From: Henning Schild <henning.schild@siemens.com>
To: Claudius Heine <claudius.heine.ext@siemens.com>
Cc: <isar-users@googlegroups.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
Alexander Smirnov <asmirnov@ilbers.de>,
Baurzhan Ismagulov <ibr@radix50.net>
Subject: Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images
Date: Fri, 20 Apr 2018 14:05:06 +0200 [thread overview]
Message-ID: <20180420140506.746bcc83@mmd1pvb1c.ad001.siemens.net> (raw)
In-Reply-To: <a1575421-d6f0-e061-603c-6b3db593751c@siemens.com>
Am Thu, 19 Apr 2018 17:35:23 +0200
schrieb Claudius Heine <claudius.heine.ext@siemens.com>:
> Hi,
>
> On 2018-04-17 17:37, Henning Schild wrote:
> > debootstrap will leak the build hosts /etc/hostname
> > and /etc/resolv.conf into all rootfss it builds. That is done so
> > the newly created rootfs will have internet access once you chroot
> > into it.
> >
> > For the buildchroot we need internet and the leakage does not hurt,
> > for the final image we probably do not want any of these files
> > anymore.
> >
> > So split up the apt-get into a download and install phase and delete
> > the two files after fetching the packages, but only for the image
> > and not the buildchroot.
> >
> > Signed-off-by: Henning Schild <henning.schild@siemens.com>
> > ---
> > meta-isar/recipes-core/images/isar-image-base.bb | 3 ++-
> > meta/classes/isar-bootstrap-helper.bbclass | 13
> > +++++++++---- meta/recipes-devtools/buildchroot/buildchroot.bb | 3
> > ++- 3 files changed, 13 insertions(+), 6 deletions(-)
> >
> > diff --git a/meta-isar/recipes-core/images/isar-image-base.bb
> > b/meta-isar/recipes-core/images/isar-image-base.bb index
> > c4799d3..989386c 100644 ---
> > a/meta-isar/recipes-core/images/isar-image-base.bb +++
> > b/meta-isar/recipes-core/images/isar-image-base.bb @@ -36,7 +36,8
> > @@ do_rootfs() { mkdir -p $CDIRS
> > fi
> >
> > - setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL}
> > ${IMAGE_INSTALL}
> > + setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> > + ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> >
> > # Configure root filesystem
> > sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}"
> > "${IMAGE_ROOTFS}" diff --git
> > a/meta/classes/isar-bootstrap-helper.bbclass
> > b/meta/classes/isar-bootstrap-helper.bbclass index a06116d..e062921
> > 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++
> > b/meta/classes/isar-bootstrap-helper.bbclass @@ -7,8 +7,13 @@
> >
> > setup_root_file_system() {
> > ROOTFSDIR="$1"
> > + CLEANHOSTLEAK="$2"
> > + shift
> > shift
> > PACKAGES="$@"
> > + APT_ARGS="install --yes --allow-unauthenticated \
> > + -o Debug::pkgProblemResolver=yes"
> > + CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname
> > ${ROOTFSDIR}/etc/resolv.conf"
> > sudo cp -Trpfx \
> > "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/"
> > \ @@ -32,8 +37,8 @@ setup_root_file_system() {
> > -o Dir::Etc::sourceparts="-" \
> > -o APT::Get::List-Cleanup="0"
> > sudo -E chroot "$ROOTFSDIR" \
> > - /usr/bin/apt-get install -y \
> > - --allow-unauthenticated \
> > - -o Debug::pkgProblemResolver=yes \
> > - $PACKAGES
> > + /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> > + [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f
> > ${CLEANHOSTLEAK_FILES}
> > + sudo -E chroot "$ROOTFSDIR" \
> > + /usr/bin/apt-get ${APT_ARGS} $PACKAGES
> > }
> > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb
> > b/meta/recipes-devtools/buildchroot/buildchroot.bb index
> > b16e63a..0beb188 100644 ---
> > a/meta/recipes-devtools/buildchroot/buildchroot.bb +++
> > b/meta/recipes-devtools/buildchroot/buildchroot.bb @@ -44,7 +44,8
> > @@ do_build() { mkdir -p $CDIRS
> > fi
> >
> > - setup_root_file_system "${BUILDCHROOT_DIR}"
> > ${BUILDCHROOT_PREINSTALL}
> > + setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> > + ${BUILDCHROOT_PREINSTALL}
> >
> > # Install package builder script
> > sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
> >
>
> Good patch. I cherry picked it into my tree, because its also very
> useful to split the download an installation of the packages.
I started pushing my changes to github, since the backlog is getting
bigger every day and what was posted here might be forgotten.
https://github.com/henning-schild-work/isar/
branches
henning/wic
henning/staging
Henning
> Reviewed-by: Claudius Heine <ch@denx.de>
>
next prev parent reply other threads:[~2018-04-20 12:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 12:46 [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst Henning Schild
2018-04-17 13:03 ` Jan Kiszka
2018-04-17 13:20 ` Henning Schild
2018-04-17 13:23 ` Jan Kiszka
2018-04-17 15:09 ` Henning Schild
2018-04-17 15:37 ` [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images Henning Schild
2018-04-19 15:35 ` Claudius Heine
2018-04-20 12:05 ` Henning Schild [this message]
2018-04-25 11:21 ` Jan Kiszka
2018-04-25 11:52 ` Alexander Smirnov
2018-04-25 13:33 ` Alexander Smirnov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180420140506.746bcc83@mmd1pvb1c.ad001.siemens.net \
--to=henning.schild@siemens.com \
--cc=asmirnov@ilbers.de \
--cc=claudius.heine.ext@siemens.com \
--cc=ibr@radix50.net \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox