From patchwork Thu Jun 25 15:36:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5177 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:15 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f57.google.com (mail-oo1-f57.google.com [209.85.161.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbDnM004429 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:14 +0200 Received: by mail-oo1-f57.google.com with SMTP id 006d021491bc7-69e8587d9casf2305376eaf.3 for ; Thu, 25 Jun 2026 08:37:14 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401828; cv=pass; d=google.com; s=arc-20260327; b=HKs3FcI3PKY6KSsX9LwBW+LJlvAq0iLbx1c3uLr1giBsqoJOQFGjoGz+fONPxtEeCg m59cRVjIgVNcMdmMvOz8AZhBuwtueKXI/54DzgpH4cZop5V87+Uwgc5bybSvsoZTHLoZ 9mGKdZGgHLCWV/bXjVXNqg/w45VHgWKBMEe4RwWVXkA3VUf7Ux9IAz66UofuKa4WzBB0 mL8Pv93Yv8u4ah3Ert1j0xazZqkfvyb3lKJfHMWhQXyHJoc3ThfcigpaOqa+IOXg0Lm9 Iy1fOI3PUv1DYVjAUjlxkmm1AtBdATRSGKqTfZgx+Vq15XumFD6z/mkIebW8KiTHa1Q1 g7Xw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=GPR42oSH/TXhTb3GtnB6zdw6wazZjDZXU/ucfDYwpCM=; fh=5LLT4XACsgXe+NBQdoXA6UrOJoIIvX5qkg1kvnKxctA=; b=I52hwYCTOJQaXW1mFI7COVIGaZyblZT0DvxUOL7EPZzA4a7l8eKe6lGzE5tCUvHAH5 pxe1Tgjtc4e16Mvm+DH4CPtlCApoFXmFoGuX8tFAFsw+Rg9idhSwOqM84Y+vcy92cucQ gZ6fxMCFhc1OgIJhCJ5bRfiKN1XZeqN50hsWOYCBW+ssdBz0W25e8eMi+ph+WFcam8Qq cko17Tb7F2qXCOF9WOIi9s0mfN+wQeikg3784rq/tayGBI9fPtUQNSrpC+D/LnWT9lA7 rrg5Pp+f645mpCoWy5sXAd/hQbPtl/KsiqBQsKOO6zq5b8k7hbtUHVgwlNu7Lt4TSQGl IDlQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bx1YNPKM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401828; x=1783006628; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=GPR42oSH/TXhTb3GtnB6zdw6wazZjDZXU/ucfDYwpCM=; b=TND6CYHEcaxQwiCvbpI56NcRkfyyWjV2L+dduKCMFWNROCla98pDdzA4fwtZN+fYla i7ROkq7WeveBYDXErljKyeK1w53aAOeQ2cHy2vJXluBq0vTqV6PVq6C70sV3ZDIumyci MHLGCED+x4ekmRFlktGuOyVBc2GQ7FF9ezh2+XeZcG1RV4OLcTuBg50zP69awT+o6LEc 7+xz7Xe9eRf0vWa0nbi6jpkTf3EA5FQFzs4YukjScFc/Sz+nO6vat/Ptao45hQKz6FIx nITb5xXH/5wx4gtEjb363hzhP45F2qDfwO2Re0KbNcsJRPPKlKt2yAaKg+UFNSlKDP9e v8CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401828; x=1783006628; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GPR42oSH/TXhTb3GtnB6zdw6wazZjDZXU/ucfDYwpCM=; b=pmXYJqbXLJXAXAlpLWqgtV7lRcsqfCmw5s5NQe3QgXywUg99/4Q7SL3btOKaO53BfU T0qMKyXAbLXyaR2JnXr/fMKI9yjs9kjBinn9YSWdxAZSva02WRpUk+cg4RSaPRNj/icf ZrTe+ZLaetsC5dt+mP0eB5+q95FJ+HIssUrpzdkziLnn30WN/w19XvD0OC7qQfelSsfi dBKb3DpMsVHzW0fHYVXrq59Ck7Pcm8rUpSVMGE8HFQX2XuJd+onN0parV6y43oWTpNqo yA2diZd25I3cY5Bw14LDCJIriZ2iu9Nbe/MVkHNvXe82tivXAJMI3YTd4ES+ILt9wRLy Eg2w== X-Forwarded-Encrypted: i=3; AFNElJ9MutFHsZYq+w7aQS9biY/vMhI+qEXbRhgPwkPcfw1hgIeE1+AiTWLl/FZB4H/zXvppbaqlrcA=@isar-build.org X-Gm-Message-State: AOJu0YxYwnhxEegfirPxs/Yf2hnbhCCZszQI2yijTm13WXXvmY+b8PIN DOhuUsPHOM0ItR7nRtyWvyW51YZXu0ZpRh3A7G5GCGOPP0TkQY4D+8mT X-Received: by 2002:a05:6820:98c:b0:6a1:2d3a:a9d9 with SMTP id 006d021491bc7-6a135037a1amr2610769eaf.18.1782401827935; Thu, 25 Jun 2026 08:37:07 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUeD65fFhvX3neSA2THeY1Ik7C6GhVJOm5P8wEIehPhUjQ==" Received: by 2002:a05:6820:308a:b0:6a1:323e:bc0d with SMTP id 006d021491bc7-6a1323ec072ls825701eaf.0.-pod-prod-05-us; Thu, 25 Jun 2026 08:37:07 -0700 (PDT) X-Received: by 2002:a05:6830:4119:b0:7e7:aac:4cc9 with SMTP id 46e09a7af769-7e99bf3fec7mr3215335a34.3.1782401826918; Thu, 25 Jun 2026 08:37:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401826; cv=pass; d=google.com; s=arc-20260327; b=AaLMbMlubwRFnAtpvFDtKfnpqk4GZ/+9Bmi3/e9uoYkt2b9/bTF4oHEPqcA/6NZ5uX fsSPAidh0yY+VgQXvu1ttJWk5oXfMKNSKOwtyp/PSH5hBpBk3yzQ2y9Br7m8Hmdv21Ga /FRpDvVv7vOdVFY+GYUgepyPeT3KBwW6pGns+Prw/bMm0Pa1bUIDFeMfGrBeUS70/KgN 37Gg1dCGMvW3cGh7jFHCYIUwPI7fcZR3ykUYZCxhtdfQV9+OJveNhbDCWGq2L2FKsCsj pgjqhdu6fY8ojudLKsF5p6jBguhZfN+xRaepDPPSddKJ4kMSVxcLLtlz6+Kkkd+XTN1A vr9g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=KLyvZMvj1xfgJTyA2ExCBpkOKXq3EjZGLXprxcAG7js=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=BT73YTcAwiw2FkjYL/2eNGn+axiALFuqbXcJhcKO6ZkeOmuAJlTp7xexN2J1XxgDFF AI5LVd7nQofWfTZKk0W3sCkQF9jiSG4V0XV3KpypO736WnQtZk1sqG9Fvgpm3kn5wCbN x4bFMPDlst/wEcL8zbzG1GY7BlvfSJ/sCLHcmAo/cTURvF5euMTyvzri8LZb662wxbpj 2MPeBHSntlnDJl+stLoLNk1dXf9fvn6xyYaHKVfTZjhyksmQv/+dxnyanaSx4VHjxvkB ZfDa5zs32wihGp9IZt9o9SOOryyspnTB9upACRfeyzmPyvd2xZgz+dY5rVsNKXqWVU7I WO1A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bx1YNPKM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 46e09a7af769-7e943d7a747si624789a34.0.2026.06.25.08.37.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:06 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=v30JaF8Bj3AaEEdOrNhCIRN+EEwqoi2FR7RtB+5AqTBDLP8eMGE13HmD6ozXNGKlFowPf2ETFaGxNOjLrDFRd33tnuYk+Y6fI91fdC5RFrHeJoeeYQGViOwMkXLTEK5LHvOhDkqxDiE7em7KVKqSRF16BcfDN5jW2ObemoshzwdddgAks+nP927VZhOqf9Z0jJMESltMkxlBzTFyuE8HW4kifanaeepOP5XRgZ2sI/JBc+jpag3RYN7XK4HjON10kwqpi6LOJiflBfwktCWL6QQoUw2g1s5Ryu5MO4kBzpTMlhYa0blz0OOnNr4dCfBbf+6P+7V+LvhTkyg7IgHyIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KLyvZMvj1xfgJTyA2ExCBpkOKXq3EjZGLXprxcAG7js=; b=xnrtCJWwS5ciul+wFhST9rjiSfPm+wbNElSMi1kbjM94Csd9XGjS1nrxsEHde2LVWyh7xDE4gLaFFPPOScPUZEg3wrFxz+HTTrEdqoyhN2ANgw2r8xUKctoWjTHA6RJG/D3614JTrELdPhqo/gSLCb9C26znVZM1ZO069ZHOQyCSU7e2TWgefdw0Nv1Mm37ylopDbvzVRBhOsxILOwczvc46P29AZKV7j/9+S7IDTkpQBeA/D/XgB2C9fDegsKhkpb9ZQnnHYCFBqE8Cq8jNE2kI7aJQpshmOkqpN1sUGgbOV7Olof353e+/hXJxYKuXnofcJPb5q/R++lIMQINnPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB8116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 15:37:03 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:03 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 01/17] refactor bootstrap: store rootfs tar with user permissions Date: Thu, 25 Jun 2026 17:36:35 +0200 Message-ID: <20260625153651.762936-2-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB8116:EE_ X-MS-Office365-Filtering-Correlation-Id: 6048d113-0e10-4cfd-5ae8-08ded2cf9aee X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|10070799003|1800799024|376014|366016|56012099006|11063799006|18002099003|22082099003|6133799003|55112099003; X-Microsoft-Antispam-Message-Info: WE3oFsj7Q9j3dkDKSYkO8Mf9CRt8qrnaGXZXceyC8Q3eLC1Ndtgnie760wiyRsMlGj0veS0vJbZI/y/pzDs2bF7lEQg6EnOPDACSmkGcJWxaCNZDK8rWylLQ+Xy5kah+N37QF4FUtMAEZM3KGAYIX5QXMs50vD0sUaXlvYVlucLM3spTqsoH2Clvgyht5cVoRmuQxdkqIeFeYrG+IDJP3UOJNT3UrK5o/guvRRw6RuSRBZKH1XVHU8bMAPwvm56V0C/k8Dqpwbaf/A4IiELgMCy5dWYUpQ/32EsHTgDZxzNSGxI8WzWN0x2VFEifEjZbkM6SiYou30TGvPIeJbiEg484vq9GXxzYKqCc2xir7vShGTyN/fCN7ymKZY4TYqKzK4PDSU9UxuG8Pp8f5OWApkCCZ4+ES3STEbSSNjl2Zu7W9l6cXzPzjV+iaWnWIBeWXGjcLOmrRhh93Saygmn/ZMHYEHAvXJMPvmkRP9T7Wl5avvdBDlD7WUuM5t0cXcRjErMWF7zVVm0LJ7LoKfMnGqmJ3ZYAGWURniCE7fqUu7X87shL0XnXv2PuGMG6ZovUunUoC0QD04+rKzW+fF+hS0sT3ZLj+hhnlD1yz9nCibG41QeW0lwURmmuCdM+lykFrryO0NJ798zQ58/YrGPVR9g9RpBTpW6C+0c6xqd66ns= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(10070799003)(1800799024)(376014)(366016)(56012099006)(11063799006)(18002099003)(22082099003)(6133799003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: V47w0q0iHTgblfethNhftucHYmcVF0PvXwZxwbsSlKRGNjWQbxMA5fUa2mXlitDs1WYD3wYvVeSrR6uFPkb4iKLcs+zowopo+bOLd4cI3LCWOqeiBvp6ix5vjGUsB72N5SR8lgc67Iz/JPm3DOG5J/TCXR+2b+8+bZlA5Cv7r4VKMruPPnBBuKSfodCU5/cpmsEZa7ZqkirBV6yXppD4VeNcDUgUuOh5BuQD7xbOGTvd46ndWLS3fEZgS+7n8hvhK8a68cyMEe2iqXD8TFC6bRERq+18Ibgojh7hlJFaUcuKmw/+MH7mLM3ULVC8ZtFcbSQFI/2pTop6/mYAqK2MZo0UFL0n17UVNZt7W3YvtzDOyzudfjIzuV13o9ZZ6HNPfF5n+9aCntgGJEWBewo+r/AuQAyZYHbPN0SOBB4cgEAIiXvuJXO/xx/GvJAUk0Cbfu/qv2GlUdsWCeRx82xyM8YUvIddwjOCs843O/irbNzY/Fg9ypvg0bol8+P/ey3UYyPeb1POpNggONq9hLLOaHPGg5/5Lmgtq6+Dq15+enZ0Q4Trm/Pvryouz/tnTGSaSMkz6Gp48nsSkHkUrMArpYkvNhS9A6HL2WNUClitaK0IWOjRyQHCAaRS4YyZr6BR6BujcWANwMbR9lOBK4W9BlY+Go/RYxrrExMvg4aWwhR4J0r4b5g9NIk8VuCyW/UcK8irc4hdR9ZSsSKLEECdMEME5IzaYLNXwvlnN+P0iPAEjO/MgAd1w74KbaRJG2dKRNiN/ocgKpZR6J6278fP/TPRLmTc2BCRYHiJBck1qxWpzhDDSldrTQhqpcHevcOv6XAHB99NX2Qd2ifmW6UsAh48iQF/SsTBFmiSxn+7JUP2VzTJGzBxIN2DX8/8cpVtGhBo4Uc0P5fU/kAK+Q4TVxalZDWM2jVmV9XTzziYn1wivwSwne74eR90BHjz+6e0Yqy3uGtc8Q0ghPiA0DbrBYPz+7y+G7BfnnT9+3cQE39tWVOAGwOXegWeNz+Psx11Sq7IfkmkjlvBVYJjB332Ugv07h+OFmu7zRR6+Tzkm/WxiDCiWer9k9YYqOnCR4xRmv4GcOpeA4oqjT+5luXN9JuhAIiyLLEHe119WhSg9SFgdUKnOZKdDPSi3zW+Lpp4eIJmOJu3ZWerJbxsjYzpUQnlxTuaKJZUsmEyKlXxDiiigq5B88kaD17jXJzAfEDtUJmr7NUYaqBnWt+hd5U4nDosjseQhJVObKZLrRFOv+gTnBOLTtGdXl4KJg387tYXLguK7nWxkDLZHlNE75UqAWLUE2U94Ln9ZcbCnGWcj7WYY73tsDK9HEh+JWVxjrdL7+ThZ15+nB5z6Dj/DfaLxNIVRP3cmUJHwQN8IdaE7qXijeO5Kbti6Eqy/LKVAHNb5p0W3MhXUTIHjFZQxPxK6YIuNVEhaNdXGr5PzX6NpvtHoLl/Sb/nX1ZyBwX61OZAXHTqNAdDuhWFsxL7O1TC7cNTG37zelhzbFrVHBHniOUXrqU1yVA3Fk1d2n4pYjMc+An8ruRoiDAj/wI9v93WAGwuTl6r2ddYUddVY8W5TTXpw6wwIdDH5Rf9DK3xrSNfag8RAsWLqjvvt+V1+cjjG1AyltmOSMXTC7y6hA7rwjOG0hY9FAVYpWA3H+HGEUq6PjMJ7dwYeXTrmB9bSfDUcaza3NgRDgnJaRQ/5DB2l9UM5Ke+ZktMJZsI+5I7fC/ISf2qpCjTH+lZgxNkBoO8Ptf01FhV4z5kZmZFuPyFpkrtgN80v9156NNalQkpxH8h0giHeFa9 X-MS-Exchange-AntiSpam-MessageData-1: mbMx/jDlOF4+RQ/PApYn5oFvBJk3rRRLBNU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6048d113-0e10-4cfd-5ae8-08ded2cf9aee X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:03.3329 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: c3fy+tdVP59VDYB7TVqglXl69LMOBzTtjQWYJNBT+Y9jL58ArmijE7COWAcpTpioOPmDLxhh7aroY+h/RAaezmbxSbeKnbSieByv3aKTwGQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bx1YNPKM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As the mmdebstrap itself is executed as root, the generated rootfs will also be owned by root when stored as file. To avoid this, we let mmdebstrap emit the rootfs on stdout and write it to a file outside of the sudo call. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index e746f469..c4448016 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -246,11 +246,11 @@ do_bootstrap() { ${@get_apt_opts(d, '--aptopt')} \ ${@get_distro_components_argument(d)} \ "${@get_distro_suite(d)}" \ - "${WORKDIR}/rootfs.tar.zst" \ - "$bootstrap_list" + - \ + "$bootstrap_list" > ${WORKDIR}/rootfs.tar.zst # Finalize bootstrap by setting the link in deploy - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" @@ -265,8 +265,7 @@ SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize" bootstrap_sstate_prepare() { # this runs in SSTATE_BUILDDIR, which will be deleted automatically - sudo cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst - sudo chown $(id -u):$(id -g) bootstrap.tar.zst + cp -a "${WORKDIR}/rootfs.tar.zst" ./bootstrap.tar.zst } bootstrap_sstate_finalize() { @@ -274,8 +273,8 @@ bootstrap_sstate_finalize() { # we should restore symlinks after using tar if [ -f bootstrap.tar.zst ]; then mv bootstrap.tar.zst "${WORKDIR}/rootfs.tar.zst" - sudo ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ - "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" + ln -Tfsr "${WORKDIR}/rootfs.tar.zst" \ + "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst" fi } From patchwork Thu Jun 25 15:36:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5182 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:19 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-yw1-f184.google.com (mail-yw1-f184.google.com [209.85.128.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbHCb004481 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:18 +0200 Received: by mail-yw1-f184.google.com with SMTP id 00721157ae682-7fe0184fa91sf542057b3.2 for ; Thu, 25 Jun 2026 08:37:17 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401831; cv=pass; d=google.com; s=arc-20260327; b=MyrszevEe74nMmImLIKxxzXqsD693xsFwgoDDndZWimJ+ygtcahv+spC49xCblmIki dvOPcEym1JgNhH3XSph+7ejG+cu0r0JsDR31RcfkM2yhfZoGfHfbmSL4Wt2cvgagT3bo eAnRlnsh0SdXIL7lAumz6zh3M3GXjERlqzbzDGV9VEWESnKF3L7diUGckNzCverKaDJ5 Xdr/W0eOIDs6l7xuiEJInA+yMFfHFL70nUeu1WJiU2q/Pk8Qn4nxep9/wa6VO9PWeoe/ T66NclMK8C9jtvz3z9DHxNAoZkGl/fK0aiBAi7mXKlqk4O0Q/mlqeRhC7O08Vyb+/x/c E84w== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Ta7FIPv0oORROPyJCXBZ3Vyabs5h3iLgXb8vtHMDd6k=; fh=XB23IDHGSnLnOtBimNG6xKd2M2M1be5dpc9jbpdEjy0=; b=M9vNuBGScc5PnzAZilNgqkQK0OKF1dkx8t9h6d4wMHK4Y6ypxNdV8ah8RJ/VgiEbES ojLsK81H/DYIFn0pIUDpGQE/1EjE6A09/bPDT9Y9fvtV9AF9wYTYR7QWjf9MmtFKnFD1 M24bmAX8XvZe5yTCSMlGz35mBSiXjhMMkdW7/VBspjLmCILo5YESP7K9xRlRgvAhTX8N l8OSKg68P69KYanubmSQzjyj4azTYtgIXFWEr2iVkCMDHn7vWm309SvY+nl0pCBJljpA GLVkHtSRikgp9OKE3RA1tBFoIRMcHB6MGn6vYBUeK8WgOsJmUddzODAYKu5J3l2H8s9u VpSQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EqWtAsVS; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401831; x=1783006631; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Ta7FIPv0oORROPyJCXBZ3Vyabs5h3iLgXb8vtHMDd6k=; b=MZ7Pj3R+bCVIb+9fnhor/sMh05+ayyQd4FViBKSM/IOg8hKJQwlsoDhqz/bSIYJneB Qe0b6FS6pLZNL8Q/3aXMIGmuEKyUgEJuEwhiVUZeksd0znTRmWVff1TmpZh7rFUcxHsY pF3rfS/W1vDCimOS8pAuX1pHhSQXAuaRCXD8/xTYZRRolPgFBqiQqtMa8N0adUwJnPfg 38VlLW0fmI4piSPZwXgdA9KfWTeHnXpftZa3FaJTmuQQp3mnXzaykHXjaa0/okfSDiKS szbu0xr0vt7aaG7MqYhM5fziNSvpR4VkDLAyZc8eQlMsBhSgG8yiMLim59bcKL7wf7is oA7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401831; x=1783006631; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Ta7FIPv0oORROPyJCXBZ3Vyabs5h3iLgXb8vtHMDd6k=; b=iE84NIFB7MdAcS2Y5XZO/yVKeP1tl8fkpWlk0AamqMynXnNkHQpBSQRc/1CVUSt2re 1Dbqn1mvYZV03oxoL5QAvo6SgBBnLMBw34h9HuVAqJv/0tbHyZ7kPvEw9nnwJUTCA/fb rGf8Ohk3ZDaTkCPvwkM2szf6E2AUS7QyjguYEfp5UII+5wQJmWu3CAmEquC1T+eZDmd5 d2ozGwHyk0V+1+T04nxN3wvMlrTX2+NXfMW6WtrN6AfhLiCVfTPcuOzxjeA0fCvKTb/v AqRoOZTsNEa6VK/bgEnwkXADx7WfIJDM/hXSnsgwGsdYrLps3yf6I8oT2WFG7FAtLon5 xkiA== X-Forwarded-Encrypted: i=3; AHgh+RrXUx8RJoT+fn+EJbw3SI4djd4Ioib+b8NgcuYyeTBEC+6mFYEdqgkd6GBquRNDrAi7mA6J9C4=@isar-build.org X-Gm-Message-State: AOJu0YxPGoWAJvARu0Z9d5TA+sy2z2Uvf/0ImWPFQ4ErLdMnmM24MIXP HXgxTzp8xwkQHTRLhVvWed8QhAz4toF7jFyyEcZAyXQQw/msfJkgwAwE X-Received: by 2002:a05:690c:6387:b0:7bd:6043:7ea5 with SMTP id 00721157ae682-80a688dded1mr29287117b3.19.1782401831111; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUc2f78gKtha7pFcq6fN+RhzGwS9nCH7BwkoeuuRLEYK3g==" Received: by 2002:a05:6214:2a85:b0:8ce:b031:e76a with SMTP id 6a1803df08f44-8dcda7835ecls180462296d6.0.-pod-prod-01-us; Thu, 25 Jun 2026 08:37:10 -0700 (PDT) X-Received: by 2002:a05:6102:449b:b0:64e:32c3:1371 with SMTP id ada2fe7eead31-7343424db42mr1356255137.2.1782401830012; Thu, 25 Jun 2026 08:37:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401830; cv=pass; d=google.com; s=arc-20260327; b=YwgDBX/LJW2TJV/a6phKbiMj4Rewnuf9RgVtCeGRVuDkoptiQQEd6TPe29xVHKcDCz l8D34719SePVd0NkJqWMX1gFU59OfjtmRyO7vbZY7UM3e3bmO7PRgabfWBePEjJY5smy Ii4i+6p0Jmp06vbZILH5ck5ZvVWvVCkRzCZQmYlnSVzmTjk80bB7MO0jRrlXF0rfcCiQ uYjZ3JjvnfzPgLIqg0/iTMNEfFbA6333N6B7IaEJl9Er8iL2TeqTAava4g1t8xOF72Bx eHdd3hPI3BRMK4egz9adXspHKU+dc4CvVgPdVutBUTv2jRYAjcmsfucbzf8UzhKo+Y61 ZEiA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=KjbDYw4pHRssAXH0te59riXxdPlsw1o5WFn+aYomoCE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=dbGYhgU1TRCibID9X0Dfn/KnyCoBqUm9/6B5DZuudnOxF4034lkPrqQXQZdZDZemaf DnadP9hUPNNol4cueaAEJ+SpGpGHX+VXEHUvDeIHU0e+++RIDV5l/VJtvvocVJBTNCrO h3AUeQHzZGXPktUoE1KbYFn54ZVvVHe9fEd8Z6v0IoY4ib2XD3XT556Ryx3sPA5FT0Sr 7gQDJrRMgOoTfEAOeWCcjSyNCbC7Ij8z38fJrntqf6Zt5zy7NysuElGFrz14JfTuqV8m 08ymum84yN6PFXY4LFMcp3WFBtugvPUn+9Bm0SLWiIGsgF1JX2XX6P3Ph/fEV9UhJZQ7 bsOg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EqWtAsVS; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-968fb56e06csi87340241.0.2026.06.25.08.37.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:10 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Lkm/UGZ7XAKZ5s3ocvntj7I8HIaufu2S2zFlo63XmRMMGtXzi3DM5HSkIQNLbJ24XMtzqESJKYgpNxDY/3F+3mWq4IrH890h0BPxFY9PCYNztEJ/8llCYFy2HcIIkVKHZiozU6jWI4Etm5CLmvMljuY4Cb91iWsfpN7wTmXzxOnhXE3cwmISwgAm12+JCPLIDkiaforOA/7pJ6ZVZ7UeAmisoBBi+o3nnNTDtexZc150FpVbKyxCluLHsg6AiiyLSjd2htt04glxA/SYl3MT+QsEzm9m+qrHmBYNeFvRhU2Rj3aFsjN8klWmZnnnPUh7XC0+UGnFtapotZAvCoMSAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KjbDYw4pHRssAXH0te59riXxdPlsw1o5WFn+aYomoCE=; b=xuIiiS03qUTw6IzJpXOqF5iIdJwd57qtyfpAl3Jbl8hjWoEpHdKfMhf/zdpHthSosc+suENRmw/QCk7lss5LifHrH8DoLTJO4/cGx6qQtxoRFuugXrbEhMOHopZ5xIKYzzhMx4JU8JEOIzmMOASEhR3YjVzAqqoefxCa1R7K7QyfUMIzi/jcmSTDUakGpA7euTpeNM7GkCNaQHNyU839T5Ppsi9mCzSezWyxEvBTv4NFgj+/22s1DRPeEG5SkbNxVIVVxIf9ltMGtxjRMZ+oF1hgG8QIyyykDsATx9nZXZjbPXk/GqPDr9EcZvhD2pujfyKsXE4NDNcTO2KtH50COg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB8116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 15:37:03 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:03 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 02/17] deb-dl-dir: export without root privileges Date: Thu, 25 Jun 2026 17:36:36 +0200 Message-ID: <20260625153651.762936-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB8116:EE_ X-MS-Office365-Filtering-Correlation-Id: 22854cf4-859a-4193-9c3d-08ded2cf9b31 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|10070799003|1800799024|376014|366016|56012099006|11063799006|18002099003|22082099003|55112099003; X-Microsoft-Antispam-Message-Info: 1dGgwvHDa0unKRRjox2l/fAU9rZwguWtvHLwcIdhoQP7pyqEONs6Lx8mo/qV4e+HKyZbTeXgqHZjyO8Ol8M33ol1CVq/fSVDEdVRP6Fz4wl0ofl4NZzYXcGWkZMvYcKlFxtAPOQUqKOXlMio1bAjQlbyNlu2TryCovtf2FlKZ0Xo/na9gIbfFUEmRKWtjliICTD4lpa4Bn+eWmGood+X+UuMaFTzyty7WtJ2g6FdwbDdoY3mBLWccW0uoG7GuIR3c1TEl39dmaZjVsZV8osafgXLko/YS9louY6hcXGmV0B6PHqQUsde0QPLRQmr9U7U0TXyWRRAdTNU3p2J3qRHmbgFcHRaZbffWX2hnbMlCC/1GtWqCNjWThuoKHQABDIUsVwtQooj7qnn+zRE3+sIyJjYr1ZWmHZby6MPFc3BXD+3ie79Aw0nqbq4i/ixE5JR0LF1hcf+ZbKcDCRwK3qbCO3heNXLNaou4F7+WfUxVxTKfj8uiRNox5c3SyvMdIJzMTUbjg2nyq4AkdTWLMBGYfBaxejOFKFc9hReCQ8T+sfXmxUIuXzQkkRvIUPdDawwwupaIyiANdACawlRhs5Y11wx0B1p9r3OyBSaB80QM94AK0WCTwJtVAyO+vp3aLFNL1J16ms7dAAGai4HhyxLbM6ctrcorkp1pub4/BiOtpY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(10070799003)(1800799024)(376014)(366016)(56012099006)(11063799006)(18002099003)(22082099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: ErNZ4+rYX/2wJr09HOYBYNNY3at6K4A/0oBB+kRfWk8QgjXL7/EGK8ZugDdfyaguzmcO2rhxQo2Jn+k3TfQ98L5YMIBh4I0Nn5UcJZ9YTfafbIOp1Gm+NN6YbX02E5DXw81rBTKaeWXa1/E8wscPKCK9srskh+87YYPzJcgTBF/CZgxDAvagd9sSwRTzZwDNsayPZ9l6Sywp9tlZY50daN0xpYPVR/m5Erfi9Uaol5edz7LeYdSOUoeF0uo94fZCIEj30CgZxEAxkIPhStM7+9NNqlLcZIXrbuieAKct90prlmZybisV/4QCqt3D+aG1PY7Da8KM0THcFS19/H7pQZt8WOnXeCkaezgli/MwZaF6cbueQC+Hr/gao0jM87c1Y3TOO9oZFdgN4o2JkgU1cw6xBLnWLUjYjsLxB6CTRC1gpTjhPO1YXboFHAk8hlyyfx8JkxIOKB8xPBEA7oYYOWEzhcg70ErolD+xu/zOPlQeiGJ7QNF0EwhDZgTRiFESotL6VqnOPszBCmOF9s8ZuGV3q5Pe0RQGl0zM840gA+rE3ew92+NDhhb+0/XGskvMZmWjp8LGUerOGhCZs37kSqNds1b/xKzBQW4b/jxbH8pvSsgkyBVonZWjJT01B9MS6VVrhlYWFX4221FLm35qGnFBxL++TfssYl/88DGoELqVK+PZ3toOGuNerW/VIPM8mWH++KA044+eDoJ6+JkKQIBX9nPwDYusOHBP5lzznVL3QlARPDiycH+7W726bJk81Fv0MDBTHZdfihl3pKYPReMaPsYMR5H5BRmMQIXpr4WcnuAk75Z2cZh/BekwniSVvuR0OL8IGjP3AVUHLzruKIW2teQjndfHUWzNFc/hSnXcRlyUYSma1n92PDtIrm0Bf3X0oqCSHYyOo2QsEVrFR/do4VCk9vU9DxBvRrZiiRMu+puNYCqGPznEQbWoNV+rBsJ/qWHew4Z7d6sWWoYKDviW360ojxDFrpYMGkJRByH2yOVI7SoWXCvoCVxu3GWninRNC83g+HQ180jcHbEtXj3edobTxVA0mi0eKcZ0ucGg7fBPbijO7vg1IGvPF1HbvHKt0Qc1geoz+7jrZYciut7DbVqfDa7ykzm3jZtWvRyF+um7WLOCzzFWWTfMqZP1zmLdZdPP/Q47pHvLzFKSaYQbJ4FMsNG7+gBE68A3ajNx9+XF9rtPbQWovDh3hrrJUCyZYskz4CsKTXxaWtCA1o2JzJZxquwTR3gFf0SN+mqAyAZRXTGKayFiqUuTpFWQs9e1we4o5wR0u6WL07avLQcqOmgPEzQGesOBFIgP0m5bRHCbAshx8FDXJrwis0ydbAjqKGaK8zgXX/zbyZdo9wRXcoEp9eY41R/45L6EIybAKA1ok/47X6zVle4V8PNs/P6O1TTnaRMrOjuMGtPs480rxcGbd3iVlwFBVCiLrdRPLb7aX+XuqXzNoyUGPFiyVeHEAE/SO4V2k2FF+ewNibhTdCmltVwz1F/bYamM9yW/I5ZtQ2fFAArmMnf/z2/YKMz2S/EDXKTFt6WfO1lj4CTAndDrdMV+7SM2u2bGiyMMKFphTztLGHc7DaMKPvvXTLnrye3c3QETyg0uVNN4iTArK+i3Hf7xjofz2yVQBUpdqPwFg5qLf2OhctBtyRDcZFdxIzzthSbNC8witn5SzSM0HfumSNXIoh/bySsz5H7Bo1gfnVopcqlVAT93SbfkQ7teI5u4yCHCGq04Lk08zb0JtGK8yBbgbrgm97ZDy0aPHESbmW/wwtZWavVkKSIPPMoT0feq X-MS-Exchange-AntiSpam-MessageData-1: SqqiT15ShySL9IndtDoaUiT7q3VmDDxWUho= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 22854cf4-859a-4193-9c3d-08ded2cf9b31 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:03.7904 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IBwyJCc4/S/BjLStTwfD76JLxnccCJ1gRatQJC1Io/W8WTYjiFopvVTCaxPWJZJAOWcgX2KTniDFmH4amonIwlQCKSaNaQ7p+gZDTP6FRz8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EqWtAsVS; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The archive is world readable, so we can access it without root privileges. By that, the files in the download dir are also owned by the calling user, making the additional chown obsolete. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index cec7bd76..ec08d739 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -152,7 +152,7 @@ deb_dl_dir_export() { export isar_debs=$(${SCRIPTSDIR}/lockrun.py -r -f '${REPO_ISAR_DIR}/isar.lock' -c \ "find '${REPO_ISAR_DIR}/${DISTRO}' -name '*.deb' -print") - flock "${pc}".lock sudo -Es << 'EOSUDO' + flock "${pc}".lock /bin/bash -s << 'EOF' set -e printenv | grep -q BB_VERBOSE_LOGS && set -x @@ -169,6 +169,5 @@ deb_dl_dir_export() { ln -Pf "${p}" "${pc}" 2>/dev/null || cp -n "${p}" "${pc}" done - chown -R ${owner} "${pc}" -EOSUDO +EOF } From patchwork Thu Jun 25 15:36:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5192 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:48:38 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f184.google.com (mail-qk1-f184.google.com [209.85.222.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFmbo8005687 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:48:38 +0200 Received: by mail-qk1-f184.google.com with SMTP id af79cd13be357-9157db42dd8sf5590185a.2 for ; Thu, 25 Jun 2026 08:48:38 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782402512; cv=pass; d=google.com; s=arc-20260327; b=DT204Wn/MIj1gzFrMwwV33gYK6oAPKi9GxvJ45+WeItl3Rjhbqa4GGSDJZYlG5ANn/ VHKJLePke2Xm8pjWyPziEXQrWvGOiA9yqqA+kBgSC04NoBae3IlpJ/GCgINZr4t9kpSj g6TaAOf9+7wWrDl0nxc3El7EXxMD+hx147Sf6W5IfwOeTNUq3ympHIg7W8tQWZrsjjgi V9QkuZuQ+sjm5AI2iNRFGvxZHZW/8YjQvtcCPWUjjNlq6FCRWmRSY8rBprUKap5zsd3w Lpeu0M3AL3LlPEzuZaJFEi7eSp1dtyzsw7l2QMLnmfnoZaeaxFfiYwyKzb3GONSWsy/j tndQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=M1RLin0WtjvPkga0o6D67W+K8gAdhc4dWZ9f70+Yx8Y=; fh=Cf7PW69LRalmdm19PxpxZA95dPjkOoFYQoadVfoCQ2k=; b=dzCjaHRYCGoLbk62I3t7+1bU4JVEutc2Dd5BilK2PpEcdB4kvles0uWkad24uBTiDG FUBzjBQQH9R8pN61E/GU+is0yiwUDuHY6SxfZvH3Nwhd01DhIm8oJU+OUMJsZ5apr0VO zwNxLLDLPpkCCZrelbY/y3thxyMcm4aom7HFnXhuaejsjM0bbBSiqm+lp1unsFMASAjP vV35L6hFEYobbOGJ4WddJOU5YltPGfQX6V0+2VEd9CNiEhvYCbLOMXNBMSvED6RmeIEd b5QHcpt8VhpBpwIxcmo9e6b390/nHINEe/Ljw80VfcB+G8X4ZNEkL5EBMgJQ0U/HaiZ/ CDTw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=p4UbFrCG; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782402512; x=1783007312; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=M1RLin0WtjvPkga0o6D67W+K8gAdhc4dWZ9f70+Yx8Y=; b=N/q4GqdW41+VHVIN6/mhjDivH758F2UgWGQdhuj84IpzSMarood9UFE0DpG8comIRD nHfIIFiLO6vxRbk34WImCHKH+gVgaxce7sbEzKkV0p+Khr4AVi8aL0rHZCQux+B1KT+x ngGRYZ0PCDnvDytpWgQSnfYGwtQEbI44Ksk1xXKtIecLo6Jhhu1jvNIRXhakmzEXrVRL rtr1+67AVC3gFYFh/zFjQlpUV8iG6xsAR8bE43m8S3hIlmABTZ69yT9ualQoBsdgMPmC Btuytrs9vLtvfO/WLZ/goHrJh0qie4paLK8JFOddFKltUWf3HNoCjKZcZKtHxBfn0Zmb S+Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782402512; x=1783007312; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=M1RLin0WtjvPkga0o6D67W+K8gAdhc4dWZ9f70+Yx8Y=; b=L7qxyedyHJlw+pgvIbOWfRDAYIldZu3yHBw4q9A2ZSkGnPHVfCQQFh+6G+YVnaeqtP 8UaBUL9rasaqaedYyBeXYWhaUhU6GEfT7WMtngPGjal3dqERbwIgM55jJAbIZZsp4JwT OYoGseVSvXe1zBNdJGiPI3unBLVkCSQcs43F3K38jGzlYqCZ5XEVJXrj+YUcvbUs+P4N 9F28nnMBAvNWQsAvTpDwqbXFkvkNk/o6wp+vwiNBsDV+Fj/SkiY6oCt66bhkM93ttGXh n8ooHQgyR3ozP2jr68zj1XuGWpMlieRCJgoHoAz2cn3PNECYgQGAKUjiBr7op+j8E2wm AAgA== X-Forwarded-Encrypted: i=3; AFNElJ9Jq3eXDwltZ9Wy97AXIr3perDLbuogMwTp75MNfh/cuOoyAD1maUhqYq8ypQBjUPD3qCIZN1w=@isar-build.org X-Gm-Message-State: AOJu0Yy3jBVYdNK6KoLcz+Gz/PyBMzYTpJu9/EKFiVak8SHIemwZxiyW opufjb0lVUOEg62GuzQplfD9MQYf527mMXTZ6FBDpahNBKxib1VLUtBT X-Received: by 2002:a05:6214:f6f:b0:8cc:f135:52ac with SMTP id 6a1803df08f44-8e6d58c2204mr53704506d6.27.1782401831042; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfOB+nMqg4sf7z+x+DGaIAojNoTv2APbgJFKHT+ZC5thw==" Received: by 2002:ad4:5763:0:b0:8b4:b672:871f with SMTP id 6a1803df08f44-8dcdee85326ls95527246d6.1.-pod-prod-04-us; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) X-Received: by 2002:a05:6102:512a:b0:72a:39ae:8e93 with SMTP id ada2fe7eead31-73435d8a3bdmr1534343137.15.1782401829172; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401829; cv=pass; d=google.com; s=arc-20260327; b=mtnYdjB0+n0SCG7OgbbZMXa9daFq0lsecn1ZWYBFfJGMFTtlIE7a+isDmjjZuKMf9F b6GTw5sUqPAv7acljSm6GjG7ec+hsCBPpFWyxpth9w70Ax1E4V74BiYEW+aJ5AW/XxTi edm3ENG6HnCF7DGcW9LQU9plS2iT17RjD9yDvxq19CSDjcH0IUK+8K+DO2LsVjEzZV6P IEpf1FI90klXtufCb8LEJqy893QyGi+7GQ/dmxc2JcTA+3ra+rOxMP5SktKWpc1kmLmZ 1GfbUJk2fFRHZ6hXtlSwD3pWV3t49Tw2ejQld3Eb6oaRFhcJcxGgn5mQgpm0KnlA2Gn2 rm8w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=5K33bkBKj0fWsUSc/X558VUshtPzO9UwjiOkNMqPyzk=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=SLgzVjbKF4rm/YL++ZBFVb745tzWi+CUeXRXPt3HpH/Ep+SW9C9ysO6ZrQlR4j8hqN /8shXTIyDFn+ol1NQMHSnUXtYcjNtzA3QZGVlaVdpNAVNFbQIPfNpczr7vN13BE4P4iP dIkU2WSJ3EwzqdOjcDC2XtXaqWgEUg9ANSbOs2TxyHS8UZXUMljiIUdTHH5BqbhCud8c HrCMQu6q19Ylbumgkl20nPqHgy8xzSYeRqrdWK+UX2V6JByeUGILzduKMutM8EqH5BiE rE45ll8RGYJYVM6fwPQCqlK9B4TcsBvQaztpjTwSoNDNiiCGa5gFiLE/4LY4FethlJ7h 2FUw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=p4UbFrCG; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-968fb56e06csi87340241.0.2026.06.25.08.37.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:09 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fWhJDjVXo7kBAlchGwzVm9iLD7HEQW6+OJAp96hYJ1D0cizTyIKcmG1S4xkATIf4qJviRWsGBoTBUWfM0+zixCdF/P2hFG5bCYrGAyMrfxNtyPBttzb+ruJn1dR3jllxR/RN4IKhWm+AeLNaprWgDip6MVgN69p5CA0VuBc5pgcxGWEPS52LhIqAaLUSNq3flbZy7eiyVwA1mVhqrHbx5mXvxRkbSiHEatgQNu19ynA2Ka3XzH41fPfOYXci4TQy5FNXoEAFcuG+F92/KjcD//S3SKvKJj/bR5ocW8/sOzZrYVOD44kFxUNUKRkHlWiMepZC40tYYK+TvPg4XJhfUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5K33bkBKj0fWsUSc/X558VUshtPzO9UwjiOkNMqPyzk=; b=PoM9NsQfMk7GkOVeHaB7istEC0I0+0Ygmws3ZLPEzjWexCadbhV65nmsmDm+1hMPtduQWMaYByEO8IS9fWnFmCINQ1KgLEhcWOYqWZRhuhlBThsyraPL7I+piFBMhiRc9HVGPaL89PnKDLaIMl5bLAcD0Bvb4sUBS0Kk5CBYA+RUgqHWchQTT9DN+87Xvy+BRQlGK3yYpWcnDdsktARzFIlFE8XgR5ILmzaX+aoEuExd9CcHMey+oaLyGIK+qAQg2v+n8Hplc+S5dVeSMceEBuwwsKvdYgl1bE5TqyPFk3iypDxKjqJWUF9oe17Qv69V0LwpZtuCuM0EHPjX/iINVg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB8116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 15:37:04 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:04 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 03/17] download debs without locking Date: Thu, 25 Jun 2026 17:36:37 +0200 Message-ID: <20260625153651.762936-4-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB8116:EE_ X-MS-Office365-Filtering-Correlation-Id: e9f60273-fb03-4e95-6f8a-08ded2cf9b6d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|10070799003|1800799024|376014|366016|56012099006|11063799006|18002099003|22082099003|6133799003|55112099003; X-Microsoft-Antispam-Message-Info: kdp1i6FSD+77uU22eCUd933g7fhH4K8orulxB61e6yZ/pDTu+ifrtxpomaMnws3VujFrPceLBbD52k3YF50ZFjaZ5FlLD3yaGiirH7JD1NdvGFWoKEsx5NyTlx1hH24DQhKS7sZXVJy5P8I22l/JT7XV1AwT5VdGjE9b++icfr8pT2hHkVYuZGwjQ6gkSmc5hDY24WmybxOboCY3wbMRbgGjo0WHrDw5qZ2KzAHk378PUuh8IWcZFReeJ/yb1V9Hi44u+Fx8LQ2ZMB7vBMFmHViDwDQ5B29vFg6nNwDM0a0svoZhVyOAPm/XdhzUxm4Pbbgi8S5fJE+eka6AlP1HldpN0h6+jlN+L7V6XOkNsJURn3h4+vlD9VmOwrMyMf0yJSUBwqWEzrAtgDmOf0lrvvsDAu8FOlNJtHTA68j2aDYodslldXGgqTzaZUFbLSN6BhLnOe0S/c2Ktlfe5QKwTXiR7Rvnu2CVsL3oOstGGPv1UkTh7IaGFHcnLPlcADKIGK4txwrTn1BN2NxUz+MMs2hn6ZTe28AXeOjZwwXVDniLDdhkuXxPdYqs1ZsaINOXnYRakHR+QSK2RVyJoGF2xKQLITCjKVqfaodLs2rbeTTLngvNgLdQ3B9cE15r/Gq8UiJ8kgU0s7yI7jR0p+avunRX/aXpbpoYAQ/utEIY1sk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(10070799003)(1800799024)(376014)(366016)(56012099006)(11063799006)(18002099003)(22082099003)(6133799003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: RUm8OwnyPRHVH4799MrWmQcymWjiv3WfwvZBWArwmKkCrbxPQP4Mt6rrZ7qyZ1gFh+ygIGxzo2K8zS+4OoV+vUdHPkhEHpLf4x/cIWUyaPhDs7FmLdiC77+pfiw6vMPO3GICUMV2VKvsNTvtOnEvFkhv24p2FFex3O3e5eMCmPYlohZchqC9RyXTNSga9DexLXM6GyHWEMR/+pj6lNjKoRDrcWrlRa/wzICqk0uyEact6LLDiC1B251lPF0L6PghKobQWT54jCb+IzSfnYZ633Kk4ObiXLXU+j2RAq0sKLcmwcLobPsime1Rc1Pl/1vb20tbbAFKx10pQ/fuNhOu2sB9+tIFhecAqlvAb/aelD1h5ZENjFrv+zH5r6P26W20JtGD3AeNgapNCS7nYPWo5/J7PJt0DkBQ0TA5xT+IW2utMuuVIjXbYuTISN+wWm9yo58r8Mwt2SR7StZoTYg7/6OE4VS8yTNb9Gd7DFwQBZ2TOeqAAW5F088D5zxQUgAPK32iWe0oIUz9BTNX2DzQLeUpJqWsDJI7v3XdnwqbhyYh0oYtmxyUIth7HBWBp9Xyw0cFfxOskFFafOsTzMzTLHza9QsSsI5sKCZAmnYB0PfHJn8ASVDT3VKYwNGy5BxBohbgw4fFeAjQZeqY23sHnoV2PN5sarCUPM3SPKEQUezCza2jD5SitjU3zEzS7eYq9tKmyTogBl7yuCJS2l5uzVvYQT5IXn9exZx9K2PwQHQkGlt7IhanTV+nyueg4zJv6DX3qfdE0RKi/EeMz7FcqCuzcpIiSpMY+js1Sa7B5gmV9lhkL5IR0zmzHAxO+64mboFs0ycfL1SBr6eyDakbMbFSJ+GSTMUAolJ/M7CqS1L1K/FeAqgpkWTmYGsJbYQ49RKwk3dBQU4nFmSkxJV+XDGJWCNYIqWHGCREDRxGwA7rGPKTawHGzR6c6i5o2VVdwF3z5gxDclHObPAIY8fZm1VNfxGWxad9jy90Pgc0/KGv2876Ax2aIiyqIHvk2o8sFu9VZ/4CU1F3QiR56g+15iwxovRnyynV9QEWCo4suE1wfu/AAM4jCuUp/M+6q49a8bE7FLxNq+ON0UsLXkCtmseQpgWEF2ALHtlmooZ95/k2R5gVogv0IZzLrW+0eepfosgQqj85KPVigl3TXdoO9ksa5fRcnrqfeKbwuK00aOXy01fst/sI0uVxnNODplZnXV/5+v0pEzlu8YXoGopT6S6q9NR7j+fh3U/zNxZAlStoO1EshfxNpUz8jCOEkcwGs4s3w55OqfyXqDrnOO1p2QdxaT8hn+c7mniRZ4CUHxdC03ng5LBCsqRg7y2JmC24+CSd3kdggDhlWAJjCqKNCKd697mJnLDYJLMcd3FnLR4YnjoAHXT1uj1D+e2cOARl4EqOBlOw/EZur8lhr2CQ9+CLK7K3cwVxsetJY7+c8zwA5zV+ZKpo25X3ADHH6ZRdTbxRu9HF5uRHf1UnyhlAsgpaTCJPgLlh4+vlU7FwHvCGjY5fAx5jYnWMxQYHjul+NDRmC6RASrh0LRpIF08XRJQ3LJ5xkk0k7sQet1YvVdlhNexdVbQUwpeY4VwLNWPzK1gCn1A/6g8UrWqydWBK3hX8i7IDzuoK70HVM74l7jIv2Jg+dAJIpvqJ0aexFpMhYIDWEQG3GTuc18Jt89tRtrSECRnQEWb4Z7h4xFmDSSsXVs07DiUbHbGK7krmVonWTxv/JPOOA4gUUFefotOVDqinSJmhziEMc6b9W4BMRHiMMinILiemERmL0nPEr4gNkb3dtUGg X-MS-Exchange-AntiSpam-MessageData-1: uv6keGYQa7q0wOLciFY3pzJ90Qc4T1qFRL4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e9f60273-fb03-4e95-6f8a-08ded2cf9b6d X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:04.1998 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: i82aIIn5yFq45dHZ4ftGkIrjUh+Aj+sHaSHez0g9pIeU+3fax7CtrcWPCrs+VGxFtpLvoVUm5Qd8o0AtqiTUol9zBZCCTwZB7J1qvQDD0qA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=p4UbFrCG; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As we are only downloading and we are the only one acting on the rootfs, it is safe to not lock the apt cache. By that, we can avoid complex file ownerships in the tree. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/deb-dl-dir.bbclass | 2 +- meta/classes-recipe/dpkg-source.bbclass | 2 +- meta/classes-recipe/image-locales-extension.bbclass | 2 +- meta/classes-recipe/image-tools-extension.bbclass | 3 ++- meta/classes-recipe/rootfs.bbclass | 10 +--------- meta/lib/aptsrc_fetcher.py | 2 +- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index ec08d739..5b28c09e 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -79,6 +79,7 @@ debsrc_download() { --chdir "/deb-src/${rootfs_distro}/${src}" \ -- \ apt-get -o APT::Architecture=${DISTRO_ARCH} \ + -oDebug::NoLocking=1 \ -o Dir="${rootfs}" -y --download-only \ --only-source source "${src}=${version}" \ || echo "${src} ${version}" >> ${missing} @@ -120,7 +121,6 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ sudo -Es << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - touch "${rootfs}"/var/cache/apt/archives/lock chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index d14d56aa..629796d6 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -77,7 +77,7 @@ do_fetch_common_source() { schroot -r -c ${session_id} -d / -- \ sh -c ' cd /work - apt-get -y --download-only --only-source -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' + apt-get -y --download-only --only-source -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" source ${DEBIAN_SOURCE}' schroot -e -c ${session_id} remove_mounts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 32666311..c90280aa 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -30,7 +30,7 @@ image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only localepurge + /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index ab616b7e..766f386d 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -54,7 +54,8 @@ imager_run() { apt-get update \ -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ -o Dir::Etc::SourceParts='-' \ - -o APT::Get::List-Cleanup='0' + -o APT::Get::List-Cleanup='0' \ + -o Debug::NoLocking=1 apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ --allow-unauthenticated --allow-downgrades --download-only install \ ${local_install}" diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index a58ad031..7bba1af8 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -340,18 +340,10 @@ rootfs_install_pkgs_download[progress] = "custom:rootfs_progress.PkgsDownloadPro rootfs_install_pkgs_download[isar-apt-lock] = "release-after" rootfs_install_pkgs_download[network] = "${TASK_USE_NETWORK}" rootfs_install_pkgs_download() { - mkdir -p "${WORKDIR}/dpkg" - - # Use our own dpkg lock files rather than those in the rootfs since we are not root - # (this is safe as there are no concurrent apt/dpkg operations for that rootfs) - touch "${WORKDIR}/dpkg/lock" "${WORKDIR}/dpkg/lock-frontend" - # download packages using apt in a non-privileged namespace rootfs_cmd --bind "${ROOTFSDIR}/var/cache/apt/archives" /var/cache/apt/archives \ - --bind "${WORKDIR}/dpkg/lock" /var/lib/dpkg/lock \ - --bind "${WORKDIR}/dpkg/lock-frontend" /var/lib/dpkg/lock-frontend \ ${ROOTFSDIR} \ - -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} --download-only ${ROOTFS_PACKAGES} + -- /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT ??= "" diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 4fe5a9ea..da2d94c2 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -41,7 +41,7 @@ class AptSrc(FetchMethod): set -e mkdir -p /downloads/{ud.localfile} cd /downloads/{ud.localfile} - apt-get -y --download-only --only-source source {ud.src_package} + apt-get -y -oDebug::NoLocking=1 --download-only --only-source source {ud.src_package} ' ''', d) except (OSError, FetchError): From patchwork Thu Jun 25 15:36:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5181 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:19 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-yw1-f192.google.com (mail-yw1-f192.google.com [209.85.128.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbGes004460 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:16 +0200 Received: by mail-yw1-f192.google.com with SMTP id 00721157ae682-7ff58c89959sf1210097b3.0 for ; Thu, 25 Jun 2026 08:37:16 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401829; cv=pass; d=google.com; s=arc-20260327; b=UE/qPEGmvAr8taZ/opFgvDxneLnozV6XqgaJ9BqSEipkJsSqf3T5X2KnleWanb7i4f 4Lt0mO7JhyE8GXv3NiU2+6uCSY3S8cDD/2GgagywIxnMz5HJ0fCjc3hfMlQvREakMiCe qoDkVgqxcPmud60N09ETHDr6fjuZ+kEl9TVVpl3A8hRl9kwtjxNOQfW/ywicXshvBoom q7APxgbxXq7URyH+GQGxmnkGMxzD8912iGU8ULmdVByAH6lxz7ZxLbOcQldaBNByOzpp dp1MQ2mkQHPYglcNhvixAtcBRYMvJov2ujSijzc8yMWg7lVMy/Pn8LrReTvdi6Obxrcv 2qlg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=XWsr9xDCR3wXrZlF08IzgFkTM/qu9HQXELMpkuX8bVc=; fh=rCIey0zPckCx3QE4q0/+mgg755OTdfsDbjpeMLxCTas=; b=UZFm5t8IJdaEbV+YbYgqSEm9SxMtZBMlcapbF2bsl1JGkyXEzBAkdTQYARY34q4/4c C6UASvUZTQ1FSllaKa7ABFJLqVlRrezR7TtDavs98QgQEYw1rvoQuOXlpaPEB7BBvjTL o+5/A80zQopuLnQw9QCb2McQ4NX7KAun8AhClXdVMmNh7d9quuNhlMhJyNpwE2SAhZlk CwrTjoY4gTHqKPRL49YdAjGQAwpB0y6au3zDUqg6jZPHETt+OVb8ebWzJYuJAj8AsHLp JJIIMxAha+nyoW5WoB3lm0KYnmli7DIjcrfOOALicdnR7htMqv+gmSO+QlTJ+2f+cDpM x8fg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=pGMjN+4S; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401829; x=1783006629; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=XWsr9xDCR3wXrZlF08IzgFkTM/qu9HQXELMpkuX8bVc=; b=TS/FBDK0B6n5lc3BwY++ZC1f45M64G3r2FgxAlEoBDvwJdgiWcFQChBjfEKksMZgf8 N+yR/59xq28R1a5lIIIwjLdNckjGzoolo8VjhpQ8AwRPH++KPYSnnQP+9/CSvJ1REyUy iBGydLylghs7BHdxKgJexgN7weqYUxWJVy25jNZbtprMymo086mxgKzRTdW1RlQwaulf 5cceKPOhKrY+qDL5Fq1LqaP4SwZ+OI0UCCGMDliqbbwX7+09Tjp99VewvEm34e6UIa31 Lyw0TzliNZy/Onnnfz6MzNL34/yJHP9DrJyGmGL+5MIhtgpeRVjtBTGVWPyZzIsK6pDn eRUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401829; x=1783006629; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XWsr9xDCR3wXrZlF08IzgFkTM/qu9HQXELMpkuX8bVc=; b=q+9oxu6yQULl3sO1kJW++4HOFj2TIHMPopi0c2mipfoU0lPf4nz6AVFX0KT+Ji6J7L zd25HMjJ0TOSzQWslmxY/LAdhbSv8N7WbKptCUh98mmrrx31XepvBQoyXtgPqqyXjn6Q TtXEZBI14/X2zUnpl451bnIO1NuoS5hBvSiBYqV0zz+5BJDDE1o678bBkxnFI5zPb2Pg r508IzN3meF8KJyG9ZHFg4GcKEBwMiBcpBdBRD8gE+v8/Ql8p4hRVUmsTXYZ100wRjH9 6j/Rz4lbcDHiaz1NJjzOZA6/Ntl48W8A/NezSL+pGFoJeQlx50F8muBYjbjDQEI7Qc93 49xg== X-Forwarded-Encrypted: i=3; AHgh+RrjGpcPgc50hkClYUkQxnRLA3lRO3AxBPTVyAH7fJa3GUpFvNV+QsSwNmoR5KX+xwv9hTPMJa0=@isar-build.org X-Gm-Message-State: AOJu0YyrMjF49VESiTN1uLaTVuPvvi5A4pyBurEtzLJKPqk0kqjtw5/H VSSHfPnmyg4opGrX78wpqWgveiO/5JdSG3wQ2kXF5rvnNtqTyoxNjwLm X-Received: by 2002:a05:690e:12cf:b0:660:933d:3057 with SMTP id 956f58d0204a3-6648774be85mr2582391d50.0.1782401829375; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfV8ms0bJA9/4vyhH0fjz73yB6DkKhnUMsirg4HFrKbTQ==" Received: by 2002:a05:6214:400d:b0:8b4:b672:8715 with SMTP id 6a1803df08f44-8dcdef7da87ls111330986d6.1.-pod-prod-02-us; Thu, 25 Jun 2026 08:37:08 -0700 (PDT) X-Received: by 2002:a05:6102:50a5:b0:729:c168:ea9a with SMTP id ada2fe7eead31-7343760e57fmr1516363137.29.1782401828193; Thu, 25 Jun 2026 08:37:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401828; cv=pass; d=google.com; s=arc-20260327; b=MGBoGWEsd1wuqun6HXsvXGnIl/CPgYIO2988EXi2AhiIH0+3queONHz5Pl1sCZW+so cLXi+Kwk1vxN9TJQe8nZJWdGX1lATi2JhUJmN+xKpBFDAqr0dHvHXuA1BeadQ69BGf+2 xT+xZwFjbmvZ4cYpSQ04shbGLXdiLzA6Z0kd0tmAAvELpG/+vHemVGwrdfCXk+gxYF3n IaSZRdd1GrOII6MWcvoUVg4M09cxzydruFjtX8zV4r8mpCnNWFiRLJS4DCXZeVNzJ5yk Xg66V2oKQKKNWHQcPCTCAPIIsaqkdcFM7II4lx7sHjjtcQUwXRENRl1kCzOoj5V0aAh8 Ak6Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=I/sS1DZsk3dLt6+oqdoH7B/UQj5qXg6X43Y4sylsDgc=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=b8mFjOiZsA6HMfgcrEjiHa5UCOVp/hH5BQYRNGWKFgXzZEcD4aSR4/zibLsv5WdkeK Va9qkmdQ0aa+2g3AKGRr48dHuyJnNE97gTtat0vTnQHao2BcNAA70/hgvgML3Fw5Q/VZ kKVKEYr0AQgvATVI6REAebVmmcWF47cwqp6pUlWio6cEnJ6Hua3DjUVQ3M5vIlghIVPx TX3PYE6w7jImWIi66WwKchRxW+7UUcAbFI3ovjjooY5rRBdweXVALolh+LLXVcCLMB7q 5AjvjTsp0eoLFD34y3Hf8EUU4MlVOkDepEj4rGbSNjh2fKQRcdhIpBinJiMSE+CTwvD+ HaEg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=pGMjN+4S; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-72ba3eef31csi634854137.4.2026.06.25.08.37.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:08 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=usED2SKneqE2Zgo43OhblZvzaUqXsAevmB3fYJQ8NJgpTl6Z4j9zVNJX1J/4ApXj0a04vJH/2urwfsW6ASkkRF7pl+qaVrpPeLARdi3ozlkugQI3cIhhnk9iaJ8Ve/yzilbEoCZ2i/M/VVxsTvCDfw3YXBCnh7J6YC0Ce3kme6YtO+dDmkBMHaOjADEp9kNr6utg7HPN4t+Qav/4SL6inG8DPhvKPnIEfOCCeHKHw7s0Xpfl6RDSjrRJH8sP6P8nqlPwgWBZ2c7k98rCGRljReoql9dyiOMNxgV9ATmlV5plAc2ftzt7V7e057aJjBxqkgTFmhDw2C2YOUkZRqmDIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I/sS1DZsk3dLt6+oqdoH7B/UQj5qXg6X43Y4sylsDgc=; b=wyMd4rZDmg39DHQ+5yO6CdLfqAipYL8hbj9z+nBP1WPwocOASJfc6bgFZsroT9ej8L9gVEX0cYZu5dg2n1cjdl2u1GsrBa356V+XPBKDWNIxXxBw/hTc0JS3StyGJY4cpb/iiTMau5C3gcpFPRk0iPKM3plJuV/VyExTj+iyXMil4mc/aL3lNYyg8CIuC0d8NxdjOGVOsa2J8FpPf/qHfMT3ixv7vcSNhTxCdlHbV0NoxwMSzdDguMOo8DiX6MaXgAuMYJjUW0D9CsnoU5UG0O8LuiiE2d0URHDdZYuMvZpUcGSdBV2Qpvw2V6e2UC8E9F+uInHsGh4tmSpR5XzKPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:04 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:04 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 04/17] introduce wrappers for privileged execution Date: Thu, 25 Jun 2026 17:36:38 +0200 Message-ID: <20260625153651.762936-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 80d75795-59ce-4882-8a3c-08ded2cf9bae X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|3023799007|56012099006|6133799003|11063799006|22082099003|18002099003|20052099010|55112099003; X-Microsoft-Antispam-Message-Info: esA66jhwD9vIxIs8WBOk+Mj5qhTC/n1fijH750MX688zB309veUYJbWPh4CajJBG6JGNo6bVXDLZoBvJMlcI3nn9ht8VE2LPvO7xut6E9fz+gm+hV5iLhcHedC1mDtESoPOm+9DDK/a98MuWjOa9yjqibczMrZq2B4LiXQUyQYQlPXLNLlRJDHsQdFC9TTS+Vf58wyf8CMKJPqRWI0ZvM2ZKgQoam+ZkXP5TqEluiy90XQ6kBTmBuO2ZwKX+vYVOkn32SZSF6TjKBegyVmatd1m0qY7gsGRFt9MXxeZUaqPTawsYtq5Pt+9ElIO+L3HK/kCh9Ty8DRKQQFyh1uHV/1fC57nSrH6+GXuVJYz5cVgjWnuFq5AdpdtfAUG1y7ZqwLTFza/6uv32B0GXTCypY0SrOBar7rGwE4k2o+l27nMw8hJQX8wWHkCFj1Y/I2gBZlvXzDZRoDsxGubGeN9FKm3V3h8UYOdSGmog9rnUIrEuJFDbLxbha5tw71GcugH1yHA/sy3nF/87AAvdG1fWNXfgAJh8SBcQsFs8p6NQQbp+NKRoTkIBxD3RmY/WtbDGQtdTpxSZxKgVwUwczqgrhxxdosduWKBFhbp6oIDlsjGf2Mys8WtB9HhwzxB28zI/QjgC8lD0RNaBmHSPSdiEdw/AJEdyqFEeKmMUmKoR0j0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(3023799007)(56012099006)(6133799003)(11063799006)(22082099003)(18002099003)(20052099010)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: wuKNKaazBxzchu3WXp0mD/Ebwc1HK+C7O6y/vj6qQ7wo5LbbIbEVC5kOep9hquFUqN6rwlMz9p85lURV8+A/HJBl2ub7xh9RbfRKQAS5LqfH6SjkzH7cdtw1T0uiKo7w4MtW+PtpCWRaUhC7PIn9cStRBow42JCIIOX8biRouGJcIZb9T8e27B0Zijb2HrYbPB6P/wqbLSKSnC/Al8HktwbbtqPJLyqxC1RjPp9C6DqHoF1n8pgPdtlPTBkY/n/RhE2KubXTxzwPnfIFFNDO2OoPHWwlVthApjg0pLY4r31qjLx8EB/nih2K9qZrZo4a8UDUE1xSuxOMAZ/10MdKO7xSToaWZVKEllmacKvNNXYKZ9GBzO6ip826KnAuFdFQNrHob0fh6H8CTHZZ+wqOmETszfqjjlfbO9wmOFbHhBMaCfH8RRSdp2AfAcU1i7hMmrmHWV/Agsh5W0cftxxsO6uLA3e85hmAL1urHq9DuwOYlns5wyhpSwP6/eyTDez09itPw/UtmutV4roClTwuhlX+t3Y0goerHvKEZIARn8VnoGwtQoRmxtY6ca4b0XTlezJFBt3uc9f/hdKSjv3pJ5B2jIfqAbOpLwpIetxVGKC3dIB6sMhXoxYXoxaDNQ9yb2/vxZtGk1CTOkHzAjT0l6VMd0XWzu8J5HJX/p791GsDcviwN7Sc57tUkKaJ8v763ZFbEltkUQHogfTOaWnXAj3E/qCDbIrTb6C3MwLnREDD3dl9XcpHTBMHdDEEjHaUDbk4BxvQKLF0qQOossc1PdwYijuDtAEFE+zdsZMdNux2YrTWzruWwJcDL15QnhQIEDa0Wr0iBonJBeX+baAoPrDdIAt2SKYrsVT6AoNJIFvOitCR1npBdtiLxgeObek+9aYC+JMfRidQeaQqTc+7+oAOqNEEu1hHzIloBsVBQ8Oq3a6w08eMZvRc+qGfAO/AkgC4YLONEDmeJQpbQXEe5T8mEF4FKc3lNdRdQ97Q/wcRbR/+YJLQnSf9EyptMqnDMsVdCuL39fB6NOPHCti66CSspWVxyVf5Pyx22raQPg2SOJxTwe5G1Aa3ezmt+IljELwTA+eixcFENRSfpAjEmhbQqBb5D2jqpTHHWpaL/J6COKOvx6cuSgBbA2sURiLslL+ADS/v7zZTXOD8QYBXo+Dv3jkalKbM+3gj33z8Jwc+yOApmpHIHk4GeM9II40eV0yc1J3ous/SJOCaTSmS6xeAa0UcNR9mD6OxxmnKvM2pCQUK4B57ff7ZGA+sy9URV4cmR6osw+L6qvbm86JiqPWVaDSSDMghYmID0y2v9KWYg87KNIM6b+1UuqB31LduEGoc+qUHrVhxt+fYPges40/gMO72aptmRWKeCHEq3sPgAAbiGstV2db0K/JaemZDTMFA+VQE/e2wE+aIhBIs+ENT+F6acoAEhsj3WbjfRIfGRojJ89pOrcp1Z330GGoC3mNJm86/1ealulvi9l/m1upJ+AgPPyudtNYkSScmz79+dOf0/XX8dbCfHhhD6dDBVBEBXXcfyZKyQRnXTkJAn5LZXIGuoPP42lG6Wx+kEGb79FdD1HXjnjP9R22tBBNHa8BUaT1vXaSpVcpnPU7Iw2F0Vaxv/rqqzGjlhRpWB9PNsAHZ/yoimjVDgnGwQXwD3vCalTx5d5WH9+svNBT/dtaHrHMqCtscef7I2hrT+00wZnJGHfr5s2FcKf9aHkC6wl4zi00JOFU2mh1nZ8EBqgn0+6lTsv9ITXAesrsAx+4oJMlj/5l2F7Ff67jvexcHXuJJhstm X-MS-Exchange-AntiSpam-MessageData-1: yBGlqaEQpHyqrD0A5Yrtssq857ZDdruR5c8= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 80d75795-59ce-4882-8a3c-08ded2cf9bae X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:04.6652 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JAkRmuF18aMyhqT5zrM7ZrKEJy6YLuyDdKRQXH13TNGtm8xFixsqKAC/REyRrjmrzFq5j6LzNXhlSwIbwbABkoHlgE4mDEDS7Dsqcffd/Kw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=pGMjN+4S; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As a preparation to enable rootless builds, we introduce wrappers for common cases of privileged command execution. The wrappers are defined in the base class where later on the executor dispatching will be implemented as well. The wrappers are introduced throughout the whole codebase and downstream layers are also encouraged to use them to increase compatibility with upcoming API changes. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 16 ++++ meta/classes-global/base.bbclass | 26 +++++- meta/classes-recipe/deb-dl-dir.bbclass | 8 +- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/classes-recipe/dpkg.bbclass | 2 +- .../image-account-extension.bbclass | 4 +- .../image-locales-extension.bbclass | 4 +- .../image-postproc-extension.bbclass | 30 +++---- meta/classes-recipe/image.bbclass | 14 +-- .../imagetypes_container.bbclass | 26 +++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 +- meta/classes-recipe/rootfs.bbclass | 87 ++++++++++--------- meta/classes-recipe/sbuild.bbclass | 10 +-- meta/classes-recipe/sdk.bbclass | 14 +-- meta/classes/sbom.bbclass | 2 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 12 +-- .../unittests/test_image_account_extension.py | 9 +- 17 files changed, 155 insertions(+), 115 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 5d2514c0..552051ad 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1087,3 +1087,19 @@ and `arch=all` binary packages). Recipes for such mixed packages should append `PROVIDES="foo-doc-archall"` for an `arch=all` binary package `foo-doc`). Consumers can then simply reference the package by its original name (e.g., `foo-doc`). + +### Execution of privileged commands + +When operations require higher privileges than those available to the build user, +the following helper functions shall be used: + +**run_privileged**: Run a command as root while preserving the environment. + +**run_privileged_heredoc**: Execute commands provided via stdin in a root shell. + +**run_in_chroot**: Run a command within a chroot environment. The first argument +specifies the rootfs path. + +Using these helpers instead of direct `sudo` invocations centralizes platform-specific +privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged +in downstream layers. diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 70b4565b..d4dbbc3a 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,7 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - sudo rm -rf --one-file-system "$TMPDIR$i" + run_privileged rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -375,3 +375,27 @@ def deb_list_beautify(d, varname): if stripped: var_list.append(stripped) return ', '.join(var_list) + +# Helpers for privileged execution. Only the non-underscore functions +# shall be used outside of this class. + +def run_privileged_cmd(d): + cmd = 'sudo -E' + bb.debug(1, "privileged cmd: %s" % cmd) + return cmd + +RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" + +run_privileged() { + ${RUN_PRIVILEGED_CMD} "$@" +} + +run_privileged_heredoc() { + ${RUN_PRIVILEGED_CMD} /bin/bash -s "$@" +} + +run_in_chroot() { + rootfs="$1" + shift + ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" +} diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 5b28c09e..33630f1e 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -97,7 +97,7 @@ debsrc_download() { dbg_pkgs_download() { export rootfs="$1" - apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ + dbg_pkgs=$(apt-ftparchive --md5=no --sha1=no --sha256=no --sha512=no \ -a "${DISTRO_ARCH}" packages \ "${rootfs}/var/cache/apt/archives" \ | awk '/^Package:/ {print $2}' \ @@ -109,7 +109,9 @@ dbg_pkgs_download() { | grep "${DISTRO_ARCH}" \ | awk '!/Binary:/ {print $1}' \ | sort -u - done | xargs -r sudo -E chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install "$@"' -- + done) + + [ -z "${dbg_pkgs}" ] || run_in_chroot ${rootfs} sh -c '/usr/bin/apt-get -y --download-only install $@' -- ${dbg_pkgs} } deb_dl_dir_import() { @@ -119,7 +121,7 @@ deb_dl_dir_import() { export gid=$(id -g) # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ - sudo -Es << ' EOSUDO' + run_privileged_heredoc << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ EOSUDO diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index f7a12302..e5987554 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -161,7 +161,7 @@ def isar_export_build_settings(d): dpkg_schroot_create_configs() { schroot_create_configs - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' sbuild_fstab="${SBUILD_CONF_DIR}/fstab" fstab_isarapt="${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO} /isar-apt none rw,bind 0 0" grep -qxF "${fstab_isarapt}" ${sbuild_fstab} || echo "${fstab_isarapt}" >> ${sbuild_fstab} diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index 500aaefe..e693800c 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -130,5 +130,5 @@ dpkg_runbuild() { deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts - sudo rm -rf ${WORKDIR}/rootfs + run_privileged rm -rf ${WORKDIR}/rootfs } diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index e874f3c7..de01484c 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -34,7 +34,7 @@ def image_create_groups(d: "DataSmart") -> None: """ entries = (d.getVar("GROUPS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] @@ -72,7 +72,7 @@ def image_create_users(d: "DataSmart") -> None: entries = (d.getVar("USERS") or "").split() rootfsdir = d.getVar("ROOTFSDIR") - chroot = ["sudo", "-E", "chroot", rootfsdir] + chroot = run_privileged_cmd(d).split() + ["chroot", rootfsdir] for entry in entries: args = [] diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index c90280aa..029caec7 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,7 +29,7 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge } @@ -60,7 +60,7 @@ ${@get_nopurge(d)} __EOF__ # Install configuration into image: - sudo -E -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 diff --git a/meta/classes-recipe/image-postproc-extension.bbclass b/meta/classes-recipe/image-postproc-extension.bbclass index 43ab750c..59128c2a 100644 --- a/meta/classes-recipe/image-postproc-extension.bbclass +++ b/meta/classes-recipe/image-postproc-extension.bbclass @@ -17,19 +17,19 @@ update_etc_os_release() { done if [ -n "${OS_RELEASE_BUILD_ID}" ]; then - sudo sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^BUILD_ID=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "BUILD_ID=\"${OS_RELEASE_BUILD_ID}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT}" ]; then - sudo sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT=\"${OS_RELEASE_VARIANT}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi if [ -n "${OS_RELEASE_VARIANT_VERSION}" ]; then - sudo sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' + run_privileged sed -i '/^VARIANT_VERSION=.*/d' '${IMAGE_ROOTFS}/etc/os-release' echo "VARIANT_VERSION=\"${OS_RELEASE_VARIANT_VERSION}\"" | \ - sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' + run_privileged tee -a '${IMAGE_ROOTFS}/etc/os-release' fi } @@ -37,11 +37,11 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_configure" image_postprocess_configure() { # Configure root filesystem if [ -n "${DISTRO_CONFIG_SCRIPT}" ]; then - sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" + run_privileged install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" TARGET_DISTRO_CONFIG_SCRIPT="$(basename ${DISTRO_CONFIG_SCRIPT})" - sudo chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ + run_in_chroot ${IMAGE_ROOTFS} "/$TARGET_DISTRO_CONFIG_SCRIPT" \ "${MACHINE_SERIAL}" "${BAUDRATE_TTY}" - sudo rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" + run_privileged rm "${IMAGE_ROOTFS}/$TARGET_DISTRO_CONFIG_SCRIPT" fi } @@ -58,13 +58,13 @@ image_postprocess_machine_id() { # systemd(1) takes care of recreating the machine-id on first boot # for systemd < v247, set to empty string, else set to uninitialized # (required if initramfs with ro root is used) - SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) + SYSTEMD_VERSION=$( run_in_chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" ) MACHINE_ID="uninitialized" if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then MACHINE_ID="" fi - echo "$MACHINE_ID" | sudo chroot ${IMAGE_ROOTFS} tee /etc/machine-id - sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' + echo "$MACHINE_ID" | run_in_chroot ${IMAGE_ROOTFS} tee /etc/machine-id + run_privileged rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id' } ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen" @@ -82,13 +82,13 @@ image_postprocess_sshd_key_regen() { ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_disable_systemd_firstboot" image_postprocess_disable_systemd_firstboot() { - SYSTEMD_VERSION=$(sudo chroot '${ROOTFSDIR}' dpkg-query \ + SYSTEMD_VERSION=$(run_in_chroot '${ROOTFSDIR}' dpkg-query \ --showformat='${source:Upstream-Version}' \ --show systemd || echo "0" ) if dpkg --compare-versions "$SYSTEMD_VERSION" "ge" "251"; then - sudo chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot - if ! cmd_output=$(sudo chroot '${ROOTFSDIR}' systemd-firstboot \ + run_in_chroot '${ROOTFSDIR}' systemctl mask systemd-firstboot + if ! cmd_output=$(run_in_chroot '${ROOTFSDIR}' systemd-firstboot \ --prompt --welcome=false /dev/null); then bbwarn "Your image is not configured completely according to systemd-firstboot." bbwarn "It prompted: \"${cmd_output}\"" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index 26a4ec06..bc3f2181 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -363,7 +363,7 @@ get_build_id() { ROOTFS_CONFIGURE_COMMAND += "image_configure_fstab" image_configure_fstab[weight] = "2" image_configure_fstab() { - sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF + run_privileged tee '${IMAGE_ROOTFS}/etc/fstab' << EOF # Begin /etc/fstab proc /proc proc nosuid,noexec,nodev 0 0 sysfs /sys sysfs nosuid,noexec,nodev 0 0 @@ -391,7 +391,7 @@ do_copy_boot_files() { kernel="$(realpath -q '${IMAGE_ROOTFS}'/boot/vmlinu[xz])" fi if [ -f "$kernel" ]; then - sudo cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" + run_privileged cat "$kernel" > "${DEPLOYDIR}/${KERNEL_IMAGE}" fi for file in ${DTB_FILES}; do @@ -447,7 +447,7 @@ def apt_list_files(d): IMAGE_LISTS = "${@ ' '.join(apt_list_files(d)) }" do_rootfs_finalize() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -e "${ROOTFSDIR}/chroot-setup.sh" ]; then @@ -473,14 +473,14 @@ EOSUDO # Sometimes qemu-user-static generates coredumps in chroot, move them # to work temporary directory and inform user about it. - for f in $(sudo find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do - sudo mv "${f}" "${WORKDIR}/temp/" + for f in $(run_privileged find ${ROOTFSDIR} -type f -name *.core -exec file --mime-type {} \; | grep 'application/x-coredump' | cut -d: -f1); do + run_privileged mv "${f}" "${WORKDIR}/temp/" bbwarn "found core dump in rootfs, check it in ${WORKDIR}/temp/${f##*/}" done # Set same time-stamps to the newly generated file/folders in the # rootfs image for the purpose of reproducible builds. - sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ + run_privileged find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \ -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' } do_rootfs_finalize[network] = "${TASK_USE_SUDO}" @@ -517,7 +517,7 @@ do_rootfs_quality_check() { ;; esac done - found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) + found=$( run_privileged find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) if [ -n "$found" ]; then bbwarn "Files changed after package install. The following files seem" bbwarn "to have changed where they probably should not have." diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index e07ce8e6..8d4f8050 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -37,38 +37,38 @@ do_containerize() { # prepare OCI container image skeleton bbdebug 1 "prepare OCI container image skeleton" - sudo rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" - sudo umoci init --layout "${oci_img_dir}" - sudo umoci new --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}" "${oci_img_dir}_unpacked" + run_privileged umoci init --layout "${oci_img_dir}" + run_privileged umoci new --image "${oci_img_dir}:${empty_tag}" if [ -n "${cmd}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.cmd="${cmd}" fi if [ -n "${entrypoint}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.entrypoint="${entrypoint}" fi if [ -n "${path}" ]; then - sudo umoci config --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci config --image "${oci_img_dir}:${empty_tag}" \ --config.env="PATH=${path}" fi - sudo umoci unpack --image "${oci_img_dir}:${empty_tag}" \ + run_privileged umoci unpack --image "${oci_img_dir}:${empty_tag}" \ "${oci_img_dir}_unpacked" # add root filesystem as the flesh of the skeleton - sudo cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" + run_privileged cp --reflink=auto -a "${rootfs}"/* "${oci_img_dir}_unpacked/rootfs/" # clean-up temporary files - sudo find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete + run_privileged find "${oci_img_dir}_unpacked/rootfs/tmp" -mindepth 1 -delete # pack container image bbdebug 1 "pack container image" - sudo umoci repack --image "${oci_img_dir}:${tag}" \ + run_privileged umoci repack --image "${oci_img_dir}:${tag}" \ "${oci_img_dir}_unpacked" - sudo umoci remove --image "${oci_img_dir}:${empty_tag}" - sudo rm -rf "${oci_img_dir}_unpacked" + run_privileged umoci remove --image "${oci_img_dir}:${empty_tag}" + run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - sudo chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index dd6c501d..8b048dc7 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,8 @@ generate_wic_image() { fi EOIMAGER - sudo chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - sudo chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 7bba1af8..f6c2f320 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -136,7 +136,7 @@ rootfs_cmd() { rootfs_do_mounts[weight] = "3" rootfs_do_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ ( mount -o bind,private /dev '${ROOTFSDIR}/dev' && @@ -182,7 +182,7 @@ EOSUDO } rootfs_do_umounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if mountpoint -q '${ROOTFSDIR}/isar-apt'; then umount '${ROOTFSDIR}/isar-apt' @@ -225,7 +225,7 @@ rootfs_do_qemu() { if [ '${@repr(d.getVar('ROOTFS_ARCH') == d.getVar('HOST_ARCH'))}' = 'False' ] then test -e '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' || \ - sudo cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' + run_privileged cp '/usr/bin/qemu-${QEMU_ARCH}-static' '${ROOTFSDIR}/usr/bin/qemu-${QEMU_ARCH}-static' fi } @@ -240,16 +240,16 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - sudo tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" # setup chroot - sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" + run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" } ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_isar_apt" rootfs_configure_isar_apt[weight] = "2" rootfs_configure_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/sources.list.d' @@ -270,7 +270,7 @@ EOSUDO ROOTFS_CONFIGURE_COMMAND += "rootfs_configure_apt" rootfs_configure_apt[weight] = "2" rootfs_configure_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p '${ROOTFSDIR}/etc/apt/apt.conf.d' @@ -293,7 +293,7 @@ ROOTFS_CONFIGURE_COMMAND += "rootfs_disable_initrd_generation" rootfs_disable_initrd_generation[weight] = "1" rootfs_disable_initrd_generation() { # fully disable initrd generation - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e mkdir -p "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -310,7 +310,7 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - sudo -E chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ -o Dir::Etc::SourceParts="-" \ -o APT::Get::List-Cleanup="0" @@ -322,9 +322,9 @@ rootfs_install_resolvconf() { if [ "${@repr(bb.utils.to_boolean(d.getVar('BB_NO_NETWORK')))}" != "True" ] then if [ -L "${ROOTFSDIR}/etc/resolv.conf" ]; then - sudo unlink "${ROOTFSDIR}/etc/resolv.conf" + run_privileged unlink "${ROOTFSDIR}/etc/resolv.conf" fi - sudo cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + run_privileged cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' fi } @@ -381,7 +381,7 @@ rootfs_install_pkgs_isar_download() { ROOTFS_INSTALL_COMMAND += "${@ 'rootfs_install_clean_files' if (d.getVar('ROOTFS_CLEAN_FILES') or '').strip() else ''}" rootfs_install_clean_files[weight] = "2" rootfs_install_clean_files() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' for clean_file in ${ROOTFS_CLEAN_FILES}; do rm -f "${ROOTFSDIR}/$clean_file" done @@ -393,14 +393,14 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - sudo -E chroot "${ROOTFSDIR}" \ + run_in_chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --no-download ${ROOTFS_PACKAGES} } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" rootfs_restore_initrd_tooling[weight] = "1" rootfs_restore_initrd_tooling() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar-stubs" rm -rf "${ROOTFSDIR}${ROOTFS_STUBS_DIR}" @@ -409,8 +409,8 @@ EOSUDO ROOTFS_INSTALL_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-initrd', '', 'rootfs_clear_initrd_symlinks', d)}" rootfs_clear_initrd_symlinks() { - sudo rm -f ${ROOTFSDIR}/initrd.img - sudo rm -f ${ROOTFSDIR}/initrd.img.old + run_privileged rm -f ${ROOTFSDIR}/initrd.img + run_privileged rm -f ${ROOTFSDIR}/initrd.img.old } do_rootfs_install[root_cleandirs] = "${ROOTFSDIR}" @@ -460,21 +460,21 @@ do_cache_deb_src[network] = "${TASK_USE_SUDO}" do_cache_deb_src() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} debsrc_download ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -482,21 +482,21 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('BASE_REPO_FEATURES', 'cache cache_dbg_pkgs() { if [ -e "${ROOTFSDIR}"/etc/resolv.conf ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf "${ROOTFSDIR}"/etc/resolv.conf.isar fi rootfs_install_resolvconf # Note: Isar updates the apt state information(apt-get update) only once during bootstrap and # relies on that through out the build. Copy that state information instead of apt-get update # which generates a new state from upstream. - sudo tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" + run_privileged tar -xf "${BOOTSTRAP_SRC}" ./var/lib/apt/lists --one-top-level="${ROOTFSDIR}" deb_dl_dir_import ${ROOTFSDIR} ${ROOTFS_BASE_DISTRO}-${BASE_DISTRO_CODENAME} dbg_pkgs_download ${ROOTFSDIR} - sudo rm -f "${ROOTFSDIR}"/etc/resolv.conf + run_privileged rm -f "${ROOTFSDIR}"/etc/resolv.conf if [ -e "${ROOTFSDIR}"/etc/resolv.conf.isar ] || [ -h "${ROOTFSDIR}"/etc/resolv.conf.isar ]; then - sudo mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf + run_privileged mv "${ROOTFSDIR}"/etc/resolv.conf.isar "${ROOTFSDIR}"/etc/resolv.conf fi } @@ -505,17 +505,17 @@ ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/apt-get clean - sudo rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* + run_privileged rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"* # remove apt-cache folder itself (required in case rootfs is provided by sstate cache) - sudo rm -rf "${ROOTFSDIR}/var/cache/apt/archives" + run_privileged rm -rf "${ROOTFSDIR}/var/cache/apt/archives" } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-log-files', 'rootfs_postprocess_clean_log_files', '', d)}" rootfs_postprocess_clean_log_files() { # Delete log files that are not owned by packages - sudo -E chroot '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ /usr/bin/find /var/log/ -type f \ -exec sh -c '! dpkg -S {} > /dev/null 2>&1' ';' \ -exec rm -f {} ';' @@ -524,32 +524,32 @@ rootfs_postprocess_clean_log_files() { ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-debconf-cache', 'rootfs_postprocess_clean_debconf_cache', '', d)}" rootfs_postprocess_clean_debconf_cache() { # Delete debconf cache files - sudo rm -rf "${ROOTFSDIR}/var/cache/debconf/"* + run_privileged rm -rf "${ROOTFSDIR}/var/cache/debconf/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-pycache', 'rootfs_postprocess_clean_pycache', '', d)}" rootfs_postprocess_clean_pycache() { - sudo find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print - sudo find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type f -name '*.pyc' -delete -print + run_privileged find ${ROOTFSDIR}/usr -type d -name '__pycache__' -delete -print } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_ldconfig_cache" rootfs_postprocess_clean_ldconfig_cache() { # the ldconfig aux-cache is not portable and breaks reproducability # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034#49 - sudo rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache + run_privileged rm -f ${ROOTFSDIR}/var/cache/ldconfig/aux-cache } ROOTFS_POSTPROCESS_COMMAND += "rootfs_postprocess_clean_tmp" rootfs_postprocess_clean_tmp() { # /tmp is by definition non persistent across boots - sudo rm -rf "${ROOTFSDIR}/tmp/"* + run_privileged rm -rf "${ROOTFSDIR}/tmp/"* } ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" rootfs_generate_manifest () { mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} - sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + run_in_chroot '${ROOTFSDIR}' \ dpkg-query -W -f \ '${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' > \ '${ROOTFS_MANIFEST_DEPLOY_DIR}'/'${ROOTFS_PACKAGE_SUFFIX}'.manifest @@ -565,7 +565,7 @@ rootfs_export_dpkg_status() { ROOTFS_POSTPROCESS_COMMAND += "rootfs_cleanup_isar_apt" rootfs_cleanup_isar_apt[weight] = "2" rootfs_cleanup_isar_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/isar-apt.list" rm -f "${ROOTFSDIR}/etc/apt/preferences.d/isar-apt" @@ -576,7 +576,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@'rootfs_cleanup_base_apt' if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else ''}" rootfs_cleanup_base_apt[weight] = "2" rootfs_cleanup_base_apt() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e rm -f "${ROOTFSDIR}/etc/apt/sources.list.d/"*base-apt.list EOSUDO @@ -584,7 +584,7 @@ EOSUDO ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'populate-systemd-preset', 'image_postprocess_populate_systemd_preset', '', d)}" image_postprocess_populate_systemd_preset() { - sudo chroot "${ROOTFSDIR}" /bin/sh <<'EOSH' + run_in_chroot '${ROOTFSDIR}' /bin/sh <<'EOSH' SYSTEMD_INSTALLED=$(dpkg-query --showformat='${db:Status-Status}' --show systemd 2>/dev/null) if [ "${SYSTEMD_INSTALLED}" = "installed" ]; then @@ -650,7 +650,7 @@ rootfs_generate_initramfs() { mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - sudo -E chroot "${ROOTFSDIR}" sh -ec ' \ + run_in_chroot "${ROOTFSDIR}" sh -ec ' \ ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ ' @@ -688,11 +688,12 @@ rootfs_install_sstate_prepare() { # so we use some mount magic to prevent that mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - sudo mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro + + run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro lopts="--one-file-system --exclude=var/cache/apt/archives" - sudo tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - sudo umount ${WORKDIR}/mnt/rootfs - sudo chown $(id -u):$(id -g) rootfs.tar + run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs + run_privileged umount ${WORKDIR}/mnt/rootfs + run_privileged chown $(id -u):$(id -g) rootfs.tar } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -701,7 +702,7 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - sudo tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index 95dadee3..d9ccce7f 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -20,7 +20,7 @@ SCHROOT_LOCKFILE = "/tmp/schroot.lock" schroot_create_configs() { mkdir -p "${TMPDIR}/schroot-overlay" echo "Creating ${SCHROOT_CONF_FILE}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e cat << EOF > "${SCHROOT_CONF_FILE}" @@ -59,7 +59,7 @@ EOSUDO schroot_delete_configs() { (flock -x 9 set -e - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e if [ -d "${SBUILD_CONF_DIR}" ]; then echo "Removing ${SBUILD_CONF_DIR}" @@ -101,7 +101,7 @@ sbuild_export() { } insert_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -112,7 +112,7 @@ EOSUDO } remove_mounts() { - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e for mp in ${SCHROOT_MOUNTS}; do FSTAB_LINE="${mp%%:*} ${mp#*:} none rw,bind,private 0 0" @@ -123,7 +123,7 @@ EOSUDO schroot_configure_ccache() { mkdir -p "${CCACHE_DIR}" - sudo -s <<'EOSUDO' + run_privileged_heredoc <<'EOSUDO' set -e sbuild_fstab="${SBUILD_CONF_DIR}/fstab" diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 6f09b5f6..16165792 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -69,12 +69,12 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "${@'rootfs_cleanup_isar_apt' if bb.utils.to ROOTFS_CONFIGURE_COMMAND:append:class-sdk = " ${@'rootfs_configure_isar_apt_dir' if bb.utils.to_boolean(d.getVar('SDK_INCLUDE_ISAR_APT')) else ''}" rootfs_configure_isar_apt_dir() { # Copy isar-apt instead of mounting: - sudo cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt + run_privileged cp -Trpfx --reflink=auto ${REPO_ISAR_DIR}/${DISTRO} ${ROOTFSDIR}/isar-apt } ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - sudo chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" @@ -83,7 +83,7 @@ sdkchroot_finalize() { rootfs_do_umounts # Remove setup scripts - sudo rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh + run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh # Make all links relative for link in $(find ${ROOTFSDIR}/ -type l); do @@ -95,16 +95,16 @@ sdkchroot_finalize() { new_target=$(realpath --no-symlinks -m --relative-to=$basedir ${ROOTFSDIR}${target}) # remove first to allow rewriting directory links - sudo rm $link - sudo ln -s $new_target $link + run_privileged rm $link + run_privileged ln -s $new_target $link fi done # Set up sysroot wrapper for tool_pattern in "gcc-[0-9]*" "g++-[0-9]*" "cpp-[0-9]*" "ld.bfd" "ld.gold"; do for tool in $(find ${ROOTFSDIR}/usr/bin -type f -name "*-linux-gnu*-${tool_pattern}"); do - sudo mv "${tool}" "${tool}.bin" - sudo ln -sf gcc-sysroot-wrapper.sh ${tool} + run_privileged mv "${tool}" "${tool}.bin" + run_privileged ln -sf gcc-sysroot-wrapper.sh ${tool} done done } diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b220f3d9..b4fcddaa 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -41,7 +41,7 @@ def sbom_doc_uuid(d): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) generate_sbom() { - sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index c4448016..ab525216 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -209,19 +209,19 @@ do_bootstrap() { trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ && rm "${WORKDIR}/mmtmpdir"; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && sudo umount $tmpdir/$base_apt_tmp; \ + && run_privileged umount $tmpdir/$base_apt_tmp; \ [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && sudo umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && sudo rm -rf --one-file-system $tmpdir; \ + && run_privileged umount $tmpdir/base-apt; \ + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && sudo umount $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ && rm -rf --one-file-system $base_apt_tmp' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -254,7 +254,7 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - sudo rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/testsuite/unittests/test_image_account_extension.py b/testsuite/unittests/test_image_account_extension.py index f78aa7f8..ff0e47e0 100644 --- a/testsuite/unittests/test_image_account_extension.py +++ b/testsuite/unittests/test_image_account_extension.py @@ -54,9 +54,8 @@ class TestImageAccountExtensionImageCreateUsers( image_create_users(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/useradd', @@ -136,9 +135,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupadd', @@ -164,9 +162,8 @@ class TestImageAccountExtensionImageCreateGroups( image_create_groups(d) run_mock.assert_called_once_with( + run_privileged_cmd(d).split() + [ - 'sudo', - '-E', 'chroot', rootfs.path(), '/usr/sbin/groupmod', From patchwork Thu Jun 25 15:36:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5178 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:16 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f191.google.com (mail-qt1-f191.google.com [209.85.160.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbFwR004444 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:15 +0200 Received: by mail-qt1-f191.google.com with SMTP id d75a77b69052e-5178aed25basf32655941cf.1 for ; Thu, 25 Jun 2026 08:37:15 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401829; cv=pass; d=google.com; s=arc-20260327; b=EJe40x1ejsEH2PT8TMg5OkARjINvNFa8Jj+XOFhysXRAKBh4SKJWOOpYGnRR0YYUGX Nsaosq2Q1J8H6c97NV0YjrTFxhJwVjT49L1jo1NDPSP5XeofTKhS94GAu/3m9VdPDCnC Gs+GnT16hH9CEa2iHUutaU56lBFcj88d5j+aJ2N7o7pWaHlRmBIyuf91qot0/wHxoiAd TlAOnFY40twFr2CEzvkLQUcRCrVzSWAksI+jGvVif93+O8S2cKNU9pz+I5es5f4O7u9N TuQsj9k2OOQKjOgWaLFOrJHXMJWbxBYm4nUSzhoIEd1YzxwyEpOk8NaZQpk1vYJjT+20 XkGQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=TF+75dG+/UzWOHmydc8V6SO61ocaGYDx9ZwekcoF7hQ=; fh=Gj51RwGZDXstcdbpyCZra6ND5lOP08Ex5BuDrq5YlO4=; b=FHr82I2KhCYaZ9bdasC1Zj0GsNjSNnX1fwL5leB2EA/TfFwYMeIcATZVC3oQJowOU5 JkCsT1BK3BQnPy2iJVuYJGKc22cKa/EHjFKiXBQu1moaIITXSWAJoZrGctm9gdTJ0q4m JUFFSjdiVPiOU9orPulPWSiy1skBi7SLu5mwdenWkJE58uX+yfkDTOwqcbFVpdnckTkG ADXPgFhCSK0uetujkIBaiNKi4bJFxVJ1S89jJhSvb3iNkGFueNBTKxQw8zFM03ZszZxt QALOObsC12DWsx9azZ4trB1qExIu7oeiWDo0DmNZfvJJo8beZIvHz7Qygh1ngU/nPRoS g/8A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="iu0JB/a7"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401829; x=1783006629; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=TF+75dG+/UzWOHmydc8V6SO61ocaGYDx9ZwekcoF7hQ=; b=KeaCFbSoykUsP280YdN945zhePm6dDUUBZCBWFU3CIl3eXbVQtLVaQeEgCXDJJjRm5 Pt5GR3HREeL0QxEV9yYFesaoZykaa0678pdnN+vOMWlQGnfXRlK4t2d2ULOnE8Ucivwt Y006E84UdxYJfiAc4gMisUtA52kxdpbclmDFOjrFg033vYugkv1cQvqkXL/8lmCJyVS6 9aEGffv87Li0mlXqnhIx+hEgWEIuwUOo/Lk4j/not6kNR8PJvxvEw3LWLXkTTYdtEKpS 1p79TRGSenSZjHVuH4fZkvdraW+kU6ZQ+jjRYDF7N/Y7x4ZATgoKsjVGUUgvyHBLk1AO x1Og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401829; x=1783006629; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TF+75dG+/UzWOHmydc8V6SO61ocaGYDx9ZwekcoF7hQ=; b=WszUNyPGKpUqgb0kOuGq0MwD8kD/KfaL97jcnIYhICndkVzt63VKAobJ8qqOp+2bkn 0mlAMyVdSsSL/84HP8X3oht77lWWKMoa/Af6OHE0E3n9y7u783rvJPS5+zNVN4DvJ5PZ 9BooFytP9A8JaA65mwZWwJCCu+co7XbP2QTe79ETSPD8vJZMK4kKVrkAcKFqB0igQiHN JTCoCKFsLWV8yTe+rEqcH6JU5EWRbX2MBCRNvaY5FVEdT3r6hDQhvrFXjWxXG0cDipn8 xKrMf81jijvWyciuux4GT2kB8ftPjcUaT2AGopElG+qz4jv/skiHVdOpgLlQQH/BVyFJ wu6w== X-Forwarded-Encrypted: i=3; AFNElJ9h2lCGVJhO6UjtD0HCIezdLu5/a4yjbjIsKQh+/KHtMwutgCSOrQiBt1VnshQW9U9kvfpfZWk=@isar-build.org X-Gm-Message-State: AOJu0YwS01j8jHQb7E7anC9674oPemRgp+uNv36ZpJsCzONysWIS9tzj K3eeR7vKO3fy9OLh7GQz6ZB80XjEV3Czcp79/5aLustS05CalzPmhlWS X-Received: by 2002:a05:622a:4018:b0:517:6ef7:f6e0 with SMTP id d75a77b69052e-51a727eb4bcmr45034561cf.46.1782401829128; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfdE4lbrI8d4gdbTVHKfjkCXysvoLuOkEX19zRkEsugDA==" Received: by 2002:a05:6214:1c4b:b0:8c7:2c9d:13b with SMTP id 6a1803df08f44-8dcdfc1cee6ls90506546d6.2.-pod-prod-03-us; Thu, 25 Jun 2026 08:37:07 -0700 (PDT) X-Received: by 2002:a05:6102:1489:b0:607:5cd7:d7c0 with SMTP id ada2fe7eead31-734360a1990mr1389744137.19.1782401827686; Thu, 25 Jun 2026 08:37:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401827; cv=pass; d=google.com; s=arc-20260327; b=OKt7ISdVPVjMYKcVLS59ZEO4N816UvMGWavAO91QwuzfRLDR2x1xW+6u3oVT3O/3y2 W8qZw9FuZqMxwyI7AyZsa6jiF369pjAAYECBTehADAbiIsVy+GV/waN42VtdxJo7DDMx V16eOIcY/U8ToAixBWtdGHKloFqUwo+ZvdTknoggzIvRiMJAgPoJ4lgcmbpC+2/isPee MpN7CrvdOXkabwKSAZJfAwFP3qTJp4tiV4E416Kg+bFvuSj/2FxwPfOd1e/fptE3oErP XXVgMXKEkz24960kvI/K2Z47pZI3HxKdfW4b6Zc6s9fyD/QQBAqtmWMA5tFR7ztRt3PC aEXA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=jIYSQ2UlH2Lnmw7sFU9CzFGQ244XwsEyB7zq8vdR1ko=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=scoB7VnGsUrpaDMVh8se47/xoN2rCCbbR5hJy0PY+OfopAs/mCEqQ0bbbETIoZ+arh S4EVFkDQ0faTTX/FuWYWn5pFz6YZG5Uh1R7pnJ7feCB2Rc8bBWIv/7MwTM/gDKMFjf/d EfNw3vpNFejxuwvrY9qVUrG4bEPn7Ce07fbzEegIPhTo56zJD6vVIGIu6veS1tm6u7yi hBpOe6C0fy659Dmb+KkIcZ0gale/SWv9yAndAH4EEKpzog69Srr//SjmRMMoc2U2edQR QTxlG1cv8VZLjx0gEVg993tc+6JKCr+cnEncKYhb6/iHE9l23PTUo+qZ/YISsngB1ZqV Mj4A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="iu0JB/a7"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-72ba3eef31csi634854137.4.2026.06.25.08.37.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:07 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CHrCEegO9EtmkkdeOLbvepAW33GfulbKPyugqpvowGg2ST6gL+VbLh5Tzixws6uq/yTXZhAXpli2cx1QDEJAmO9TrFYRzv7mD463oOtegqAnwT7O6oxDZy5bbhsykUQOzuV03Q24KurhT2W74MsHO2oVDEj8HI16K4I/tJ9R6zdc52bqRzWKRQG8hkfRcq5lOnulugHyrs8HRrm+1aXdPgHB6pedR+tZKC9FTVnyHIRuPZL4KVbxaj2OAoOo23nyl9Lu3JJQARryXM/n57rQ7F+5MVkp4+l4eoRyosBq88/9M6xYw81sw9743qHAr+C0vdw+JQ4VnowIztnGYz3iRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jIYSQ2UlH2Lnmw7sFU9CzFGQ244XwsEyB7zq8vdR1ko=; b=WO/Ov5Pr6lEgonNWmbw1TfC5BrZPfepWmYbP7OHyDr1R7v8tWyDFj1IKPCg9WAOL6Y0+dcs9Z7ECuMozRJf+CTsWBfj4x834ZftG5qZvJ8fxI4a0spGUdPfSat2aQsvzptebYYbHcYtL4Iwl+my2dSHDOS5Z76+XM1l7cGm+mpQz18ac/FHleN6JzjRGviR9Ui706xKEfX6VCP3uOOIgtjgQaZ+7XnzNsN1gtHlIGIl6t2KOUbOVl7Yo3E9mpX07VS3CSumGF5I4ddEZaNG3+i94etRbpfVlAy/m+8PT1DFkFz9HmTmZ4K0XDaNEXjSfpTYfBi+Saqn2i5OocuAE9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:05 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:05 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 05/17] bootstrap: move cleanup trap to function Date: Thu, 25 Jun 2026 17:36:39 +0200 Message-ID: <20260625153651.762936-6-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: fc292f8e-3764-49b7-9ec0-08ded2cf9bf4 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: EyFWXATyrsiqg4W+QqDSzav0ZS1F12cu+ewQXHU0EMyjgh1rPyVOrxiSDm/hR1dOLq2es83UlMlxjd8NlwoSyr+7gP4pqcsjiDAnDxWBLM/zFkn+CFAmLlnnh1DnZZ6Zvha0c1JFTFjDUN14Q4HX1vAibS0ZSgDoknvJ/lLXVfHNTMCtb3ES1/f1FKrYYzTAvNv25NxRdpbjmf8zeSq2nK6tdWf5bneo2rLb6OReyrK99pTf6OInpswcsmNacf3j0UgDycmqUJvFQTAeaylLTwb7X7xXNobwhpwjHZggT8K9mcQbc/aIWH3G+h/Xn7B4Kicj8NjX4Su8BbVHa/HNOTktwAFcPOtjpMcDaM6x/7Uj75uvl2CNln5MFKDx6xx32/ynYzota+s7+MeaEyImfvTJPjlplYd4XpqXf6Z+1QHLlvV9vdv9wBbMmx95MhgRG4J6Mn4BvuTScG2ub0/SRVlWtdfIb08MdCWcFLpyKsMYJ4aLZvVDyXfPe7YRkOKKZ8nsD2SJEdpsJyaw+Y7veY77Lc0VrwDupNRHUoV4jQRSmHtd5G/bHw0jh3rYMA05UhrKkRdcVYIYlrTRdJXLCQC1630PUrXIXyqU+BPVkrKhwMTNkKVuYt+qqnDvUKFDIPL1HyiMNW1dEf1+2L10kwLbRnyQoLpWf9UE57R4x4k= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 45Cn2bhMckdzXE0ZMlmu1Ma1KDG2XExoJd7XuJzvujsRiIsTTNnacGLcyJr94DFqS4HQLf7uL/Pg6MW3akLDjKZ0EV/qUlFFEWxV6oh0DtVCVXnGeKM4FxyCYbnu7+0/Oh45sDVCxEf9xNZPlONUINjOk7VKtlloXhh55POjbI1HTNkeQug0/jsNrwiM459vu1j7KTLcs7c6gb6bFjAHlXLramnGp2Npb/cqKaw3YSDPkQT9zB+EkO87+H8eg06tiCwBW0wxjh/8UFjNY88D5QosnPQMEee7JA0SOSfZ6D+FEr7Q87wWmSA3OPQZuA5mSJA94gpLrD2OaEpJc1nYYpjrLL8uypZ9HULYRudU2XAR9T3nt5rsZEIJFn/XpP2/FqlJIhQNEEMk0c5XpfS+nm6ahBkGKTxYvgdx5jrQLBY8poWm6kUpaoze88OgSJDaJ2EQH+sVMrYkWAVySeL7u3wH5xdojvZZBiNU+bJblat8AWCIwC62O8JhMpHdU68bJR6rs2cRzS+GLxXdC2ZhkgeJXicSPgM0hyXDoktldoSHNalsbGdjRvJrWGgNnGplMCliB+PQVdK8oFJ5QwwADN/9GfZVJw/zl8B9keJ6wBq5+n/NAgQ1AinNqVjK4FNmweAngIVUu4ahVb18MPtxVdvoUmSB5dmwv3mS5D1hhfQX42hjJNW23YaYxBe4Ybbl031veK68iG5XIsF/vSFy960jfOw0hl8GzLuHA4i7u3FDn82D3v3XpIDMnWIElAMEXgViIbf1QrCfVLt5gl8ByECS5EkKdb/LIys2bNcnH59JevWFA6ELO+1sBipfGdJZF9hwF906C5HYWQdwbPcVHshqmDp3Tu+2OTG4K3V1qtbhYduVK3B7Yvpl+pgNS/3oLi/vFa5Cu1HYS0wZIi9vwZceec169hqW0UDj5aWL/OKmfaUB/AM2ul6Hubn2fiXhvQd0f89rnbRbWZIFc7t3W7/PLKWjpQbZNRRhcefRl10i8GScr9RT8nGHcaz/ZO4mUzr4Tsv/B0038txYMx3Vo9dgZ9Q14msfsfI8e6IMjtWw51nRSrVl+i18O3tJJEJAZc3Z0k7jbANpdnXO1AD5d6FEOpIuRRxCDZLExRoxuA1uERLcZfa4kqtDvcuwiYhXT+9+UwDGA2aWlHQnYOo2yWVh1cMKt8Diz1yC+/YDj7JPp/X97Z5wAz58OQFep+OuFEvdv7cg1QtxX8sKzzqGv3Z/RzWxIVJKBw/coXARrBJENrH/kccawNa1B4EV61JcHpt1TMtwzY/Mct029bbFVINYYCTTvCzvwxVbs7VSLy7ltzJbjeQMGGW/uvLfUsITTolM4qVHwi1o4iQwcpbKLRC924+t+tD2rVCrwHw0U1VOJMfErrRaCWVZy95rDWMgxgiO2k0pUHYCbgtfukU1I3n4q2a14T4cl03CQXSDYoATAy/N1UYpoK/tAiYH8Osqio0ye5L2Hnzqye2i7SVNUWN2bVkwQcaO3Mv5cpfBNamHiK/CIFg1HJjCVygp0HKrl1zlefhEXdsH0dda+3wP5bhHGAPp/asx3eiwG5sevGNMzy4o2A6T4TP1oUob5hvnS81gwN+QneP3r1JD03mslN84XSuOE+Yk/2aqg/u+YoIY6OPdl77hDAwO1q5TLbVATNTMHE9JK6Sl7AI0fkZYNhrn7JJY47aRSSkVAljIiYTnUuDeq+BSiIpwwZ2d/53zGRHug8Yy6sNp2kuvcHLLMIvNjRKJmVMYFKi1+/H5FKDWapM8W9Y3+hyQF/IaXzQXPclOVz0i X-MS-Exchange-AntiSpam-MessageData-1: yuSEVlxIIB/N3p5tc1HZbqr1LXXLQpPxycY= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: fc292f8e-3764-49b7-9ec0-08ded2cf9bf4 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:05.0994 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MLGij7JjYLUa7sSIohJZ6A8I0uahqP4joR6t3d7Tm3f/2XzqRV9DMbr++U04Ub5pAcDDd6OnpsmUQ5Su0ZOXTdHZnkZ6koU2Zd6Qeh8MJ5A= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="iu0JB/a7"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By that, we can make the trap more easily conditional. Signed-off-by: Felix Moessbauer --- .../isar-mmdebstrap/isar-mmdebstrap.inc | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index ab525216..376362bf 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -110,10 +110,24 @@ def get_apt_auth_opts(d): f"--setup-hook='upload \"{workdir}/apt-auth\" /etc/apt/auth.conf.d/isar.conf'" return '' +bootstrap_cleanup() { + [ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ + && rm "${WORKDIR}/mmtmpdir" + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ + && run_privileged umount $tmpdir/$base_apt_tmp + [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ + && run_privileged umount $tmpdir/base-apt + [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir + [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ + && run_privileged umount $base_apt_tmp \ + && rm -rf --one-file-system $base_apt_tmp +} + do_bootstrap[vardeps] += " \ DISTRO_APT_PREMIRRORS \ ISAR_ENABLE_COMPAT_ARCH \ ${DISTRO_VARS_PREFIX}DISTRO_APT_SOURCES \ + bootstrap_cleanup \ " do_bootstrap[dirs] = "${DEPLOY_DIR_BOOTSTRAP} ${BOOTSTRAP_TMPDIR} ${WORKDIR}/trusted.gpg.d ${WORKDIR}/sources.list.d" do_bootstrap[depends] = "base-apt:do_cache isar-apt:do_cache_config" @@ -206,16 +220,7 @@ do_bootstrap() { # Cleanup mounts if fails trap 'exit 1' INT HUP QUIT TERM ALRM USR1 - trap '[ -r "${WORKDIR}/mmtmpdir" ] && tmpdir=$(cat "${WORKDIR}/mmtmpdir") \ - && rm "${WORKDIR}/mmtmpdir"; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/$base_apt_tmp \ - && run_privileged umount $tmpdir/$base_apt_tmp; \ - [ -d "$tmpdir" ] && mountpoint -q $tmpdir/base-apt \ - && run_privileged umount $tmpdir/base-apt; \ - [ -d "$tmpdir" ] && run_privileged rm -rf --one-file-system $tmpdir; \ - [ -n "$base_apt_tmp" ] && mountpoint -q $base_apt_tmp \ - && run_privileged umount $base_apt_tmp \ - && rm -rf --one-file-system $base_apt_tmp' EXIT + trap 'bootstrap_cleanup' EXIT # Create lock file so that it is owned by the user running the build (not root) mkdir -p ${DEBDIR} From patchwork Thu Jun 25 15:36:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5179 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:18 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f57.google.com (mail-qv1-f57.google.com [209.85.219.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbG3N004466 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:16 +0200 Received: by mail-qv1-f57.google.com with SMTP id 6a1803df08f44-8dbdf24d47bsf48179476d6.1 for ; Thu, 25 Jun 2026 08:37:16 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401830; cv=pass; d=google.com; s=arc-20260327; b=seFPrbhwXaYoyuUfF/P9GlkaoCmqKJ2AtUk4o29+belHGtP4j+VlR5dgNOLAWpJsfF 7xIkWLAI2IUpNtk80ouZAt4JS/hQBiiMlpMhD7SylRsYW4Y4WSI22tRLkSzQkx85sKzV NhQixYsDGDiDK867/8RtalWC9iaQLTn3qr4y83c6uUtMZxFSDXimLvQ54SBhVL+VlZ01 tno0rQiIh1Zap13w8HQP4u/chv+aKJUoabRuFSHn3soqOyys391rrG+3CZfCNLyoS7AQ 6zWcAa77/DP1M8bwm65mvTAbLtH7Ouc1QC8X1s/PM0Gn/LUQUFP+UItOpQoodTQzTiPr CFbA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=d1+C7X2gygt0TYAtzf7ncxD/d9dm2XdSO4iLveI2i1Y=; fh=VslbMEabFGtkzpAy/Z4fnc5tTmaYMTEsu+6YBihDw+w=; b=Hotk+7z3t3XjvPFAMYyjRmoH9f+haWq3XYDFpK+25zWOwHW4fqKHExFczt5t7bq1rW betFBWaxCFGKS7qX5sLLbLdeyAWADAUN1jvPoJSCdUoyaproIIofyGrx5s8+jTRIZWue nQXXaUAbpwql/IrcTE2SSLtEaFkw5r4f4MGUo8c98oDqNnS93BOH7p0HJwxxJozR2Vgy jAHiXVgtuX9Aq3J2LHrw60HcJ01SWelJGPs2za8ypEN3+p/gbzQlbk9lcREfsbZSuDqk niPO5pYdle4RQUsJhLfO/7yB/gEvhzG2KdIuu40kxtAHGAMepDgVnfeEjl+8fnDHEqKa wOtQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=H5HvtLV9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401830; x=1783006630; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=d1+C7X2gygt0TYAtzf7ncxD/d9dm2XdSO4iLveI2i1Y=; b=iJfMi+mGldRvPRKrSlD3M7LTLogj3xVnx7hUBlRZGcDJAwkjrmXhYlMn6fWdFMzeIE YM1Il6JYFVWXJKvd7+ZryvHTsfv4tzv/T88+kjPTJN+3UPrNm/P4y3ksVLjYzOormszT TFfuSNn+gExTxvpPnPkVhP0RfL6k9YXbbDE85WKkBuEfc3K0EumtwoswSzL3XRRZP7QI tFcoM5H7wdtpgcyjlcPGptr8O10FPzdtPPnmnOxtNY+KEMtUGiZt8lcr8PyEMtNrvZEO Jb4d0ol1zKCvbPr+Dq/H1Kwhch0PJ+2Bn4cudPhbnt9Be4M0RFz3pakjaLctUHqw4Sx9 wO5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401830; x=1783006630; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=d1+C7X2gygt0TYAtzf7ncxD/d9dm2XdSO4iLveI2i1Y=; b=DZVyy8D1p3NO3WSvUoBYyk92nrp2iQpL5eZUgD4VolRbDZffDhKwSRrJ1xunfG0mrz nirPv8lzBPCpmdgmueNMqVN8twgeeyENtNjb/PtUv/Wwq1Xa8lkuEWXYDXwCoIqU+u/8 8s96j5H+tmFN3yzdae0yj1g6BdfVBlbwWAkze2oeGeTTvYeR88PJXgK3y7vu+bb9SPVh rTMJn4xQFhDGVtXku+N9Nz7Tv+RXa1pkrh5jPi0JDux6Y3dUu9HlbvT4EHwHFEtAwVr3 YA13BfcILHjQEemkXR0d/45q/tXw6jGW635ZSlUKAoO+S7L3RUCAhCP2QPUB+Z2gSCj9 gARg== X-Forwarded-Encrypted: i=3; AHgh+RpmGeOy4i34dICichHskziRLiqfEx2UisK7zYJ5TMyRAx0XkkpvNhHaCCaVO9p7+RXwN7tDlRE=@isar-build.org X-Gm-Message-State: AOJu0YxRBXF/JeiKnb7UyJj9ElFu82RPULgzlwGptAhUlXdaCNqDn1KR 6ihGG0WTnR5oXvVd0XBasPdTHLHa2KXXc5d40xwJVzp0QXFg4y9HsjsT X-Received: by 2002:a05:6214:d63:b0:8dd:a157:ec40 with SMTP id 6a1803df08f44-8e6d3594e5fmr52594756d6.19.1782401829949; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdxjzhU9+Qn4AulpaOZi0QrddGYXmeL0B0ZwfIdBfUm6A==" Received: by 2002:a05:6214:1c4b:b0:8c7:2c9d:13b with SMTP id 6a1803df08f44-8dcdfc1cee6ls90506986d6.2.-pod-prod-03-us; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) X-Received: by 2002:a05:6102:4b0d:b0:6a2:b2a1:f16a with SMTP id ada2fe7eead31-73433c17585mr1447795137.2.1782401828682; Thu, 25 Jun 2026 08:37:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401828; cv=pass; d=google.com; s=arc-20260327; b=Qpox6eJwmOVMC6VGgSrbs8MmrNV9gYAkHkHC7TIVvZ0d1OM0elXAOgQ0uDmbWA8sMI 0bKboPCdkCX9CLH+DWyNu26qrxxAXWtyZgfU7HxIKn4nPTfNcGuKUp7agWFM+g80lh/x NoW+I9QDUt8BgwnzadJzd51Q33tdmw/0S8nX5XoUOv5jVTEwx/eHzSsctn7wyieEGoIK 4DmcO8SwZCdt9JHeFSZ25+rP2dWh2MqBK7y0uu44Xmsief1+jSp//MoVIKz/cU+5vMA1 pA+O8b3UbrI2R84BDVDIpNktQOmbRDlvJmzRzefpp/O8+4LvPuEkyKcXqe56OZQhxADC DpPQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=jG9lQDGClcE/ZxIYqj1vWk67shwBND3aZpHdbAC97og=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=pIURcrLY2lTwpfTlqcz0Hq3C/zqe9VOa94/gblhIXq0G+2hAgjeSAG8WEhAelh9/1b AVCmjDYnSIC0ccSicRQouw1O9xiDpgeWrsY4mv0jRQJllRcsl3HEq/HRheB8DhyVivY1 8F/fm8phrcWQ8hK9j+nCFUf5xBbFuC3dGMXj+QlNoK/3Bj7+YDmTrJxZJwSvqMUgEdWy OMmEh6S+7cL1AGaqarG8bA4n/n0fh0yY/XVfmqQGqJrjjobu879AxSeAy9lhP9S9DfYG j4tuoK4u/gFTtvc0/0dSsr7k8IUJRBUB6OvgRV2QXVgTW3HmDsFo9jd1TsG3dyTXecl2 SMgQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=H5HvtLV9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-72ba3eef31csi634854137.4.2026.06.25.08.37.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:08 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xnoltL9MVVOn7pn8A01QDJ49+mKSBNPgKq5r6zZYm059nz7W8TCpeeq71xRKAtze90/o6qNOp1USErDMNx80+U/GMAw4JOERBl64P4tBz2KAyCZ988T8fL3V5n5OFRp2KvmPjYTVrc3jhtpnET5aHZn4TBsl8agLp6+0CmOCDGAk3CwcDNwymWNNvLZDn9rfDjM9QxLDQRQ0lwFZXe1DbidU4yWz0bO+nWmpGmP7m3xgJ3CrUG0+MzAfsrPJ3MGSGp2okwHY07b3PUPntp5UCrdpoOujZ9is6Z6boHrqGZKtphEyROSzNPsWabP9SdC+kbMCJwfLlvxxVxgY4RJ9Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jG9lQDGClcE/ZxIYqj1vWk67shwBND3aZpHdbAC97og=; b=Ogm7PXqBIYGiZ7vuLuuuIMJzERiq3LYV2F500xRbci43jH3MABha4/u64imtEvXoVpkdf4X+ZqoooPygRC+wBAhZCNpQm23uGVEof3gyO3RCq8yKTgR20rEw2PTtwdV7l0siXVtpe7BIJO1ZVHd9iNJnNlfEkOdsnxOaeOItsvEBLbwggYrCJISOuvNgh0tDZxULhDpXwqbB8tG9RmQzlkavR139azp84WMCm4+cB0x4sG7HAWACPoQcaAwOQOyzehyCpLoo2zBsY4he+fu2puVC6EztOsMY0ZsehRXyKDBJ2+tMAKs7dURInD250Evenv7Sd9O6pLA+rIKbvCxRlw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:05 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:05 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 06/17] rootfs: rework sstate caching of rootfs artifact Date: Thu, 25 Jun 2026 17:36:40 +0200 Message-ID: <20260625153651.762936-7-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 934d0235-73f5-475a-bd9f-08ded2cf9c3e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: 1dTecaK4NQ8UqbZVvKOhDJtg3XpS93zzK9UWefbZKyVnghHRPgDCQpty/HQRjNYJu1fF1zEK4n5lMUMLI/X3HYl29TMMhLguDiqU8iAigoddmtVpQFsRUfCu04SXHAxtI4KmhTITCjPNv9mmuyMjrj6b6rZxYDrRTkt7D8CxPqusWJkaj0P46xT9PHia/GCoS6GVKLTDyoTq7Vmhu3WBgxwHNIXJE5ScXqM17y5gCc36yWinJtfXizpgMkAEVYE932T9+tPXWaMgVtEuVv+DSTTXNfmwP5kayr32gdYyZtJp//AeLAUIwJmao/hxJs9luhZ3d36vEH+IvdnYlrPrlO+Iw5umQxV3gmCGDCuQ8ahXmCE2cnar/0PGrPXbvIkaPUvDNVOycGuWmsKvE6PvoL6SIcZ5IDqtG2KcvLGjnBzxOC6F01eLs3GuIGDuA+c8+h/7VuehHqUPTU2HPwigeGE8+KxB1W3XtNWbZysO6sHdwaOpUOgRtgxIbp0+gCV+p+DwsYAFX1rlKh7dkv/3rsPSl2Bnl8PamE2BY7MGfYU/LslAORCHHyq44f146rZmDpDZmn2KaWyoQoQ/WpexXnlYAil6st1vqkNgCiCCDA21SG6f3y5D95A7A6su1Xy+wXmoBhepqtEJhmizgcHYM3q/jzPU+qZlSYjBrVjwSu4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: Dq5sS0VJZaDIfCScqvgq4xVBPgNe8SERFEK7ze1GwWEwKl4ap9E6gfK4k6RKRyv8xkj5af0/AYtaFPTvg4Akng8t4a3feL9TOFYa8eDgdai50Sd/a24nAfc4JUawL6Z/wkX0+4Jt3PVsOyeJOxMvUfotJF4c8N3HXgpmqcQAFDW5ILr+9KRGQvBz/3hypEaKiQTTw+gpIbir0NxSr3e0xkrR/4JzQuClbagn29r185PEQs6eBVOiaxrQNrl/XROeeKSvPfOMOJn9hwIGRiwcdQYcBa1K6KFIbSKc8UXy/37PxSePut6u+R1SKK034hXXp4E/ONQ21VzNfXHnu0ZxYBB6N5EuOy+AdEnQs7bQdVhjIEVgE3OJVslVtV4WiCKHBB2VCNAG15Bfy/fFMm+P/hW9dKn0uhOzMuMUT4iN0bDDlX72HK91oM2obxWTcwMKDJXXW0OPhM9Y78wEiVwR/Z70EpuOEBinYPtqT5sScLLdIysRu9pWl5rWp7gZpv3I+I8xpv28zdxw+ZKQPjfgG/BPAZ8cggvs8bPUS1QpH/Bjz+YVhhhVxDIEMUKVBoRfZV/mb10op1PFX6ev3bRDc839LkWNYys9LpfWiGKKPA/g01OejKRgOAmb8MJyAxMA/erWl7/9/cTUf1vWElbcberlVdcyd5bmc5vt2DVWhSZM2PYj3FUQVXBEB3u2ktOh4xlnUSztJlnFGPimlUtkoQ/l+uH96TlCRqHpDQKYkb+WxfVPRpQXmKmNEmZj7soIwcWXbfK2KJEOrmt0EFLn/L4hbXahKW1go+fV+Pk/3liU0BSU5h+RgdVa4iEVPzepIWpKcyWnOCiSghABRX56swueJjvYIq/Uqq34Mz2cdLf3cxY5+izKrNWnlOp9zHMrwBN3wc6tn5lbJURS2gVKFYGruog/YUDGThaduJyncCvhdo8onU6ixQHXF45iPOCJTaDqCfqKhOU3kddWOe6k61hIprZsBqqnIv++yhD9Lkt2aVE5MSim2rG+4PWXtO1mBJgVCGQxFF4bs6dSwXoyxrw8/BnRSpoPgmm7ULuWbbaqUv3N9vzbJZErtIZLvuaLpNydz8gu5Ez57XHW4ZLarb4nLBfDsh6WHrp7OSGLc7L/Zc2iJCVmyZrm/WjhdnevqpdPAapK+BTIxluzU9WBiK3hA+2DbhZOK4ioEVDHJTibd5d2H4HsPiel2E/DWSHEbnVYZWv3ftxLKYFMTAvIwbo7tCOJ8eU0KhJ4c0ZA/1aIChqvY/1y8GNzAITyQTInURqWtZSMhgaBkWHyLUnJTs+Z4duDOsGbJL3feTdGtYEthQ6rvi+efw+GueRST7oeAu8lOunEXVMwdNIeFrsBjj+7cBme6MNXr0bLOxryL0mQRMznu+aiGRfPAomHQ6/KW7KPlwGlPfrWmPNYYmTsToRpUKwN8b4CK+hsY1NffTvGb4vHInslfIr+7Wqf/dtpRNVLP7saJ5HEGKUZrXPrULGeh52ZivxK4TiT9NmXmejGCChznctkrPKgZLOoSc3J61CtFMMDQwnryVtg+jnIe2fJyqK8jRA9aOCubO+OntIlgRcNFb+ZjX97YAXlc/OZrq+VEQUP7Qs6AA0mH4pTUJUEfyKioeg37WWfXi14WJ8RN3g/BBiG+WlX877o5+mXxvp90iTqkeTy9JRx1N5sshxB8M+hvArZBuxP1lj6lT542ZnBIjSpln3+7YxSu7fohVoB5lOjECpAx2v3wBSgigOKxYsLZ/L0oR+lVLvynZUFD0cyEHa99qr/49BtSSiI9XWhuJ1V X-MS-Exchange-AntiSpam-MessageData-1: GXZH8D7gdB2tPg6gO9UE+3CRFgePi+g+1Aw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 934d0235-73f5-475a-bd9f-08ded2cf9c3e X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:05.5886 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ar10R97JUktaNz0/ADTl3kQ9cIR+UecR13Jjb2iHrmlVtw1fXGV8kSPxe9kZWYIO5+RAVYikGdG20eVe25HOhW+NLlcDlBHkUjbGpLR8MvU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=H5HvtLV9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We ensure that the sstate artifact is always generated for the correct rootfs directory by using the ROOTFSDIR variable instead of the assumption that it is in "rootfs". Further, we avoid file permission on unshare, as root inside the container maps to the caller outside of the container. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index f6c2f320..c60812ab 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -689,11 +689,13 @@ rootfs_install_sstate_prepare() { mkdir -p ${WORKDIR}/mnt/rootfs trap 'rmdir ${WORKDIR}/mnt/rootfs ${WORKDIR}/mnt' EXIT - run_privileged mount -o bind,private '${WORKDIR}/rootfs' '${WORKDIR}/mnt/rootfs' -o ro - lopts="--one-file-system --exclude=var/cache/apt/archives" - run_privileged tar -C ${WORKDIR}/mnt -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} rootfs - run_privileged umount ${WORKDIR}/mnt/rootfs - run_privileged chown $(id -u):$(id -g) rootfs.tar + run_privileged_heredoc <<'EOF' + mount -o bind,private '${ROOTFSDIR}' '${WORKDIR}/mnt/rootfs' -o ro + lopts="--one-file-system --exclude=var/cache/apt/archives" + tar -C ${WORKDIR}/mnt/rootfs -cpSf rootfs.tar $lopts ${SSTATE_TAR_ATTR_FLAGS} . + umount -q ${WORKDIR}/mnt/rootfs +EOF + ${@ 'sudo chown $(id -u):$(id -g) rootfs.tar' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } } do_rootfs_install_sstate_prepare[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" @@ -702,7 +704,8 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then - run_privileged tar -C ${WORKDIR} -xpf rootfs.tar ${SSTATE_TAR_ATTR_FLAGS} + mkdir -p ${ROOTFSDIR} + run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar rm rootfs.tar fi } From patchwork Thu Jun 25 15:36:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5180 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:18 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f56.google.com (mail-qv1-f56.google.com [209.85.219.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbGO6004472 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:17 +0200 Received: by mail-qv1-f56.google.com with SMTP id 6a1803df08f44-8dd6d58b606sf42334056d6.2 for ; Thu, 25 Jun 2026 08:37:16 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401831; cv=pass; d=google.com; s=arc-20260327; b=sFTIEv52/EYUhVHBZAO3f+CV+IGHyyiiq8Ul8FixQki1JJqMWwFaM9amXjg+TTM51x YK7wffjI6le6CIH6iFHXKC4zrqdK+TF91inqQr2PdlwLczOrRAN+y40D2tR6vleX5ird 90+Yr4R3ZpMHfeVM8JDpuS9J/jn+4zmtoTZYkV8xNs2ndzCjSjhA+SmUTXwG2nsgB3e9 i+Hy3L0rtGoGtxCJRj22h7gNxJXpA8z62OQOG0R7i3zdoJ7KkZMgMDYwmd6zQDKal/mf 1HLgD+fCigwpvsch+CRx4MaxTiiNnkUJQzVx+w1Kxd6QtmD8JbGeKYcMomjk2MvZLR0a 5wYQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=caLP059xPIlTJyHxz2MM7fjtTIOHRajeL/qW4HSwpdk=; fh=sLcQGF663RaLvf8ntV4lTuc1MGeCwlEVWXgL+FICXVI=; b=msnhn9Q47cKOfrMh/rSY7w2C/d8JMUvlKcSEPv8Z8HST3UE/Zyaz4Pbx0WIH1zpyFe U9aV6J82GMepb7OSOeQDtUsQ4pgvfdblMYwf5G5uQtQpLCU97yblKrSECxWa+fHVOi3w PsHAVQcn69uTpxsXabbab9JSrclJ7tnMa6PUFDfZ1EOYkeEJpfGIPgUCnYv3v5e4B4FO tiilxo9lmB6R5XHdATxUtRPxqz4Ue9LDoqgmpUthG7uxwPDEZEftnquithQzqZZWYSXT i/Vg6r3QLtduDaJsqKrrR7WkA2BDsU4XahGzTIebqzi9ES+QPEztOjjElSG6oLe7tAIF bpvw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MN9Dfk7T; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401831; x=1783006631; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=caLP059xPIlTJyHxz2MM7fjtTIOHRajeL/qW4HSwpdk=; b=GkAOJgwc1rMJbGmT2ugY5mcB3t+z7q/q33QClLr4U9ZX+M1EXs/dOzO2ZDJSAmfh3Z 7FbtULFw0qsCE5rtmHI6gyko/EPAnPccO0YtASF9CceVXGoRNaWigFdYF8WBiglgH8TG bK6RoVqhF75ls4E6F2brN7mzcRSfUfSWxRLk4ukVuvEtHdqrCq3qcBQDJxeCXkzYEOQ2 CHSOjdvNsrqM7B0rI2Xgnb9POvpfJ129cKDsylXM6jKFW/Ft3TiwXRME2QVrHt3pHVF3 RXBTInaha3ZbiuyLVYIh6W3thAaaJ8XWqyJNMTkuthMhgCgsrRWmBiCbKyIx9gHZngVX Xr/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401831; x=1783006631; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=caLP059xPIlTJyHxz2MM7fjtTIOHRajeL/qW4HSwpdk=; b=SBt3vTbMNlQ5YbwG82vQBmBWiZyeK+fbiaPoUmJvWJd8QLXuzeFe/I9rFZxj2nsz/8 P2ZobmC5AsLqWnlSCcGcWCoY4QaQF7ZffuiBm2kojlU5d8aUizUMhJdgyqucZGy8JwBA etlRum3MmAtFbK7x1plQg7byDXP9Q2QMPffbZeU/RLH582ArFFpNulrC7bfAF8gmGO21 2B+7CwvLAKQcNJlUNUbCf0WnJcLtKRntkh1lMyfanz0RNEegb2nhmxf9V0IKjrDrh3++ QQS1ssJlrkfbfpw40SkJK+rQfCWWyPlYFAogMhi+jtlrm68ZwrrqmVQJLk/+3a//6LHd grcg== X-Forwarded-Encrypted: i=3; AHgh+RoMS800aI2aqZUzBQ1jWydCtpC+R92J9+3l+DaRVUI5nxzlogeBOQYotVBQUv/IlkNqwbEWfjU=@isar-build.org X-Gm-Message-State: AOJu0YypKmEpjAY8LYlgW/5OOylqCJTCszd437I0SD9g764pnAQ8hlWC CP+agFS9vWVONXYJmFDrDiNVz2T/2786o22NgD+UKZa0eaSoGlJUPliB X-Received: by 2002:ad4:5aae:0:b0:8cc:ea95:2261 with SMTP id 6a1803df08f44-8e6d51ddc66mr49082096d6.36.1782401830731; Thu, 25 Jun 2026 08:37:10 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcY/l2k9RtDO31Dj5rmfwzFG/176aUkb9ElLvrxb9KywA==" Received: by 2002:a05:6214:76c:b0:8cc:ea41:94cc with SMTP id 6a1803df08f44-8dcdad50cedls76123286d6.0.-pod-prod-03-us; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) X-Received: by 2002:a05:6102:a52:b0:720:81d5:92dd with SMTP id ada2fe7eead31-7343619eb3cmr1419031137.22.1782401829296; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401829; cv=pass; d=google.com; s=arc-20260327; b=MRquLobYwuLoTqypS5GpkS4hsjgF/4cM0iGXF1iZ4nfsTVi5qaBA3eqSIAilDE9ZoN EIj0+WgAD3q5yoFeICaifJNRoKctNcXegKdCXPMWU7lPvh/3NU0AmsVBtA7mjEKQpo5n E92OI8nyEgSpKb6atBJVQTW/wU0bA6k7zX3HaRcFdIcYPnN54e+JRywM/q7oys2qlUQz IkXeL22s87e8E39cmiFwMhAtkB05cjMChqX/Eg7Onrn4TDIoFsml7nyl1auxiJBJtfYc ndSpcZNQDbvF4cXEIKk+kiIzUdganyU+N6YGwkJXlf9Lo7fNvM5GAnukFrYLFgeIJhwF QI5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=OotvQUq/uKcXJL6n/tfOztT53uibdeVbjg8REhsj8v8=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=iPp/6/kPpEkOH/zOcCEPiJf/bQe7Cp3lggsdOG7Pa3UbrmemUQo2jA4Ymwe10wGDrQ xg/c86iQy9KvApCE1FBBFwJc1z35m5DqD3h/c2rCjpcEEaJbEwCLUndphNpF+y8CSg2g CHEtkoLn9h+qAJgE/drYdtyGDhVW51TK+9c28l4J1KyxiVvmeMDRTQMVdiSmigo+sHLA HErlbNk6/RM30WEJPz/742Zs7k6q13PP0CVrLch39+VU72Kw8vFjOpM1iKpSuHrNCz52 r1ZgwI3fvvTgRhj6mkuKmi89MTYLcOAt5fm6sFoVfpYofCmmna/9KeKae0qPpSLBKTuo s/Nw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MN9Dfk7T; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-72ba3eef31csi634854137.4.2026.06.25.08.37.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:09 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vnwCC4c1/FLaH5jFjPFBFs8ADje0NZocOPRThZ2Qk4OZ066WEemQ16k1rgS1Sz5zioHJfeP/vGVGRCOUniYUWXF5le8ubprZkEnd6ZsJyyCbSlqvvkRbHpGyHd0Xpms21S2T2vYyy3j0yO1aA6VuzqPV7uRa+FFVWj3pRqfdfdDC9Cle+1fPEpzinXyrtExhrACu3ttDnYDmj5wwWzuTvbO76OTtlDjheZQAaoWvMl3PTO1B+m2Qj6v4X0Xa4aU6uXakL0Z5qgXJGA4haGct9/ULUBbjL+jo6n06aNEICpmGh8JHI94bBHQAen46wMn12CJjRI5QO+ePZCvhCSR9Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OotvQUq/uKcXJL6n/tfOztT53uibdeVbjg8REhsj8v8=; b=HZfSS7fC4LsGQymYsSZ3UfwpmpI6eIziGGKCARJFNZCNNbOtNy5tWUpLKSTcQF5kSX0r3JAFs9HqSbmBAThUyFitYIg4yoWbZJx+9Q9EzyU6BAzLnwgvD/h/P9mkkVqI5S2AaUfYbSyl3of8nK6NJbc19k7FbL0GdCIUGqCep5qLWW/UI4+PQB4rstxt8NVi32nJ8rLAtay4z07cm41JLfj2QH21I+Zd/nIrsCY/lkl28cQs3V0HavHIt9hBojfOGkU9VLlwX3uAr1FpFyF0IZ8ao2hZBSkNTtRj02rSfC0Ln4pF+q4NR5xYjeQvUc5VZ+YM8zNyv2lVTK8f4/zP0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:06 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:06 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 07/17] rootfs_generate_initramfs: rework deployment to avoid chowning Date: Thu, 25 Jun 2026 17:36:41 +0200 Message-ID: <20260625153651.762936-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: fc08b876-8a2d-4f6f-f3ec-08ded2cf9c7c X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: 83xpDgEZ+THz8Ki+JRg5st19GzqFMsceWDTTxlqeWVczg+PfhSr/hOCkDmxNgmYPOtF9WAsjK0thUnWMm4wsLDy9THed/4kgZBlD7EW94kHImpK1wnro6NBrfSeRt3k7JyOCLGZ8ErvbvbIGYftTTVWNyxxe1CqT+yBOFGh2CAfOjWpLQqlTMSgu7Y4P49OjUvmFdKf94elsD+sN9UcYfia1NrTLMk/lLocf1GyLW9Ud5p6g25Qz4cm8IoYOgHlNsfj/StMAPZxNN0tZg0vJeXEBpPlyt9gIeeWQz0N2ZImSsPk+tZZ+tEEFvG5UuFrIfJHUoPzYyrjS9G1qvHQKiZqesKphl7xlSojQS04XzKCsGqSiz66kOYZfL1v1VMXVlTABX3Lp23TY7g9Q8DxrSDZfc13e8byHVh96gmc9NNxFhB8NolgkKsJ+RERBJ3RwDuFt2li3n0mWicpfa/da52rkqveez60V+If1tLQ3DXbODtnG9QfeHBFqHkSr1Yqye/HSYOTkjw0OSj7tmJmvfC12cjQorX9fx0GO0HMG8pdTzp6tnSpIpurxjFqBBMoho9XDkDt/OIfo1TE7TYQcS5hoVvb+YQZiCX7EhNdiN+LtzmGRGmOJXsw43l/Ay/ZnvSqtL1s6wXqwytA2h3Dv3Qp5VtTBbsZR9NEdN+luDWY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: sJXEou4ndbMwAPEsN/IMX/toDxF57tC7a6V8DHauFcLfEX8s+INJdvwBPSJAq7hqdTayg1O1z1TI8bKCsNCeho9pRNOL3y1jGx4xh4JcaFbJwYpcgyLrQqE8wPBrjsBRV9P/QxRoaeFsUnU+nQ+I890p1CnTkztiF29cmR3GfhMx0aW2O7vorrgplT7rffdZlBhQhSBsoVYS5oyBumsSeCJWyGg3ZS7X+3rEeBsskQr9OAqwU8p8OWeWA+/FJfzNkzoaAczGz70RKtAndyCFnyCQBFIdU/vU4towtGFc/6WoCf7RvgSBf7N6XuC/vCh4Er+BRL55c5GA/W1P2CTLqS4ajFIGvMreoW8OIDApaINsSQmAn32w2/iwTqYjNTBD3ap1+HDfq4rW86BhKnYAXqnJFvb+AbtWAjyo4XM4Kjs0hfqOJwC04G8BRbbSN+d9NBgYIISxkz9NY60xv4Wa695vvSi7Jw4q4GUXzBgVFXibdp66JPxxxfjsfH+ZA9RVT8/9mwvyUnHQGjd2HTJRJYdkuVJ0EjgIryJGjs9ARuh+xeTTTxwMn+AP92q3tXP3ugzfv61JXr5RsSmtP5ladrX3WFpvn2tKV53crcc7/ntMkHGb3bjGMxFl98POOiKbRXdlPHZ9s7rOCltu1YWRiUvhkzr6mhQRJ3k1moTzCgN/0qspiTwfPrBXjbo3wpTyCG2nZZcaGqTrb3y9JXhXDYCBXW8we2pBtADNlWS3dpaaShyL0L/22GLX2Rw4T8IBlSfOQwlD3emFnsHZ6SotEPCO6U+H1Vk662HxyOb7GsHL7xe73hRUIZCM/ODYKhUEoKV/0g52RlbxDFLy/K63zfITnF/2tKTeiP4l6YJ+xmS2gxOcPoRLCQx4JjZ9lDzOBcsg4C4EC5AcDe3FIOUEwatULjGxKGIjjOiW6r72WN8eL+yhTMWjmcHHekr5vth98OK4CB+Q63qvvPT60SOP4ofuyZfFb08S+E2c+wKGYWnt6468LcJbE2+haQplir1sRzna5LlR1dPKc43fuFTyjT+tLG07RCLfP0XpnqjguM/fMEFWpN1BiHX47HeAE3l48BTSsUVS6As8oxCl+7mCwIoDvZ7q/4J/iFxmu5T8M3FV9FDCOPuj6uNPc/RvUUyoLFVkUhMqZsShPPHnAwDfLLxWPbVnYGdQOkbx23me5/VIdCd8cF3sTj3dqxhcJvVINa0s6Z5xXZqJlvZhGs0O3LS0fa78oRxxX1vztLwTfBYgdJLzc9s8GCvyO09zJQ6WQQ9wAPLO2yuHdEGjpys/zgL0zu77CymSnO3v2iBDS7HrokfeBd/C/Qh0Ud7fFmaBQodenzxqSWetjqa2/fMR9oCc3LtA8sDphga9SbrHv850pPBZ7eZ43kyc0RHzR7dx1wG0kHkVt6LEYzc+5frnphoyQPawoyh05BaHniw4sXFNUGsaOaTOfr1xi9+TKd5b+jgE21JacvXR6Sn22ouUzdtBQWTvu4eWVEmwA2Wl43bUnvGUBgb/o8v1Om3Sn6exruHsE7EEPud7TtsjztabHs+/oStdWdLocZUvxdilM0ea+a9Blub1RYO7lt7gd10MWaVMsykeIi5sPCPM519eGVpvNF6UFms3SHtOssb8+dRSDmeFb/oCGSt7sPweEWl0TDdoU1s9TlQTEVf8/aLHPeH/feo88Sl7yYuO3IbT0mSxx1YL/Wxq1/tBfGX3tTr9yBZ13lc7s3XEcdPmwBAeXkHrSW9BALmZY1HXbe+3/1VvPbfoPfXkOW4LMaWqVTUIYMcoZZ3E X-MS-Exchange-AntiSpam-MessageData-1: 9KiU6/09VGqc+JDpbiAC1ZYmBdUu5LtbESY= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: fc08b876-8a2d-4f6f-f3ec-08ded2cf9c7c X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:05.9544 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: c2rozqWDxZupXHWyXqhk6QUICUoPa8+qn8QfGehxbax6NrhL/6fKfWJHriZ62xlZJaeO2/KxbpNhsEwgVK4Q76ahcBYl5rD2NgXwPMwoBn8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MN9Dfk7T; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Previously the initrd was deployed as root and later chowned in the deploy dir. This involves privileged operations which will no longer be possible when running rootless. To prepare for that, we deploy via a stdout and create the target file by the correct user. While doing this, we also remove a useless sudo invocation when listing the ROOTFS/boot dir, as this can be listed by all users. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/rootfs.bbclass | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index c60812ab..81f4d7b2 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -644,18 +644,17 @@ python do_generate_initramfs_setscene () { rootfs_generate_initramfs[progress] = "custom:rootfs_progress.InitrdProgressHandler" rootfs_generate_initramfs() { - if [ -n "$(sudo find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then + if [ -n "$(find '${ROOTFSDIR}/boot' -type f -name 'vmlinu[xz]*')" ]; then for kernel in ${ROOTFSDIR}/boot/vmlinu[xz]-*; do export kernel_version=$(basename $kernel | cut -d'-' -f2-) mods_total="$(find ${ROOTFSDIR}/usr/lib/modules/$kernel_version -type f -name '*.ko*' | wc -l)" echo "Total number of modules: $mods_total" echo "Generating initrd for kernel version: $kernel_version" - run_in_chroot "${ROOTFSDIR}" sh -ec ' \ - ${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}; \ - find /boot -name "initrd.img-$kernel_version*" -exec install --mode 0644 {} /isar-work/initrd.img \; \ - ' + run_in_chroot "${ROOTFSDIR}" sh -ec '${ROOTFS_INITRAMFS_GENERATOR_CMDLINE}' + # on dracut, the initrd is not world-readable + run_privileged find ${ROOTFSDIR}/boot -name "initrd.img-$kernel_version*" -exec cat {} \; \ + > ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} done - install --owner $(id -u) --group $(id -g) ${WORKDIR}/initrd.img ${DEPLOYDIR}/${INITRD_DEPLOY_FILE} else echo "no kernel in this rootfs, do not generate initrd" fi From patchwork Thu Jun 25 15:36:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5183 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:20 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-vk1-f189.google.com (mail-vk1-f189.google.com [209.85.221.189]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbIL9004503 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:19 +0200 Received: by mail-vk1-f189.google.com with SMTP id 71dfb90a1353d-59d595bfd94sf6616e0c.3 for ; Thu, 25 Jun 2026 08:37:19 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401832; cv=pass; d=google.com; s=arc-20260327; b=Xots7RO0c7TfeN63gJmWESn/QD/wbZuGj6HOOz49ILAGQjUY0P1sj0FTLUvuif1tlh 3SKTTwMVB+iCzE0R8pqUf+UTgIQ088X6aA2uSSHknY5zE2JV3eDlYwm00Y/O/2Vv6oIi Lnt5tLcRlOJew6Y9gvDNilVrkPyulS3bc1JdXC5H7dhdCLxACi5Z8GErlDnzkAAT5xHF uwfoO2/fG0IELnrxAtXxyEpwF0CbNOR+6QCSD9A6jFRe2F1KQ7UrYuVy9LUqeG36M3ww kWqMiBLU0b9eKXU4FCD6ejmG2wsZxZt6IoY38BpW0mdfY7Nzvxce620UJB2Jr42iSEsL 3cqg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=jRoJytsO5om9KFy3EPkYTCm+qaHaK2PW/6nfSOc8bCQ=; fh=qfy7QgtJe6Q2SGrfjej6NGcix05zTf9Lmr8NyfPOQrg=; b=qaL4GS/mfQmrZE35eKAh6p5IQL7dcLIAFc79uoWr0Ah67vrAvt6rvkPzxzedFiIrQD dFBW7ei1+TWkP87l9mm3cnQ3kWN8vq/Bwe0HR3m9ExfhAtQCQqq3wjlGEL/JF6BcevTK RsZFybXoPXt2mHwmMkZ1jGscDpWHnJb1jltGsNJUAm936KjMR14WJvQ7DG3q8KJkOQho Y06BrmIKlgCfOLmmzfM2PdgRVtpuWvxotC7RAMC1FZf1B5yyOLW76usNzDuf1928ScTk IikYFf0C0OIOYPCUd8TBIRKWMhXbllLmsp36cr/tUCgAfdg+GRv/93/3rnhe0T5FTmvD qUTw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IcBqN5zW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401832; x=1783006632; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=jRoJytsO5om9KFy3EPkYTCm+qaHaK2PW/6nfSOc8bCQ=; b=J9po7JrRbNeWsnzIvicYTy61ANNnPy9J/xO40Of8youFDho/7KFKUKheOU7hi3nTjB IOJckFpqk9p+F8zDJ8sGSUzIW6SYQl6kpysHKkqcjr2Q+9qmJs/KXlLjFVkNkzTB8FxJ F2d5LMEw+HfGcJx6HLG/5yD3iyFnErdRgayR13d6qnXnBx836WWi6q8pUaEq1Rb+AoMa Iw5nP5gIOgzmFZKWUxIiaqXH6G/N3cOrwRLuZOM3Wpeqz/2VH7c4F60LG+cglBb7oftC 8RSLDcAbrKgjUYJhjn62XqAOo6LA14M+0cgaVehISLiN1qikfZLMRfZGEW/0VCEVobpA 5pkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401832; x=1783006632; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jRoJytsO5om9KFy3EPkYTCm+qaHaK2PW/6nfSOc8bCQ=; b=i65EZk3sM5Sx8Kr7ErmCJZ3Vrd34ytVD9dA0ob5pSigH6S0ezPNYmENmdyCLeFUdbu UdrSYGS+Z8hE0LWVj+a05QWzU11VeIPyla6Ov0U28lbM6gwXiwfZa2swKbNk78aoSq+A B00w/uTofFL/NamKmMg7VVgnWFbr3G2apI8ClHf3wK9FiZpePpJrZrr8I7iqKv9RB1sq EfXHYsX1Sass8ZkwEJOTwbYe9B3jg73u6yNplyKmBVhT+l4AXR0B5MQsUNoUAn5zsiOR T4q+fRVvKyM8s9PKBwgpYUYpeJYasgOalMtcbSpy5cmCMyYGFx1kpXIe7FkRbXxYWTQH 42GQ== X-Forwarded-Encrypted: i=3; AHgh+RqSpTyVxknb7+g4HcLRhfN6zkF5K5kTzQDbKS60JhkIxdzBvevISZE64tLlvwMlfm0i3hIQESA=@isar-build.org X-Gm-Message-State: AOJu0YwIiiDZ7oKfAJZ7uU4nshpuP+Es894G+hZcaj2BYHVDwTjpHZ+x tqbFMVjenFU7FDuV2g1PSQxnjtA/nRh/YIU5H/aErCzQsT2F6+MKsJvY X-Received: by 2002:a05:6122:6b1c:b0:5bd:71b1:d5c6 with SMTP id 71dfb90a1353d-5bd71b1d988mr817166e0c.4.1782401831873; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUflVjYs1HilwMMmoRrwaynOiEDg3GUEvHtPhcdpBhJ8bg==" Received: by 2002:a05:6214:5003:b0:8ac:7f7d:4a02 with SMTP id 6a1803df08f44-8dcdf26bfb8ls91543736d6.1.-pod-prod-03-us; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) X-Received: by 2002:a05:6102:f99:b0:728:89af:8ecc with SMTP id ada2fe7eead31-734342415c5mr1496687137.9.1782401830838; Thu, 25 Jun 2026 08:37:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401830; cv=pass; d=google.com; s=arc-20260327; b=c48fkDDMUVS1Fi7FaVBGT73on3GHO1TQlek7cowDsp9Vv2YYpsOHCNby7AgjB0hiDr u9jXd1KcIoYPoxxz3AOg/5BOcBPBnW0JoVYZpTZ6/EHIxtax6ONbGQmr/poPtrpO7Uzl LJjSn8Sb8suUS3pk8IR+vtEyLnDk06E64EA6zJ6WmEV7g2aLgGrvdE74fAzl8y4bU8Gg VtLcwldjXcpAJfc73E2AaGQK7v3MUQ3xHfbuosjSHcoGqkLPiisr8SetTQKFLyJf9Aim XsvPtOKnWQFRvTlFQwJuKext8DErtEyNErktHVzlMl/uM4O6x4WAb6y84Am1yHm4SWy4 LE5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=A6HYDJplowSJTsZuDg8ASDLz50zB0lD0hUyhS+XluZY=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=oR33hDlm3T8Izwc70/Yv1PFW/TpQhI6z+3hiNObU/LYCyr7embC51Q8BvOZdImBuyf 7/V3jZZDB6nyVn/gyRd4ztvbCl1qlWksE/N66DZTSOMbRdH9GqtsSkhGGOfozJ0Nvl1I gZYpnDDETlxwFy+sMR3SVBCsb32ALiSA6w061sw4lKdcjbpQ97gDXhvWukNzza0EfZym gPt7JiBAN88KawhAEmNaOvktNX6CDqovau3+N19tgH2GYfkh2Jxi4xjruSLF3AAFf3Ik W1yUKm5Naz6qJ5eep3KqdqaQ17uf5aLXEGUMcdsJVzoRrucnvL+8dfMwKRdxYqICgm5E oVWA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IcBqN5zW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-968fb56e06csi87340241.0.2026.06.25.08.37.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:10 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AyJj4yqyKn6DKHFvsv2IuokWZRvG8vaZzNaojUl4w2zFvyEhTHLPmrpS4Ms3mSWgkgeq6z+RyWkiTZqUBjGQ7hrpPH9SDKjlb7FXCUYoSBA6r0AlKHmtudz1veZwkSKi/nW/G6pRleEhrT10C9M9DCu9wNuNb2W80o88dqep4Zl4fn0J5/nwBzltsqDTvEatluX4I6ys/ZQeIlHKGJu8Utn1u6s9sATr1f0DzfMbs5v7tdvUzOCiNZyfwZqyWNJM5aI23taJwpku0t1ME2aUmR9VbpsK65G3jFqd9BAkCDOfWaVBQmwQdz87ps/P2sf3pkt+B4NQ7xOnL7cbiNEYyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A6HYDJplowSJTsZuDg8ASDLz50zB0lD0hUyhS+XluZY=; b=qaQvIsYWboRM7HJNmrOlthNYcT4QOAfZ3XvDEaMYv5kpNWC2Bb9DXQPUW+0yn41TlHVVTpw7VxbenCwyGZ4RB+U9AuyaPTkUaILuNWS1BT5/n8oPncQmQvSiLxYuOTh0F/6o18Uv5WWy7pnyu+sMnNNsjtk+gyQrD2cai6U4jiquv68rjkZ4VaqY7A75g2AWopuMS5+OLQgFYI9w2mMYpz6uNYN4MV+Hl4kfEiVnx3k+sY7Rlhy44sZyUSimFiR3Z8EO4DUfr0QjlnLdbityyol1rsyD9IAZ/0ToLZ3wL4bsBF69fbY3J/vC0rkb3j1NMCBO0o2sUupzODTtPs6BMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB8116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 15:37:06 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:06 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 08/17] use bitbake function to generate mounting scripts Date: Thu, 25 Jun 2026 17:36:42 +0200 Message-ID: <20260625153651.762936-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB8116:EE_ X-MS-Office365-Filtering-Correlation-Id: 1260d5ad-f578-4c7c-8746-08ded2cf9cba X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|10070799003|1800799024|376014|366016|56012099006|11063799006|18002099003|22082099003|6133799003|55112099003; X-Microsoft-Antispam-Message-Info: XjjrsZYK0Qra6AWPYqLh35mDFnPUn+tHf9T/x0paNbJY9Ba1XwbgJrynGXrVPrj673WaTtfNS4ih3Vfbk/M0Fooxj87fjLR//5AhdMJzP7IHMfPM8PmGM1y/sEI623hM3JNoicLOMpHHkv6uxyn5kRMPgtdZWfChzb2ryqennqi9ZAgj/78EuqVv0sBCTe8gAKdb3GGZNM4oM9WxZKHQvWukWsaw1wus/UilS7/ueekOfnjt6vLR2tD3nHugOpGLoOrsuWYt6bKTSyn7Kd1npbNPpSIjiOve2KIrGb58ll784eoGKiA8zHviucSyHap4v1bV1kosi1wuaqOvmmCswv23z+pYGeSUoRr/kF7h+nificFc2VAkqRjCGgZ2U66w8bHnWWlVn3Wheoa0VHh3+NTlXbpH5qCM/S+I8/mWhV8DCXQ7Y1ctXpW4+yeQ70hgXYXFVziWaZ2xMGaVN9Oyec1GdzPj2p/xssOPKd2BKT/vvWEKjSg2fp0/AmvPKX8G7zxksYp8p3j0OrQLU94xWQokiJ5YB5AF94JgeSv5kcfKhW2FOaqD7ji5dwP4hFjpKlSWOCP1jy+7SwYqy9tEft93qtFlM4gZo81USV34j1fLHYO9wJHv8s7Yg8uwIDeLCmvTIsyBpscsbDHgW0oo5yz4Tjaa5xfxVlKMNgHYFKw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(10070799003)(1800799024)(376014)(366016)(56012099006)(11063799006)(18002099003)(22082099003)(6133799003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: UngTvi4WtqSqBDSzu/no+Mx10Wup7T/WspF+cli9bPuI3vO/jLc9YDGR96IfQ1L5OyJLs8svA78Lg5SJxaEZxOZbdI4hc3tDlErOfvFR+N4sLzbd2IVTGafv9habxE2QTEHcU8WJhP6+5smryFoocDdmmy9j5yhQYqjVV9MGkzBUuK1ZHfNX4iCveVXZF52JPNco74sqINpF8H/fcIbpZMpc58juAdVJ3Onq0BwGsg59uQNooFDV55y7vsVuutYy1HO34sRWdJcH24imvHJOFnq7SwmwGr27GYvZ3GS8ZGnieOmm5n2gGshqW5bIlPuXKzEIJONj8ToNKhpToEvEt6lLthE5YzQ43bOp2UPYCm3E2X96cgTx8o59s18+rYUSzjYnaKddY13xrxtJTMpkX2UZq7WPNyyXpBjsLYfaF5IcoSU/qwCCNDvwQ32ChTehslSR4MkqobQGUi4kjUfQTqrhtKgH2kQvDKUaFzjUts93EAgFTo4SzgxXdm+NZFEDcYYFgW/ctv5sySPe3IRNcLDblE1vfCP1STaYi0ECgiIpjuMHvJZ/avCKdkzKX4ktg2wcTVHH0u+dmIVyzWgOwZASd5hpsVs6iev/pleTOmAjf9Whtz0TMEqCStMO8Y01aYoRifkILSH9GWlacfaTYtD1KViIIrf53mfQkft+LYvpCQ1MJGzZQJoiPj52gWlCHzCJidqe8q9Ue9npP+3o6l1B+/c6gUfGrrH0JXxqvBGIvWlk/n5O0TSWk8xvGWF//GHbiiSBi3FV3lCEfGIF0gazC5rI5fDrLTo8U1CcqysZOQDfBZy/nc6YYp1hofksB+InEK4qsitC0uBDGvpqeqXGNJVWN2QEnaDrEvV+3PigVeLNmpTAEpqy8xH1ypkon84F3F4D1kPd7x0+jHGh0i8ApAwCQMzRr6CkBuoEb9M0L1p3tWgd72qL7VIXX2ID18rcW0K9X9p02VA8GI+O4YvXDKMPfndsXMUQa4EN9UtThCDhx8up2Rv3N/g5+UhX22VVhUXCthqGbL167zoKLRPFuZ3iu3CWNCD1zGFMZltxY6JwUyBbQSKuD9NHyubD77z6u9kaCwOvFAOVxXs6CjGy2iizQKuazlvoLpWnsp5yLmvCEU0GupTiicXq65osiMY6PCPugmRGH9zuqip6/zSIUidQFi+i2/uqogR3YmgEM7JYt9zCJwiINotv4JlZZbupmMxlsIJEVkK9fX/hCeFnncO+KeYW8hPg/0jqk6B83pr44mOf7a6r79T40qx6wTStJUOQQ376NzdSE1PGUV/UkMhYduRdlIxZzjX9wVP5d5270A+P9hIMK2cvMtk5ez0AdVkcaSPKEqReBuPg7q2Zl9ZzNOJjvrw6NVBvvep1xzYtPsmShw4tgtmsBjgZoZnVqzKUSbxEZmAKB3DvP0H2zcRlsrieELFQRgdZ3pYwFzo1VmFRoqEi3B1G+eYNvw7PnhkP68+httQfcEBXko746f/TRpUD0v9J4xSndL6+cHoqTLhoN+xiN5j0WnYYXaKI1j41TWcqiMMcx3Mf7PHYwbfT2g5XNngP3L/8qSSBeM6l89BLHwQlmNGKjYdbqD8r3AAYokjL/NOcyCD4DVrsSyZvMGYAzvgTbIsGG0Y8Kz5tR6Laiyid4daiRnPizDOGDrJekp2wu9on0gpN1VIEnxhXYuUWIwotwsVQIJdywtNZw07FbtnUFqNINUjuedI//olX59+39/bASznK9+emkAThe8AftvocbP2hxy7QG8UH4wxOINdff3Y/6gXImy/vMaF9 X-MS-Exchange-AntiSpam-MessageData-1: dEBpDvECCr71NK501C8jqW/zxop2tRXEC4M= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1260d5ad-f578-4c7c-8746-08ded2cf9cba X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:06.3993 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 85Nhnz+FgJpAwDZBkjELXf1aSa7L27DlSOJ5Bg7CYq1Vri+dLd17nO0p3fc/Gk2klVHSYo1+ofm1SXAMl4CJkV+T0OB4CPrQ91tfzjxReK4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=IcBqN5zW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= By introducing a bitbake python function (a code generator) to generate the mount shell code, we make it reusable within here documents where external shell functions cannot be called. Signed-off-by: Felix Moessbauer --- meta/classes-global/base.bbclass | 18 +++++++++++ meta/classes-recipe/rootfs.bbclass | 49 ++++++++---------------------- 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index d4dbbc3a..90e4525e 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -379,6 +379,24 @@ def deb_list_beautify(d, varname): # Helpers for privileged execution. Only the non-underscore functions # shall be used outside of this class. +def insert_isar_mounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + inner_full = os.path.join(rootfs, inner[1:]) + lines.append('mkdir -p {}'.format(inner_full)) + lines.append('mount -o bind,private {} {}'.format(host, inner_full)) + return '\n'.join(lines) + +def insert_isar_umounts(d, rootfs, mounts): + lines = [] + for m in mounts.split(): + host, inner = m.split(':') if ':' in m else (m, m) + mp = '{}/{}'.format(rootfs, inner) + lines.append('mountpoint -q {} && umount {}'.format(mp, mp)) + lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) + return '\n'.join(lines) + def run_privileged_cmd(d): cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 81f4d7b2..411df93f 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -49,6 +49,16 @@ ROOTFS_PACKAGE_SUFFIX ?= "${PN}-${DISTRO}-${DISTRO_ARCH}" # path to deploy stubbed versions of initrd update scripts during do_rootfs_install ROOTFS_STUBS_DIR = "/usr/local/isar-sbin" +# list of : or mount entries +ROOTFS_MOUNTS ??= "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt ${WORKDIR}:/isar-work" + +python () { + mounts = d.getVar('ROOTFS_MOUNTS', False) + if d.getVar('ISAR_USE_CACHED_BASE_REPO') and not ':/base-apt' in mounts: + base_apt = '{}:/base-apt'.format(d.getVar('REPO_BASE_DIR')) + d.setVar('ROOTFS_MOUNTS', '{} {}'.format(mounts, base_apt)) +} + # helper to compute the rootfs distro also under cross building def get_rootfs_distro(d): host_arch = d.getVar('HOST_ARCH') @@ -154,50 +164,15 @@ rootfs_do_mounts() { mount -t tmpfs -o size=1m,nosuid,nodev none '${ROOTFSDIR}/sys/firmware' fi - # Mount isar-apt if the directory does not exist or if it is empty - # This prevents overwriting something that was copied there - if [ ! -e '${ROOTFSDIR}/isar-apt' ] || \ - [ "$(find '${ROOTFSDIR}/isar-apt' -maxdepth 1 -mindepth 1 | wc -l)" = "0" ] - then - mkdir -p '${ROOTFSDIR}/isar-apt' - mountpoint -q '${ROOTFSDIR}/isar-apt' || \ - mount -o bind,private '${REPO_ISAR_DIR}/${DISTRO}' '${ROOTFSDIR}/isar-apt' - fi - - if [ ! -e '$ROOTFSDIR'/isar-work ]; then - mkdir -p '${ROOTFSDIR}/isar-work' - mountpoint -q '${ROOTFSDIR}/isar-work' || \ - mount -o bind,private '${WORKDIR}' '${ROOTFSDIR}/isar-work' - fi - - # Mount base-apt if 'ISAR_USE_CACHED_BASE_REPO' is set - if [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')))}" = 'True' ] - then - mkdir -p '${ROOTFSDIR}/base-apt' - mountpoint -q '${ROOTFSDIR}/base-apt' || \ - mount -o bind,private '${REPO_BASE_DIR}' '${ROOTFSDIR}/base-apt' - fi - + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} EOSUDO } rootfs_do_umounts() { run_privileged_heredoc <<'EOSUDO' set -e - if mountpoint -q '${ROOTFSDIR}/isar-apt'; then - umount '${ROOTFSDIR}/isar-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-apt - fi - if mountpoint -q '${ROOTFSDIR}/base-apt'; then - umount '${ROOTFSDIR}/base-apt' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt - fi - - if mountpoint -q '${ROOTFSDIR}/isar-work'; then - umount '${ROOTFSDIR}/isar-work' - rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/isar-work - fi + ${@insert_isar_umounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS'))} if mountpoint -q '${ROOTFSDIR}/dev/pts'; then umount '${ROOTFSDIR}/dev/pts' From patchwork Thu Jun 25 15:36:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5186 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:21 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f56.google.com (mail-qv1-f56.google.com [209.85.219.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbKuT004617 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:20 +0200 Received: by mail-qv1-f56.google.com with SMTP id 6a1803df08f44-8dd6d58b606sf42335286d6.2 for ; Thu, 25 Jun 2026 08:37:20 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401835; cv=pass; d=google.com; s=arc-20260327; b=f07t1cBckfKQfNYbsQGCf+E/g5Yrz0Plo1uw26tiObUswFDgbmjZOPBeMj+Wju0zC/ VfCX/wszFO22KuszIXJyDjshk2IKrJvTHfnAhJhUqT8BR/dZ9v+rLTNWLCxazsvhitXF MSteqLUb0/Ra2P2eEGPNRje2y4NUCnIfYIOTPm1JmPKkByvawNVxK8NQEYL2RaJMjhFr OiaVKQE7hS8xOy2SWDuQV6kTPYJMkRuIGz4CY922bppAFTBAYf23WF+AN+YRBInl5NgY m2za578Cfcv978GCkvvY7OjLwb10+6Bv0cxJkwLCOKyeMByM2zuFY82Ov4oCL/MywS0a ++yQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=DqfHW7SI1XthmWo4jTz5d+ZdefNLw9f0Qy2z/oVPHhQ=; fh=9UWcZbEd/z0dm2gmI8Ywme1E2chjLDxNyFqTmJPPLEU=; b=SVuHzOZO7aM4I3CWeK7svIEykgYhd6Q0n43ATOse+d4BaWPpHl0MmCesp9SR6JNd8P tQfLF2g0sFmf7f2RlM3opSR715xOJEIyPqHKU81xxeL+P9IkfRrRGG63j2Dm6Mb1mOWU KR7+6pp/EsymNjOxvWQVCyqhqXnTTUakqY4MCLCMI2CWVHDBIGnRWGTFDLzxVpc62+AU fZ1YUCb/3K+vaSAac/hCZtpowtmJSnM+RoZkaJEc+qXaRyl/ubr3D/LqBdF40YgJymOz cPfQD8Ck1YvMJzXoWPjnz0rIO448WnGe3/i+tq2lDjAHslzModUmsV4ODeXAxC4QLTax WeFg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=0Ky3VW9a; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401835; x=1783006635; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=DqfHW7SI1XthmWo4jTz5d+ZdefNLw9f0Qy2z/oVPHhQ=; b=Rr3NbfjReBlaXYt+lujIcKnrinEfsLQEB4E/j78zS+QJgMZ0k9E0UbEHofJpODcyJH LJICKsRwTMqKbq70Ngj4NxkpCokjz2L41ghVNB/qOqyyOnT46pGsfhd71blutFSR5DMr 3nIi2GyBMNU7ei7aFFtfmsW+5EC0QMQG3uZDwB0SaqzzmB/CgKCTjxCtmRK1bRM53ccu DwvvzvnTPLINAmAd8ex6+98cbZqZVYCkAJBxwWgiinm14XfX1wXFD06ELqj8OrohMQB9 0PfwQofucl3YbLTN5XPJH5+FPBk9p2CnO+pE5we1vNZFrkdZdExZl782UsmKI4gaFBIq mLNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401835; x=1783006635; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DqfHW7SI1XthmWo4jTz5d+ZdefNLw9f0Qy2z/oVPHhQ=; b=N4oQbiRMflxwCJWPnoKHChou2OwXXyyNRSHVXjVFSfF8bZN5SfiPIy6iJStjXhQXuM o4aepCfPdFlJz13qmH/uc6Gck6KH7ivTx4QW0yxfvi6+tf40aoSMRKy1RdJMxUVw+lMG jXRvSAtK1OB2ogeJFllDen2GvTZ8cfpOx0scuLDSNqJOkaq12irigsuivdeAawqVslHj e+N6e+j0nX3zy1xgEB129fqMVM2K6DhcKdUUSI8NaY6zcA63XJyyjNKXNsXX4igwZm6A lKtIHNGsnkwi55/sl4EPIuxjubTMlehUjWNVlk9AaUNGPKnh3/6D0qqAEsx722J8jgXG u+3g== X-Forwarded-Encrypted: i=3; AHgh+RqYfxRXxRDrIZoRG8dsa5QzE8eGg9qLyQ0+vsvlqIY1EtXXb0CWQ4/epVFeAY40Wp8M6ky0NQQ=@isar-build.org X-Gm-Message-State: AOJu0YxNE0Emnp9iYajUMyS9gUJTXPaYb0kR7aZ08/Pkf+AqWNpZmGU9 UKkZeJ7+e/Tk+LsR9lmD7OS9BRr67LiW6Mp3F2Qv5a84RaDTzZeSMtft X-Received: by 2002:a05:6214:2b93:b0:8de:16a7:fbe3 with SMTP id 6a1803df08f44-8e6d4ee8c93mr56277066d6.31.1782401833113; Thu, 25 Jun 2026 08:37:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdpQe/mmEaz/v/y9a2GYWPqbmHDJMey068NfLYf0Ya1lQ==" Received: by 2002:a05:6214:1c4b:b0:8c7:2c9d:13b with SMTP id 6a1803df08f44-8dcdfc1cee6ls90508236d6.2.-pod-prod-03-us; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) X-Received: by 2002:a05:6102:1623:b0:729:e047:6155 with SMTP id ada2fe7eead31-73434245bc3mr1340906137.10.1782401831626; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401831; cv=pass; d=google.com; s=arc-20260327; b=YVtlxj+ol06wVYYRWAToeRVGQRqQD11IvA8ULmM9Ktw/vD+uHEwnVGQP/uQQk93RRi 9KpyTh7ryWg2ly0rRHekiHVWRDUwW9Xz+RlhGv0Au3qULpPhrtJovAAamWkqvZi/nl25 IpNmZFtziPdOppGV1K/bbz2BA/MXdMmLIUXLC0GN2txwXXSDZgPuAlDP4JU1Ne+XM4Y3 BvWJ4/cYWlpU4RKTMO/mQBRCcj+m+ftYE11t7LkCf5jzTSjmpAaUh4SGFnbupQuKC4EC HBx+CHD2SwBh2IjENKlUA1Fl4GH7Xdqk2lDJP9p9Kf3IfKQPyihdSzDai7+heXXRVndC GDzQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=N2Hxt+bPw53QoVoxgzGe53RzugTTfbfUPzjvUrBvL7kZQ1oTsky0MJQ8WgpHwAU07t tiryKZ7vYg9nPPNq/h37/CeGhpzgOePSXreh7CdUigHFErpK9YL1svfvETnTdR+cTXTM DKbckEmoe45T33sUEGoEWZT6yoT5MetjIyCpVyuXgTnpLHvusJQ7Yggqq53/2d7xKQVD QByB+q63BtyLms+KPQj8Av/57RaxMaGIrD5i+s0ke5fcjePj/wsSc/yPh+VwhqIve8vG v0SSEVeNqO4NwSRtNFCGYs+pXrhahWEICSbXBVUfWOrMN6R0CdKp0En/u7fOQFJjex68 dgXw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=0Ky3VW9a; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-968fb56e06csi87340241.0.2026.06.25.08.37.