From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6545397795972448256
X-Received: by 10.80.213.73 with SMTP id f9mr3243681edj.3.1524225909511;
        Fri, 20 Apr 2018 05:05:09 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.80.159.200 with SMTP id c66ls5164658edf.8.gmail; Fri, 20 Apr
 2018 05:05:09 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49u4bBku+rY5KqCMEMVEGW+MbABuwpNR6euz7cqRQflBi9Y8BtvrM1AiYPp91CbxO+3akVh
X-Received: by 10.80.135.236 with SMTP id 41mr2485516edz.5.1524225909032;
        Fri, 20 Apr 2018 05:05:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524225908; cv=none;
        d=google.com; s=arc-20160816;
        b=A2RDELXiYSeHxsID7hQyomCfJkIflzsNTZd476DaICwLxUc5amxYRbHy3bRdCdstqm
         e+TUMoiS1QUo8030bm8AsXGx5wF/1mpFenT90ZU0Ofo57drflvo6f3ZKJisytXC1n5lN
         Vlg+e9GX8oO+m7hKW95UiJpF6Sr6PhGnB7m1HNeaUaS0PqXiZkhzvpoAJnllIGUTGahE
         6MABds40RvKy25qnzJ7Y5XP1s1BWHjR2S7pXe7t45GuV7xz6mwYMC0h1OJJyL/e4w3z9
         OBiriT24dXpjVh21mOSyrgLRP5FA/fwJCiHjKCx56C3VRuRRdjXpBwwBTG4bu9zYIZBy
         8qlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:arc-authentication-results;
        bh=9ZjQSB/dE1YIyQtVjXglhLgOsK5LwQWbZZee+lPLctA=;
        b=fU7BtHCM0SnrlyZs8j+fhRGymeLpQgFzcyvIu3L4YJcTXio8RnB0Kw8pJVi2dTkTkk
         F5/gb8dduD3m7mZmkfTIU+Z9wA1LdBGbBa11b+pBF6llDZjuVwqpVrs3mWXmtw9NL1wB
         /WPJkkgVLs1ZpBU4ikpTA9J+HQhJitMpr4mWkDSo/8Ctus2lJ1JXxUSIfVbUMUyaWGyJ
         P5DP2BEXrQ95EXYWnX2xSW1qHuWDAbWVQbhJkVuUm1be9L+FyrvZIcVOq/fci5GFdexV
         kbjDjkUkqzr8J53TxF7tNNdbVacp43XG1Hedrm86naHAB4xzxU4DVTzqDs4u/5TZrwaB
         iC+A==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com
Return-Path: <henning.schild@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id v10si246142edf.4.2018.04.20.05.05.08
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 20 Apr 2018 05:05:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id w3KC58jS000957
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 20 Apr 2018 14:05:08 +0200
Received: from mmd1pvb1c.ad001.siemens.net (md1pvb1c.ad001.siemens.net [139.25.68.40] (may be forged))
	by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id w3KC58bl015736;
	Fri, 20 Apr 2018 14:05:08 +0200
Date: Fri, 20 Apr 2018 14:05:06 +0200
From: Henning Schild <henning.schild@siemens.com>
To: Claudius Heine <claudius.heine.ext@siemens.com>
Cc: <isar-users@googlegroups.com>, Jan Kiszka <jan.kiszka@siemens.com>,
        Alexander Smirnov <asmirnov@ilbers.de>,
        Baurzhan Ismagulov
 <ibr@radix50.net>
Subject: Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf
 from images
Message-ID: <20180420140506.746bcc83@mmd1pvb1c.ad001.siemens.net>
In-Reply-To: <a1575421-d6f0-e061-603c-6b3db593751c@siemens.com>
References: <20180417124618.30964-1-henning.schild@siemens.com>
	<20180417153759.17355-1-henning.schild@siemens.com>
	<a1575421-d6f0-e061-603c-6b3db593751c@siemens.com>
X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-TUID: pP3hn2rNwc7D

Am Thu, 19 Apr 2018 17:35:23 +0200
schrieb Claudius Heine <claudius.heine.ext@siemens.com>:

