From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6721684426774806528 X-Received: by 2002:a5d:438e:: with SMTP id i14mr40037533wrq.122.1565017728490; Mon, 05 Aug 2019 08:08:48 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:448b:: with SMTP id j11ls24725686wrq.3.gmail; Mon, 05 Aug 2019 08:08:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqyv0PQTeh3CmIiPaRtF359yaRwqjj3WAVgmOLzXxM+WTKpehiv5nTAYmE8frzsY3IzxifmW X-Received: by 2002:adf:cf0d:: with SMTP id o13mr16784050wrj.291.1565017728111; Mon, 05 Aug 2019 08:08:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565017728; cv=none; d=google.com; s=arc-20160816; b=tTmig/nuRoNMUVa2iGuUyZhkkMwsPDw4XaP5jGu1cSrz8OxeN+ioyd2SMFoLlEv4fr tLr9AfeeHXW72Mrr939e9MId3NXnEKbFvSVMZmNZxQVO0opUNo0aHWnzjXpDCt+/KIDJ KkffcRxvAUHbSuMbgjfEC4dRKkhGlcYq/IFhetJArjoiy2K70he9dGsO+qTc56B1Gfvs AiAe70z57hY92uYINW3Yq3Krma2WX7IFq3JcbNl3xGbpbLX7hkCKW+YVhJMZYuwyo5QM y6/ZTQ3DezZorYz4pr/tv1FGEJXnLqvXFdevHEDYfD7w5TUe0GwlLVK0yNUpNl0sADbF 9ClA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=zbq5beBYafY7GBlRgs8FcjzF9KNNB2zRzCplb4wf/Fw=; b=PiRH0ElbzXOwR7tJmNHCnVM1eILMYWk3GbSmyJas7Cqhg2v3dOBx8+nLedrGBIbfLU KMa+1+QYkP1PfA26cVY7CDGLtcswPnbCToQ7rer1pP7nwCRr/NALbF7DBh3gooyWofyg z4OclvFsT4XIolqfZ1V4dFso/1NNeEQYnEB/hJy/9Kh+zOkEXxU7F9pYlCRxAr2S7C2d qIr/FePwPQ6M8XzzEPi49xaIbaeeFdqe6qoKLD+xc2LB3OWmh7jlj+3pw0Fadi5MUfRp r9DA2bYr/SPkffwqkrcOe4D3xtSRaKSuex0PTA4s736vnHG2BZ7MamjeJXxBEq4P6rpy bmbQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id s13si5154692wra.1.2019.08.05.08.08.47 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Aug 2019 08:08:48 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id x75F8lUK027374 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 5 Aug 2019 17:08:47 +0200 Received: from md1za8fc.ad001.siemens.net ([139.25.69.135]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x75F8lo2006150; Mon, 5 Aug 2019 17:08:47 +0200 Date: Mon, 5 Aug 2019 17:08:46 +0200 From: Henning Schild To: Jan Kiszka Cc: "[ext] Q. Gylstorff" , Subject: Re: [PATCH] meta/classes: generate bill of material from image Message-ID: <20190805170846.20218e13@md1za8fc.ad001.siemens.net> In-Reply-To: References: <20190805140742.11479-1-Quirin.Gylstorff@siemens.com> <20190805164327.0f59d9a1@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: L7fzvrF2oZ2G Am Mon, 5 Aug 2019 16:48:36 +0200 schrieb Jan Kiszka : > On 05.08.19 16:43, [ext] Henning Schild wrote: > > Hi Quirin, > > > > do you have a real use-case for that? In fact we do have similar > > things internally already but did not propose it yet. Reason is you > > still need to find all the magic switches to collect the source and > > binary package versions, and you most likely want a machine > > readable format. > > The use cases are the same what we have that internal stuff for. > > > > > In fact we should just fix that broken offline cache thing and > > enable src-packages for it. That would generate a list that will > > hopefully be complete and in a well defined format. > > Good points: The format should be easily parseable. > > > > > Without the real use-case and the post-processing this is just > > another obscure Isar feature and i am against merging it. > > How would you do it otherwise? Tell the beginners to remember which > command to run with which switches on which subdirs? > > Quirin and I were also discussing the first extension: We need to > collect information about additional packages that are not part of > the rootfs but the image, primarily bootloaders. Providing a > framework - however that may look like > - for recipe authors to report them would be valuable and can be > achieved by any local solution that cleanly. What i meant to say was. Please contact all the people that are already doing that and collect the requirements. Because if we miss any of the known ones, the feature will be an obscure one. Henning > Jan > > > > > Henning > > > > Am Mon, 5 Aug 2019 16:07:42 +0200 > > schrieb "[ext] Q. Gylstorff" : > > > >> From: Quirin Gylstorff > >> > >> To create products it is necessary to have a list > >> of used packages for clearance and to security monitoring. > >> To get a simple list of packages use dpkg-query and generate > >> a list with the following pattern: > >> > >> source name| source version | binary package name | binary version > >> > >> To use it add following line to the local.conf: > >> ISAR_DO_PACKAGE_LIST ?= "1" > >> > >> Signed-off-by: Quirin Gylstorff > >> --- > >> meta-isar/conf/local.conf.sample | 4 ++++ > >> .../classes/image-package-list-extension.bbclass | 16 > >> ++++++++++++++++ meta/classes/image.bbclass | > >> 1 + 3 files changed, 21 insertions(+) > >> create mode 100644 > >> meta/classes/image-package-list-extension.bbclass > >> > >> diff --git a/meta-isar/conf/local.conf.sample > >> b/meta-isar/conf/local.conf.sample index 5b3a0a1..d188051 100644 > >> --- a/meta-isar/conf/local.conf.sample > >> +++ b/meta-isar/conf/local.conf.sample > >> @@ -170,6 +170,10 @@ IMAGE_INSTALL = "hello-isar example-raw > >> example-module-${KERNEL_NAME} enable-fsc # NOTE: this works on > >> build host >= stretch for armhf, arm64 and amd64 targets for now. > >> ISAR_CROSS_COMPILE ?= "0" > >> +# > >> +# Generate package list > >> +ISAR_DO_PACKAGE_LIST ?= "1" > >> + > >> # > >> # Uncomment this to enable use of cached base repository > >> #ISAR_USE_CACHED_BASE_REPO ?= "1" > >> diff --git a/meta/classes/image-package-list-extension.bbclass > >> b/meta/classes/image-package-list-extension.bbclass new file mode > >> 100644 index 0000000..558922e > >> --- /dev/null > >> +++ b/meta/classes/image-package-list-extension.bbclass > >> @@ -0,0 +1,16 @@ > >> +# This software is a part of ISAR. > >> +# Copyright (C) Siemens AG, 2019 > >> +# > >> +# SPDX-License-Identifier: MIT > >> + > >> +ISAR_DO_PACKAGE_LIST ??= "0" > >> +image_package_list[dirs] = "${DEPLOY_DIR_IMAGE}" > >> +image_package_list() { > >> + if > >> [ "${@repr(bb.utils.to_boolean(d.getVar('ISAR_DO_PACKAGE_LIST')))}" > >> = 'True' ]; then > >> + dpkg-query --admindir=${IMAGE_ROOTFS}/var/lib/dpkg/ \ > >> + -f > >> '${source:Package}|${source:Version}|${binary:Package}|${Version}\n' > >> -W > \ > >> + ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.packages.lst > >> + fi > >> +} > >> +ROOTFS_POSTPROCESS_COMMAND =+ "image_package_list" > >> + > >> diff --git a/meta/classes/image.bbclass > >> b/meta/classes/image.bbclass index ec6bd39..85bab64 100644 > >> --- a/meta/classes/image.bbclass > >> +++ b/meta/classes/image.bbclass > >> @@ -68,6 +68,7 @@ inherit image-tools-extension > >> inherit image-postproc-extension > >> inherit image-locales-extension > >> inherit image-account-extension > >> +inherit image-package-list-extension > >> > >> # Extra space for rootfs in MB > >> ROOTFS_EXTRA ?= "64" > >