "$*"