From: "Q. Gylstorff" <Quirin.Gylstorff@siemens.com>
To: isar-users@googlegroups.com
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>,
Jan Kiszka <jan.kiszka@siemens.com>
Subject: [PATCH v6] meta/classes: generate bill of material from image
Date: Mon, 23 Sep 2019 14:25:43 +0200 [thread overview]
Message-ID: <20190923122543.11670-1-Quirin.Gylstorff@siemens.com> (raw)
In-Reply-To: <c47f6e11-7f7f-22db-3dc2-1291f57a8a03@siemens.com>
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
To create products it is necessary to have a list
of used packages for clearance and to security monitoring.
To get a simple list of packages use dpkg-query and generate
a list with the following pattern:
source name| source version | binary package name | binary version
All rootfs generate the list by default. Currently the f
following lists are generated:
- buildchroot-${DISTRO}-${ARCH}.manifest
- ${IMAGE}-${DISTRO}-${ARCH}.manifest
- optional: sdkchroot-${DISTRO}-${ARCH}.manifest
Remove the feature with:
ROOTFS_FEATURES_remove = "generate-manifest"
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
Changes:
v6:
Add ROOTFS_MANIFEST_DEPLOY_DIR variable to avoid [1].
[1]: https://groups.google.com/d/msgid/isar-users/c93a7dbdbc9448afc0d0b65ec754ac698ed658c6.1566800787.git.jan.kiszka%40siemens.com
v5:
Add logic to rootfs.bbclass instead on recipe
v4:
Add sdk rootfs to manifest
Avoid duplicated code and move gen_accounts_array and gen_manifest_array to
shell-list-processing-helper
call dpkg-query from $PATH
v3:
Add list of manifest for buildchroot manifest
This list can be exdent to add additional output generators
v2:
use FEATURE instead of own variable
meta/classes/image.bbclass | 3 ++-
meta/classes/rootfs.bbclass | 11 +++++++++++
meta/recipes-devtools/buildchroot/buildchroot.inc | 2 +-
meta/recipes-devtools/sdkchroot/sdkchroot.bb | 1 +
4 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 0965f26..4713555 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -61,8 +61,9 @@ image_do_mounts() {
}
ROOTFSDIR = "${IMAGE_ROOTFS}"
-ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs"
+ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs generate-manifest"
ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${IMAGE_INSTALL}"
+ROOTFS_MANIFEST_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}"
inherit rootfs
inherit image-sdk-extension
diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass
index 314efd7..405080f 100644
--- a/meta/classes/rootfs.bbclass
+++ b/meta/classes/rootfs.bbclass
@@ -5,11 +5,13 @@ ROOTFS_ARCH ?= "${DISTRO_ARCH}"
ROOTFS_DISTRO ?= "${DISTRO}"
ROOTFS_PACKAGES ?= ""
+
# Features of the rootfs creation:
# available features are:
# 'deploy-package-cache' - copy the package cache ${WORKDIR}/apt_cache
# 'clean-package-cache' - delete package cache from rootfs
# 'finalize-rootfs' - delete files needed to chroot into the rootfs
+# 'generate-manifest' - generate a package manifest of the rootfs into ${ROOTFS_MANIFEST_DEPLOY_DIR}
ROOTFS_FEATURES ?= ""
ROOTFS_APT_ARGS="install --yes -o Debug::pkgProblemResolver=yes"
@@ -222,6 +224,15 @@ rootfs_postprocess_finalize() {
EOSUDO
}
+ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}"
+rootfs_generate_manifest () {
+ mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR}
+ sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \
+ dpkg-query \
+ -f '${source:Package}|${source:Version}|${binary:Package}|${Version}\n' -W > \
+ ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".manifest
+}
+
do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}"
python do_rootfs_postprocess() {
# Take care that its correctly mounted:
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc
index fc29690..230294b 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.inc
+++ b/meta/recipes-devtools/buildchroot/buildchroot.inc
@@ -19,6 +19,7 @@ BUILDCHROOT_DIR = "${WORKDIR}/rootfs"
ROOTFSDIR = "${BUILDCHROOT_DIR}"
ROOTFS_PACKAGES = "${BUILDCHROOT_PREINSTALL}"
ROOTFS_CLEAN_FILES = ""
+ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}"
BUILDCHROOT_PREINSTALL_COMMON = " \
make \
@@ -61,7 +62,6 @@ buildchroot_install_files() {
}
DEPLOY_BUILDCHROOT = "${@d.getVar('BUILDCHROOT_' + d.getVar('BUILDCHROOT_VARIANT').upper() + '_DIR')}"
-
do_buildchroot_deploy[dirs] = "${DEPLOY_DIR_BUILDCHROOT}-${BUILDCHROOT_VARIANT}"
do_buildchroot_deploy() {
ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_BUILDCHROOT}"
diff --git a/meta/recipes-devtools/sdkchroot/sdkchroot.bb b/meta/recipes-devtools/sdkchroot/sdkchroot.bb
index e658122..d2a393b 100644
--- a/meta/recipes-devtools/sdkchroot/sdkchroot.bb
+++ b/meta/recipes-devtools/sdkchroot/sdkchroot.bb
@@ -23,6 +23,7 @@ ROOTFS_DISTRO = "${HOST_DISTRO}"
ROOTFSDIR = "${S}"
ROOTFS_PACKAGES = "${SDKCHROOT_PREINSTALL} ${TOOLCHAIN}"
ROOTFS_FEATURES += "clean-package-cache"
+ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}"
python() {
if d.getVar("HOST_ARCH") not in ['i386', 'amd64']:
--
2.20.1
next prev parent reply other threads:[~2019-09-23 12:26 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-05 14:07 [PATCH] " Q. Gylstorff
2019-08-05 14:37 ` vijai kumar
2019-08-05 14:43 ` Henning Schild
2019-08-05 14:48 ` Jan Kiszka
2019-08-05 15:08 ` Henning Schild
2019-08-05 15:10 ` Jan Kiszka
2019-08-05 15:00 ` Baurzhan Ismagulov
2019-08-06 8:07 ` Claudius Heine
2019-08-06 8:36 ` Baurzhan Ismagulov
2019-08-06 8:47 ` Claudius Heine
2019-08-06 9:03 ` Baurzhan Ismagulov
2019-08-06 10:38 ` Claudius Heine
2019-08-06 8:38 ` Jan Kiszka
2019-08-06 8:48 ` Claudius Heine
2019-08-06 10:51 ` Quirin Gylstorff
2019-08-06 13:55 ` [PATCH v2] " Q. Gylstorff
2019-08-07 7:52 ` Quirin Gylstorff
2019-08-07 7:56 ` Gernot Hillier
2019-08-07 8:01 ` Claudius Heine
2019-08-07 8:08 ` Gernot Hillier
2019-08-07 8:21 ` Claudius Heine
2019-08-07 8:29 ` Gernot Hillier
2019-08-07 10:00 ` Gernot Hillier
2019-08-07 10:59 ` Baurzhan Ismagulov
2019-08-07 11:27 ` Claudius Heine
2019-08-07 12:27 ` Quirin Gylstorff
2019-08-09 10:30 ` [PATCH v3] " Q. Gylstorff
2019-08-12 8:04 ` Claudius Heine
2019-08-12 9:09 ` Quirin Gylstorff
2019-08-12 9:57 ` Claudius Heine
2019-08-13 8:18 ` [PATCH v4] " Q. Gylstorff
2019-08-13 8:53 ` Claudius Heine
2019-08-13 13:40 ` [PATCH v5] " Q. Gylstorff
2019-09-21 13:02 ` Jan Kiszka
2019-09-23 12:25 ` Q. Gylstorff [this message]
2019-09-23 13:51 ` [PATCH v7] " Q. Gylstorff
2019-10-16 12:26 ` Baurzhan Ismagulov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190923122543.11670-1-Quirin.Gylstorff@siemens.com \
--to=quirin.gylstorff@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox