From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6721684426774806528 X-Received: by 2002:a2e:654a:: with SMTP id z71mr17558395ljb.37.1569241594965; Mon, 23 Sep 2019 05:26:34 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:9c55:: with SMTP id t21ls1892589ljj.1.gmail; Mon, 23 Sep 2019 05:26:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqxa3nNwR+vrRmynPN+ar88kBhXPVcmicCe1IFBgpgfa/I+I95TvPX78bloVRXrwivercAVc X-Received: by 2002:a2e:9a88:: with SMTP id p8mr16941963lji.86.1569241594482; Mon, 23 Sep 2019 05:26:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569241594; cv=none; d=google.com; s=arc-20160816; b=c2BZuCF6DyN5PENzQJUNLPlbGiMzxSIjHyTUH6OUjwRyu9T+NAKPSADuigfqSdedM0 Jq3zqCGaLWNdBRywz/2O/NB2m9ChT75/oL2uAuQF/fg9i5WrJSEyd9x0LWShdg+A+bcm i3q1YijNXCMCDDx8OOEpUTlIhmboZJe3eU4nO+rX3lrrZ+c3JWol6z9x0Z6PSKKqSrJ+ B4GAGToAwZP+ciZ9XwPw0p1zA9zGgmx9WQtPCQzXiWQh62pHqc8EF8HtW90M3ZiE7Z4n /mBLRLmp8nr4LArb76PJqHAgaw3GJ6CeCHbqWCzDH2XDuJaj58G4m1kb9WDOtUMD4LF7 mqDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=ZNFGK5l4txlwLVAjnNtcFy5ty1DtD26HeltqTFuxlAU=; b=jjKWYY4MPSpTTgNYJRw16XIaPbjxw00S/OB60IZz0jWMehv1OxUuP3q5nc1nUW01rA frH0faV1d1DJ09MqgEhrA5NXeStud/6c+P0LKQFh5Deicq92x6Tp3zYaZO2hQ/jY81t4 NklC6Yyus284wY7z5eu+IPUg48w2lVoKXodXlwaB42mGYcxBfj5iFNI3FFk8C8XSzhO3 WY5NV7v9aq7VMhTLDHkE5aLFxEeb48hbwJNqkaxxCp0wR2A9lic/SLy5XLIfgyL1Yonm m3V3N1c80eWrkNo83wIDkX6esOkIASYH8CDuTrOrBLw9Xx7EA6K+gb3v7hrD3+XTK1OF pO7g== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=Quirin.Gylstorff@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id k2si162754ljj.1.2019.09.23.05.26.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Sep 2019 05:26:34 -0700 (PDT) Received-SPF: pass (google.com: domain of quirin.gylstorff@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=Quirin.Gylstorff@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id x8NCQXn9002599 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 23 Sep 2019 14:26:33 +0200 Received: from md2dvrtc.ad001.siemens.net ([139.25.69.120]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x8NCQX4k018870; Mon, 23 Sep 2019 14:26:33 +0200 From: "Q. Gylstorff" To: isar-users@googlegroups.com Cc: Quirin Gylstorff , Jan Kiszka Subject: [PATCH v6] meta/classes: generate bill of material from image Date: Mon, 23 Sep 2019 14:25:43 +0200 Message-Id: <20190923122543.11670-1-Quirin.Gylstorff@siemens.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: 4M6sMaWbmAAb From: Quirin Gylstorff To create products it is necessary to have a list of used packages for clearance and to security monitoring. To get a simple list of packages use dpkg-query and generate a list with the following pattern: source name| source version | binary package name | binary version All rootfs generate the list by default. Currently the f following lists are generated: - buildchroot-${DISTRO}-${ARCH}.manifest - ${IMAGE}-${DISTRO}-${ARCH}.manifest - optional: sdkchroot-${DISTRO}-${ARCH}.manifest Remove the feature with: ROOTFS_FEATURES_remove = "generate-manifest" Signed-off-by: Quirin Gylstorff --- Changes: v6: Add ROOTFS_MANIFEST_DEPLOY_DIR variable to avoid [1]. [1]: https://groups.google.com/d/msgid/isar-users/c93a7dbdbc9448afc0d0b65ec754ac698ed658c6.1566800787.git.jan.kiszka%40siemens.com v5: Add logic to rootfs.bbclass instead on recipe v4: Add sdk rootfs to manifest Avoid duplicated code and move gen_accounts_array and gen_manifest_array to shell-list-processing-helper call dpkg-query from $PATH v3: Add list of manifest for buildchroot manifest This list can be exdent to add additional output generators v2: use FEATURE instead of own variable meta/classes/image.bbclass | 3 ++- meta/classes/rootfs.bbclass | 11 +++++++++++ meta/recipes-devtools/buildchroot/buildchroot.inc | 2 +- meta/recipes-devtools/sdkchroot/sdkchroot.bb | 1 + 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 0965f26..4713555 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -61,8 +61,9 @@ image_do_mounts() { } ROOTFSDIR = "${IMAGE_ROOTFS}" -ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs" +ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs generate-manifest" ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${IMAGE_INSTALL}" +ROOTFS_MANIFEST_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}" inherit rootfs inherit image-sdk-extension diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 314efd7..405080f 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -5,11 +5,13 @@ ROOTFS_ARCH ?= "${DISTRO_ARCH}" ROOTFS_DISTRO ?= "${DISTRO}" ROOTFS_PACKAGES ?= "" + # Features of the rootfs creation: # available features are: # 'deploy-package-cache' - copy the package cache ${WORKDIR}/apt_cache # 'clean-package-cache' - delete package cache from rootfs # 'finalize-rootfs' - delete files needed to chroot into the rootfs +# 'generate-manifest' - generate a package manifest of the rootfs into ${ROOTFS_MANIFEST_DEPLOY_DIR} ROOTFS_FEATURES ?= "" ROOTFS_APT_ARGS="install --yes -o Debug::pkgProblemResolver=yes" @@ -222,6 +224,15 @@ rootfs_postprocess_finalize() { EOSUDO } +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" +rootfs_generate_manifest () { + mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + dpkg-query \ + -f '${source:Package}|${source:Version}|${binary:Package}|${Version}\n' -W > \ + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".manifest +} + do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}" python do_rootfs_postprocess() { # Take care that its correctly mounted: diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc index fc29690..230294b 100644 --- a/meta/recipes-devtools/buildchroot/buildchroot.inc +++ b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -19,6 +19,7 @@ BUILDCHROOT_DIR = "${WORKDIR}/rootfs" ROOTFSDIR = "${BUILDCHROOT_DIR}" ROOTFS_PACKAGES = "${BUILDCHROOT_PREINSTALL}" ROOTFS_CLEAN_FILES = "" +ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}" BUILDCHROOT_PREINSTALL_COMMON = " \ make \ @@ -61,7 +62,6 @@ buildchroot_install_files() { } DEPLOY_BUILDCHROOT = "${@d.getVar('BUILDCHROOT_' + d.getVar('BUILDCHROOT_VARIANT').upper() + '_DIR')}" - do_buildchroot_deploy[dirs] = "${DEPLOY_DIR_BUILDCHROOT}-${BUILDCHROOT_VARIANT}" do_buildchroot_deploy() { ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_BUILDCHROOT}" diff --git a/meta/recipes-devtools/sdkchroot/sdkchroot.bb b/meta/recipes-devtools/sdkchroot/sdkchroot.bb index e658122..d2a393b 100644 --- a/meta/recipes-devtools/sdkchroot/sdkchroot.bb +++ b/meta/recipes-devtools/sdkchroot/sdkchroot.bb @@ -23,6 +23,7 @@ ROOTFS_DISTRO = "${HOST_DISTRO}" ROOTFSDIR = "${S}" ROOTFS_PACKAGES = "${SDKCHROOT_PREINSTALL} ${TOOLCHAIN}" ROOTFS_FEATURES += "clean-package-cache" +ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}" python() { if d.getVar("HOST_ARCH") not in ['i386', 'amd64']: -- 2.20.1