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:11 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VaVAZEPhxkZVAyUBi2Yl2kZEZ6U0QsoaAFZI5wCdRNJaReJV3wo8NdbRunYY0IkvUygnNAiWQ93fnKh211vcPfAa9YqJC4pmPpkxAQJpmE3lv9wPDftKyaaGlRl9I9a0j/F26Z2roCfqSMoJsV/vGT1tUQ2DPQAykXizYuaq3lpy6Sx4dNVmeLJUW+6IoCMpaFHDQHEF23ENa5oHYGeRX7QiklBfhhi3Mm1WQq1/zzr0mdqEMzlnSMIfbUqgrfbfsWHrChXXfJGhOd2/53M01Ml0XnOW2ADCedNLSPo+NBZZgxgZzgRtINaA4a4QvkAr0+CzamtrQrg/TU1plmJEbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TpW6Vnl7DrB8ScOH8r5n9FIFJxdyZV2GpB3FELvKzYQ=; b=LJqeKWEi7mGRxJmSZu+Jvpu3ks8eq1S3/lncrTtjDDxKOSs5rpnLAZAWXYJFSgbpPMQP6wVWQGM/SgH2bfLPeXjHZIV6FqDjFd9W8bYYgyGsKa5TroTETCISGDsisCvNnPrdK7kqa20pycX1693p+Dc8qJG8JbkSSXP89B3QF/zPUvGS2dpd2pzfAzo7sV8Uj/lrIsfpDgY0CEdmwsEE72M4PlQmUJ6XIiNJ551wEI0sRBpDGabju8AZGC57lweXXIkVy/F+PVYohdqOsmSo5ukmJ3kx2D2g3nDvvbrOlJDsVhaKW0nPr8yomxJElIhzrk7RsEy4/yqpNP/j1JXzFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB8116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 15:37:06 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:06 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 09/17] apt-fetcher: prepare for chroot specific fetching Date: Thu, 25 Jun 2026 17:36:43 +0200 Message-ID: <20260625153651.762936-10-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB8116:EE_ X-MS-Office365-Filtering-Correlation-Id: de8cb36a-9dfe-4c5e-3dbe-08ded2cf9d08 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|10070799003|1800799024|376014|366016|56012099006|11063799006|18002099003|22082099003|55112099003; X-Microsoft-Antispam-Message-Info: pA95Ib9kXB4qtMUodYAS81t7nircn5r1VX/Kw+TiQL9r77UQl7hZnkUnWjbiRC7vybMY4Ku8TUFMx+NuG+6f4DM3NLYN2iOBHJjAoucZBG5TVajdVIghLT2OORGEwHnjhDfDTITWbKvPmuc0nayQNeuc+McNiIFk2SHOI4t5YnzmEQrmph6kjvqMm3qCWpwcKZZcscUcqUnWhyPyOGMr0EDlj4dVKoi6lYADacwOJ472q0ets4nIazMZmMTcROwjcxMigCrySRd0pTqGiXfG9T2qPxfL3SOx0oxvMsxM+67IYzRMWb/Cx+KyuCnACBnnp0hDWlZjNefPVnV9F+gO7ETLbzzXB8vTKgBtFpPXJfcb7eOEHNgIv8vl5k/GAgsfonD/S1kjrDYgyVjEquRHc9LYezHh/iNHytFsWpNVGbwMH6zy4EZneSBWKnNemthYJQN95irGUeywpbXgEU0kd0f0xSNsMzdf5lxwaotB8X17oMZx/RpuD/5qpcCiAGv13I3FHBmYCRoFJW3u3vskby7/dp5J7oM+y3DH8PwDMrEO9ys+UmJS3ffmHDptUTyaz5hYArUhERgGrqcRQ5fMbDwJU6QLewWTT6jGFV8WpEgynYmucKwQMhiRH9RdJvlQt9Hqf7QVglcwkjaYfwnuVBNfJRNXs+wnT8G7tCCXZs0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(10070799003)(1800799024)(376014)(366016)(56012099006)(11063799006)(18002099003)(22082099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: IfVY0nSaVH0NStQLXUEp2vOL/vRviw8DfgWxn5lJ6K+k3TsKHqRs4MLYwjc1WPRMBQLQn7nZ78FxzMGTZZZjWMxd2roTT/0ExcJQrmnWxzU5sX+iqFg+mY/WZAqrglzCZJNRkaU3JSwmyPeFSt2+hoZ4jy7X2T9L9sgY5vav3AgJzytl57dSuEEDOYcW7hrSvfwYRCDipm/UQqCTOcy9goLcdOQ0onM4JoSzW8N8krinwhZ9/Rgh8W9wkfH32WVCwpozbbQMLOzRMlp23Ft3Nmv3xMC+3/sFBEHrIFZ9XqKGikCBQ4GDAJMKrrZkpyLwOWRjyppqhGP6EYsQvaAMQijrk3539LxexrIP8fs4BXmeAdzmzUEHMQmr0nrDlsBUPklq6KRFgmw3QD9YwdegHSb+ElTcIDW5khAeyIlHM78UqabwuIw2Itse9pG4cE9ZWDss20unPHJMfj0kEcE17u1VSfQpn3/cLV4tWhx0/KGpD+D0KPAX5XKopuc9RXTjzmpvPdkoavWiZzADCPoJnVsf60ASDCxZhfEbRtPSR4HiJRcbt8zoPOrsezLZx0ETdpUAJxTJvwvZ1UK5BDlaZbJ3F1VRBQ7vbFYxH4Vaf4plnSgwcaEPpxhrpTEy4MTHVdmjFld/Yb0Q3rQ0necqvtmIKi2E3uGZGvJzx22WnN7oA1aO9m7c438HItSsitvbTgVq6Nw+7sVDzYtrkTcGFJj/Vdp0Y1I+VVBYdE3DjUyiOfp/LR4PQV+BzCH4tVaLmMM54zmnpAlfKABtApFZsjLRssu1dbLSsOzGGPZ0xTN+502oqYpxh+PVso1ZPcHoyzEz6E9zThDoH3TIkMBIntmQRJU8/iVrt0N1lTlmnBdIVh61sQj1V4qFvnquqXAuOp/pzjQYsFN1o9gOapaEnoAf14cdfrDmoWSteJhNJQKP96dqDJtaNZJ9dBOufdWP6SVMg+5Q9/leQBSPTS4EZoJWGkFhtQoJmuo91QgTnAr/DdcJqF/exkjkngWCe2j4bCShqZohxgmx5CyrMXb4+r4umFBjcmJxRfIsB1lhEheNNojM+YRQFNty7M+4KpHOOBMeEFPlxgFleobJV/Ee9EqaZqD/ofUgGHQ35gemN78zG8/vD3dUsQB5e755Y5fU8ooi/KycgS9exUcSceyvG0JqzuazWbyHSJ6ME3MEm1uoiZI/x4miaj+73ZrNZFY5bJiIbd3h/bxKxc9Fj2ZK1+AvnIG38YOKUq5lpwxzv/rmBvoelCLdETNw8qUVaX4xvtCh46hPmIDe0cw6AwgdAvH8BBjrRrQbRgdo33djG5FGCz8+V8T0VKYpgd81eoLc3UH5vdzI2Se7t91fuua9AhcEQYCklPrsREESJH9AO27NAkN6fqR16c0Q8OyuMiLApw3ZVB87jhNmqxzZ2tXMds9oODOIDpmP6Jdf3ZIpvdA0Gjsh0IJeIwmzpN1fgjSpkdMHQRLda/H1WYEyJROyGe6Nk+q9Os6k3RTu/bq1D3it6/hzJyKFSbUylGk2fRQLAizSeRDcWmwekNxLfoDKTlXxUT4nIHzLyzaqHeO5DCQd6/JnzIHvCeZfo8+hWso0Y4CFEvIEOVe1FyirBy21eQYVKs+L7u2zZul13CljW429n5HONkCw9HyJhnMu9LhbSWNUoq881d5SUwMAwZMVTrpiE4sECVMvdfhkuwabRYUepXVvNxwksyYWtiU70w6dclvz2cdsJg5QgmolmY5QkPUeRsXvcuQDmcmdb+hzGc+J3xVRMUxoVJeWWiB8HwU5TjyQ8chL X-MS-Exchange-AntiSpam-MessageData-1: 59GJwyeXRHNaOoizooKaj0N5D1K4OjDwaCE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: de8cb36a-9dfe-4c5e-3dbe-08ded2cf9d08 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:06.8716 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: C2BrpQ2ZJTtcqjSyG2k6wQIk5hux01PSlXn76bYl3+twGlWSMrdUig1Yk274DwYkKKdS7ygofU0Z/aljcDup4D2eplZ7SlX1tMBJkzpxRUQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=0Ky3VW9a; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The implementation of the fetching depends on the chroot mode (e.g. schroot or unshare). As a preparation for the unshare mode, we hide the concrete fetcher implementation behind a factory, so that we will be able to dispatch based on the mode. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 2 +- meta/lib/aptsrc_fetcher.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e5987554..e8721c79 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -84,7 +84,7 @@ python() { # apt-src fetcher import aptsrc_fetcher - methods.append(aptsrc_fetcher.AptSrc()) + methods.append(aptsrc_fetcher.AptSrc.create(d)) src_uri = (d.getVar('SRC_URI', False) or "").split() for u in src_uri: diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index da2d94c2..1d133aae 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -9,6 +9,10 @@ from bb.fetch2 import logger from bb.fetch2 import runfetchcmd class AptSrc(FetchMethod): + @classmethod + def create(cls, d): + return AptSrcSchroot() + def supports(self, ud, d): return ud.type in ['apt'] @@ -20,6 +24,11 @@ class AptSrc(FetchMethod): codename = d.getVar('BASE_DISTRO_CODENAME') ud.localfile='deb-src/' + base_distro + '-' + codename + '/' + ud.host + def clean(self, ud, d): + bb.utils.remove(ud.localpath, recurse=True) + + +class AptSrcSchroot(AptSrc): def download(self, ud, d): bb.utils.exec_flat_python_func('isar_export_proxies', d) bb.build.exec_func('schroot_create_configs', d) @@ -83,6 +92,3 @@ class AptSrc(FetchMethod): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) - - def clean(self, ud, d): - bb.utils.remove(ud.localpath, recurse=True) From patchwork Thu Jun 25 15:36:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5193 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:49:02 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oi1-f191.google.com (mail-oi1-f191.google.com [209.85.167.191]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFn0CB005697 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:49:01 +0200 Received: by mail-oi1-f191.google.com with SMTP id 5614622812f47-48952d1c293sf3506135b6e.3 for ; Thu, 25 Jun 2026 08:49:01 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782402535; cv=pass; d=google.com; s=arc-20260327; b=kSjSfvDqJYDRX4Sfc1NSBXw9M5bzxxyJyq7KgkxsAuR5omXoVBIEzLnfzP/3paVbUZ WPiag95151pGKT16J5GpCS4ctkI2rLZC2L3DUSseGpGG2kapTiLqzkK3FQH6FJKxQ4T5 aDFngk+H3ag7DXf+G//aanUD6MimU8Ri7CwjXaz0AseZ8yG8LZHJa+J6T0LCR/lbjfZx p0yM8Lh2bZekdDrtV/hzRXA0Y9pCNjuhsGl/bhXvMG715FCXHX1p+RIpR+nULEctciGl 9H/4cuhEqYY/EupJkxS4PiUsRdPxR78n9gZsnH5MqAhudtNCpFNmrWpAfOO3g3HSloY7 0TJQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=MGSicFieuEwtGJQFAKLGP4RgavCdF7YNxf+lICyA4XA=; fh=EhhqICaNLb1QlE27pAnE6mSA6fkJJAovOeI16ZvNCZo=; b=KFc0ZMxt5IJr4VGQ2iFLFW0Uls2T1yABmxU50MMwbPbhhn8Iwaei+LH2jiRjvEmPJE 0FS1afXqPMhkKYQcRY546KmJ9IMNUH2Ryf9KCc0AAuXbCPaTRqxNWbaFv0i22jZawmf4 Y1eboLlFa0pN7b1GvxHo1RRxhkePiLxG4PMS1ImlLmCy4kKhUgWjP1GsXMSWW26Oon0c PxsBrQKtpoF92U4+Ws7bZr8LoUSK4VCo9VBgy9Hed87AvBZR0p+sFsJkKcJIvHDFIi21 tJmcPxuVQ/QnzOEO8LsLdCd5HEFazC3MBd1WRFhMsSk2x91b02pR2f5LmdDYRDSc+DUM bvGw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bBscJ2Rz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782402535; x=1783007335; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=MGSicFieuEwtGJQFAKLGP4RgavCdF7YNxf+lICyA4XA=; b=iZUWCpduW/TQIshayk0tb3xakNrt/4GvHr6MiH32ZHNIL97FavqRC+NAdIRDV3GCN4 bsuqXPvCFyg4MT+aNIS2vf9Fmn+EYBaepkFjxfTIu5d7RqYimW6YgyvWWVLO60lG2zTy Az43PQ5aN5ykMzeA1sx33zxyHr70r43Kck/SvQLAlofzp1KrwvworJmLIR06YKiuMaLn sSoyQtG/JY9tUILVT0M+dXYGcVdHdKBR7nxohWqH6tCOuK+e1CH9rYhF0TkgyowS57zQ 3w+7/nO1Gba2GYmxdq5hziAO+Pr0nolIQRJLwBO3D07jn3gisX0hy6AvipeorONc+HrM OemQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782402535; x=1783007335; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MGSicFieuEwtGJQFAKLGP4RgavCdF7YNxf+lICyA4XA=; b=gDbs/jCWFoBWcSKIWpCe/jlGO71KA1e3VVBK9jfYiu8BmRlLAsPtey6jbXlI1TwNSI qo/5Hw2DeM/SqJrpbnx4OwUl45A+TtZ+FqppcP/bQw978NZ7RYfS8uI96b/jnkQaWXMw GzDldHo9w8EmrqMawwaI1B61a4WHBZHiGeJo8OgUWEHuHBQXCnnm6GN6xAaQB3sG2huK DpV266rFiHWTSqN5Fu2rAk9V7JkHrbj61EKHbzQuiKo3oejjeW2TlbuGz5yStzPEWPIC MxrqyrP+6XAl8IZpYiZYG0ZSfN1p+WF42dXVCoCsLcIADYypxDXENhmXQgKLs9fuSK/g QM7w== X-Forwarded-Encrypted: i=3; AFNElJ+ifnBv7nN6bTbBv3DK15N9qkvFzpPZqVcqno7s7agRXtTUvBqHE6Ee8OXJzqjp7GEgvpgPfBc=@isar-build.org X-Gm-Message-State: AOJu0YyPpVJQrpd3nXsW+9djdvkwFFaAlp5i/N9+zuy7+IQYTQwrvhOw bNgA76bqfs6uniMMiJUPDDriUPRrYij3jrXZWUkjgA85rXSlrHHY+0Ze X-Received: by 2002:a05:690e:d4f:b0:64a:ef61:188c with SMTP id 956f58d0204a3-66487de2b91mr2194659d50.47.1782401833701; Thu, 25 Jun 2026 08:37:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdrasB14FABUufcXLjOLKhYUVDUkj3EB1gT/M/k0M2/Fw==" Received: by 2002:a05:6214:2a85:b0:8ce:b031:e76a with SMTP id 6a1803df08f44-8dcda7835ecls180462746d6.0.-pod-prod-01-us; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) X-Received: by 2002:a05:6102:1489:b0:6dd:405b:26d0 with SMTP id ada2fe7eead31-734368cbef7mr1352815137.23.1782401832581; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401832; cv=pass; d=google.com; s=arc-20260327; b=mj2ozfZwKerCj+Iaif8JqdIdSyjGd5JtkwCiBqEuwZITlmeZehuNqED8WEybKzcD+C AbNKHZ4ymNPrADtCvgk3HAnb4gV3kxpV8Sli2O9je5BowQKKerTLvdo1EJNbxwmfWV9+ aYFMDDQvadXtkAQS8TzUMjft/GrfgUo0B5pWI4Eez84Mqt4K2K9vHTT7/F0fXf4PiocE 5WgTA6TNxk0qjV0jQGnfmXphSJSavdm/xUfsPXYrH3VHtMZdABOyPG20fW1Y/Fe1bdhR Dvz25NxwKOC5DuBGDNPAMouXQMgAZX99X3n4c6FXRuQ0Q1gZC/CajhGREgYk+kugR28+ 4HUg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=CEhz7hcYg0agOVDHjKuspSkXbNVTH1+JF1KNHtEUyvE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ZAapkZmMzgxtPTGCTGx/cOAZPnWUp1x1iSgoy6AyawjCijaBpdhGdd2MkuaKXLY0wk kqvnt/04NjtG4EYqyArW/L1tI9gs+KSsLGP/cX5xGNvLQIK9cHO/wmaA/0boKfYieuUy GN/GLAH9SbbBO0fyTsWz+sSLeEd9qrpzP0z4sfSUjY9GP3v9537os5M4qsUaiqQ/DmX+ AEhn85PM+5ZagFbR7yHMb7942QtI6qGpBfKmp0bg7nGd+TKSV3EwpdcmGo4wAHdF8KI6 HCbQdoNqXR9qOEjcQZNkh6bOl3EQAh5mUIrmEOV79juWDbVB5upN4cxzqyx2omb/PS8J 2EUg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bBscJ2Rz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-968fb56e06csi87340241.0.2026.06.25.08.37.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:12 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LfmqbgF5+TkdvjhmW+rwzexcxaz0i24M2XxwjS8EvjbCbDeudIofWd/r1Aa7UxcLZimLi9ZwuOgox9EbaL+bfdP5B/TT6onCrfzPv64JQIOPy72OvyXVw3daOTqfMv7oRLnWDwfnMwVUQjnNdwPG+yUbjWP5w/+hTZ3Itv+Do0ddeJo/02c8TZ7h9S7sFqe8fG6DyXh9U9thgpTJlVcAW7ZPakJECELzeVIFbXfVrl9uGejzNajCkpPHxEFUDU4XXR4jkuxX2HQJGDGxDYrqcLPKBDCDr5g+fh7AAYvq+T79ZmRdYgMtPPZhyOx3TZ1JVV5QuDuHZF//HB+qJXEXFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CEhz7hcYg0agOVDHjKuspSkXbNVTH1+JF1KNHtEUyvE=; b=JKYkSAwC/O61oBBSwQygLscgvsKcpx1cAPhV1esWyh38oUvZtAESAws+iSCdnhRIkLHtL9WaIc2lwYeazLFOTB1lzUCMFYC8w+PuQh+TbHqXiVaYVjce/uginj6W76q/S/PpYBanFB87Fnas8xmN44p040pFgvzbBP8QJ03dPn3lI8YkJerNk9PgCDI4Dqywk41pQtPgVpzenWfxv5Y5m01/J6JUSCVcW8Gd4lYSzhbZPT+ShJdQDXUoNbHs4QNxSs6zoUXtzvFWPFo1AUrOG59FdvkTBCE+py4b35KM8CxPz8rX7IWcddCWe8IgvGvMLbLho4ZK8Ws0XpUeSAPLiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by PAWPR10MB8116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 15:37:07 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:07 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 10/17] add support for fully rootless builds Date: Thu, 25 Jun 2026 17:36:44 +0200 Message-ID: <20260625153651.762936-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|PAWPR10MB8116:EE_ X-MS-Office365-Filtering-Correlation-Id: 0b88ee8b-05d4-4b96-6ac2-08ded2cf9d48 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|10070799003|1800799024|376014|366016|56012099006|11063799006|5023799004|18002099003|22082099003|6133799003|3023799007|55112099003; X-Microsoft-Antispam-Message-Info: 9FF3jZpYaeWJ8k6j01z7s5AOGiOyp4U7+FrZlHbDVL+wFMynu4PPwEZIrUM8QFQAFa8C+P1LsBXigruf8EwddXS5O/zVVVMXVjPMzFCIh7bbg8NOlAqVw82MdFxausBcreBvCGcs3uExgiEkxoV7G6KbtVLOxL7/p+YxNTfeiyLCChFJkLOa4EfmHzjSE1djSnjmTFYe2c4FyvaeGlp9Vsf8bKUVsV231s9VXbtSMEg4rcATq7T0GprHWErL17CsBp5gdmI/0GFTziik90yCb8yf/KxvmKoQWcUi9B8uo8o4u3VcLoaWSxIVFhTRgoK1Kr/D/wIpMaLGHSQWlm+vOp+CCrK7BzBIsbfIsfvbjOO0xHJo/uwjQ+k+GUvB7laLD0biIwo5U8ntGHlYgJQ0L5/JzduwOAJBtqBDT9WK0RAx425H10dXXCwNBkBK8ECoRh4vYuj769MTEEqLVoc0QCDKlyj4q7nZ7xsF7bujYnfwnDmA9ilxuIfFVyxgbIj5EWlFnRvAvxrQkW4kRsFgkajvSPT+60SCepJWlQfFKOo/4rCD5tC7p23GrxTW5lP5sPeQqos5UITEcGv7y47rAgbuY73zYDG2FCLKBieSnm1ibvM9fpx3JVt5bsjzcPLY/MQlNR8J9je22lX04fXzVQaTTNmzNITMMoF3/yHXw+0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(10070799003)(1800799024)(376014)(366016)(56012099006)(11063799006)(5023799004)(18002099003)(22082099003)(6133799003)(3023799007)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: CKyfZjg8EqS0krg9ya0y4fpj376BDlx3qfnmtCPiH2oaEzPvUK2B7rZfamu7NPV7wCldwxhYmBwh8orku6AmXVR9mdxQG+cS2vni+oRsf2ephhZMtorBYkW/JzIKRA49/kANlj0aJ0UoV9SUoltTDCNxYWPipJgNN/cnXocs0N2AfSboPPX2zwPnX4Shd8pcEudlsti42ae9zXMRW+87PRSyJVsr7jlTuJ9XMWgQO1pga0h1CMp+fPPGX28fnoEFEq+Q2NDtPli1aegsTS7UAlCa8FB6W2X2SCxi4VWkMqYckPExsICfhLxgiPRCyrKpuylHdddWJkfLAcBbkINpgSegqL5JVl8Som8ZrLZ3ZD/MrtddnxOfj67IbaP5mlgjGK5yXIj6np7Iz78EtftQ0rh5Vw/MRpbmGQ81UhgfUCje8Tc5sYkFHfB6gte/8x4Vty7D8O4x/RWJt2yzqN/1mzRUykWs01NKK7FG9BuNUM/dgtxkz3ZFH/qASPFbHcXwL4Gfqjh9ToCUJazo/Bvanwz74JgSJ/AkbHb47caT5MMDADPi11fHSK6jhlLkxVkM54egU3GnWxgyKXIMDSVR9kzXoM2tmJXKzYQXEb3OnwYE05Ly4CQHZC+XxBAG/UPbWz8/cKOXQBGWyI5hTpsv8UMvoj/nL1NFMf8aF8HinYP9ke3wXdI1CZqvpZMoWJ4o/oALmde6YSP+lfZvHV4FJ4wzJWCTdSf1fZl2bfx5EYC5EcPTAPDUPhpOPDpnnkA3ewfKbDYw0ShK26p1XsHusDLQT4hNANw6t2hYfHCvMoMYLKw3kFrB3Mm/RjdeKd0osqfQOD33dCUlHlLA2nCH/9PEudmUd5TRopVSlldvtE43xYuutCJPEPiQzAk53wXfcrUW4lO+tiuSlGqPqEMZbbCUQQbSLq/3NPwIzbhUIwqiPbzpZqyVRZSOpHw35LR433Uf6hqHonZna5Yxf/8eidAgHBWA/v2h9JFV6ZEHF5OP0xxvQDyqDbu1SAJRqfgL2gz8fR5PcQ338W/HeJj3xF+AjUCqtU/G5POAvUjp43kSKFTssvkMrAVv8QuhRU0bK+WX09IaL5KQ+ynpvnQszRon44BcRWVNbYbouvH+oseJAjW0k7PbguKW+LtvEOqtc9IgQAltIIjPiT38mJDPF0CoRz7nv+3RXX/3E5lBujteKhrbVYNKmSPYqPeF0yri/zmUjxZ4s5dYrKoK2YucrihdOamOBZofPw1e8+6lyC/gPYRh8+UHUbnSQB7hkAb84daRN2nUogMi5BWS1nzpCNgjkQYY9T1Th23nsHIfblJJC8GoNTF4oXBPwUVCdoaexKFnv5WmO3/uKLqWD0pPgHcGpD+DV6yDQbsJz4TK2Q4M17Tvoey/BytoFIzsg0K3bxINLlirqXCYWqtE7qa/fcDQjR3Sv6MzlZSWQ6GV4t6WRXNErPlCDx3SOi0qdXkAwTNSon3JT0NbO1qTQPo3LiBPoqzlaJ41PfWFgn2xRuiboZllEdyxhIHwQ0LEGEstCq8OAtZqOFE88+GRvA52euA0G6QPlQhWsYGi6RSepmTrZclAlR1rFOB5gp/DWoGS4FuJNn7uEp9Rm7gWvlZBzNQQBc2g3xB1s/X9I85VwUc2ORuEiQOIVoYoyn1HDkMoWM4t8F6Hp770RGNzuFj21FZ6eL1YNxwLXBvS7U8rNS7O/5jzOETiNJ1M8eVQyYlTP33ekrKUMUY2cb0/9rx7qzB8oV05xq2nzSdbaJARlWdjcstWoymNJGvT+1UDmDQUl4TTk6Hd X-MS-Exchange-AntiSpam-MessageData-1: mY7TZdCZJPtVelHqFCYM0ibstPQdLqp79Kk= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0b88ee8b-05d4-4b96-6ac2-08ded2cf9d48 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:07.3449 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hOe4JY7Tvq64lqQHbuO4Q2qE/VGGla0oAlpbrtvFKvuw+VyoeOrzGziVG9SOnsqLdhuyhmJqIVjIJdpn/hqGdcmVve+JRnFyXDnu1JDEiHw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=bBscJ2Rz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL, RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Currently isar requires passwordless sudo and an environment where mounting file systems is possible. This has proven problematic for security reasons, both when running in a privileged container or locally. To solve this, we implement fully rootless builds that rely on the unshare syscall which allows us to avoid sudo and instead operate in temporary kernel namespaces as a user that is just privileged within that namespace. This comes with some challenges regarding the handling of mounts (they are cleared when leaving the namespace), as well as cross namespace deployments (the outer user might not be able to access the inner data). For that, we rework the handling of mounts and artifact passing to make it compatible with both chroot modes (schroot and unshare). We intentionally do not switch the build_system in isar.yaml resp. the KAS_BUILD_SYSTEM in the menu KConfig, as there is no kas release with support for the new modes as of today. We further don't want to break backward compatibility with older kas versions of the isar examples. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 20 +++++ doc/user_manual.md | 2 + meta/classes-global/base.bbclass | 86 ++++++++++++++++++- meta/classes-recipe/deb-dl-dir.bbclass | 7 +- meta/classes-recipe/dpkg-base.bbclass | 22 ++++- meta/classes-recipe/dpkg.bbclass | 17 ++-- .../image-locales-extension.bbclass | 9 +- .../image-tools-extension.bbclass | 84 ++++++++++++++++++ meta/classes-recipe/image.bbclass | 7 +- .../imagetypes_container.bbclass | 4 +- meta/classes-recipe/imagetypes_wic.bbclass | 6 +- meta/classes-recipe/rootfs.bbclass | 45 ++++++++-- meta/classes-recipe/sbuild.bbclass | 24 +++++- meta/classes-recipe/sdk.bbclass | 10 ++- meta/conf/bitbake.conf | 7 +- .../isar-mmdebstrap/isar-mmdebstrap.inc | 18 ++-- .../sbuild-chroot/sbuild-chroot.inc | 24 +++++- 17 files changed, 354 insertions(+), 38 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 552051ad..6d5b6ba3 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1103,3 +1103,23 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Rootless isar execution + +Isar is able to run without the need for `sudo` in an environment that +allows unprivileged users to unshare the kernels `user namespace`. Further, +a sufficiently large set of sub ids needs to be configured in `/etc/subuid` / `etc/subgid`. +This range should be `> 65536`, but smaller ranges might work as well, depending on the +ids used in the rootfs. + +A simple check if rootless is supported can be done by running: + +```bash +mmdebstrap --unshare-helper /bin/echo "rootless supported" || echo "rootless not supported" +``` + +To enable rootless builds, set the bitbake variable `ISAR_ROOTLESS = "1"`. +This internally switches the chroot mode from `schroot` to `unshare`. + +When using kas, the `build_system` needs to be set to `isar-rootless`, which currently +requires a development version of kas (for details, check the kas mailing list). diff --git a/doc/user_manual.md b/doc/user_manual.md index 396e1b90..dcc3f560 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -75,6 +75,7 @@ Building `debian-trixie` requires host system >= bookworm. Install the following packages: ``` apt install \ + acl \ binfmt-support \ bubblewrap \ bzip2 \ @@ -89,6 +90,7 @@ apt install \ qemu-user-static \ reprepro \ sudo \ + uidmap \ unzip \ xz-utils \ git-buildpackage \ diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index 90e4525e..7167cbb1 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -141,7 +141,9 @@ root_cleandirs() { die "Could not remove $i, because subdir is mounted" done for i in $ROOT_CLEANDIRS_DIRS; do - run_privileged rm -rf --one-file-system "$TMPDIR$i" + [ -d "$TMPDIR$i" ] || continue + find "$TMPDIR$i" \( ! -user "$(whoami)" -type d -prune \) -exec ${RUN_PRIVILEGED_CMD} rm -rf --one-file-system {} \; + rm -rf --one-file-system "$TMPDIR$i" mkdir -p "$TMPDIR$i" done } @@ -380,7 +382,28 @@ def deb_list_beautify(d, varname): # shall be used outside of this class. def insert_isar_mounts(d, rootfs, mounts): + """ + In unshare mode, all mounts must be created after unsharing the + mount namespace. As needs to happen within the unshared session, + we implement it as a code generator. Note, that the random and urandom + mounts are needed for DDI images. + """ lines = [] + to_touch = ['/dev/null', '/dev/random', '/dev/urandom'] + to_mkdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('touch ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_touch])) + lines.append('mkdir -p ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_mkdir])) + lines.append('mount -o bind,private,mode=666 /dev/null {}/dev/null'.format(rootfs)) + lines.append('mount -t devpts -o noexec,nosuid,uid=5,mode=620,ptmxmode=666 none {}/dev/pts'.format(rootfs)) + lines.append('( cd {}/dev; ln -sf pts/ptmx . )'.format(rootfs)) + lines.append('mount -t tmpfs none {}/dev/shm'.format(rootfs)) + lines.append('mount -o bind /dev/random {}/dev/random'.format(rootfs)) + lines.append('mount -o bind /dev/urandom {}/dev/urandom'.format(rootfs)) + lines.append('mount -t proc none {}/proc'.format(rootfs)) + # we do not unshare the network namespace, so we cannot create a sysfs, hence bind-mount + lines.append('mount -o rbind /sys {}/sys'.format(rootfs)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) inner_full = os.path.join(rootfs, inner[1:]) @@ -389,7 +412,18 @@ def insert_isar_mounts(d, rootfs, mounts): return '\n'.join(lines) def insert_isar_umounts(d, rootfs, mounts): + """ + In unshare mount we don't unmount the system mounts but just + remove the mountpoints. + """ lines = [] + to_unlink = ['/dev/null', '/dev/random', '/dev/urandom', '/dev/ptmx'] + to_rmdir = ['/dev/pts', '/dev/shm'] + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + lines.append('rm -f ' + ' '.join(['{}/{}'.format(rootfs, f) for f in to_unlink])) + for d in ['{}/{}'.format(rootfs, _d) for _d in to_rmdir]: + lines.append('[ -d {} ] && rmdir {}'.format(d, d)) + for m in mounts.split(): host, inner = m.split(':') if ':' in m else (m, m) mp = '{}/{}'.format(rootfs, inner) @@ -397,11 +431,52 @@ def insert_isar_umounts(d, rootfs, mounts): lines.append('[ -d {} ] && rmdir --ignore-fail-on-non-empty {}'.format(mp, mp)) return '\n'.join(lines) +def get_subid_range(idmap, d): + import getpass + with open(idmap, 'r') as f: + entries = f.readlines() + for e in entries: + user, base, cnt = e.split(':') + if user == os.getuid() or user == getpass.getuser(): + return int(base), int(cnt) + bb.error("No sub-id range specified in %s" % idmap) + def run_privileged_cmd(d): - cmd = 'sudo -E' + """ + In unshare mode we need to map the rootfs uid/gid range into the + subuid/subgid range of the parent namespace. As we usually only + get 65534 ids, we cannot map the whole range, as two ids are already + used by the calling environment (root and builder user). Hence, map + as much as we can but also map the highest id (nobody / nogroup) as + these are used within the rootfs. It would be easier to use + mmdebstrap --unshare-helper as command (which is also internally used + by sbuild), but this only maps linear ranges, hence it cannot map the + nobody / nogroup on the default subid range. By that, we have to avoid + the nobody / nogroup when building packages in this case. + """ + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + nobody_id = 65534 + uid_base, uid_cnt = get_subid_range('/etc/subuid', d) + nobody_subid = uid_base + uid_cnt - 1 + gid_base, gid_cnt = get_subid_range('/etc/subgid', d) + nogroup_subid = gid_base + gid_cnt - 1 + cmd = 'unshare --mount --pid --uts --ipc --user' \ + ' --kill-child' \ + ' --setuid 0 --setgid 0 --fork' \ + f' --map-users 1:{uid_base+1}:{uid_cnt-2}' \ + f' --map-groups 1:{gid_base+1}:{gid_cnt-2}' + if uid_cnt < nobody_id: + cmd += f' --map-users {nobody_id}:{nobody_subid}:1' + if gid_cnt < nobody_id: + cmd += f' --map-groups {nobody_id}:{nogroup_subid}:1' + cmd += " --map-root-user" + else: + cmd = 'sudo -E' bb.debug(1, "privileged cmd: %s" % cmd) return cmd +UNSHARE_SUBUID_BASE := "${@get_subid_range('/etc/subuid', d)[0] if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '0'}" +# store in variable to only compute once and make available to fetcher RUN_PRIVILEGED_CMD := "${@run_privileged_cmd(d)}" run_privileged() { @@ -415,5 +490,10 @@ run_privileged_heredoc() { run_in_chroot() { rootfs="$1" shift - ${RUN_PRIVILEGED_CMD} chroot "$rootfs" "$@" + + rootfs=$rootfs run_privileged_heredoc <<'EORIC' "$@" + set -e + ${@insert_isar_mounts(d, '$rootfs', '')} + chroot "$rootfs" "$@" +EORIC } diff --git a/meta/classes-recipe/deb-dl-dir.bbclass b/meta/classes-recipe/deb-dl-dir.bbclass index 33630f1e..ce966f82 100644 --- a/meta/classes-recipe/deb-dl-dir.bbclass +++ b/meta/classes-recipe/deb-dl-dir.bbclass @@ -123,7 +123,12 @@ deb_dl_dir_import() { # let our unprivileged user place downloaded packages in /var/cache/apt/archives/ run_privileged_heredoc << ' EOSUDO' mkdir -p "${rootfs}"/var/cache/apt/archives/partial/ - chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + chown -R 0:0 "${rootfs}"/var/cache/apt/archives/ + chmod 777 "${rootfs}"/var/cache/apt/archives/ + else + chown -R ${uid}:${gid} "${rootfs}"/var/cache/apt/archives/ + fi EOSUDO # nothing to copy if download directory does not exist just yet diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index e8721c79..a0d4fd05 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -168,12 +168,30 @@ dpkg_schroot_create_configs() { EOSUDO } +dpkg_chroot_prepare() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + dpkg_schroot_create_configs + fi +} + +dpkg_chroot_finalize() { + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + schroot_delete_configs + fi +} + +dpkg_prepare_unshare_ccache() { + mkdir -p "${CCACHE_DIR}" + # sbuild id from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110942 + setfacl -m u:${UNSHARE_SUBUID_BASE}:rwX -m u:${@int(d.getVar('UNSHARE_SUBUID_BASE')) + 999}:rwx "${CCACHE_DIR}" +} + python do_dpkg_build() { - bb.build.exec_func('dpkg_schroot_create_configs', d) + bb.build.exec_func('dpkg_chroot_prepare', d) try: bb.build.exec_func("dpkg_runbuild", d) finally: - bb.build.exec_func('schroot_delete_configs', d) + bb.build.exec_func('dpkg_chroot_finalize', d) } do_dpkg_build[network] = "${TASK_USE_NETWORK_AND_SUDO}" diff --git a/meta/classes-recipe/dpkg.bbclass b/meta/classes-recipe/dpkg.bbclass index e693800c..1b2616db 100644 --- a/meta/classes-recipe/dpkg.bbclass +++ b/meta/classes-recipe/dpkg.bbclass @@ -85,7 +85,10 @@ dpkg_runbuild() { ext_deb_dir="${ext_root}${deb_dir}" if [ ${USE_CCACHE} -eq 1 ]; then - schroot_configure_ccache + ${ISAR_CHROOT_MODE}_configure_ccache + fi + if [ "${ISAR_CHROOT_MODE}" = "unshare" ]; then + sbuild_add_unshare_mounts fi profiles="${@ isar_deb_build_profiles(d)}" @@ -109,24 +112,28 @@ dpkg_runbuild() { DSC_FILE=$(find ${WORKDIR} -maxdepth 1 -name "${DEBIAN_SOURCE}_*.dsc" -print) - sbuild -n -c ${SBUILD_CHROOT} --chroot-mode=schroot \ + sbuild -n -c ${SBUILD_CHROOT} \ + --chroot-mode=${ISAR_CHROOT_MODE} \ --host=${PACKAGE_ARCH} --build=${BUILD_ARCH} ${profiles} \ ${@'--no-arch-all' if 'cross' in isar_deb_build_profiles(d).split() else '--arch-all'} \ --no-run-lintian --no-run-piuparts --no-run-autopkgtest --resolve-alternatives \ --bd-uninstallable-explainer=apt \ --no-apt-update --apt-distupgrade \ --chroot-setup-commands="echo \"Package: *\nPin: release n=${DEBDISTRONAME}\nPin-Priority: 1000\" > /etc/apt/preferences.d/isar-apt" \ - --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;\" > /etc/apt/apt.conf.d/50isar-apt" \ + --chroot-setup-commands="echo \"APT::Get::allow-downgrades 1;${@'\nAPT::Sandbox::User root;' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''}\" > /etc/apt/apt.conf.d/50isar-apt" \ --chroot-setup-commands="rm -f /var/log/dpkg.log" \ --chroot-setup-commands="mkdir -p ${deb_dir}" \ --chroot-setup-commands="find ${ext_deb_dir} -maxdepth 1 -name '*.deb' -exec ln -t ${deb_dir}/ -sf {} +" \ --chroot-setup-commands="apt-get update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"" \ --finished-build-commands="rm -f ${deb_dir}/sbuild-build-depends-*-dummy_*.deb" \ --finished-build-commands="find ${deb_dir} -maxdepth 1 -type f -name '*.deb' -print -exec cp ${CP_FLAGS} -t ${ext_deb_dir}/ {} +" \ - --finished-build-commands="cp /var/log/dpkg.log ${ext_root}/dpkg_partial.log" \ + ${@ '--finished-build-commands="cp /var/log/dpkg.log $ext_root/dpkg_partial.log"' if d.getVar('ISAR_CHROOT_MODE') == 'schroot' else '' } \ --build-path="" --build-dir=${WORKDIR} --dist="${DEBDISTRONAME}" ${DSC_FILE} - sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + # TODO: port to unshare backend + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + sbuild_dpkg_log_export "${WORKDIR}/rootfs/dpkg_partial.log" + fi deb_dl_dir_export "${WORKDIR}/rootfs" "${distro}" # Cleanup apt artifacts diff --git a/meta/classes-recipe/image-locales-extension.bbclass b/meta/classes-recipe/image-locales-extension.bbclass index 029caec7..9bb43a8d 100644 --- a/meta/classes-recipe/image-locales-extension.bbclass +++ b/meta/classes-recipe/image-locales-extension.bbclass @@ -29,8 +29,12 @@ ROOTFS_INSTALL_COMMAND_BEFORE_EXPORT += "image_install_localepurge_download" image_install_localepurge_download[weight] = "40" image_install_localepurge_download[network] = "${TASK_USE_NETWORK_AND_SUDO}" image_install_localepurge_download() { - run_in_chroot '${ROOTFSDIR}' \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS') if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else '')} + chroot ${ROOTFSDIR} \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} -oDebug::NoLocking=1 --download-only localepurge +EOF } ROOTFS_INSTALL_COMMAND += "image_install_localepurge_install" @@ -62,6 +66,9 @@ __EOF__ # Install configuration into image: run_privileged_heredoc <<'EOSUDO' set -e + + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), '')} + localepurge_state='i' if chroot '${ROOTFSDIR}' dpkg -s localepurge 2>/dev/null >&2 then diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index 766f386d..cc046fdb 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -16,7 +16,14 @@ do_image_tools[depends] += " \ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DIR_IMAGE}:${PP_DEPLOY}" SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" +# only used on unshare +ROOTFS_IMAGETOOLS ?= "${WORKDIR}/rootfs-imgtools-${BB_CURRENTTASK}" + imager_run() { + imager_run_${ISAR_CHROOT_MODE} "$@" +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" @@ -103,3 +110,80 @@ generate_imager_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} \ < ${WORKDIR}/imager.manifest } + +imager_run_unshare() { + exec 3<&0 + + # ignore everything before '--'. If the remaining list is empty, + # assume a here document is passed via stdin + while [ "$#" -gt 0 ]; do + case "$1" in + --) shift 1; break ;; + *) shift 1 ;; + esac + done + + if [ "$#" -eq 0 ]; then + set -- "$@" '/bin/bash' '-s' + fi + + local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${ROOTFS_IMAGETOOLS} + tar -xf "${SBUILD_CHROOT}" -C "${ROOTFS_IMAGETOOLS}" + mkdir -p ${ROOTFS_IMAGETOOLS}/isar-apt + cp -rL /etc/resolv.conf "${ROOTFS_IMAGETOOLS}/etc" +EOF + + # setting up error handler + imager_cleanup() { + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} + } + trap 'exit 1' INT HUP QUIT TERM ALRM USR1 + trap 'imager_cleanup' EXIT + + if [ -n "${local_install}" ]; then + echo "Installing imager deps: ${local_install}" + + distro="${BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + if [ ${ISAR_CROSS_COMPILE} -eq 1 ]; then + distro="${HOST_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" + fi + + E="${@ isar_export_proxies(d)}" + deb_dl_dir_import ${ROOTFS_IMAGETOOLS} ${distro} + ${SCRIPTSDIR}/lockrun.py -r -f "${REPO_ISAR_DIR}/isar.lock" -s <<'EOAPT' + local_install=$local_install ${@run_privileged_cmd(d)} /bin/bash -s <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get update \ + -o Dir::Etc::SourceList='sources.list.d/isar-apt.list' \ + -o Dir::Etc::SourceParts='-' \ + -o APT::Get::List-Cleanup='0' + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades --download-only install \ + $local_install +EOF +EOAPT + + deb_dl_dir_export ${ROOTFS_IMAGETOOLS} ${distro} + local_install=$local_install run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y \ + --allow-unauthenticated --allow-downgrades install \ + $local_install +EOF + fi + + run_privileged_heredoc <<'EOF' "$@" + set -e + mkdir -p ${ROOTFS_IMAGETOOLS}/${SCRIPTSDIR} + ${@insert_isar_mounts(d, d.getVar('ROOTFS_IMAGETOOLS'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 +EOF + + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} +} diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index bc3f2181..1590f58a 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -188,6 +188,7 @@ SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" python() { image_types = (d.getVar('IMAGE_FSTYPES') or '').split() conversions = set(d.getVar('IMAGE_CONVERSIONS').split()) + chroot_mode = d.getVar('ISAR_CHROOT_MODE') basetypes = {} typedeps = {} @@ -263,7 +264,8 @@ python() { if image_cmd: localdata.setVar('type', bt) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -293,7 +295,8 @@ python() { cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) + if chroot_mode == 'schroot': + cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes_container.bbclass b/meta/classes-recipe/imagetypes_container.bbclass index 8d4f8050..84ea63e7 100644 --- a/meta/classes-recipe/imagetypes_container.bbclass +++ b/meta/classes-recipe/imagetypes_container.bbclass @@ -68,7 +68,9 @@ do_containerize() { run_privileged rm -rf "${oci_img_dir}_unpacked" # no root needed anymore - run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown --recursive $(id -u):$(id -g) "${oci_img_dir}" + fi } convert_container() { diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 8b048dc7..3e261622 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -193,8 +193,10 @@ generate_wic_image() { fi EOIMAGER - run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + if [ "${ISAR_CHROOT_MODE}" = "schroot" ]; then + run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true + run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* + fi rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/rootfs.bbclass b/meta/classes-recipe/rootfs.bbclass index 411df93f..8563da7b 100644 --- a/meta/classes-recipe/rootfs.bbclass +++ b/meta/classes-recipe/rootfs.bbclass @@ -141,11 +141,17 @@ rootfs_cmd() { bwrap --unshare-user --unshare-pid ${bwrap_args} \ --dev-bind /dev /dev --proc /proc --tmpfs /tmp \ + ${@'--bind "${REPO_ISAR_DIR}/${DISTRO}" /isar-apt' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ ${bwrap_binds} -- "${@}" } rootfs_do_mounts[weight] = "3" -rootfs_do_mounts() { +python rootfs_do_mounts() { + if d.getVar('ISAR_CHROOT_MODE') == 'schroot': + bb.build.exec_func('rootfs_do_mounts_priv', d) +} + +rootfs_do_mounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e mountpoint -q '${ROOTFSDIR}/dev' || \ @@ -168,7 +174,13 @@ rootfs_do_mounts() { EOSUDO } -rootfs_do_umounts() { +python rootfs_do_umounts() { + # unconditionally run the unmount code as this ignores missing + # mountpoints but also does the cleanup of the directories + bb.build.exec_func('rootfs_do_umounts_priv', d) +} + +rootfs_do_umounts_priv() { run_privileged_heredoc <<'EOSUDO' set -e @@ -215,7 +227,11 @@ ROOTFS_EXTRA_IMPORTED := "${@rootfs_extra_import(d)}" rootfs_prepare[weight] = "25" rootfs_prepare(){ - run_privileged tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" + rm -rf ${ROOTFSDIR} + run_privileged_heredoc << 'EOF' + mkdir -p ${ROOTFSDIR} + tar -xf "${BOOTSTRAP_SRC}" -C "${ROOTFSDIR}" --exclude="./dev/console" +EOF # setup chroot run_privileged "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" @@ -285,10 +301,14 @@ rootfs_install_pkgs_update[weight] = "5" rootfs_install_pkgs_update[isar-apt-lock] = "acquire-before" rootfs_install_pkgs_update[network] = "${TASK_USE_NETWORK_AND_SUDO}" rootfs_install_pkgs_update() { - run_in_chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ - -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ - -o Dir::Etc::SourceParts="-" \ - -o APT::Get::List-Cleanup="0" + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + chroot '${ROOTFSDIR}' /usr/bin/apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_install_resolvconf" @@ -368,8 +388,13 @@ rootfs_install_pkgs_install[weight] = "8000" rootfs_install_pkgs_install[progress] = "custom:rootfs_progress.PkgsInstallProgressHandler" rootfs_install_pkgs_install[network] = "${TASK_USE_SUDO}" rootfs_install_pkgs_install() { - run_in_chroot "${ROOTFSDIR}" \ + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + find ${ROOTFSDIR}/isar-apt + chroot "${ROOTFSDIR}" \ /usr/bin/apt-get ${ROOTFS_APT_ARGS} --no-download ${ROOTFS_PACKAGES} +EOF } ROOTFS_INSTALL_COMMAND += "rootfs_restore_initrd_tooling" @@ -678,8 +703,10 @@ rootfs_install_sstate_finalize() { # - after building the rootfs, the tar won't be there, but we also don't need to unpack # - after restoring from cache, there will be a tar which we unpack and then delete if [ -f rootfs.tar ]; then + run_privileged_heredoc <<'EOF' mkdir -p ${ROOTFSDIR} - run_privileged tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} < rootfs.tar + tar -C ${ROOTFSDIR} -xp ${SSTATE_TAR_ATTR_FLAGS} -f rootfs.tar +EOF rm rootfs.tar fi } diff --git a/meta/classes-recipe/sbuild.bbclass b/meta/classes-recipe/sbuild.bbclass index d9ccce7f..8ca66138 100644 --- a/meta/classes-recipe/sbuild.bbclass +++ b/meta/classes-recipe/sbuild.bbclass @@ -7,7 +7,8 @@ SCHROOT_MOUNTS ?= "" inherit crossvars -SBUILD_CHROOT ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" +SBUILD_CHROOT:unshare ?= "${SCHROOT_DIR}.tar.zst" +SBUILD_CHROOT:schroot ?= "${DEBDISTRONAME}-${SCHROOT_USER}-${ISAR_BUILD_UUID}-${@os.getpid()}" SBUILD_CONF_DIR ?= "${SCHROOT_CONF}/${SBUILD_CHROOT}" SCHROOT_CONF_FILE ?= "${SCHROOT_CONF}/chroot.d/${SBUILD_CHROOT}" @@ -144,6 +145,13 @@ END EOSUDO } +unshare_configure_ccache() { + # ccache must be below /build for file permissions to work properly + cat <<'EOF' >> ${SBUILD_CONFIG} +$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"; +EOF +} + sbuild_dpkg_log_export() { export dpkg_partial_log="${1}" @@ -152,3 +160,17 @@ sbuild_dpkg_log_export() { cat ${dpkg_partial_log} >> ${SCHROOT_DIR}/tmp/dpkg_common.log ) 9>"${SCHROOT_DIR}/tmp/dpkg_common.log.lock" } + +# additional mounts managed by sbuild +sbuild_add_unshare_mounts() { + dpkg_prepare_unshare_ccache + + cat <<'EOF' >> ${SBUILD_CONFIG} +$unshare_bind_mounts = [ + { directory => '${WORKDIR}/rootfs', mountpoint => '${PP}/rootfs' }, + { directory => '${WORKDIR}/isar-apt/${DISTRO}-${DISTRO_ARCH}/apt/${DISTRO}', mountpoint => '/isar-apt' }, + { directory => '${REPO_BASE_DIR}', mountpoint => '/base-apt' }, + { directory => "${CCACHE_DIR}", mountpoint => "/ccache" } +]; +EOF +} diff --git a/meta/classes-recipe/sdk.bbclass b/meta/classes-recipe/sdk.bbclass index 16165792..7a8d5ff4 100644 --- a/meta/classes-recipe/sdk.bbclass +++ b/meta/classes-recipe/sdk.bbclass @@ -74,13 +74,17 @@ rootfs_configure_isar_apt_dir() { ROOTFS_POSTPROCESS_COMMAND:prepend:class-sdk = "sdkchroot_configscript " sdkchroot_configscript () { - run_in_chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} + run_privileged_heredoc <<'EOF' + set -e + ${@insert_isar_mounts(d, d.getVar('ROOTFSDIR'), d.getVar('ROOTFS_MOUNTS')) if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} + cp -rL /etc/resolv.conf '${ROOTFSDIR}/etc' + chroot ${ROOTFSDIR} /configscript.sh ${DISTRO_ARCH} +EOF } ROOTFS_POSTPROCESS_COMMAND:append:class-sdk = " sdkchroot_finalize" sdkchroot_finalize() { - - rootfs_do_umounts + rootfs_do_umounts_priv # Remove setup scripts run_privileged rm -f ${ROOTFSDIR}/chroot-setup.sh ${ROOTFSDIR}/configscript.sh diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 6db10eb3..635b7ea3 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -69,7 +69,7 @@ KERNEL_FILE ?= "${@ 'vmlinux' if d.getVar('DISTRO_ARCH') in ['mipsel', 'riscv64' MACHINEOVERRIDES ?= "${MACHINE}" DISTROOVERRIDES ?= "${DISTRO}" -OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:forcevariable" +OVERRIDES = "${PACKAGE_ARCH}:${MACHINEOVERRIDES}:${DISTROOVERRIDES}:${BASE_DISTRO_CODENAME}:${ISAR_CHROOT_MODE}:forcevariable" FILESOVERRIDES = "${PACKAGE_ARCH}:${MACHINE}" # Setting default QEMU_ARCH variables for different DISTRO_ARCH: @@ -148,6 +148,10 @@ ISAR_APT_RETRIES ??= "${@'10' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAP ISAR_APT_DELAY_MAX ??= "${@'600' if bb.utils.to_boolean(d.getVar('ISAR_USE_APT_SNAPSHOT')) else ''}" ISAR_APT_SNAPSHOT_TIMESTAMP ??= "${SOURCE_DATE_EPOCH}" +# Rootless build execution +ISAR_ROOTLESS ??= "0" +ISAR_CHROOT_MODE ??= "${@'unshare' if bb.utils.to_boolean(d.getVar('ISAR_ROOTLESS')) else 'schroot'}" + # Default parallelism and resource usage for xz XZ_MEMLIMIT ?= "50%" XZ_THREADS ?= "${@oe.utils.cpu_count(at_least=2)}" @@ -203,6 +207,7 @@ CCACHE_DEBUG ?= "0" # Variables for tasks marking # Long term TODO: get rid of sudo marked tasks TASK_USE_NETWORK = "1" +# nested namespacing requires this as well TASK_USE_SUDO = "1" TASK_USE_NETWORK_AND_SUDO = "1" diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 376362bf..97c174b4 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -162,6 +162,8 @@ do_bootstrap() { line="[trusted=yes] ${line}" fi echo "deb-src ${line}" >> "${WORKDIR}/sources.list.d/base-apt.list" + echo > ${WORKDIR}/mmtmpdir + chmod 666 ${WORKDIR}/mmtmpdir # no need to sync /var/cache/apt/archives if base-apt used syncin='echo skip sync-in' @@ -178,12 +180,14 @@ do_bootstrap() { mkdir -p \$1/base-apt && \ mount -o bind,private '${REPO_BASE_DIR}' \$1/base-apt && \ chroot \$1 apt-get update -y \ - -o APT::Update::Error-Mode=any && \ + -o APT::Update::Error-Mode=any \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} && \ chroot \$1 apt-get install -y dpkg && \ umount \$1/base-apt && \ - umount \$1/$base_apt_tmp && rm ${WORKDIR}/mmtmpdir && \ - umount $base_apt_tmp && rm -rf --one-file-system $base_apt_tmp" + umount \$1/$base_apt_tmp && \ + umount $base_apt_tmp && rmdir \$1/$base_apt_tmp" else + # prepare dl_dir for access from both sides (local and rootfs) deb_dl_dir_import "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" bootstrap_list="${WORKDIR}/sources.list.d/bootstrap.list" @@ -203,6 +207,7 @@ do_bootstrap() { -o Dir::State="$1/var/lib/apt" \ -o Dir::Etc="$1/etc/apt" \ -o Dir::Cache="$1/var/cache/apt" \ + ${@'-o APT::Sandbox::User=root' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ -o Apt::Architecture="${BOOTSTRAP_DISTRO_ARCH}" \ ${@get_apt_opts(d, '-o')}' extra_essential="$extra_essential && $syncout" @@ -226,7 +231,8 @@ do_bootstrap() { mkdir -p ${DEBDIR} touch ${DEB_DL_LOCK} - run_privileged TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ + ${@'' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else 'run_privileged'} \ + TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \ $arch_param \ --mode=unshare \ ${MMHOOKS} \ @@ -245,6 +251,7 @@ do_bootstrap() { --customize-hook='sed -i "/en_US.UTF-8 UTF-8/s/^#//g" "$1/etc/locale.gen"' \ --customize-hook='chroot "$1" /usr/sbin/locale-gen' \ --customize-hook='chroot "$1" /usr/bin/apt-get -y clean' \ + ${@'--skip=output/dev' if d.getVar('ISAR_CHROOT_MODE') == 'unshare' else ''} \ --skip=cleanup/apt \ --skip=download/empty \ ${MMOPTS} \ @@ -259,7 +266,8 @@ do_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" != "1" ]; then deb_dl_dir_export "${WORKDIR}/dl_dir" "${BOOTSTRAP_BASE_DISTRO}-${BASE_DISTRO_CODENAME}" - run_privileged rm -rf --one-file-system "${WORKDIR}/dl_dir" + run_privileged find ${WORKDIR}/dl_dir -maxdepth 1 -mindepth 1 -exec rm -rf --one-file-system "{}" \; + rmdir ${WORKDIR}/dl_dir fi } addtask bootstrap before do_build after do_generate_keyrings diff --git a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc index aa62b324..054d7fc2 100644 --- a/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc +++ b/meta/recipes-devtools/sbuild-chroot/sbuild-chroot.inc @@ -66,8 +66,28 @@ ROOTFS_POSTPROCESS_COMMAND:remove = "rootfs_cleanup_base_apt" DEPLOY_SCHROOT = "${@d.getVar('SCHROOT_' + d.getVar('SBUILD_VARIANT').upper() + '_DIR')}${SBUILD_SCHROOT_SUFFIX}" -do_sbuildchroot_deploy[dirs] = "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" -do_sbuildchroot_deploy() { +sbuildchroot_deploy_tree() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_SCHROOT}" } +sbuildchroot_deploy_tar() { + lopts="--one-file-system --exclude=var/cache/apt/archives --exclude=isar-apt" + # we cannot use pzstd, as this results in a different magic + # (zstd skippable frame) which is not detected by sbuild + # https://salsa.debian.org/debian/sbuild/-/blob/d975d388a98627a0d7d112791e441c27a6d529df/lib/Sbuild/ChrootUnshare.pm#L608 + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${DEPLOY_SCHROOT}.tar.zst + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} +} + +do_sbuildchroot_deploy[network] = "${TASK_USE_SUDO}" +do_sbuildchroot_deploy[dirs] += "${DEPLOY_DIR}/schroot-${SBUILD_VARIANT}" +python do_sbuildchroot_deploy() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('sbuildchroot_deploy_tar', d) + else: + bb.build.exec_func('sbuildchroot_deploy_tree', d) +} addtask sbuildchroot_deploy before do_build after do_rootfs From patchwork Thu Jun 25 15:36:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5184 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:20 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f60.google.com (mail-qv1-f60.google.com [209.85.219.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbIdC004528 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:19 +0200 Received: by mail-qv1-f60.google.com with SMTP id 6a1803df08f44-8db6a7471basf45965666d6.0 for ; Thu, 25 Jun 2026 08:37:19 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401833; cv=pass; d=google.com; s=arc-20260327; b=h3R2VAONgYyArW7xiXmoo7jlJ47TGjLIXr86hv/MqN4D1LcUsfpZIcMFpN+EBRh61R st5PFpUy4aD5Uf3ElOIj6OmfHp5v+Y91XetP74Qsy2iR9qP5XLgFRLo4f4yScy+iWj6A kiCjHBBEr9imCV25pPYN94DA2+jn1F689mRGHLh1bSU9NilEfeJaOKJOYSxovrQQdYdQ MpjMy6dtc9vLMdadaCntzmTfirn3FPUudaqnLLbnPFTzxT1rh6y0JVjegcZdZk9Grhkd 9g9EiALG2C0YHRgCmchsD1quQNu0ZYebZdW9CAZpaAtellKWh/JMF9TjjZU5ao4Vbsgl M0MQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=J3wh4cYW/TKli4/GFany254zbR6pTED5ijQKF1M2Pjc=; fh=BOZ2HVyDMXoD051Q1fFEZInxnBv0b81T4AMYmViS66g=; b=Heue1hEaPS3qnb94VUqNuPQZYXV67iFrKVxXbI9Q23VmqXmYxunbDyr94lgBAPh7d8 B+/xioPP8C8ulwMxa3b4GjVhuTbCh1J5TXaV/NbRDC/lElOPSMU8IzqXOFvEkI2JaY4r TIKwKSHQdj8RI97sw5okFUrrQtfbrLE0AcFylFjSm8GgDQIbQbhn6Rm4Tsv4Hxgry1NO 7HyBwhfceIjJ6+TbvmP8imEegmlearGqEPO9aWUHntzH1V6w19agX6tXbpKceOUsQmmb O1PILrlkBtiNKmQeQOH3YghkTvqFMj83NOiw3eC/nIgIecqh+qVwxnMXhJQlsgQwAO9N kgrA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SGddns1p; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401833; x=1783006633; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=J3wh4cYW/TKli4/GFany254zbR6pTED5ijQKF1M2Pjc=; b=h6saRyi1tubZTj9TUoIfydgr0HWwFZzCGRguRAZPXBoe5MxbqHWShiv3w2yBxMdYt+ OnNphU3OaZvh3psSsx1pTFs1RA9Mp8Egwh9QLFxR98edlHyfuKmctmmHUCx3C6eB8zMH VTSkE1VhGl2q9ZZloAoccw/gel6tzjLDwq1x1cUEg3iOXrvWMTW0Gw9mJp8Q3THfzLyZ MhH/J/Ui8Ct7rGi+mTv3ARqswc5l2NkW9/4wn6RhA5LSRCZ1CSkJwNUM0bIdIs6MVSAf ajTb83wodeQXqb0TkqbRjBhWZ1IbwasyXShqE/CkHJOjF9NdaKZ4FS8HsLNRHOBcOJsE a1eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401833; x=1783006633; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=J3wh4cYW/TKli4/GFany254zbR6pTED5ijQKF1M2Pjc=; b=Qvi02WsCM+VzETdpRmTdxQJoNDylRppZVXGgpEj+0LdcT7lWPHykVVJTpVCZUSASho teB1vV+RVMcghC1ruzb970Sk0JmD2dveIAhL9CAcrqUK+AEJV1oX0CKeXbEd29FKJeK5 TVUtos7cLNQ7/xikwxVeYcB7qJAP6JuNuBu6hnsqInM0ZnLcA9GRk80ZTLsoZjIVPLj9 Qye7eYvL5K0CoPWci+WTF9s+92hiAoErhzvZYBFbE+yvm5GaOCvFbQY47IE/6WZwvU5Y CoB2ppDpMjujTDhJLJ5Ti0dQGmBwXlXhxhHOPMY7L0r4JBYEoT92kx/InxbhCstlEl+I PHNQ== X-Forwarded-Encrypted: i=3; AHgh+RohM+sFrd5koFUpyBTuBNxOWJE++liAGPeCHAV480tzZb/QHa11arlbrjJd6aj5ov+J+a72x2s=@isar-build.org X-Gm-Message-State: AOJu0YwWHoH6SERtiyTufhWMp7lDH/KmcDhV5NMbTkUEBJuzkk3Zhjg1 Tx5jU1nBY1j3fTh3WCDRXFRsSqK05ooiL/ZUcR/kH10fTd6GCY0/VUsv X-Received: by 2002:a05:6214:f6f:b0:8cc:f2d9:2c19 with SMTP id 6a1803df08f44-8e6da341d86mr51515006d6.28.1782401831368; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUcj4ga0xeAxTAL2UJlm6ye4iOi3ykBn7wNQRQkzBPgFOQ==" Received: by 2002:ad4:5ce5:0:b0:8ce:adbf:4fda with SMTP id 6a1803df08f44-8dce0bada1els69379626d6.2.-pod-prod-07-us; Thu, 25 Jun 2026 08:37:10 -0700 (PDT) X-Received: by 2002:a05:6102:5246:b0:631:ff40:22b5 with SMTP id ada2fe7eead31-734362a83d5mr1384902137.21.1782401829786; Thu, 25 Jun 2026 08:37:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401829; cv=pass; d=google.com; s=arc-20260327; b=jj+U/ulrAGOpE3u02dyERv2Qseftlz6Bzi+jb0QfQ7fw/Agxe3eFqR7GoohiI/kcGY bvTwWQuyYTBFMrhEpeG2pwTyHcrt5NIGzEbXV5JHYdmb6oFJprCDA8BGAPT6RyeiSy1M oNUD0N+KwdoxwpJExGrSJsgaPNueMs8mMN8QC8YdfPxcfiYE/7/64zBUpbcfBeZHaa9P 4fWwQqYWHCOFzyQ5jN7JjtKZc9SHCaiwtB/fiCfDLj7onwgyY/Le7f8vHuGlVAuH70Ih 1gZnW/87P8hC6fHruWj8SmzF2XwHu5f7yJ9pPI3WysJxZQsVxa3N2u6XamKr1ynRmxEv I8Jg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=WrSupa5Ua7sDgGewyzsPqwurv9OsmMjTz8Q2jRj7JlE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=DrzWa1/g2zP/fTxffrU9/+zRSgh6lwK8LbGLx4m872NhNAgr3BDUFme3FIt18nLcE7 W2BhQBwbtcmabInYJRfT2R3Gbohz3quprE2CR4waGxbmZLQWcynjwIvGLfbdN5+5F19j 959xQ9M6qcYA+eLBnYzsu+/hxtO1+B4FPO/IbpROYjiPdmPXZVGTUQbSvKWGNnY5pYGq /cvDFn2sjN9CHlSXfxUgdlk5UCRgMly6BM8Kq5K4OQOFM9M43165vqkgmTsACU5DUzyW rrxsvgXXj2sP4JdG+lU/U+pYb5LAPinv9kvW/SSbjkdJ0roRSANX0JevfDfU01w+MZ8S MxQw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SGddns1p; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-72ba3eef31csi634854137.4.2026.06.25.08.37.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:09 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UWCqab3JLLM/skqEa427jKPnZ4Bdzm5rGXHyTVFb0BK0Hmp9fSO8HFhsNMJu2sN/RkxWbWYHyhSxxT5BrtSBL2Gqwdf6gt775UYL6Wv7rDyZz0US2pjulu8IXCF/bOddIIry6v+mi+43a+SZU2hRWQ+4UBys+5ZAm2PuHodUlP9r8yYCSXmidOPMpKcrTWgVdTJYNCkJ73PMgNfRePqyjOzEa2C8e+9jkSTcINqML19WMjfQuULuSbBK1P9LK0ZVn5GgXTrSDaRWEtXxOOga2QJEXaZ4Pc6r4s7P0FwSrQYj85tFD6cV99ZbQiQHkCR7DxPZzFw2wNcjX7bZv9DYOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WrSupa5Ua7sDgGewyzsPqwurv9OsmMjTz8Q2jRj7JlE=; b=n/NvxSg3ESrDML9uNK2coamc1236vQzLBXj3UyeqHtbNX/PQi0I3n+hL+psrFAQ3ppqfMXDY3/fvuM10bbMmb3zvPxNQxXKndDe0SpwaP7JUcRygmKEIRJQbAkFVg1T4d/zpl7zSwkRnntGSEwFDg/BMSNQUUfUj18xihBA2O1T+EvpRURBoGu+bIzZ8OodTMTk5zhjH6UMremZwGTXvdKRdyijHTUL+x6V3bgD/MA/dpuIUQNVChkudboEQafzdBESS46vsAGTay6uWt1W3eQto6urxQgMgKBltxTst826yG03QKWaLn1TbzLbQCPAMicEv+CXp0TaLlrQSpBHfiQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:07 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:07 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 11/17] add helper script to clean artifacts in build dir Date: Thu, 25 Jun 2026 17:36:45 +0200 Message-ID: <20260625153651.762936-12-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 623206be-1ccc-4964-2076-08ded2cf9d93 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|3023799007|56012099006|6133799003|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: fVFOE2Ixy5cToQasN4KVnZOEFx6RFmGUAyUvLDdHOpTgDGMCKWwDQ3objt+VADO8sSZfhQeJ6/UJy4bv+mIya7Z1GdVG8MPCCmbS/mcmWl2fYnr2rjwxrCWxPIeCquy3VdfKkbtVFsRYN8X72NxNF1Yh88ljgteEuZtvhHcA7HJq8LewtSmPTc/617O0tujyUWaOs9nrFUo+pqvkpiw5tFGmoyJqzS5rtrja6E1/YY81uAGe+Hcza/WCa8DetbqHTaTucAHt5mgyG0bANIEDXYHJZilJok78J3UQyACc2MfitavGl9Go8fMKvaNj46HlzjO2rvvcRUJ9rJk1Om5vBsyUh8SuGtl0YeT60142AvbM4Yrq0Qe5lZx4ulHuz9PXrY0mBidK9p7gwNT5DqCFZ6OUUSxxiQYgSCxQ+QILjetWl325ERJ7tq02S0xOae2EChs1YOKiKJgea6YSxI/ZBSbHg6Y+FZxGx+wY4P8cy+BgJfxyreZ4HBPt48geAtXcjwf1BPtlJg9gy4SC35qXVAidLzcQAhYBuBsza4yyCZVYZmszD0BM081R56zJ8TASMF4RnxuzeRpTdDcmeNGKSDM8JBaCcGqfhAhV6npiZZqFHce0e+9U8U2KLtRC5YYwg2PguLz3kXI3Lt8zDcaa7LXw/YbakpexWHJKzlO3cME= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(3023799007)(56012099006)(6133799003)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: lwIrHAzlgRWBsJzxDZqVslvZHYejjSbq1qzqaXDewsQVTejTk5KEelNQgShucKApQ5UKPz9AnUXQIo7KoQauMUL2ol4oXHvurXGU4+t2ZBc2JsLs+9bXIUTXObDR2UnvvppqSgspFybPoQUlj6OFRDQnbR1CFZ1eCbttL8RnRRc/1W1RHnXjzoQsmaqMaw+LYWwwofpWgP5GBruZoVa2tFXK2m2T8KVHqkgChLA2sl8M9YDoYykxRSbMyrObIhMudKWffkswdS515ydL9lXRtGDq930DBTu9R0lm04CEyqbCVwgFp7lFZDCXDzytm5JehYxYK5TzUIVcmEhAgfyFFzL/8OhNIZ5chqrLZTtIcjyyBAsisvc6WUvjplkbDFwrdyVRRf0ergl1QPemOV0HiPoEOvf3Gc0/2W1IVlvSY1ydL6vYZ0JdjHFXj0ko7YO0VjX3saAzTHExvpa9iQOy+p1XxGmNT+eNIcpEeG702C0DF3mul0jOob0Rn1O73SSPcfL8JtJeim2pxq0W0TsE7N7RLCpIktLmRey7VlbRcaYZ13ZSMJTYHxwgTIz03AiW85I65MEJ/QwOzU0sWAhK3fwaySPrAsbYw7aN+y5TsjhbP5t7WhiSqF7x5jWVrLbqeJrP1S4jeFhAO9c34BdhLFxFr3UIXanG2ZFvriOTq+ioWvAH0YZFoLbCZezgwQDfRp1OwJb8XgLsZOSiPFZDWeblJBOOcKP/JGxlT5X0/qZuc/uTRydfwFKEkgxxQmGS0wESu6YpN7JyyNYZvcosgRnAXRT0hsW7EPiIkLaN5bmJiD1OZzlt8w1z1EJa4oMvpnXbYLG59MF2oWIoRYd64mtFJ35bGgOK0Ko20Eo8LUx4Jc3JpzgNyU42Jri1MEDoiNpCAedssDwghDdB0Z0u4BFT9XUBmL27jkakrYGNJAyGVNPpb+oBkm8QB12Z39ve7GTBwRzUlsIh6by8GQlzdVoXRYA7hEU8jMxcTRbjw5RIO0Kbggcp39q6QObE/vyMkfrdZ9Gsjgzi+v91QcP79pwUU0ZIrKreuSjjp2svzoeNMYaYR44zsP2VNHobECxN8ZjVOPPvV0CI12bse6/ofFKvZYvxLq9z8bAkSeZjWLEDLjRnNmdcupvBfDysnHY0OicC+28um8IE6cBlhaBbeeUEC7C/CeLh66u4o0kQbHeWeRVvBfOHTyjXTrsmmlm0DwMw3cF9Z9/z8AsztqTxRHZxAveAJSff3eQXH1b4NoG/deS3RQ0Q0B6o4OvwrXGQNN3XkpagtGkdXwpLOrwjPFjGAadtA7to9QQYjWvSck0r01ukeAPQBKrjlk5R7BTqkV7aUkDd+5m3IDfjgp18in/gMq1pxDt1NQxASlvRKCvuUQKrOkhRuqxcv8RLeg1izUpSJf3Qa214FsJpuKWg5/qR9N3XcK8Ht6H+g1EyiKcEnFsUDEBOa1T9RVJksfCxbXrbkzuJZgxqTVRFrfF+pTTovSmxGWIWCeDE8Qw5rf10zn8mksOjW4+Y10z0Z2UeITdfwnulSbM2K+H+ZX//Y99IxLPhpCfn5QRhAGgqO/Vtw7AO+ZCZBWFghqosHgG5uJ+JcDQCIm8NnmTHR7vDzr1w134VDWLI+9rg5KOoALVw2lCRMnLcklUfh5goxKFwR+Y1NhFG78v38ne3toqAATSSxnJ02rqDUURzcYikNyWFsIuQ0WcRdtxDl8KJbH7FSrESNs1VQoLwO72sgURvBW+Oc/gvAHgOjhmWl0W6L44ph8n1LvVjajV7R5f/E7opGUhHXc0+ X-MS-Exchange-AntiSpam-MessageData-1: In6d3FISejbynPBRoZsreJlr/GgWvWRr11k= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 623206be-1ccc-4964-2076-08ded2cf9d93 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:07.8289 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PH4mSJuJio8pmLzbweNkuEUwpgtL40/02EvwPyhaiAJJ6sUEaMHuZ7Wb0EBKhUcqrD5f6RX1Fj9pyfrVjoNj7olAqL0jQM15P4YWmDjxtA0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SGddns1p; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= When running in rootless mode, cleaning the build directory from outside the build environment is a non trivial task due to mixed file ownerships. To simplify this, we introduce the isar-clean-builddir script that can perform the cleanup without requiring root privileges. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 5 +++ scripts/isar-clean-builddir | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 scripts/isar-clean-builddir diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 6d5b6ba3..dce28af1 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -1123,3 +1123,8 @@ This internally switches the chroot mode from `schroot` to `unshare`. When using kas, the `build_system` needs to be set to `isar-rootless`, which currently requires a development version of kas (for details, check the kas mailing list). + +Note, that the build dir may contain files that were generated within the rootless +environment and cannot be deleted from the outside by the calling user. To simplify +the cleanup, we provide the `isar-clean-builddir` script that helps purging +directories with mixed ownerships (without requiring root privileges). diff --git a/scripts/isar-clean-builddir b/scripts/isar-clean-builddir new file mode 100755 index 00000000..6bc90b1d --- /dev/null +++ b/scripts/isar-clean-builddir @@ -0,0 +1,73 @@ +#!/bin/sh +# isar-clean-builddir - Clean the build/tmp directory +# +# This script removes all files from the specified directory, including those +# owned by other users (which requires elevated privileges). +# +# Rootless Mode: +# When --rootless is specified, no privileged commands are executed. This +# requires that the UID namespace where files were generated matches the +# cleanup environment. When running from a container, this script must be +# called from within the same container. +# +# Part of the Isar API. External tools may call this script for cleanup. +# +# Copyright (c) Siemens AG, 2026 +# SPDX-License-Identifier: MIT + +DRY_RUN=0 +ROOTLESS=0 + +usage() +{ + EXIT_CODE="$1" + SELF="isar-clean-builddir" + printf "%b" "Usage: ${SELF} [--rootless] [--dry-run] [dir]\n" + + exit "${EXIT_CODE:-1}" +} + +while [ $# -gt 0 ]; do + case "$1" in + --dry-run) + DRY_RUN=1 + shift 1 + ;; + -h | --help) + usage 0 + ;; + --rootless) + ROOTLESS=1 + shift 1 + ;; + --*) + usage 1 + ;; + *) + break + ;; + esac +done + +[ $# -eq 1 ] || usage 1 +if ! [ -d "$1" ]; then + echo "error: \"$1\" is not a directory" + exit 1 +fi + +if [ $ROOTLESS -eq 1 ]; then + PRIVILEGED_CMD="unshare --map-auto --map-root-user --keep-caps" +else + PRIVILEGED_CMD="sudo" +fi + +if [ $DRY_RUN -eq 1 ]; then + echo "dry-run, not executing" + DRY_RUN_PREFIX="/bin/echo" +fi + +# clean all files that do not belong to us +# shellcheck disable=2086 +find "$1" \( ! -user "$(whoami)" -type d -prune \) -exec $DRY_RUN_PREFIX $PRIVILEGED_CMD rm -rf {} \; +# clean remaining files +$DRY_RUN_PREFIX rm -rf "$1" From patchwork Thu Jun 25 15:36:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5191 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:48:20 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f190.google.com (mail-pl1-f190.google.com [209.85.214.190]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFmJR4005677 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:48:20 +0200 Received: by mail-pl1-f190.google.com with SMTP id d9443c01a7336-2c7f385887bsf710465ad.0 for ; Thu, 25 Jun 2026 08:48:19 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782402493; cv=pass; d=google.com; s=arc-20260327; b=LKBJwaiHZH2dTpAJiW/OYSlYe0vMQLQ4BMTzjokIeI83S5J05vdfRKHQQZ7lCQuz96 oDLoadpF/MTq7zkcPsTC32ynbx1RlcVbCrTxUmvFNCmLRaihMt5dHb9TgcdfhyiRKEaD 9SOHY9si5yDQVDayUH56PCtXJgZ+9YAcBNy+h+IBlk2h1lN02X5W0tVpHh5jQgpCjZ9R D//7+T2RB4JqH+wiXyMElwHAV42ywpJSL0jIzR+sJX6U7j1flZQJtRgpSal4foP5ByWC i9o5NBO6DqM6jFjhGL8UAo4LnNDrqjbLGlsus8piJSYlbnFcOpaZ8GX9W+tm5AYt/Icw 2HPw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=8CgvxxDBGE8bbAQ9Noq475YzkQbP/AtWnhF5i6DPk4w=; fh=mRoDq2kCrxONUJ7TpLy0dNJre3RmDIfqu85jEjwE5RM=; b=YuTmulLq5H9ypx0AGWdQgUMObrKoBp+TSeJzvnvKQEbFcrg1rEVmGEogTiiWJQ0pby 30E8ZehdWGt9evzM8xPZFh7NKwcJwVOz0BtXTvUXhQNq7HBOq2Po9qyia7x/8qUOq+JC 3HRX907oyTGIfuqbPxvHzYAJ1QoC0WKnuZi2z1r1vFjaqrMkoHt2EIDMi5NsCLKSlgCY BLiPT2Qw+imisd05wCEp4nbifbz55aseTQwbgz9pcsujX9RRkoGXWLAQ49XKoOcwKWhj 2Jo5rxYkoTcTgNVKO5HgsEpjAxmvVeNx++olZ8U/JVXojYHLLnMurw0po8u/PFn2Y9EB D7uQ==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Rq8jqQnq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782402493; x=1783007293; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=8CgvxxDBGE8bbAQ9Noq475YzkQbP/AtWnhF5i6DPk4w=; b=U12r59ifZ23o6wJX8aRFWTtV4MDcXOzbX/eP/mnt4BWa2yLmA+4qIhNmC1sHAXgJRm JmJ+nJ68g2QKN97LYueL2lqj8LOVOBW4N3Vp112mleH+GEarZkGybfvi6ZQa8AalL0EM kUyHEtDc7kqwVIE1Mb+qi+tFqS6Oy0JjrYsVI72d6p/yr1lIyw9gx//AORp6qw4lkvri hSYLVKnUqby4UE/ZWUFcZGpNdCTpSb9BV31scZCYVc58ZUnymuStuALvKAlPZbT1R+yc WGjDNmU/vqzN2FsuT4R8ibl4heyJLGSHBIZ34TnF6gzxTZuD6dbLy+T48TGfDJpIGX8W 31lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782402493; x=1783007293; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8CgvxxDBGE8bbAQ9Noq475YzkQbP/AtWnhF5i6DPk4w=; b=eG+reZSS/WoA+rSjDo7qwStxqhkfz8snTJlTanBoBigLUoMr4dleKJoC9dXpzsBofx /JED2G+ZVJVkNN99QIpeeow+WJf4S8lxuZLCUPUvvSUmp36yPt/L8rCaHBztPaqaxsez /5MiU5HZJJ5weSv1RYzHTSCWa46k2uq05JtaIRVH/tsamdCV4upxj7dgpTvTc8I8WIN9 QbYftdXZZIvfWsqZKFoiWl41rhC+i1IUluE3rnz+JXWu0lOlRPuwkytQi/zffn0DXiWO Bdl3z6nSP3YKbL0rSxnc6jvhMq0YRopxoebwgiuQhXqi4jveR9aIOKmM/hCQd19HQJnD bmnA== X-Forwarded-Encrypted: i=3; AHgh+Rp0zRz+/dME7hj5Y0CCWM70gXBNT1YbraRycDcE9rEMOmPv8Yyl+RBbTg7ceeyYpQkWJV8Hvu4=@isar-build.org X-Gm-Message-State: AOJu0Yz89ZxNVpoXS6dZPVc4qw+2JoXNxUcCF3yWEnvKPCNJin2z7ndX OfHk1/1/WNLlkF9sX3lEVECyWMNDwjWObxx7SJXTvHj2XPaUdUcWJDXO X-Received: by 2002:ac8:5904:0:b0:517:9d3f:8fc with SMTP id d75a77b69052e-51a726e29femr38893741cf.7.1782401833492; Thu, 25 Jun 2026 08:37:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfmwjeDJUhDZvTfrJbNwVIAK1qEuwP9NTDXEiEQQDFk7A==" Received: by 2002:a05:622a:ab07:10b0:519:e81e:5e36 with SMTP id d75a77b69052e-519e81e6172ls87394971cf.2.-pod-prod-06-us; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) X-Received: by 2002:ac8:5790:0:b0:517:29f6:cee5 with SMTP id d75a77b69052e-51a727f016fmr42457551cf.49.1782401831489; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401831; cv=pass; d=google.com; s=arc-20260327; b=l6yHXC5U3d8xQ/QKAaOTSc4vi40j0K7oq0Tcq4E3RuycDC8zuBxf4H+994EXfn/YMC 3hjt0oGIXea/K+j839eKat1vYGZLEWq4H7qkn5lcu+KBfZd5vgLL13UkbdDbLyvgfinC QYMJcZvK7z7knOhOJFr3Quw97RD4IlZEmdZeezKotyeozrU2L8dJE/MJvOYu/Ofc1dn0 0Dvmsnufwsnhy13ViGmPxOtMrUtUcUL8kCJJUN6qrVv/E4MWl5psYAS+fEQ9lTyHlNx6 zo51W4B6QDoh7LNJ1lF0ig4cv2cpjjZXp7476Fjp28koTPFrriOgPJLoOG57Tste5mPd dtUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ffjmSIhPnIgKGw8lqSNiHJml99QFOWOKrs38hOdNTAEIx4kWiDVDtzv4hl68FueJhQ NTAIKdRqoyfp44wX8E2aMltElkjrmjvHSzQSLloQefWw6HloloVwiUXpHtiXgNFGc3yH 2ujDUlYFfAx4SbVTjQiY/n6okgoyjuHNN4OE+/lzUtUMwZXdSyF7Xh3rkPAP5nZscu27 AzBjO98BZ2Mld0TTBg0kZM9zotnqN2gpxND0Y2NUAgMB+2UZOwllvq//2lo8yCrYE/h9 LxBd0WCdpe2wEWnFhyBVsm3qUdTYbVfyf2d7owxpfHvzDLVwVG4dEjCsU3fEr8biFeiR by2g==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Rq8jqQnq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-51a5175bb76si3614811cf.4.2026.06.25.08.37.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:11 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vSKbox41wXEueaAf4Gh0X4nkTK3ZF/h9M4qsJiAZmGsxT+0g2FwT0aerf8kAnY++TjZ+anudCLHYNkHNb34SCeXVVLuhxqj60Urmch70RidunG81aRxTF9bHx2TX/3cWJIXfxZQU797+QPD2PzLBrC7CB+Ooe2e7miyl1BLtWOGUNF2MKQzwMDKLoHDDyfg3n/QeMmg/YthJP+4mMCXkmoY+KbS9jOamSNY/6mJQnEVjt+67G9c0EFC4cdpV8afxcvPvejE9P8wqeZaW+EomC95P3CscTXyODAV7Z6ADrRfECgP53y4X2wg2x4oX8KOqBN+38XjBXHhGPcC+CNO1Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PGEaDe4B+kW9BAeU8oVzqxUSfISiTKwRSDPTX4uFh6w=; b=nrVcRfFBbcm3DoT7/7bMxkeY7F18PT0MNRw00T7ZFaWWqgYtXDwT5H8U4U3ovlICcbf73ilJ0uRRS+gqoOinBRE1Ctu4KlenJHoGE3O4pHMYNb4dY73flJbG2MDIukp5Za8lGHvVcy91tue2EawisgG80El8Den42D7mftHJnRLOKVG+v6xuM7sbDmZHT6EkRk/5uJGhQMaGGGOwzBGXEPgoX+iRyTr46MPa6hgSQOxRx0ficCv/r3ITKPPchqKbHXzqbFPsyu33XLHyj23XEMNw9LzigUzya03I4pSPAbsj0QTRnm7w2oZdmGWe/EkE/ksvj7+r3aAB/VLhfakpMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:08 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:08 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 12/17] apt-fetcher: implement support for unshare backend Date: Thu, 25 Jun 2026 17:36:46 +0200 Message-ID: <20260625153651.762936-13-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: da9e6581-bc2a-45dd-ea3f-08ded2cf9dd7 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: aBWAi3Xjxre5M8wIwbw8Gw6fJLKNad0WAocMNCihTpqugvkWF5Rs8TCEGSZyE0GZ0ffGUBtsDrWyAiC7JxoGajf30W/KE9cIXUoxbXI2XrrYl+3I+6HoeRwPH1DqcnOmuoruZwkIjZ9HYBuAD1Sj0fWTCzvt9CHYMZoosOiQJ6Y2ctfxOIZLdsigoA2WojwkpVEDnBwjHEQN8xYtzr/B4wD1KOFNUBFnz35SeWAGQXiCefEodA0lfkhv+ABjcYiMmYNGHccG6gu1TXnEE5AVKgPALacHNkjIr1NpRPyXY13dhNCyzxonXECiisO0A5EwRxGGqxkpSV7DX2HezVM8t/DdO19AV+DyF6MOMaPjTaJuDero9fYz6TAOIAHWhqvTsNVGa1/mHpIVMRuI0JmnLKRkn1cs6YonyftzTjWQJgknSpZT4waWcL7L9vEa1+QB1Qn34+bYddhjoZxU1DHlKGLJKIRfSRtKEx32s2Ws1BAMFnPPRg5+5hcxyv5WKZI8b8jR4OJV381CvlpiHMLF+/lUJCX0xnOazPZu7us1XdoIyRxVJehqAZWN1NpRlhD7I0Xkz5SSZ5hzDTezWrxb0a91E7SmjCyAIZ/LiQT6+xv/4VOqSP3PFZ716XTyBdi8ceTWiUxTE6omORVq6r2SyhazYkf2DVrWcyB5o4jFOpE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: 2SjRRcz3TV6M30D3rOXkCjkB5FuKN6Zff2PCZ6j2E+MBlnGGpNjuybJp5Pp8JbPEBSotPKYIEWl/5aDWkQ/IDC7Hic3OQaLi2rP8mcUD/rtS32IzWFi2Joxfuc+5w67yoT2Pbvvww82kXLQpUA2KiM4PzKOxfB4uZtWsL3PECdBiLUWk+8urebeZhxoHG8YXUqE9xSVZpPxgHCRIGCB07Hhg+7cOZhEJ5dpoQi6A6NpF0kEsoIolE/a3ZWJDh7T9pLyiO9m5QrY9I856f+VfyXylrjgA0gCo3xEowynz3zI0oh1wUOCiFT6Nf1hpzfCn/uY/oL5+L2o5xZqI78fai0ndRQXQ8nSFMAlseJ/wF6RVSfxIneM9L9fB17M1wDAZyW3swBi/92MiO9mkHR8UD256U29MV8cmsdqSXcwO6Z45SSk9SGaAllpbhmOp5vb9pdqVC9A0w3xHA5jOYEWjWVMxBQ0PcGIZZAqaqzk8O4FaENhw9kb3wy6eDwwuk30DXY/T+71GlI19hiQ5DNzFD1/0sg6E6KRoUDsAT19BkZ0EjYsldaad3ONcveloY79NNGp3GAAJtVkl9M/0gyasOoxb7XrFXh6AST1Uo4CM2l4X7lWAYp6wxXaHsGHfaekLuVirfH9IMLmsTsqosN9ML5ItCUPQ+N8jjzR11ZQWolvcfPelyOEWknMWaQOxfCRtg9UiKuPuuwTuZb0tgEugptTPr+a0/BMu8C0FLJ9+4BznZBLDdm3yM7aDfpehWLbZl0B0iDBJJbBlsdHkr5P+0fJy9TD0VVxNZemkkdtWLClynJ96TLvyvJHp1UpyOwtL0hxc2h03onLQZNp5UfAJFq2bRkqXBH58M1g9fy+9J1wGDqIU5Xxj8aA9mFJyP/zI2E2OfX5Sq+DJxCyVYZ29vvJIyU8sTdj5gHXp0t2+R0RNOYrmcMWxUf52wk4hG51tmZiwLS8rO2ERCBIayPEcZUh/8zrsss7ePIxDf0CBYvyoEUL3RoeUpb1C09D/BCFBpMmL+MNWErECM3ESrVlbWbp0ltVeq0+h36JQkxmfyo/Mifx71x3GNABCWLgKoX3amewNo+EPdnvh1f6z3ici78grFoBtC8XWyeR5AR5B4Uwhi+whh2CFV16cCACxAmUgBfohrTT/VdjgygZFl6KWtXhBag9lDMTyA/8dDKk8a77VuN93IyjIaT5Fj5AmR36QTizRP0R8/IYsKv2f6Yzpl7GeeAeCepi5y7kurXPvrWT9Iyz6k/tqoQlyfZOoOB0MsEpsMVDBcbknBGa00mrRvuJHGpop6iY5pMevL3NvqXss8nKuQ6TUgm2OzDRUjugU5n7kyYQgaJ5CPgrPOGsBBYhfYDTF7qVtSKqXj0Dlb8RURMCeQoiinjUgzfNBKyeE9vfpIPusXd46COITOylyY9VW6nw9Z2JgwbqWP+YxgbGyuhUJVvCK5yAmw5Xhm3D0mgc6W5fnTpObdH+/4vKWA1zD/h/Lo3eETdeyyNeh9a2R2pueJ/lBBppyDSJHaVZ211EfP6xRTH1G95uH77fL9NE2KOg9x14uPVVsPBHwgjSiJxu7uw9+VJ6ZYiynM84pvJ34uDshVafiRFrAvsMK0KWYE/GKLphDZbKERKhi/hrXFyDqEu9v/cj0OJmltrj0eYY3OOz17dhEoWzXq3vrJIP0iHKA01Z+VL6N/LZodK8AWoWs7eY+f1fwXF/WnFGBV54R2RMR05ajvn4zgJxU8mDV1epqpf9Off+p8QhquEwUCzTR6i3l5OckCM8srVFUQr2dlMd3 X-MS-Exchange-AntiSpam-MessageData-1: JihjxtzbH6pLZ8Yv4RRqtfnrKZZrXYxEaVY= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: da9e6581-bc2a-45dd-ea3f-08ded2cf9dd7 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:08.3468 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eFj7gLUEBMGLL83SdOaocMJv1W4UtPfGVMlQCkwHVEbcqbmwZQILYpK9jfr5AsAJuWb+4S9QJ7ALeLOoLuBmHaW7DBcAib6VA2q7GMHUwN4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Rq8jqQnq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/lib/aptsrc_fetcher.py | 75 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/meta/lib/aptsrc_fetcher.py b/meta/lib/aptsrc_fetcher.py index 1d133aae..933480ea 100644 --- a/meta/lib/aptsrc_fetcher.py +++ b/meta/lib/aptsrc_fetcher.py @@ -7,10 +7,13 @@ from bb.fetch2 import FetchError from bb.fetch2 import FetchMethod from bb.fetch2 import logger from bb.fetch2 import runfetchcmd +import os class AptSrc(FetchMethod): @classmethod def create(cls, d): + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + return AptSrcUnshare() return AptSrcSchroot() def supports(self, ud, d): @@ -92,3 +95,75 @@ class AptSrcSchroot(AptSrc): finally: runfetchcmd(f'schroot -q -f -e -c {session_id}', d) bb.build.exec_func('schroot_delete_configs', d) + + +class AptSrcUnshare(AptSrc): + def _setup_chroot(self, rootfsdir, d): + sbuild_chroot = d.getVar('SBUILD_CHROOT') + unshare_cmd = d.getVar('RUN_PRIVILEGED_CMD') + + runfetchcmd( + f''' +{unshare_cmd} /bin/bash -s </dev/null; + tar -c --owner=0 --group=0 --numeric-owner . + ' +EOF + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.unlockfile(lockfile) + self._teardown_chroot(rootfsdir, d) + + def unpack(self, ud, rootdir, d): + workdir = d.getVar('WORKDIR') + rootfsdir = os.path.join(workdir, 'rootfs-fetcher') + extractto = f'{d.getVar("S")}.dpkg' + bb.utils.remove(extractto, recurse=True) + + try: + runfetchcmd(f''' + set -e + find {self.localpath(ud, d)} -print -type f -name '*.dsc' -exec dpkg-source -su -x {{}} {extractto} \\; + find {extractto} -mindepth 1 -maxdepth 1 -exec mv {{}} {d.getVar('S')}/ \\; + ''', d) + except (OSError, FetchError): + raise + finally: + bb.utils.remove(extractto, recurse=True) + self._teardown_chroot(rootfsdir, d) From patchwork Thu Jun 25 15:36:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5185 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:21 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f192.google.com (mail-qt1-f192.google.com [209.85.160.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbJGf004572 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:20 +0200 Received: by mail-qt1-f192.google.com with SMTP id d75a77b69052e-519fd6364c9sf42478341cf.1 for ; Thu, 25 Jun 2026 08:37:20 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401834; cv=pass; d=google.com; s=arc-20260327; b=FQWmd6ddTpwd80SIIVDR/0QSZVe9n194aI5bSluiXBEIcv4PlXFbqkEBWJHC0I8LjU 5QuVq8jK/E1l6TD6uVG+eHDEx9G2mZSKyfcpUo0nIY1Lksqen4Q1CuFOiq00pOMzsvg+ 3nOXZOM5PBBOYdJcWcaRyn81NSW/mDu7dOIHSTN6o5gktiXd/edWI3yhipwkozEulqvJ bENJhQzLQmbH/+sBGZHpahDVpeBQsGAhtGQ8Z3AcMzsfiupJ/WK+KxIva8PU7rCny1E0 xNAKBFWwSUy1lJwuFlVTtLEMr4314nILr2IgByLpyj1QUkUehlPg9jimsmG7Ni7HfkKZ LN3A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=fLwf/YlLBDrkftH99H1kYWmKCqAtWmj04bBPcmapmzQ=; fh=iabBV/7nx6c4WbKskM8zEt2lh9bUpL/FeAeHlNQaUHo=; b=SDADTYmfHC1xVGxbyocMOe+nccMYiecaKlsURstWGr7Vx3OIduKJS1k/eFZUHQHVSA U9oyxVN2e5WuQQxD40RlcsHq5txaeBGMCH8Eyh5kCQky8tizqsgG4Mkztj0B1qB76qaY dz6VliN6SYbdx7TVDLyVvLMHAYOxTytuHtdLKktUHmyr1spbm6PoXd1ltfmk9wqFIrZi HR7u0uKtU8f2dWCTatB1FiFbsGCg+vowUnWni66O0C0+DMdwjmj0vFeJZOjlPKr+h/nG gsrC8Rs5efI8DQtZk3EPylGqj1NKTCYHJQRMj/9INTKAK2XPx5PmNJofh+GPpCDqbcUy R9+A==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=H3tvCHQK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401834; x=1783006634; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=fLwf/YlLBDrkftH99H1kYWmKCqAtWmj04bBPcmapmzQ=; b=HKGfK4QGl6u5azot0LPDrPL9M3Sf9BCz8E/0x6XFB0F7zVM3rmuMvSlSKQ4+ocAcW7 OGbnOKd8NaU+1k53yeIILDiQpuGEgvgmviSudxQgv9BRsxzIRHCJKzrQnntnPf8Bd9Cu SEs/MISUNdQozzPZPY07o2SCROq8OeH1XBa6jrP2szigtr89I/lC+PqhZEcj1HGWH9TX vh/w8++ukUU0I/96eJwM8kMGdIO9CHd0BSigWWsA2YIdmgD38/DyTFe3xCrdgyxcefQU 87o9JLR78Xv6IfdDcGJkXiTvTbyX3GVvjAulNJ1SVRiLW2RjN3f/CQcJ7l4wBrqREpgJ aDjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401834; x=1783006634; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fLwf/YlLBDrkftH99H1kYWmKCqAtWmj04bBPcmapmzQ=; b=tQvj568GpV9h+cn6xS0GxOXrBuov2E6cWCgSHgfGuPa8R42O7VUTLzm6rMkCVehC4u XRInSHIzLliYcFxyB9UzCQI0gggBdXev1wA1abnlE3s4+bmew05IAlD13V8qo9uaT2MQ KPkIjH8BZrJh/Mb9U+ARS/SI8OBEWPmA2Ocf32yZZA4Fs/I04eWuoz8HNyAWlH02x9X/ 1aF8h5P+IJ07xfwzL6qQGDqyW8JivdRAmUWZZRKtSLGrwFBQxeL/uLeaWTp1+hyB8f+f 4yyUm7c+8SmCOuygh1L6dGaKjfWdcafqNE83uS+rJEuazpvxHHPYNHmPm4aUmp2TjzW8 1RgA== X-Forwarded-Encrypted: i=3; AFNElJ8EMT8t7QHh9eLo0H1bDTw+VyJRp0sVRWQpiMlLXed2yXFbQvt0o9ybePzVepHSGAvLrEexoYo=@isar-build.org X-Gm-Message-State: AOJu0YzMYuABO8nmRM1CLMplWdIWcqAWAURWIRDAeg2ThxLDY5eIDyXx ksV49ZN1fHQmvyTKbmGCGc4lny6U0GlDtF8tZpiKg7PC1L0Q4+SLRKgY X-Received: by 2002:a05:622a:4d07:b0:519:efea:cf41 with SMTP id d75a77b69052e-51a7294cdfdmr38956541cf.28.1782401833574; Thu, 25 Jun 2026 08:37:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdrkVKnNOVE9dOGEnz9UGPgsp44tKrdPSSAHc78QYNC7w==" Received: by 2002:a05:622a:110f:b0:517:7fae:e93d with SMTP id d75a77b69052e-519c311291dls174605541cf.0.-pod-prod-05-us; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) X-Received: by 2002:a05:622a:4899:b0:50d:db76:55cd with SMTP id d75a77b69052e-51a72ac8450mr43166021cf.52.1782401831939; Thu, 25 Jun 2026 08:37:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401831; cv=pass; d=google.com; s=arc-20260327; b=gwgK2CZe+JTuvp1Q6lcuY0lL+59Wmkfg+XLj0Ldmc3om+qiUJP25O7elv6J7c9y1SA 9sKFqiyssQ6lbRBDV1vvdgL9NECMcZNOkXRZSb5iuT9hJ8ZMxdIYS4/0yA5FsYz09pwz r6dIvrJcJVE1ByRtfJEzFrY700RmYiTkvTKAu1sOPwSR2x2BVKgwTeBMA+N309qOdFgA l4BZCYSpgpEANTRCLwZMoiDhFf80ilEi7vOiGROOjwFyFJgWTdNVKrjkrbEPdbpcB9Vw cCmy0Qv7NiS9uKiGeM1PD+umW7Fuzub807Na2PUf74lrl0KXfXEzfwn5rT9evDrTpnwr knVA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=hU5txMS4zPByWAzJoLl/bGpF/Pl6oTEYnOVdATIwPmBSP5IYLxGIhMqrgvenm9U2Pk 7oshOH2mIGExSMGBkvKct8sJHP30HC+hlDW5RPfJMPzsihZb5nwkKS3Gi4iOSZpWJXsX qotg4+51F5pbJoWFo3crhg1YciTgRw+Zrle12e0VK11po7A1b2U8UZvPsdW2sCDJR5vQ 8nWXqBOCw+6nYzenOxrQfaLgkr1cRi+v1GWHLz5YsuQe3Rxt3J2b3fvhvY3PfFiUWNWe 75LL9KGxMT6llsLztfvzaV5lJ9yAD2xLAyjgxIEZh6cXLATBfVgoGdllr6BSNwtyYeHf CFXA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=H3tvCHQK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-51a5175bb76si3614811cf.4.2026.06.25.08.37.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:11 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=aEd80zvnPgF0XFS0xS0sze0fnquuTuu/gM9ANqaHJNIXHmGtkLdkpUGsA+fKyPPtYWbIQ3BvWSKizG6XSLvGgaWsF7jUV4iETPTcnWtjfMWIF7B6T+j+HMJfzjcO7F1Ycnl7jIl1B6VCbvH0pLLS/tO5dKdWM73yvpXs57biq7f8A+w2RG7yi7FCub3hAscypQ1hKF/kPrnvR9uSttMhK69CR38W6GDTUJmYTiPtSc/l7iY4TJuTDxQ1dqEM5t66q4q3uFH5zNIbU2ZImxOc8F6A4Nbvj4pYX15HMP00EsCl0eW+NXhxmGKEpQRmoU6QUe4QQGYZ62mLRGGfNvqrVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vv+90b7t34i6El+lqt2CWEmdDsKRhkL+P2p3Qm9VG8c=; b=AP7sywf+1LJ1+aBDEhI9MMMzEYQKi14lhR61PoSXBDLvr7tDCFhbd1zx/dBjEkJcvz845fpwVuYyf6zmOAWbqPm53X8WyKCUxB59G9Uw0NPhpdgFcRExUrMtZDiHAubYioIT94cAoyJ9SH4XH3qAZfVNX+AXQj3mkpdzEgkdX38aCb7JYphugv1Eef2q6HRSWOjY9AYUWwowLmsBGpVcJ+50ZUMuwfOTVZiEp7HzcFK/OvEC2/ECyvquXkxn3VGR85HWlosEJQNStgdR6feKv0vW1wZrYB8jtCSBfRNoRAvNta/+3is1uaHdo56RKodDHE5oA5JxSOSrPgZFKGjwRw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:09 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:09 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 13/17] dpkg-source: implement multiarch support for unshare backend Date: Thu, 25 Jun 2026 17:36:47 +0200 Message-ID: <20260625153651.762936-14-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 139c6a5b-32ae-403f-e942-08ded2cf9e2d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|5023799004|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: yS2sAxPC13EIjuyuZnTwL+quyah3caea/E/A08pm9Vb4hm4gJtOQzZhK/BVj0vkOoBkomwZ7HJDMuP4Ss0Y2MS6yQDvqfM6Tw+uRp6KD3BNIEYxCynLRCVVhV4izgIeqjAYnHCMKa9ip8isD/ELXA+HTzO9fSvhHRx2/j4U2vpGYWidUCjDyTrc+kUOvVLaRJsn1TzC5iQgpTck+4niB/NMjg08B/nalzjPyOqFdlS2OKaj+q4oqgaeolOu5lGj2v4Rq23p53Ad5vZh6GXhs9v3aOsIEsaKwakBxgLcStaE6f5iTKrHpzlkfWEmsIPmLYmI6YHL0nlc+uT+ubpXTKPnlN3UFfIJ0czriF/XXq9R6zoJ1J0jelvDf+RBLIuA3BJFA4G7aQHH4hj+Yn8El7Ah4Td7zzuZsFlJ5RC+nRWUraO1Bb8c1/BDDorcXuxEh603mDImvQI0kM6nqKHOLioq1jdVvL5SVwWOgZ8lrFWONZekklnRk/80fJJD7UdkdYoogeBCWb06wlHKpZmNIx0449hK134SfnDoxCMvRB9dAzboPmkeIREmJt8KgiDbGGC7+nJwx8snGt45D+irmx3lrKXBA234+vbxyrWaImoews7XVU7OZM069XhAKDiHFVwInZl//bK3SFxFXS/E1VOyNFel4D5B8nAuf1lwI1/4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(5023799004)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: ShEoMKsWEWDqGouK6RK7RKEBo6UG9Cl3If8D3AHj2qwqdRcMZgNTzKTZURmGqlgdGp7DKHNWOr+0qSfk+W4X10tlU6Ww/G85Hw2pfokP8TalpSVGyYtkN7245Tdt77YcBwSTCFIYPJVVAU43vZC0fVGU/PPpLV7fK3gn/Idj6fE8hNS5MbKthQgBWz+AP2uOZD+IrB+JWcIMyAlsi56qWIKnw4grZytbaIo9hXTG9ow3JWs8y00d37cnk/kMRw+cL0lKlfGzXd8ML3FAaHoA0ywgOPydq9YWYwF5PQQMbo8QHymVD1qVDOQlW5AzsL4w6U0vEm+bC+q+yaTjPwYSgULt0RgbllYHBxMwHSJEg8BFHRB682ZanovLGvvxkke0uspo74qyOjvUL16E1pNFnkaf8Ze0/iOCugxwaLDfrHwZVQjSUtHF4TiCPvafmFaFsqi+QAK37MncViIW8d9Af4DFcNxyhYjbg5FMuEwaXT7hyCJGWsLjM8mGlXTElmqpIP6diH0LKdOH7h48dUhuQNya4o62LIchflBa++stdGGfPuwtEEHWvBUEE3qn4JO3iTSXiZxYsqfgIiJDrr1pPAQ73od38BjpOffPs3JKj1Mqn4LUJU43yL+VLkcQmAskIkVc/jMW7qyhv4DuaakRVT5alSRju8fp828q2H38GZT6sary6w/FhOY+j7jUz6Ck0BY1Rhv6LcABxfySyJ2v2kCimFvzEEU7cgZ0s4sqFBLVOhNQ3y+s5//FlAYEgxAIfl6+lg/h3dZBJvv3lsNklGTVgk5meMm7speW4d8VazWuiAs0bGxqGNeTmdQymybldls31rbghNaw3vU3n/JR2CLUd+lH2IpuOS3jH+d9I4a4Ee1fJUzl+Dmc2/xY6e9SKGRZDmh7LzRQ6MmYLkFQW2SbN6rzoWP6reEezOzLz4D5bkjlCU9p/JfFZvu9Sp+QDWkkOTa0f1oJtqJPUKKuL8JzlgeNcVrewAMn23kxhIZ8ViKArp2nnal/oyoAFawZJQ5yk5KEm2s5cFNrmiTSfrUGawNQsrJl9saESLz36NJ6u8javdWXMOqupX4a+49WOqCbPAGGx0zlTQOq/XxN0CYmdhQWWuLNAzR735g8aV6MlOpTGXG+KX7L1TTRblB+wOISd0Tqg8VlA3pGHlyyxQUQsBz4U1bJ1aDmpPcayIGlMrIdrHuYPqHWILJ/G/FPfI1tPOSdpFS0dJ2ASHQE4qTHRKiIlcrfe1Ih80IaGLJUJeN6VyiK59aQHpeNUyAHzjFmkQezklkAH/h1rsTjYHRbvb/wM8NdvEzr+46uhxHSNVeTR8U8SD9g+nTNScjXkygzDlDdefGaH/7yA5AKPPilPB+5IA0pbnSzEV2YiuIJdF/wnh2eB8EMxFHHMjb9jNxGHCCRkOp1I1B51Dm7gCzxt/NqF4DpyhVUjyfotoRwqFwIbuNCx3vcxLavlaJhRcnJxLy0iYsVCwPm1KgXMckGwFXL/5+Jay7CuPJQ8VebBBMzisWycovLPgpbF2yuYGft7tlpCSuFQfv5OmAJNehxMSuA6ZDCHeUOHnM5VQmpaat1LpQa5dVjOgyEucxRlVn6tnLwv3Ydcgac7XbqI6gQ6cfbqv7DG+ac+gEYefrEzR5hYviNDk3JAZ8lyR7OYEEcrDV7SqdlEpKl0r1w3q9Pk2cdV9bzUq3yyzrxfoYUm80NM1H5vG/Y0LcggT35cDNCn6VwsypNIHSgpmaQyDOOyZoslD1ZyR3YVx1i7YAa2cAh4o/uYzWzCq0wQO41NNt/NWuK X-MS-Exchange-AntiSpam-MessageData-1: yBSbTo/w6dS55SaMdR4WmXOMkitL1ptHIVo= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 139c6a5b-32ae-403f-e942-08ded2cf9e2d X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:08.8116 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dSkryCwoMz5ccBXQSI/71vmg7y8ouODQwR+qBloAY+BzL0VIPDAHdtJ2yK2aG9MT6vfCV85qlLXfl0P0JlPXAkNLy185iqKTHPwRDVSQv7I= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=H3tvCHQK; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= The fetching of a common source package needs to happen in the chroot. Previously we only had an implementation for the schroot backend, but we also need one for unshare, which is added here. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-source.bbclass | 38 ++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/meta/classes-recipe/dpkg-source.bbclass b/meta/classes-recipe/dpkg-source.bbclass index 629796d6..a1848473 100644 --- a/meta/classes-recipe/dpkg-source.bbclass +++ b/meta/classes-recipe/dpkg-source.bbclass @@ -52,10 +52,7 @@ do_dpkg_build[depends] += "${BPN}:do_deploy_source" SCHROOT_MOUNTS = "${WORKDIR}:/work ${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" -do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" -do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" -do_fetch_common_source[network] = "${TASK_USE_SUDO}" -do_fetch_common_source() { +fetch_common_source_schroot() { schroot_create_configs insert_mounts @@ -83,6 +80,39 @@ do_fetch_common_source() { remove_mounts schroot_delete_configs } + +UNSHARE_DPKG_SOURCE_CHROOT = "${WORKDIR}/dpkg-source-chroot" +fetch_common_source_unshare() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${UNSHARE_DPKG_SOURCE_CHROOT} + tar -xf "${SBUILD_CHROOT}" -C ${UNSHARE_DPKG_SOURCE_CHROOT} + + ${@insert_isar_mounts(d, d.getVar('UNSHARE_DPKG_SOURCE_CHROOT'), d.getVar('SCHROOT_MOUNTS'))} + chroot ${UNSHARE_DPKG_SOURCE_CHROOT} /bin/bash -s <<'EOAPT' + set -e + apt-get update \ + -o Dir::Etc::SourceList="sources.list.d/isar-apt.list" \ + -o Dir::Etc::SourceParts="-" \ + -o APT::Get::List-Cleanup="0" + + cd /work + apt-get -y --download-only --only-source \ + -o Debug::NoLocking=1 -o Acquire::Source-Symlinks="false" \ + source ${DEBIAN_SOURCE} +EOAPT +EOF + + # run cleanup in separate session to ensure nothing is mounted + run_privileged rm -rf ${UNSHARE_DPKG_SOURCE_CHROOT} +} + +do_fetch_common_source[depends] += "${SCHROOT_DEP} ${BPN}:do_deploy_source" +do_fetch_common_source[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" +do_fetch_common_source[network] = "${TASK_USE_SUDO}" +do_fetch_common_source() { + fetch_common_source_${ISAR_CHROOT_MODE} +} addtask fetch_common_source do_dpkg_build[depends] += "${@'${PN}:do_dpkg_source' if '${PN}' == '${BPN}' else '${PN}:do_fetch_common_source'}" From patchwork Thu Jun 25 15:36:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5187 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:37:24 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qk1-f186.google.com (mail-qk1-f186.google.com [209.85.222.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFbLDm004703 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:37:21 +0200 Received: by mail-qk1-f186.google.com with SMTP id af79cd13be357-9158f2c4b55sf3247685a.0 for ; Thu, 25 Jun 2026 08:37:21 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401834; cv=pass; d=google.com; s=arc-20260327; b=mQRortCNHtRo0MUWdZFVUS0q0emui770PjvDB7/qqiafbhGkbxOD7oiLwhs6e9hdVo guhR4bL7t4g8gIquZvOE+H3ePHWGyTfxCmaHNWjWQZnCE94K8JMVCIlgI982IE2dyGH5 U8fIE/tlK9x2uWNwPWp+bSfkPCn/sFDrvugE4w8HOgI029aLPMb2+xzJlsw3sdj6blJu EDyVjhRBVAeVMl7aptc9p3rBPgR4w7VIgSz8qZpoAGe7hrvkAfSJaGzUFE/NZzy74hnv GpWUIBS5l27pWWXuktIt9zRaxfSLcipFLWHxIHQBXkfcCky8XkdX8GM7SpTn97ZEHAZp /AUw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=hykUNyj7ZHWmyQ5WsuhWf5fGxuC1kLTzosOArmSrqC0=; fh=LC13eY3C9WXJMhxaFYozhOba16UJNPok0hCxGFh8vzc=; b=K4lkD4VB9Bao4scERbW2ZwoqSz7yquj+gWKEdhS+FaPo3B3n+te13TQmV8tlnEefAd uDkTl+q8py63ycfjskesZTjMe2tz2NI9JNPylmMkoj6b8rdemixoC8h40m0bBLR8ZUSY BQ6U3C8odIF5heHh9WhTCO0pecQ6animdqj4V2MWDMxnQyG0F+EHjwCUeK2uMO/B/EJQ CwzM5BPBESu1bwQl1po5tcLEajS3P23nqdYJ/WLmrpURpDO+OKL8SyR/ZJ3bCOf++q9q wYb7scyy6wfXf62hQT8e91bx9a+9WMiGHSg4/IsqsKL8jRGHWoaMoGWbdIrSjQjoPxw8 VX1Q==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SnrMMraa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401834; x=1783006634; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=hykUNyj7ZHWmyQ5WsuhWf5fGxuC1kLTzosOArmSrqC0=; b=Cc31rqlmf8HQe/aY9aVhBon0K4YqVuqGdFH4Rx25BKC9O6zVvl2x2LEW3k9jTvCw1b J2YhWtkoUVNFXAy8o4OKEpb1QLsb8Rh7LTgVyc0U+gKZ2fMLJKxSQK0roLtDdrFc4vUl 7FNuA6XJsnw9oB9e9td8G42pnVKCsBgfYgjKn+vXJQUIfALtKKEXOFmyH3mdxgaQqBti Z8hnUuYz0XEv79DvDhs9fwgRevpLWX/tfYY3igM7YxHVgznUW02devVeY+lRQJprC7HU BQc57YBfUfMvt1mZvjVc450pwnKFa2CxlZ12VRtvfYLWgViog12cwAu0gU9YgI6PH/xC w7qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401834; x=1783006634; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hykUNyj7ZHWmyQ5WsuhWf5fGxuC1kLTzosOArmSrqC0=; b=iuxH82yIyiwRVRI7tNajkXRMChIghtM3p+zlxE9Y40QpfLZAz6lhA924bgcUYtuzN3 WnF2GXglUfdBfsfGKyNAGgf1VmAfsw7MNVzcmaPb+5FYpxuUq5p5Ju68ssXNSJDoJ+WI Z9KjGgilqj40tZvqI27qaakZOsMIpnIn1fPk7s49OINg3iPIQXTPNlx5IWvvSqrLtAo4 V54ulYDoqb/2mwyucu6yjj0exyl8Fs5NNbA3HCzGGkgqui7ZlXHzG693tpjlm5Gk3uML Ag1GdTG3Hvw42FdsB0r/gXaE51pCm6CPLjOFcEeqQKlI6LmsXg+SKdvb6HFcD7m9RQui W3Pw== X-Forwarded-Encrypted: i=3; AFNElJ9E7yvB01gnAwY4qlW+n1MbfzfJhlX4K2gWJiRO2J0nTQyP5mfwCG5YhPgrWen6V2Jb4Z2EIwc=@isar-build.org X-Gm-Message-State: AOJu0YxwbdcSp7701tD8w/2iqCBs2WrI5hCGxCHsVOAavOKbzOGr7E93 DhguiT0OElYTYkcsI9BZhaz/d91bnsxYPPPzpQglcX0gnY80sSb36p7o X-Received: by 2002:a05:620a:8396:b0:915:94c7:5841 with SMTP id af79cd13be357-9293b475d13mr438373085a.12.1782401833751; Thu, 25 Jun 2026 08:37:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdyGmA7zcXpdKWHhNdx68UgRb7tpGzQ4a4ps3RzdOiGUw==" Received: by 2002:a05:622a:2c6:b0:517:8944:af5e with SMTP id d75a77b69052e-519c360f727ls167632301cf.1.-pod-prod-01-us; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) X-Received: by 2002:ac8:7e8a:0:b0:519:dfd7:70cd with SMTP id d75a77b69052e-51a72a9a483mr37055271cf.49.1782401832575; Thu, 25 Jun 2026 08:37:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401832; cv=pass; d=google.com; s=arc-20260327; b=bR4iMHUPizzmVIJyjVQDW654n01zQEwMeGbTO26HzGribpD6LurgjEWhmHNXeQ8veH 01389DwSe6JIo1fm61WUTo4UJV3LSZo1+slg+tYxvc4VrVbw+3MzK/9RJcCuZwxG3qLM JfOakIbIClYQoHIQW9bf8oVyU6xjWrpvp8fhsVuTMy79Jojvi7PagG/jRF2UCxPb+t7H MBSTFgnyZRgKVxF+I0cpMuHLtXqsm0xCIC9Z8CQnQRdSC6PPdYfqEfPEeuEEtnutR7pE YRLSXn8vYCUz5WSvT768JGzIoSgek1BBZO0f+3wxnHONW8/C5SNpUmpVsOFXBl2MPsMU CaUQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=fBscqkak2GbT+VRHQAZcHLh0PbF57ACpyxAzCqMPbXCR57xDq2RpEgBJ8Zr1aGbjgs fKdSF9udiOe3Hprcn5KSD3oA3Q73aYKtDgN8PkD0bwuGdODTLEuUAuZGKYNCH3+sgath Qm81Vjkpy9Ss8A3OKYkQ8yZA0v0/axBOom7EezWHyHr4yad5pR5qT8QGOqO9U++YOuY9 Pu8MMPUFO7P6pOkG8qxZbKGHGOXvMmUi6D+YFgcRHAcPsW5+ms3smUz1A9sRLUR4DP84 qWNctQIOKJVFNiwUa6DmSY0vNa0brU0VTIhx59f/B403NztNdFnB3ChNsBgQtlhaShfY edYg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SnrMMraa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d75a77b69052e-51a5175bb76si3614811cf.4.2026.06.25.08.37.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:37:12 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pnqaVLgcQPfgXhnQMSWp0DXd789lqft0VrLe4RAvcK0elzUWDet/ClgPofFXtX/LEfAypi5xmNBV0xCrq4m35pQmE7rPkWAUz7RB9mddEloE7ZBZvxgPuAHSgrkbiXKEoJaojMIk8/f+ab2Xj78sMY7U2V4nn3kUpVWTkxfr62aJYTims6IgzNr+5pXlSFpKY7GPVJjO1D2ydlhtA/8mZicYoKQTIfkX/PMXC/ZQq9+1oY/TVJ9I29DiduWHrNReaEi4SUORNz68mKUYuUWuss+iMOfMqsz/xkPVcB0Q33qJKDyJZayZoKTf3LvxMdzwxJHM70xn6Fnfm2LjzWl+oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=DRr3M5Vj68cjXHzMP4Z/lj/9pI1Bd+q6rEUIzBDBaO5ICSLTL8JJO2AGg8eDAJxOGPwSiUlyVLydDuFsCJQNCfBtD/XlbankHskXAplSdjrapC5jd8t2TBrxykdEq1ZRNTFUVwA+XDdLAOLl78RWA8QAaf7pPub6c3V0ZGQOcdg0SLR17T1prPWmGjV5kMIjep1ZtVHNU2f2xNXNzw6QUwa0I2NJk5jYzKZY0IKbNeUrmV3eJMvuQIu74rrF40eWMTvCVR/Kg/bC0rlmspD9obvPvx/bRZMhb96xt42/OgAUrkYc+yr1qvaM5/hRCBYNFsWcc0H2rhT65blIEoa9Jw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:37:09 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:37:09 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 14/17] use copy of sbom-chroot for sbom creation Date: Thu, 25 Jun 2026 17:36:48 +0200 Message-ID: <20260625153651.762936-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 91a3294e-5264-4425-ac68-08ded2cf9e6e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|6133799003|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: q1XHkMXHaRwS5AsITD1Ooi2gqVX+ueclpyv0uTVQ5+Dr1c59dD1S6MQE6fRcTcMWbi02kOe0HXnocaM0/GQKTHZ2Xq+eUe3ZhZnQ1ZH7suVO36QlyKHdENpprnL8RIQEXU8gPrVSOcEuCsvhpyBxJ0TBDfD5gcC+hMOPtwt0ZCGzUkY7dxT/SPYURatoK4soQzGKShv74vNKHhRNdLQ9inVB4pYLtp+CBK2/vm0DrWBE2jXNZmop7uavR8Vl0RJ6qHsFMpgqj0toqgbbkt4ton0OJ9hYtsRBDE2x2jo/Mu2ySlIqozhKOvqvouc+ktaA1lhYZNvSm+xt54zogpyL9St6WaEEQpk5d9ywMR2Ruzkgd4BqMTld9Oc8NImBs88eSKFByWqLemgOVXdh5hfq6pnDl5Ufxv4TJfhs5poGI7kehH4QidTdNNr16HXZdZIEWpO7YguUgMzHSdkOdRHvFbUG+c4VkZNGpFd5IfN21AnmgEPvXUv/GwigAwrlm1sLG78Rw1xpuPWMackwKU9iiJVBA1F+9MYvXTGGPXwW5DbbBIFiEGsoFpxinx2tVbrTIJRPj/Jvcj/b9YQyMUxspJFsIhYz894i7K1Y5B8N9Gw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(6133799003)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: aoHtQiFA8SMDakrPKgixZToLBWSJXfPhA8/sS0fGE9oOTmO75BnLNkWZ2Xn7TbkDCzE8q21LRCyQJEEyaZR0/FCpPwErwHTZlBTrUAJE530O1u2KthgFZq/2Kykj8/eVBmMhVIz8ZxHsT44wL7tL54cbBKN648DXN7auObAnQvKVxi2QLDoQrWWSgX07XE5rpeZE9n604LVVJ48yL7gwdi9S7lz7nT7rtAwoDpoDFmwSzhHI36xQtXpS5SLhkykQGUBeVUdYQz0bZLFwKb5F/YX3hPCQlkvu8n/FmIkVcE1ca6FmKcC532ngDTC28wO5LpyJheIgfTIb11xpTYtrezBawDKI8TF6FZ7j3UDR8yj5/tdlnuj6vW9ZRXi7FM3uJUde10aA23UMM38933BQzS722gpEwn0G5qQLHXR3LGaJG7X3E6Okphtz5KR3LY2lUCYH16bnCW545DPo8JzLc8eeH0cvqfcKXnJDfglB8WNNTrsy5JP2woyaFLENDGXfsls7uiKIRUlyKyNxkLSjvAjx8eAnbPyDNuD9MQ1ZpYKQwd5qYUDZxw5P7FP9TOW+rpLZQFieSzVVWgFEwiU8UssVfo0FvSWbGx/3aZ95d2dGt6NoDcum/qAhauAQjgvokal5P00g7bciUMBn/VFWkR4Jagi+I1teRz2XRld7KHrC+OwF/KqrZhA9XeJLAN8odmrV5CDwu6K5+noqdvzWFlyldEOVs01gPVvVC0i3/v+UQHc/nyGxHUY4Wm7ybNY4iqTPlVww5BvVgEHSpdMsxhOXOGwgZ2vCfqedk4sfd49M6Ud8zniLLP0RHviXrs9/vTA/SYV3PyfTegW8X1WsKl9oGkXMyq9r/dTgcUakoZQscmwIapP9sw6+Wz5HBvX3RhHw/tIzJmXQuYkRyHGS74QAqzorsh7Jf4TBY+RRp9VDDeQyYkZUC/mc/bPHXUWleA4LRhv7mCo6FtU6uNaVozzNn/JYvoOoT+nKcTB5L6aYuY0vTe+IFbEIdIhFXkyFmQfbsJEnIMqLCr3n3hPdIGNj5V1T3i6ppggsRnPy0xk7qxNH+sJaU7ZIr0EU4spujdrGILiGky42mRtVqQ3upVwZWUAvZ49l08Lv0aWRlGrmdJ5tq78TfsrLzI0YZK+nKQ6suHW56vDRXaOwNu0MkKdaJh2+ciMpapaX6Fx+eZPFRw8h9+nZXdd/eakfXtfkvj+xordeXKLxpPvA7meiCe4eGKIpK9n/6uaG7esAjMWgcYQC4xhvB1ueXa1WN6MwS50TjmLhIIcjbg/ZWZXbpl0w7s2nEdSyvgBX+IigX8SzZX3ZTBTZJikOnyIfdsNKjg4YoI7taQC8kN7VZc8FKRXkQHFbay9wm9Y7R+5Mf2EcevRJTemksWtEp7H4XXtHjov+ZqdZHxB/LisDOukHO9CwySf+lExLq866ft2NpGwcz6zyAuRLZjphBNfZF6dDK24O3+qFgpoqreMxtqxenihDnqxg08ihry8nzlO5nUdgpSmJ0K68uW0x8wNfiYxhWiuzroFlTG2IzPyKyEFjOWY1Heo+UArav1YgSnAH7rTVygVGInWALFv7yObgXAaOB53DCerpV0CzdJse3rwqahNrY1OOqHAKiMaE+BCd01VMXxsKrxUjylYJpoVTv3Vc7uHHhRAHwX/BfrAsmSdBA42IX5ErWLPdSifxeB/wt2CsYKAQp5n4BKTAKD65mX6jMdqMLiqigX+Y/In1NIR64XFOSHO/TwIxpVwJJSQ622PnirnqPxfjd0YPz3TUSOpu9XAEbrN+ X-MS-Exchange-AntiSpam-MessageData-1: vFcRF8URmTmvKYPurTmwWTASmNQR+RiiWTQ= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 91a3294e-5264-4425-ac68-08ded2cf9e6e X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:37:09.2717 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bcxDnzCd/XYaxYPj6K3TVh99rrQsqJ1GOse4fqThd2L/yUzuqq5qF68IEPEYO63xf4NCp8If2C3gXbb4ypT4THwU+POQyOZ0W4iZ7I/wS9g= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SnrMMraa; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs From patchwork Thu Jun 25 15:36:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5188 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:38:27 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f190.google.com (mail-lj1-f190.google.com [209.85.208.190]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFcQo9005350 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:38:26 +0200 Received: by mail-lj1-f190.google.com with SMTP id 38308e7fff4ca-396d01a33c0sf126861fa.3 for ; Thu, 25 Jun 2026 08:38:26 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401900; cv=pass; d=google.com; s=arc-20260327; b=W2g0XZzy5IY7C/1HsRDcNiyjstgNkNmTvrHo6B1u68sG2N9NKP/HytBissWiky0oz0 8j6tX8wKkCCGR9+33MUkWVG7kFSvoiL2viBfCCZO8xA1a9Bb2EQpw/uNaGENVpqvRSqs L//LNq63vdNarQlqq7QZw2+HcEwrz4Wgtspa4Rs14XDruQM9XVSNElBRrgtqAfhrUU3f poR9rxvovJXbZUujqDF0OurQUdZDM6AJImbOqaYmbxohiYnDxAmlekMEukG6kSHDzFCS ip9TG+odussARxs43ey8QevEW9l0ALUfQdubmjwQsfS5sW3MM5YzZEZEpRnJS2s0JHmn h4pw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=rk06RiogR0meHq9oOLqD4yF2PQIU0du3CIOjQm/i/+g=; fh=VR4zy3GoNT9n2tDfy8vYWD7QSj9oQsLCqX3bBiOkiVo=; b=lGyQzlV0jUWGFGbHpfDFRgOmBFb7niAjWEav0CYRims+YM0M/XamZmwd9cBH6C2plC fVt3vAfTDaXSb/ZUJzmsMwcS2lsG4fOV+r1JoemnocLatgPWBCawHgKYGDknkkrUB+Mo sBO4Y4RJmAoohrbZmIwhbpGWyI10yvHSMFlCpmnLm1egZueA9w1QYkE0jsjscEbqjuTo myVTfv88jfrlKi1aS6+v59NhEQXeN//F6J/Txx7uq8OTqJGc0xhJoNUBVxoX1998MceC aDRQ+GS93JoUB6p2zwcg78EaktoZLRwFK4yGFO+ctQYATH2HZaeww3YbBd9KrqAQq36v QuIg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=NKEGMONH; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401900; x=1783006700; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=rk06RiogR0meHq9oOLqD4yF2PQIU0du3CIOjQm/i/+g=; b=Hf3y7bq3IurqMbjCZIqz6x6Sf/C6o/b/EFg/fkQNmluavudeZKcJNFrvT/OFUTwaiV ZV+q1EAffOnF5V55wgatP3OMBKtDsjm7ey9ZFK8eqEiS2LqibHuYdIKPpoasFOrTj9QW u3tfE36zXpJYmfBaOcYm9uKwPDI8BXV2qAPk7DL3kyoT+qP7elWFDNEj2sTl8FUEClk5 Bc1myGMbwF8V8XuJH+0ioxpK3JrxxL9tqWm0FFPh90C5bP8gj7GBfUfc3j52waGqKSuu 2F5DyvQ7rhec1ryqOdeIVPUEfW1dMcDh0B7ZLoOteJQ3T54EbE8ONI8pMiZNAA74b6aO 0S3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401900; x=1783006700; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rk06RiogR0meHq9oOLqD4yF2PQIU0du3CIOjQm/i/+g=; b=MNU6G7lwf5QUB2+8w5ZD46K143LDCkz855ds7B+Cvz40RwDbu95qgb6KHYWTFCeXau /8p/lfcoBIXjSnJtYnLd85jffrqahExnn/fHabuyTqmWUs0yaZcg9MiGCK4lbzmpEUlj LKcxq1hlUmMyQKG308h+wmE7Fp8PDYUXgU/HdNlb8GCFy35hwY4WLTxMZUp8wbhtwz8v rMC0b59KIn0zymPT3PHdi8LQqiHORJPZ6EYfIUB1hjK8j1YzqiRjKIes6at+eXJQcHiO xKaZ9cim1ct6FxT8gs701qXCkA791cekjt8TZJczYv1Mp2e232n+7lABwUKShSGl0yBB HY4A== X-Forwarded-Encrypted: i=3; AHgh+RouUPHB4L7yrYuHFEgedUMUyINAHePc8MX+cOe1LKvsTL1F5dRWXz1/EsbhS43uMichuvdpVaU=@isar-build.org X-Gm-Message-State: AOJu0Yw16k1OEei+SwLugyE+7Wxexe6BQrQYxx6Ky/q0nONriZ4fRjh0 eKj+jX8hGoUvPiMuMGyY39ER+h6Y1JUiUnIHUwMoisf0DYUyOdBwaTel X-Received: by 2002:a2e:a881:0:b0:396:71a0:7753 with SMTP id 38308e7fff4ca-39acb41f078mr8793021fa.5.1782401900305; Thu, 25 Jun 2026 08:38:20 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUc+RzMBMjAoH8ihHgn8Uj2Gu4sN0uIfoN6SUgRIcOq/5w==" Received: by 2002:a05:651c:31ca:20b0:396:b0fd:8dd5 with SMTP id 38308e7fff4ca-3998a6deef0ls4148841fa.1.