> Hi,
> 
> On 2018-04-17 17:37, Henning Schild wrote:
> > debootstrap will leak the build hosts /etc/hostname
> > and /etc/resolv.conf into all rootfss it builds. That is done so
> > the newly created rootfs will have internet access once you chroot
> > into it.
> > 
> > For the buildchroot we need internet and the leakage does not hurt,
> > for the final image we probably do not want any of these files
> > anymore.
> > 
> > So split up the apt-get into a download and install phase and delete
> > the two files after fetching the packages, but only for the image
> > and not the buildchroot.
> > 
> > Signed-off-by: Henning Schild <henning.schild@siemens.com>
> > ---
> >   meta-isar/recipes-core/images/isar-image-base.bb |  3 ++-
> >   meta/classes/isar-bootstrap-helper.bbclass       | 13
> > +++++++++---- meta/recipes-devtools/buildchroot/buildchroot.bb |  3
> > ++- 3 files changed, 13 insertions(+), 6 deletions(-)
> > 
> > diff --git a/meta-isar/recipes-core/images/isar-image-base.bb
> > b/meta-isar/recipes-core/images/isar-image-base.bb index
> > c4799d3..989386c 100644 ---
> > a/meta-isar/recipes-core/images/isar-image-base.bb +++
> > b/meta-isar/recipes-core/images/isar-image-base.bb @@ -36,7 +36,8
> > @@ do_rootfs() { mkdir -p $CDIRS
> >       fi
> >   
> > -    setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL}
> > ${IMAGE_INSTALL}
> > +    setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> > +        ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> >   
> >       # Configure root filesystem
> >       sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}"
> > "${IMAGE_ROOTFS}" diff --git
> > a/meta/classes/isar-bootstrap-helper.bbclass
> > b/meta/classes/isar-bootstrap-helper.bbclass index a06116d..e062921
> > 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++
> > b/meta/classes/isar-bootstrap-helper.bbclass @@ -7,8 +7,13 @@
> >   
> >   setup_root_file_system() {
> >       ROOTFSDIR="$1"
> > +    CLEANHOSTLEAK="$2"
> > +    shift
> >       shift
> >       PACKAGES="$@"
> > +    APT_ARGS="install --yes --allow-unauthenticated \
> > +              -o Debug::pkgProblemResolver=yes"
> > +    CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname
> > ${ROOTFSDIR}/etc/resolv.conf" 
> >       sudo cp -Trpfx \
> >           "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/"
> > \ @@ -32,8 +37,8 @@ setup_root_file_system() {
> >           -o Dir::Etc::sourceparts="-" \
> >           -o APT::Get::List-Cleanup="0"
> >       sudo -E chroot "$ROOTFSDIR" \
> > -        /usr/bin/apt-get install -y \
> > -            --allow-unauthenticated \
> > -            -o Debug::pkgProblemResolver=yes \
> > -        $PACKAGES
> > +        /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> > +    [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f
> > ${CLEANHOSTLEAK_FILES}
> > +    sudo -E chroot "$ROOTFSDIR" \
> > +        /usr/bin/apt-get ${APT_ARGS} $PACKAGES
> >   }
> > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb
> > b/meta/recipes-devtools/buildchroot/buildchroot.bb index
> > b16e63a..0beb188 100644 ---
> > a/meta/recipes-devtools/buildchroot/buildchroot.bb +++
> > b/meta/recipes-devtools/buildchroot/buildchroot.bb @@ -44,7 +44,8
> > @@ do_build() { mkdir -p $CDIRS
> >       fi
> >   
> > -    setup_root_file_system "${BUILDCHROOT_DIR}"
> > ${BUILDCHROOT_PREINSTALL}
> > +    setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> > +        ${BUILDCHROOT_PREINSTALL}
> >   
> >       # Install package builder script
> >       sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
> >   
> 
> Good patch. I cherry picked it into my tree, because its also very 
> useful to split the download an installation of the packages.

I started pushing my changes to github, since the backlog is getting
bigger every day and what was posted here might be forgotten.

https://github.com/henning-schild-work/isar/

branches
 henning/wic
 henning/staging

Henning

> Reviewed-by: Claudius Heine <ch@denx.de>
>