From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6545397795972448256 X-Received: by 10.80.202.69 with SMTP id e5mr977270edi.10.1523979482509; Tue, 17 Apr 2018 08:38:02 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.80.166.152 with SMTP id e24ls1094589edc.0.gmail; Tue, 17 Apr 2018 08:38:02 -0700 (PDT) X-Google-Smtp-Source: AIpwx488YU5wuQyDb9cZludF4IggO4Pv4/obRZ3D2ebX2SgRJEWwyw79XZOKdKFfOCmpJHKkVeVf X-Received: by 10.80.230.15 with SMTP id y15mr984066edm.0.1523979482008; Tue, 17 Apr 2018 08:38:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523979481; cv=none; d=google.com; s=arc-20160816; b=xxpxs37zVZXE7oKKqC9DUpNNRZp4fO37ZGisAFDGY7/whyNlnXTarBmkQ8l65zA2tB uFwKStuhqKiqXZGbfTSbH38NsTXDZe8JqF3OZB77XwdxX3YKn9tGBIAyifsiEm83KuCi btd5kUIz61JjKtHsus9kbLD8vVMlgxopJed2jN0BBmAZ0Qk58ir31PmcgmyEZ0TgXKOg XcZ1DPT7JcgXsPtycRNRcjtIObJhoCWqf33Yr7qBCITyQdIzbgidkVm0K1EtQBx2wiLP Fp6EYZwtUsbTk101y+V7xczSeKLtAqyJLQLJ4m4Nsw3eKB1WMqupUtXxrygR6wFu6Zpy 0Wkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=nzTE4JcC4uGrYQYw++iTbFU5o4Mka08+VFM1Qb68Szs=; b=gL1sH0xS9Y6iwPR7Py8bWFO6Q4CH4u0pDHkSTBsTqbUd/E4wUg2JX/3c+Eulybln6k pi6ub5mwfHfl3ltMJ9mcBHyD3JGcRYuOIXFP07R69b91VqItHIORWl74BRs7qcuD24dT Z1RT4EPNviV83D2CSzpuL0aC9JJKtC5eTBdBnm37WewY+1IE3+HCvALMwrjxgzFNGHJA t2Zhrj80VSFCUY+zkM+KFQyzrviHknFUiz4HOxIpIfXkTpeM7YmFDfvHmxDuwIeakZ0O 9qGnqHaUFlmdHGYNuRLYySUeDC7WC+4IXd0kUt217S/bsCsR7XGyOsYW/Gh+Zd8x5mqU GwBw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id e12si450460edi.4.2018.04.17.08.38.01 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Apr 2018 08:38:01 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id w3HFc1OW008819 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 17 Apr 2018 17:38:01 +0200 Received: from md1pvb1c.ad001.siemens.net (md1pvb1c.ad001.siemens.net [139.25.68.40] (may be forged)) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id w3HFc1QJ021615; Tue, 17 Apr 2018 17:38:01 +0200 From: Henning Schild To: isar-users@googlegroups.com Cc: claudius.heine.ext@siemens.com, Jan Kiszka , Henning Schild Subject: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images Date: Tue, 17 Apr 2018 17:37:59 +0200 Message-Id: <20180417153759.17355-1-henning.schild@siemens.com> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180417124618.30964-1-henning.schild@siemens.com> References: <20180417124618.30964-1-henning.schild@siemens.com> X-TUID: 6GVApn1ikyJE debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf into all rootfss it builds. That is done so the newly created rootfs will have internet access once you chroot into it. For the buildchroot we need internet and the leakage does not hurt, for the final image we probably do not want any of these files anymore. So split up the apt-get into a download and install phase and delete the two files after fetching the packages, but only for the image and not the buildchroot. Signed-off-by: Henning Schild --- meta-isar/recipes-core/images/isar-image-base.bb | 3 ++- meta/classes/isar-bootstrap-helper.bbclass | 13 +++++++++---- meta/recipes-devtools/buildchroot/buildchroot.bb | 3 ++- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb index c4799d3..989386c 100644 --- a/meta-isar/recipes-core/images/isar-image-base.bb +++ b/meta-isar/recipes-core/images/isar-image-base.bb @@ -36,7 +36,8 @@ do_rootfs() { mkdir -p $CDIRS fi - setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL} + setup_root_file_system "${IMAGE_ROOTFS}" "clean" \ + ${IMAGE_PREINSTALL} ${IMAGE_INSTALL} # Configure root filesystem sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass index a06116d..e062921 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ b/meta/classes/isar-bootstrap-helper.bbclass @@ -7,8 +7,13 @@ setup_root_file_system() { ROOTFSDIR="$1" + CLEANHOSTLEAK="$2" + shift shift PACKAGES="$@" + APT_ARGS="install --yes --allow-unauthenticated \ + -o Debug::pkgProblemResolver=yes" + CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf" sudo cp -Trpfx \ "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \ @@ -32,8 +37,8 @@ setup_root_file_system() { -o Dir::Etc::sourceparts="-" \ -o APT::Get::List-Cleanup="0" sudo -E chroot "$ROOTFSDIR" \ - /usr/bin/apt-get install -y \ - --allow-unauthenticated \ - -o Debug::pkgProblemResolver=yes \ - $PACKAGES + /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES + [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES} + sudo -E chroot "$ROOTFSDIR" \ + /usr/bin/apt-get ${APT_ARGS} $PACKAGES } diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb index b16e63a..0beb188 100644 --- a/meta/recipes-devtools/buildchroot/buildchroot.bb +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb @@ -44,7 +44,8 @@ do_build() { mkdir -p $CDIRS fi - setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL} + setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \ + ${BUILDCHROOT_PREINSTALL} # Install package builder script sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder" -- 2.16.1