-pod-prod-07-eu; Thu, 25 Jun 2026 08:38:18 -0700 (PDT) X-Received: by 2002:a2e:a106:0:b0:39a:cfe8:dcdf with SMTP id 38308e7fff4ca-39acfe8de3cmr7920891fa.31.1782401897851; Thu, 25 Jun 2026 08:38:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401897; cv=pass; d=google.com; s=arc-20260327; b=JpDF4qCdK3HNlT00MAnA69bdMupldYfNu5fU8rhLCwNYH2aGEY1l1hU2REghVlZZ2K 7gBlXowbIc24UoC7etquf+1ILYnHxTUlqfUt9SD0oXUYNi0iqqV00BsydTzCGo0YiFJS KAn+OEPOGyrYNh9Eo7o9e6DJbn3Bjicc4QT/HJpYy49B84Dae9YHv4EzB/UqszXeHxd3 IgjRJ/kS2r46eSUKZzyak+zInulAWfPH5xmqdcjowc90kN/8GGcC4AtZCtfhlO7hfh6p 8xdI2gQp4/HHKfVAQyzzuA7FAqFPxudFFM9zteytyEJ638dedEgUUCpS5YVYuzkK458w jBJw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=ckdVx7799XAkaIh6aHCdJtsTVXYvcZSNkRGesZd8SDZ+UFZBSwtEmF34mlaP2FjTxt R3mhfniNhmiJsXOxxE4H/o7HKye2ajaHhzCPl+GdV+scoP+q5qisA3NAQCs9rcfDSL2e +0xQTnR1e+ogC/BNosHruritgzMUJT01CFBVy94WZZP+dlF1gCUa6RSzBAgp00LDrrnI qIx34E2M8xd6vrFFTIu7H2xO3DNqysTvzh86hSlMDJiehpJkpyc2YfROTCjsztyBaajk e88pPpei6Pi/S467LFsLdvraGnH6ziGAQ5z3KFLK9oy/ueYZAEIft/3jiUCU0cqPnrAr gXRA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=NKEGMONH; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c201::1]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-3999b26ae00si4302061fa.5.2026.06.25.08.38.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:38:17 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) client-ip=2a01:111:f403:c201::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PSZ2RYUsjJj8e8yKPCQkRv4ISw7UIwKmDJ7sCIJaW4S0VoyI2XgUZCquqrns7XwEe2T/jwNMo3qGhyDgnkLd0FRQ6wc7t2ewiyUCV62arSVbjsd+GDyNO5DWYkay5IYWu/SZV/O7ZJWxAGuEHN9k7Ol/b8l6QPdQbuTM/B3Skz+hM5WmhpfmOn42y06D5519A+5TvBhi3/nu8Tao7xi5zGJLRydzlkjVP6X9ZxgzJ8KJMZvrQVdrzlHZamseZIdUhnKAaCtpdOuLGZNLcVb+Ed4mLlOdYKLGwcTYQdtag5qwmTcoAFPn40BQuJ6oUvazexSPxP08LAyy03x4rvsY9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pNHa9PFlKM9SYg0zLDWGVltDPNqPSQtz9f8LmHbm2Ko=; b=PWJcJSLT5Xc3IznRzI8OGRwcbBBlM/1bfb6xlmTAkTRYYPW0CPRDzGrQrxLCnaCESOjRk+K5x7G/ZKJkXL+X2FJ0fWl5o4SbbOGvi+bYpKKaINIJ5mEk8tyNhJ1NnaAycYsKhpV9g54qoDRBQKP3JtI71Jf4C8r2SNe2XoYTRfQo3YHXkC1Gi3/9Z272Bq8htYPTwDDK7+HlSmH7BEkj81ivQHqoxxQFmJFZNl2npvaMM2/olfGoO/F70+14If3lDIbcaXTZX1j0RS/JqJ0QKwpKpTryk/4lbeh7AJxtJy/Ctd0b1qRvVWijRysGrKM9ztMwWqywF++J/vwnW5jVBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:38:16 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:38:15 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 15/17] add support for devshell on unshare backend Date: Thu, 25 Jun 2026 17:36:49 +0200 Message-ID: <20260625153651.762936-16-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0137.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:b8::17) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 0fc187b5-84c1-45bf-aca0-08ded2cfc61e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: t3hkI/tHXaD7OwMvpHzBJUL9/SUNGxLsJwAriyvnSBafHclWA3vh/SGCvJXxrioNW8pCKaVJASL0F7Q/DovJGBGFYsKqfTWIa13sBcCjGSEBJg53PoBVNqp+wIoAD8J+yntgdvPtI/tDoDmoV2LQhHQygTZBPn5jIm/l5K51htJPuiOCCz16T8f9KNP/Noa1SxFHRm11mVZxWn56Av7SEYf4jUhbIJJDNXcm//p9bFgEbJ7qGN/qg5r65rvuoCOUn6WvyZYUZJLdhYpbhGP/FWUw8ldjV2OeDawFVhv1j+6RGUctVdkjuNgftO7jmTnYmNTf16im7bTFYJR5t0nsPijUTJ8SYNhzGd90KhpuMqRJXuvJciYZeg5FwZJ1TDFTwFriNosyjfjG959CpsxvLp3SInweihTISr/QFD9OjtO2XWx84eryTjYgpxohust4sxrsjPlpsH8FO5CyWBv6h66vbtRTIhRAY4uH+9Rn9aduF83n9tTTlwO0qPc/xHHf/J6TDMo2ISaj1NlkjeHjAjPqYF+aS3j13PgtIWrDSqauYE5VVxLr6NN6Sh/TSdxNfuo/6qx8bSHSJq52MVS5tyrJCDTJYaJqm691vYPkK6hRol9jA6xn41apVW7fCoGUNbpK4/zaaQGUxly9e3JEY3ObPNzABt8HjaLZmHOTNpw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: Kpn3ZIxOH43IXdXtDSRbhATphrzmGYU3zBi8BzJNipcotCPMyJ0Wg8zzsm8FJ50v/o3Nj1xWgl3DSxJ7jMxfpOq2EDqNPQD+lB0NcCbl9Jhqu8K9tuverDYfwL2MbaQinfk9tLfWOsIX5vrrFRvVuY9i7Ylt0qtv3BBL8LISs1vX7uZsae/7hJ86rPGNyXSO4FciUtBGY6SQGclIWNbS5xx98ckt1bodKbxmZZ/uhEVR+dQ+qJvYDYh1ZN//TzdXUyA+ZOMt3FlS/Pco11UeZy48bC2fzsSNN7vVmHjie3SOpPWFMYen6oUcQFZnuTlsI0jhkGym+tsel8QRk0nC4tOpqrm8ks2xz+aCIELgaiDDSajmtVxciZEhHA2lqKey+pf/MdsWK9xg5ps+1b0Lw3fmINYJ9o1Vvb57EMnQObDKT4kdYO+XvVhPl5xzDW+RrLe35P7PVTvLVHStrI5/NmjI3zKslqsQ1Xe+ZlVH3Tyy6+6D0EjHE6ri9mCNt+N7+ETLh0BKVowdc/pjJII+HXMU3nEFLwO/rVxOS3Sdm/FrpH7G5Gg1w0oxH2up4FkWAjgRJUpFbp4WyKGjZVx/Bu4ywERgdhmEx+DzCcqBDUxQqEYEv5W9JZKGsbKAsKrcmyHdvqTDVbJV5p4Dvuo13utZuYK7FRp3V8KJXkRnG1Pr/vv+bhwoWW2ubrcyqB41UWnw1HSusqf9m3whzYC6UKlgxsQtFxxRkxSP3ptTn3zIGUsEAMuM9/0MmpORsfCSMerWSZG9vKhVc+SA3M/pNCY8DD4uc2mEh3SePvZGdnjqZ8vlwOS3YaJxwYUBRJgS+nMft0L+WmdE2GOQSTONGoNuhqswKi+EBN/4myj4wd6BkJfMkgZBgDMtXG4w41e7KDfW77Vrt6VkBrEgHxyWkdhhZyayCpImqyCYCRHCSedgGrEPv5xdef3Ra7UIVNBEH30T8AerXw3cjj2csjw5Ha/MH1YgZQ5e8uS12VQigKLegOKe73rDrznnuUNt67aKkGpcQeo5TPkwg2NYUQDB5kwRiv6v7GsiOdL7nI7V14RN+upsESaR54KORBJaPtFlfdE3sT/jBSsxD3tzwrB/D1i6ajYge/q/XmYDs2Pvmz7IUQZkCAW1hnUuFvW5T7wxLg9TdxElzFw3Yw//mMHB6sZnGnHejVOviqdMPiPzYL5eX6lIXIv3v10IKVQAL9f9VN7UxR8DGQinZvL1b/T9dR/n2mb3sHvxQKeuvdsMJe+PKoMLSPoFRsNxir9B3YETivhMkrx54Us+D1EWLfRmne7NeYAmITRNHkGhwSOKdLM/catT82ln/zZ0WLYYdCVfnz3kC8h1KqBYT4HzppqquojysG0lYw1BrFNVSwi6+zkXKW0ztnKdYzwsm3N14zFJ5AhR+602Qj9fdcL9MhtYF6m1yewofjfmUY6b2w5AQax7nmrq3qzZHx2Do+LIwSlCvfi/YDrPT+HsapZDxuQhscrtNhtKI81X6lJo8GzCo+STRPsEaju2RrJb8eXD2QbAA/IbKxtIWlUbZjAZitxOtsrowjJcySYAwnfXF+Txw/nA4IFLyOwQXBIgDpBqS7fmr69jYUoQqW4Dz1bpH0ZaYBGkkZPj4u6GYnj3lMkK3ftI8pRSOvDLsooybiwJy0Ju/EdD62HVouM6jUEvf6INVBwn6Vyjolgspc2mEZ6Cymrlh+vVpe1uzHfQfP8HMktti6FvlNNNAeXxvApgSxtEk2J3DIj0B5KR4lHM4iZiRc1qrh6Lnmjnk/GdHQMwLHruuEUoNTVZ X-MS-Exchange-AntiSpam-MessageData-1: CW9qIVsfZnsLonBZlIN15+3pMuaXzkKZPYU= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0fc187b5-84c1-45bf-aca0-08ded2cfc61e X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:38:15.8182 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 04l12AOnWtBvOMPNkPMFUIkO0lw6tAXCCx5g2He1p8MTB5PFmuQffXJaUj/0b1gfg1SvHYpAR0Op3RjcGRluvAOFtAo5nNEPh1G0VcRiTMY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=NKEGMONH; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Signed-off-by: Felix Moessbauer --- meta/classes-recipe/dpkg-base.bbclass | 68 ++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 12 deletions(-) diff --git a/meta/classes-recipe/dpkg-base.bbclass b/meta/classes-recipe/dpkg-base.bbclass index a0d4fd05..b3583373 100644 --- a/meta/classes-recipe/dpkg-base.bbclass +++ b/meta/classes-recipe/dpkg-base.bbclass @@ -253,13 +253,11 @@ do_deploy_deb[lockfiles] = "${REPO_ISAR_DIR}/isar.lock" do_deploy_deb[dirs] = "${S}" python do_devshell() { - bb.build.exec_func('dpkg_schroot_create_configs', d) - isar_export_proxies(d) isar_export_ccache(d) isar_export_build_settings(d) - if bb.utils.to_boolean(d.getVar('USE_CCACHE')): - bb.build.exec_func('schroot_configure_ccache', d) + + bb.build.exec_func('devshell_chroot_prepare', d) schroot = d.getVar('SBUILD_CHROOT') pkg_arch = d.getVar('PACKAGE_ARCH') @@ -271,21 +269,39 @@ python do_devshell() { -t \"apt-get -y -q -o Debug::pkgProblemResolver=yes --no-install-recommends --allow-downgrades\" \ debian/control" - termcmd = "schroot -d / -c {0} -u root -- sh -c ' \ - cd {1}; \ + termcmd = "cd {0}; \ apt-get -y -q update -o Dir::Etc::SourceList=\"sources.list.d/isar-apt.list\" -o Dir::Etc::SourceParts=\"-\" -o APT::Get::List-Cleanup=\"0\"; \ apt-get -y upgrade; \ - {2}; \ + {1}; \ if [ -n \"$PATH_PREPEND\" ]; then export PATH=$PATH_PREPEND:$PATH; fi; \ - $SHELL -i \ - '" - oe_terminal(termcmd.format(schroot, pp_pps, install_deps), "Isar devshell", d) - - bb.build.exec_func('schroot_delete_configs', d) + $SHELL -i".format(pp_pps, install_deps) + + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + mounts = d.getVar('SCHROOT_MOUNTS') + mounts += ' {}:/home/builder/{}'.format(d.getVar('WORKDIR'), d.getVar('BPN')) + + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('dpkg_prepare_unshare_ccache', d) + mounts += ' {}:/ccache'.format(d.getVar('CCACHE_DIR')) + + termcmd = """{0} \ +sh -c "{1};cp /etc/resolv.conf {2}/etc;chroot {2} sh -c '{3}'" +""".format( + run_privileged_cmd(d), + insert_isar_mounts(d, d.getVar('DEVSHELL_UNSHARE_ROOTFS'), mounts), + d.getVar('DEVSHELL_UNSHARE_ROOTFS'), + termcmd.replace('"', "\\\"")) + else: + termcmd = "schroot -d / -c {0} -u root -- sh -c '{1}'".format(schroot, termcmd) + bb.warn(termcmd) + oe_terminal(termcmd, "Isar devshell", d) + + bb.build.exec_func('devshell_chroot_finalize', d) } addtask devshell after do_local_isarapt do_prepare_build DEVSHELL_STARTDIR ?= "${S}" +DEVSHELL_UNSHARE_ROOTFS ?= "${WORKDIR}/rootfs-devshell" do_devshell[dirs] = "${DEVSHELL_STARTDIR}" do_devshell[nostamp] = "1" do_devshell[network] = "${TASK_USE_SUDO}" @@ -299,3 +315,31 @@ addtask devshell_nodeps after do_local_isarapt do_prepare_build do_devshell_nodeps[dirs] = "${DEVSHELL_STARTDIR}" do_devshell_nodeps[nostamp] = "1" do_devshell_nodeps[network] = "${TASK_USE_SUDO}" + +devshell_prepare_unshare_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${DEVSHELL_UNSHARE_ROOTFS} + tar -xf ${SBUILD_CHROOT} -C ${DEVSHELL_UNSHARE_ROOTFS} +EOF +} + +devshell_cleanup_unshare_chroot() { + run_privileged rm -rf ${DEVSHELL_UNSHARE_ROOTFS} +} + +python devshell_chroot_prepare() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_prepare_unshare_chroot', d) + else: + bb.build.exec_func('dpkg_schroot_create_configs', d) + if bb.utils.to_boolean(d.getVar('USE_CCACHE')): + bb.build.exec_func('schroot_configure_ccache', d) +} + +python devshell_chroot_finalize() { + if d.getVar('ISAR_CHROOT_MODE') == 'unshare': + bb.build.exec_func('devshell_cleanup_unshare_chroot', d) + else: + bb.build.exec_func('schroot_delete_configs', d) +} From patchwork Thu Jun 25 15:36:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5189 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:38:27 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f59.google.com (mail-lf1-f59.google.com [209.85.167.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFcQc2005358 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:38:26 +0200 Received: by mail-lf1-f59.google.com with SMTP id 2adb3069b0e04-5aa932535b9sf828661e87.2 for ; Thu, 25 Jun 2026 08:38:26 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401900; cv=pass; d=google.com; s=arc-20260327; b=jXTDwzEgRl8fQMWYxAZFrozujCcnGXFFT9mtC738xSMdj9vuBm9WmKCWiJdgtEuRvp IAhI1ndRDTuWr6D9AEZcfm6nem2AP82XN0dM0zJtzVsPzbKKasjEUSKkPM+xKLJjGDcF sttQDbWluQI1GEpVaU8iCo5E8vbeVpcYveaUhHhhSmV2A0R5VMJgbxwuv2aJlqf0yVyb N6mcE09D2a6WWe/kI00FvRbdSKBwnAVpjNaMCXoheCoIWMG9PvW8mN3EzKkj0X9EF0fY cxqI2tetzHEZk5XTN/arA2k0+Znfu9h6zXaHlhyxt+weCk1lUTEyu7cpL6+O1X52qqM3 7S3A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=zLZuXV7fLpqB1O4If9XHlDS0DepA8zylS90pF/J+XD0=; fh=l2OoREb26IN7VcL5yacRiMjon/2lMqo8EEoXg7jc3G8=; b=A0HuTDrUbnYnB1B9r0iV5QDs6LskGHVwLYNx0L+0sO2kbuLhRR0sU0wSq0MA6ZtLIr Ov4S9GnYd6ET20R84rSoarBYgWARjiSL/wzuTToinp970sG158fslg5BD8ybCQ3Fbq3H EmrRZkIS/29FttumU2RyjITSYpvrd8Xo36/7fLPTfOFXiUlxVq4BVueaCGv6/ItXuLgy NrghZs2PuosQJLN54FLt/MVGHnIDEKfvJe18WkwJbzrzbLuq6pgzU1Xd1DmQfQz3+B6L CjnwBiQ1XnhTYXdmKXsQs6njMLg0AtMyX9oiAefGkgYYoDqqBtK5n5FnRaSAQxSrKwvx gMhA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odg8MQrt; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401900; x=1783006700; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=zLZuXV7fLpqB1O4If9XHlDS0DepA8zylS90pF/J+XD0=; b=KxXg3U4XvmxtTt2TSYnQrrZt5KUuQYVD6uJEVM2PytzKIT980bTV6SKd3I/XkDgoMd qLx/i06NJ1vuyUXTfMwWR510awJw3SayjwzFxR0GBccrixIZYaDNMHdezWw/gL6B1jhk JbgVwndSv3ixZbavgJPP0NZhhD+65jAfb4kq/Z2NwRVQ+ZDMSMlxh8vqEnTXcYX+uCgA lTmThUgzCtoM+14C3bGC38oWILCMj9WZag/uXmabCDVVvow4wu8fWxWRemVqRUEvDQ7W 6Ltn0DJrgBdjACR0kVc0XEIAGmdMR6zw9aOykUzXK3yeEOBLJUR9Bpg/EInp42Dt+B7D LXyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401900; x=1783006700; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zLZuXV7fLpqB1O4If9XHlDS0DepA8zylS90pF/J+XD0=; b=A9PnbE2d8EoTyRMGa3HovgesWIDX6sDEDJ3e2Ubv6vYO1orIlK0ZYbNtDdN8FJ7gEe Fi4I+lExbANxBCySCBo48To2loyrLTHz+1sghH2Ol9Fu07hXKDni/UX9YriYy3VSueba l6ny/aU/Mz2O85cuLR+rtfI0KAfXo3WZlGtKzEXZz31uJTmQjEqajXPC6jy2EbxWe4ry 7GVQPnIme9skKZbUQHR/vgmvwm/aXwyofMHNcxLRJDZZdzs5f+MzpaqSgm1t2gPpaaU7 3KpTuZieHhDFZEuzz1ZHCcrtEfS02rZ9ulM1x1lmKWWY3BSfmteVH6Dv906u7NtkU23Y ZsCg== X-Forwarded-Encrypted: i=3; AHgh+RpoAAFwfjK0erUemtR2HvYXPwTMaJaWX5M3AVvXy0dSCD5+PxkWdrLASZQe1A6NjVNndtphdkY=@isar-build.org X-Gm-Message-State: AOJu0Ywdg6h6p+cyphQaLOC8MxgyLDWOIhgG0EXXRFn6r+/3a98aibDj N1IgTzb1KpSQe16sR48vblwk7VBgG/iuYycBxNK0oVxMy9+qawVMX8nj X-Received: by 2002:a05:6512:485c:b0:5ad:4fa2:2cd1 with SMTP id 2adb3069b0e04-5aea1f5cb16mr649492e87.50.1782401900581; Thu, 25 Jun 2026 08:38:20 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfkcW4fB+R1d0MEZnMHXHL1k1YTjmgRnvGb49VJ2CXI0g==" Received: by 2002:a05:651c:4386:10b0:39a:cb9d:1522 with SMTP id 38308e7fff4ca-39acb9d1681ls2250211fa.0.-pod-prod-06-eu; Thu, 25 Jun 2026 08:38:18 -0700 (PDT) X-Received: by 2002:a05:651c:485:b0:394:2b8a:2374 with SMTP id 38308e7fff4ca-39acb6210e8mr6827031fa.16.1782401898109; Thu, 25 Jun 2026 08:38:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401898; cv=pass; d=google.com; s=arc-20260327; b=nKpHwknQlJDYY70bVPlWugp7qr/OUr5eTLBmSy3SGyxasDyitunikxBcFxrkDA0XTc 7XyzYRLULz9vb/1ZrqZdyV9WH5s7wF3ZdYrI68htCFbq6YAJIOvgHwXLDryAiU8a5U/2 yxG+4f+IV/haZvvtb71QKFRVvQdELzbqbtBepjS2emtWGXBo+2LUUfZAkW7E0H8+pU4x vO5BTLgMDfotbNdzGF7eejfgI1MjIn8W182hZ6lBqwzHiOc8XRmgx9H/YtIBSttMjOJn Feon40kk850BAzFKXpevn27ZVscsLndsJZjtJAshkBzpJfiRTKHI9q+nBxq4Klmz+BEY tAjw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=En1JtSkPe7fyS0um2J/i2SJQt6FkrtXQsmWf8vUPNeeBcF8ky+Nsc6LFT0eK3HJNnb 6E6af3W4z2oVe/2mtqyFJGEEpyU7vWxjMF8/nwEhqSAL39xI4uJ9y081zMWYkhu7fUyw j+PewlhSWe9wIl4loVh0YH2AX2cPStSHTiQ4fczuT8Oc8VPUUh4rXJs5Opui4/wm+loq 1Gx4HYlJwBS3DqyVkZNZxNR/V5KT354jtEsWHursrHb2G0DndNTYCg/ivLHuLFpYWaXf 91dvCrrGiBNNyv6Jy/bWv9tHSlDp6yfJDH72NyBAENLvFQuqHKz94R/PCd26sTMi6TLi qOWg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odg8MQrt; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c201::1]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-3999b26ae00si4302061fa.5.2026.06.25.08.38.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:38:18 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) client-ip=2a01:111:f403:c201::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sRFwhk1dWt/TkLX4nNeZ2F7hE1su3GrMVzKS3XJ8O6cEKI0M4DW6ETTZb9NVQZtKtwrAJ32WAUvUJ/FTSNsO+lu8UCfboxMCSnVsuapVSA9c5VFRx4ByBZBv3AQNJ0jSkEqgmN2Fuz+3jsbneFhwOse+RgKjLeggP7DvOoRjX5PfXVbLMhCQAnsvbD/l86WlPFITpFL+b5pvTgryITrCbkpUgZerH1Kf0scUZ/PnGaB1WX2ZXGv1ZEK1m/ytjv8peqdDd6aI2oH7X1ep/tuD9H3/XRQrDEkreYR/BpDSbD+pRromJcxTdLi6dFjVoqrF+HtzquosI+3qKaFw10K/4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=46aOopGhxnSHS5X4h7g5vI94OAutbwEiUJmQTbCAdBE=; b=LWVvW9RYqEKbjxeFtoeP0Q5ZD8JwVkVNwBUNh1sG3mCWaHX/AyML3D/eB0LtdmZ7E3qzqkLJImoCRQ4o7lPa6Cnwsmd2BuKkYFMNztzt/nbD6q4t6C+8S10t//eSiFJaUhvi5KET4huZI/tEt1IxI0RlXHB+wd64t/XhqHN9paSV+877C+sb+18Cp4bj46i1mWHRcKBK6EX0UR9YRmDTj9E82SM9tITO9H+JD4+LQ2un+YBGvAV2nzBDvHLgyTGY8K0u374aGC/22N/ptsgX4HWbSOpmX3DzFCvb7P2iqObruHPu/UekZGn/cQ4L6RMczE4Yr9CFbXr8lnH9O34bbw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:38:16 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:38:16 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 16/17] testsuite: add parameter to run tests in rootless mode Date: Thu, 25 Jun 2026 17:36:50 +0200 Message-ID: <20260625153651.762936-17-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0137.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:b8::17) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 8b8d3f60-5f29-4f93-6124-08ded2cfc65a X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|6133799003|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: 0OM07zTkQhh9fBKjIQcXVWvWrN48gc/hS5yY2hdYIWPW3qCRL4oJgtgohOtefHrIXDJ3O5ap7+ue+tgnKkJBZwEF8a1HnWOlfrGssoFVROTGLv41jQ3yYUAy/WKHfQZzYOwlPVGEFNBxk54fjrLkzrIQvPv15IeJ+3/uWU3zILdhBaWEqqO5dm0Tlfkj0ZU61heugZ778ctM+co3gqAQAjhGiNg7DziVN3GXruwRgf+StBKRTfSE41Er9EPgYE0A3FBKgC9rSxElWKiEWyKcBWvw/gA9eOlqeSuNITb1c06Hi6ZbpW3Uv0MNWzkTMRojLtW8LH+TI8laxfZZPPgtlDelNRxt6byTIkkScVj8bzFudZflLeKHfV6KUvGg5XWDT9EznqZh8p3arGXbxmf92lFOlKz7FD6IIucwJ6Segwy4RayNp7Wicukx3JKVf7+KECwgKS/QejwqsYxHZattVRd/OJNNPnwAojDf68n0F6BhIjfdoN4JiLPId7+ubJFPyStKhCMOR5dWpbqmnovfd9BKOP0NNYxHBMP8CbxOsywmKT2Xky6b/dpls9MNPR35sqpTyFI8/ORA8Yn7QAmzNGnPiVknUuTeULtQiv4wIKEOwYRG6rTkNabkPII77/JzUUycxNQLDBRknKw3XoM9D4IGUICWrmjgbcLrzpEE9J0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(6133799003)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: qn6XephUrR39YE+gHtmw5O58PCssxzyHti7q0+rKIycvirJUY6l+I6UTcBcjsBFPtKnBE3PGhEI/ljeIEcd4RhtdhbPqlXzguGhc0gMlfPD+7n1bUMdT5QpaTGm6dzUU7XM9GbHQTrt06HIdUf6yj/kV677DLMnC0Bwx8Y8Mtq+F8fPecipaVDcIx/c4t4gOsNxW9/U5fvpeI3QaoxrG3wEyLjgdui9+mh6XYBq0ioF6/PjBc/3Kuc4TFBVPPe8ogyr2UftdXG9jfzwd7jguscG1yjdriI79l82HhZFZR4Cjvq2SIGRdACGHPicW0aBPh7W+itFbQvl/WaH77i47V4TIr+abTb2fMH5eNcQ85P1dxh0I4+JcIMcr/AUe3rQS989WrodJm1AKDZaUdAaf3oEINsRRupf9/S/fQUs6qFzhq6FJBzDFXHeOn8eiDe385R6eMF8hqeMT+HcjaR27M7xyQq55nDj0K9CaeBtv6ZqouPtbhAtmXfrs+3XOs/5Y3Xjuw8s9oe/6/q2B2cnMyFY/X0wKRPcQYsqr2Hm3ygCNRdaHu+adO9aBXpqRJrXyvjpu7v0/+C34i3j1GrgOfVfgV3g6NCrRMKSa14gKaInPBhzt2CppidM6NL7QexQKhmFh/+Dk33M8TNRNIf9ue/jcilM4YBVGQixYoaxgtdHWH5BuKwiljSy8HgSB+AfC9UP8aHN9/UhMfg88KJMZgtFgPs0Wvo4gBJrRP/hqqzvAEo0u3A6G75szS+jLc8VwjYeMW+1KdldapET/pt9oJoVLphVWBlVN2j1YzhpFAaHXjUH5W6PmsSj4Az/Hb3D5NDVdUO14gKKPpx8lxia3BmeN+5qJgKzG/3xwRUMCMWhl15qRhlY4WDF6UubZOpzrERtptU8G2C0GUELQevvR0LPlQFhaKhkZiNFLJKLKtuVEWVF5F0prU9eAbd3bm2FxPqtch/w3VBPqI45kuE2LB4lyWPH9n/Gc1rM5qEITi/JXBjKcewhEt3Iei1nxF5fBj/eK6sKVJwb8LwFx05vQM593r5tMA26HkO+kajdLOS/XpOKHcxLFUX4HYz7HwPcPH8l1bn+A3yM7HvbjOWA/GiJEhA4jtARhfQeA/a2NStmbZw5kXctUqdbfcFMaRc2Hed+GolzbFxYWQ3C+hDLiCkjzV6DBa2rOC5sZSzgUyD3vaWvRT5SIikG7QK6y+cICve1UTLn6OzBmiBkOrLvWGGVQHIcnuX+e+9YBAySD4k2yxWhfIr6WX3hYfAECCT1NXyABgMpntSWzWhRx3kqwRV50zHcz1pikmNfxTvGIfY/WaDXbVP/MhpqIPmPoU9+iKQnZWKinhdq9m1Yu8uUbiGlzcKI05BllXCjeqMOK0MmOTMQQoL/oSG6KtfkzpfG0g96PjSsehbGFpDw78kxMddGjT2k1DGjkSk8LRoK/etW+aRL/ck5LJLfXqrlT9XHXkj6Pj8Q9gM8Pojsb91vbT+Z/O8qcsYdMfqpWkwbLGKUkNzFCQvJX3O2XRIOemL63SHfaRau2ay/Hze6eb/XjsjFDpSb8rIfsXuIn27oosS9AeV/ccD4w5RPaoObF+fsQWOGDB4blhc9s7iEpkb2jFSLOdscKCpU12NL97WNWM12bxZs/thvOLrZyK9YsdkfL3oP2UTLThS6YDCu1Lv/SgHWp6VAYLkkdjCvG8ZnAmvSO9sBuKHFR7kLfEm0oXPA/hEayL8fioXgeCKlsAy8l8mk4kQji2UoKN2cZxQiZLzA5v33/vDeW9fq7L56FVLs4AeAV2hQl X-MS-Exchange-AntiSpam-MessageData-1: MLvsyCpl0VU7f6UuzPK7EI+pwTU/kFeQtnE= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b8d3f60-5f29-4f93-6124-08ded2cfc65a X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:38:16.2054 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TIlkXOm97tcPoWb4DBwC8EqdiCbuY1PMkKEKFSRmhWbPTCiWlVcMNDwpqS09Mp2vkY66/5oe6wPiO4xVx0hLRUKgBH4sUIyQiGXLIYV3VvY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odg8MQrt; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= While the build mode (schroot or unshare) should be transparent for the user, we need to test both cases. For that, we add a parameter to the testsuite to select which mode to test. Later on, more fine-grained control over which tests run in which mode can be introduced. For now it is important to get an overview at which things break and where code or tests need to be adjusted. Signed-off-by: Felix Moessbauer --- testsuite/cibuilder.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py index f9cca0c7..cdff86ec 100755 --- a/testsuite/cibuilder.py +++ b/testsuite/cibuilder.py @@ -128,6 +128,7 @@ class CIBuilder(Test): customizations=None, generate_sbom=False, lines=None, + rootless=False, **kwargs, ): # write configuration file and set bitbake_args @@ -140,6 +141,9 @@ class CIBuilder(Test): if not sstate: sstate = bool(int(self.params.get('sstate', default=0))) + if not rootless: + rootless = bool(int(self.params.get('rootless', default=0))) + # set those to "" to not set dir value but use system default if dl_dir is None: dl_dir = os.getenv('DL_DIR') @@ -178,6 +182,7 @@ class CIBuilder(Test): f" installer_image = {installer_image}\n" f" customizations = {customizations}\n" f" generate_sbom = {generate_sbom}\n" + f" rootless = {rootless}\n" f" lines = {strlines}\n" f"===================================================" ) @@ -279,6 +284,8 @@ class CIBuilder(Test): ) if generate_sbom is False: f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n') + if rootless: + f.write('ISAR_ROOTLESS = "1"\n') if lines is not None: f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines) From patchwork Thu Jun 25 15:36:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 5190 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 25 Jun 2026 17:38:28 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f186.google.com (mail-lj1-f186.google.com [209.85.208.186]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65PFcQmb005360 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2026 17:38:26 +0200 Received: by mail-lj1-f186.google.com with SMTP id 38308e7fff4ca-399899cdeddsf34961fa.1 for ; Thu, 25 Jun 2026 08:38:26 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1782401901; cv=pass; d=google.com; s=arc-20260327; b=HVPxSIIjg3coa3cm94HsMj3+ByRc0HfRa7tDNYTc6DPoq7GWmtrYr5ZEZURFvEvlRh 4n3ORRXUTMtKrGJi4p1HEtod+ofcQ9QwzqMRs6K7oszigp6MnjSSF3vhqWAstUuHNDYZ p3EZiMqJnF/X+2q2vpQbVIX7EXyJNZ368P11/KzIDxH/Ut69dU0r2CSaLru+UOYlqaYJ xmiJP4VWS6O04U+TT8Bl0xOGu7tEEyMnXWZoq2Iem6M4nbR90WuFp4r5crI+Psy5wiaM ypdo/PQSrZ8+CGO8iIN4LM9iIJILN2gCiz4/+e+YShNt7MGzkTB1/vIi1ajN5XTh58tF f7Cw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Z4nKZy2Zl4tfxzJWllWbGPR6dWJYcVHESAIVe8WmS3g=; fh=LeyTu6qUCeeX3TDj2qFWFT4dqK7/y3GPyqyqUheloZs=; b=BwcMxgRntXhxgSejyZ5t15YfQ6MWKDS0T/2pT5+hrGGEsygdWgqOup6B/MFhRa0Spu psMvaO/luyM8QzSnEIm/Cpl34YyhkvLutDk29w7kKzIe6dKNRsZUdvxv5Kes/vJvsDuI yki5yxwYAxGhmfC1XIX7gKjsq5JlvmP/e+TfEvAPEAIQL9iccFIc3UWO4fVzDRva7Rfb Zq2VDfp6nCEjGVvrSPolKfnaH3k9TSjGpl66ZIT7clhOQB3PTREol4PtrhIGPctD0e2U 4vISx9LHmR9oCjBaOmvBmjxY9HXFY+L6p/0Uv5bWZ2BTqSZMffdEDyYg9J3Q+1G5SsPB 5+MA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=cQw0+LXY; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782401901; x=1783006701; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Z4nKZy2Zl4tfxzJWllWbGPR6dWJYcVHESAIVe8WmS3g=; b=EXNpDyA89lCJkyNYuu5zKnnYF3OvkRDWcjhi1jTc9lyn2M/IevYd/24sjteP8L9wUW o8xApV/O9tqBSCvRj4hPr5Papvap22Yhqabg0hvx8ybcfJ3y3ygmkkAlfLZECpS1EE0s /MfLkrMLRnZcKKg7qBoIkncLvndnIRsaiNBuRXHom5ytp1qGkTQFY9kq5SyUcO3Wwmog tjdBfsJQyvoagPsCoNSxWqev2qhR1WKoTk3GcJRJo9c+pigPLKHC0uILQojcMG9RzQ8r nVcS27R/SROYD8cae6w8+DGUZj7kXDNmgzR6rD+VHVtyMXUe4D6mXfhCVEMQBHG9sV1L QmBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782401901; x=1783006701; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Z4nKZy2Zl4tfxzJWllWbGPR6dWJYcVHESAIVe8WmS3g=; b=ddET6/KzE71xOkP1ouEhvnLvFsjJxzUdedfDr4Rf8fleBVNNso5EsQ2d7UyNbyG4gk rsSrNdI6GMe6KSJxJWO3b15LBFmiA2ZzxTv6lYyQoFNomnUcmpk7JI3eVIJrmtPQCvsk nB6hXSHS1qPelHeB/0467hgaBVS3Mgepi7F0H4M/kHg+pOq2WupXKWXAOWjHiIIZiGqY wOOA13Y6pcI6cPPGkwLQa0Y6KiswahnaiWscfuruHejpvoMfdLLajJgxN8vWP9KpBr9o k8QGZA9a2PTlCkZwJr6mi3v/fKWYy7Q7mUx+cF3rcbP9QpVVKWp0FOn+FOhbNjOkm/Xw /xDQ== X-Forwarded-Encrypted: i=3; AHgh+RqpXqhgOE7RcfPOygee6aRLDQTTgtgxOp4yXVfsQC++zdXHkG8ME68bl4kBrTshjh1OWMvagPs=@isar-build.org X-Gm-Message-State: AOJu0YzW+wYXyE161DG4DER1vbFqb62BhU1FdbTjl+HO4RYKib3WKlPx 34onK3k+CkhcSi2qhwzCEnDZEwHb70Fjw5d1MSTYq71rS55ep7vElSno X-Received: by 2002:a2e:ab06:0:b0:396:7079:5e3b with SMTP id 38308e7fff4ca-39acb552771mr8672991fa.1.1782401901054; Thu, 25 Jun 2026 08:38:21 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUeeP5Knu/PIJmDUBcxMvEeaH34VgR4jRKBqxLO7mh5zow==" Received: by 2002:a2e:9045:0:b0:39a:d59e:92d5 with SMTP id 38308e7fff4ca-39ad59e973als953131fa.2.-pod-prod-08-eu; Thu, 25 Jun 2026 08:38:18 -0700 (PDT) X-Received: by 2002:ac2:5695:0:b0:5ae:a2fd:30f6 with SMTP id 2adb3069b0e04-5aea2fd32a0mr1059304e87.14.1782401898407; Thu, 25 Jun 2026 08:38:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782401898; cv=pass; d=google.com; s=arc-20260327; b=LT+226+5GFzC8WeZHLSWzlLr4+i+HhrhZupw2U/o9FizzvEre69z78U8FKnh+7Qiqf 1W1KKNxN3c5HDMX2PzSj7KGOWsE3WmSpJW/5k14n9emBhO97QJUeMCg1fSEOsY07ORd1 34ruW9j59byk4R1g8m3drnVygaJAAv5cMsqDNfL+yPlFStn+mBukOSZ+FdVfofmyxrAQ 7+Jdkspfppy6VwEAbnwsU9MOoUbRmGEHjHfQWJxhc0JhjfM9cmLgUxAE576mPQ0S2jWX zhTNfWO9TJ448X/GldnfFphKPSXRlpV8u4LOxdEAHfDb70EZtymNat/yFv5mlOhem2H5 QTzw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=WSYgD2ztr1zevj8wd2+D62L1cNU54a0LdwI9Msog62f5htJyBFOoujl7u1TgwmGCyt 1Nte4KNlLUJXjRQIGmwJhZab/9bKbcLWPsSZn0CwLS/vMmqC9ViVzIyN0LIEkp0VLJDE zgm30w1ovL59F3QUMkx117/v/LJGw4+CYLYQPoUr7LUW1j/fo9m6pvFF+V2i3W2JZbSC mKW71KVLHW5nKWKUfp9atu+iGnssCXtGOaAQrFF3xk6n4pOMPUqm7NnazuXl9uDdns9F psqG7mjY6VNXJOt3Pfza0SAJ/Nd5gAyAbZKQM8HTYEiEh/OLQZPMkJNODB81Yx5U38kz lzgw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=cQw0+LXY; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c201::1]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-3999b26ae00si4302061fa.5.2026.06.25.08.38.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 08:38:18 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) client-ip=2a01:111:f403:c201::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZJEbLEKIhW6RR6VuFktP7VKG8wt3dFLvPhBGMy21QtfbdN1hOUbzXPpYPzl+cqf/jhZJORn+QMWZcFBTVZ9dq3fR+fC3lpMxRcq45sD1g/PLf/0f73PlLspprt/rQs2NAwFJzmafihLIkg+dRWkHhMFu0ngfjPAOIJ39JO3pOE8jnr/ZTEfGH0kw98vEtSKeboCoGt0+ULEDThQbbUq0wlntX80ZhB/sFDGqAnmKudnerMGj2WB7q8EK2K3JbZ8JtsMxwCW6W0qRR9YLt31AsKOuc7yshLZX9C85eOOwSNEvjmeOAPqc6m6RIQ3X0Vxgta/6n4RXYv0mV/K3X6GueA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IdiTKWPpMqcmv7VxHWHDV8ZZ29zjGsGl5d5fLe5AKoU=; b=FGqfE/T38+7a9mevJc7pcO66x9226lXrCqyqfYkbnALcWHmCqA1xOPrbUeRY9Wt92YGxNJnD1Eaoc8OkmzB5HpofJLEhY+S6CF6jsWSE1BQyiqASmf69ebKMwtQGwnBJUvmbzGKRh4MPjdis79L3ETTKcGdr3cdc1R0h488kjf58/fPIJ8s9jnFfvjScu2Obh6qpZxTEmqz8mRDY4sSolzaMlDGF21FPRheQ7xE7qrj5pf0PwfMsTtj0dlAzWiS4xpyUfh1vjF5ED0TFMhlb6NAmm3bC1VcjV0D5Nu5fhno4QBhCZIDcAHojni4bA6Tetr8cJuSRv17JdUszNpoGCA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AM7PR10MB3891.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.15; Thu, 25 Jun 2026 15:38:17 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0139.018; Thu, 25 Jun 2026 15:38:16 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v7 17/17] run-tests: add support for isar-rootless mode Date: Thu, 25 Jun 2026 17:36:51 +0200 Message-ID: <20260625153651.762936-18-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625153651.762936-1-felix.moessbauer@siemens.com> References: <20260625153651.762936-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR4P281CA0137.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:b8::17) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AM7PR10MB3891:EE_ X-MS-Office365-Filtering-Correlation-Id: 6074b0ca-dc5c-46ac-598e-08ded2cfc6b7 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|23010399003|1800799024|10070799003|376014|56012099006|11063799006|22082099003|18002099003|55112099003; X-Microsoft-Antispam-Message-Info: ePII7Zw4Ar/xDfZf8UytMtSRWfIOAduqyxwCUWSNFEFAMYsgI42+dk3znb8B+Pv6sWp2Oq5iHpJUvniWHLaxbfw4cKl7DdkmkdLcO8H+ukHRmhwcMP1+tmLwEo67u0LtqeCTIL/S9EtExGXDrPYAuaNQnoBOmPtV0ss11SaF04xKoni3FtBcu52iK/YuWC4wckEqRfggiLJoeIGrzDGzprNUeDTlhTzVCfZ6VUEHQexCqfp8oZIvT2RNJoUGlkESmDhtCEDcxEe2q/rdj5olajLQqjBCkYdUlg0TJ5QfCDfKmZjAgnsxMj1jZGwEryywpBRcUmvXYgJ+XGVnX3L/Ra8IJ+FgETpPDM6iaWRkkUHMerzSmjBIu/yiR4Pcry6bmcIbiN1WhbmO+6JEDHNs1TjwuCdDr1KvhMwMZmSqXGtoDVvAfajTZfxVS0/Wq+wsKBxITaEXTj04wAVMIU28JJWHAu/1EmEIZVe5d8fXZ4aBt2p86wKq0m9hrzYgLb2W4frpBf8rv0y1IdJdd/2SPusqRwI3c8Gu/Ekeef/GlUphiUeu7+lqHpso/BNMxT6yswNE81T4xqQiwIPr5pqVnJrgtbK5Jaki4lBNjlvI+QTz4vXzT1gTZwcEehEBTAiHJ+YP3AT5np2wbXsRBAERvPU86A1TU3Buhepo/8RFbO4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(23010399003)(1800799024)(10070799003)(376014)(56012099006)(11063799006)(22082099003)(18002099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: dRjAeEExnc9Y/kA13DTfsHe0iyQwSSV1Ew2UHEMO522k+1P4/gzT6JXcRXeqBpFJh8dW8IseoQa67Gcu+h/M9hwldyaZ2JwWENGEEvsMKFqWmT7PVaUJQcddQ8e9UiNQPY4/W2FSdxfuAWVTLroNidabWSuxesIkC0iW5xYyYqFnglOuPHgKzJ8Y7lQ0hrfGZhGx2sbDhMPy0oTaV01f+qRBuKeqoGqx/CRZBfAJdbI6HwGSl8IVj6uYGgF5A+PnBY8793CXFRM6+PFZmxr6SSAZflxXaGYrhqf+BuFIkzx2UONnxVF7n9UNkaufEDoxH2EL2IfG5CawmUvrOcBS9ZxpBilHFvDnPsfC3E8SB+JNuLN1pj/U5NIgKFfQAk2q64KCdvvlFvoNQGD1PvVRY5rg7rui9snm8YcY1wGPPio3mlEdlo3y2T/N+jtDi9U6lNP09J/9sGKm2u0HckYismJv54W872IONwCUyFR+wfYJCDdxS7wcM8BM9dqfPvrs0r7aDnNWmSR47XS4KfjhdSytnOd6gVIQeOPReLmQFKFySIbfZqyhHUnbrMzYpM5lI+LkaiiBtlnUlHWUHyt6I4hKJtJibdHzaRFaguUcrFXBYyhmxxfdiUL02eARYmwpYGA3vsprwCeATF6rTqum4RcS+WTCCHF950530dmKDWrjLZkHDoZImhcfR05fdb3ro/B5+hz+eMg9Fz1pMB1XEEVER9DbvLGAhkJ6oTBFGkV4pf/uGWowFlOBIz+9Hq2QE1YuTQBe54JPZ0iTyHmKhlmNEaUAkeOqOSoU81fENk5XttymPNNyvJka0LxLaoMwq/0qQ/Q6uHDbisrRCeqfUvGVDFmHDMZ0O1A++ETnK9K+G3KltN/SuuOdZYRWFL8NI3n/e3n34EoNIOT24SPgV2sObnXDQaMB8HbjEtQxL/zol+WJDD3FYDk5WTOfF6+UvNWynNtRHpmtCLElFAZIaHcc0fq6EUMbtC6lM4lb765boR9JjVmzscFriYLlKTmERBOSahpFB43MeuEs2GudrICLzP0o/8J8PY5l878I81OEK8D6ZUNRIa2rGcO53ai5JSbv7BrZQ13RYms064u/UAhMbiSSovk7zpU+T63x9RjuYJFge4NzOZ4W+T0FEO5sbSWOmfV+jD42CAYuLBrbs9bQJgetwgajoNZw011XjD48ZD9ohLQ5iUF9rtkeAlRZ7N5ZhGbuP/sAClElbtk8QkiJUzj7XfGpJlBI/MjevHcfoXJtOJZalRtgf7nVxEqz66mA/TNlve7gM7PlA+dhrqjPMFjImCAB/n79Kg/aZwfsF9GDZjA4DNSyh6cq9gLFOw0SXcswv3KFo401PB7cKilr11IpO5iUBKYc4ltVmlGCYRJ10NOxD6pt7w19C/qiXFjWLFCyjIdkrX5ou3nUaOGtc3W8xtkk2rlK1pDQ54xk4S5+0n18uSSpu8VrS4rYvX4F4BpgnPV3Ejfp9Rm/Mz7VkD8JWCOoB9t6jY0JyJyh7mgo5gsee039meKcKPi9A+/PWG4aJZnqGatIvB+PhMs0/psiBH8SbyBjXwExlwS6U5hZnncdkVPO4QOXoYAJ4YGAZW850SVpVU34t7pq56QHd/EjPrLVryTOcBD56czdA99UprvO31IKk+AGZVvSzgesZVJk5LK8dLs6AO6VXnJpAUFdS4bMzCCawk+wPHqpAv2b1uwtYL0b77Xe3VIvpZYyanqpAvIWHb0sQL9OF4x643C0AH5ddigxqmDJY2Au732FLxlQIOB4z+h7ALXqprw8IE2H X-MS-Exchange-AntiSpam-MessageData-1: x6DHOFrP79cq6XFt4qL1BA8KGj3sf8q2sh4= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6074b0ca-dc5c-46ac-598e-08ded2cfc6b7 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 15:38:16.8726 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wE9noGS1ak9iTQvSGIF2jXzYyv6FQ5iRwBeiO77AYTUy9yWeN2XTsJi2SGjqSD+LT2ZL/mVTJTZ8z5NCYo8miOlGKyL7UxCvkYB1wivSfXs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3891 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=cQw0+LXY; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= If the testsuite is started in rootless mode (-p rootless=1), then start the container in rootless mode as well. By that, we can seamlessly switch between rootfull and rootless mode when testing. Note, that this requires a recent enough kas-container version (>5.3). Signed-off-by: Felix Moessbauer --- scripts/run-tests.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/run-tests.sh b/scripts/run-tests.sh index bce10d70..ed373af7 100755 --- a/scripts/run-tests.sh +++ b/scripts/run-tests.sh @@ -15,4 +15,9 @@ TEST_CONTAINER_VERSION=$(cat ${ISAR_DIR}/testsuite/dockerdata/version) export KAS_CONTAINER_IMAGE_DISTRO="container:$TEST_CONTAINER_VERSION" export KAS_CONTAINER_IMAGE=${CONTAINER_BASENAME:-ghcr.io/ilbers/isar}/test -${ISAR_DIR}/kas/kas-container --isar --repo-ro shell -c "$*" +ISAR_FLAG="--isar" +case "$*" in + *"-p rootless=1"*) ISAR_FLAG="--isar-rootless" ;; +esac + +${ISAR_DIR}/kas/kas-container ${ISAR_FLAG} --repo-ro shell -c "$*"