From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6721684426774806528 X-Received: by 2002:a1c:f003:: with SMTP id a3mr6205130wmb.41.1569246765273; Mon, 23 Sep 2019 06:52:45 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:9d8c:: with SMTP id p12ls4600787wre.1.gmail; Mon, 23 Sep 2019 06:52:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqz2JshNinunNvGk+p0+1h5FBoeSTBrRwZ2pVUpktUe2KbNRRUqZxc4WyUK1UwPJ1FJnpTvg X-Received: by 2002:a5d:52c2:: with SMTP id r2mr9471428wrv.367.1569246764795; Mon, 23 Sep 2019 06:52:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569246764; cv=none; d=google.com; s=arc-20160816; b=wPbfT8L3V3sVu8cgI1lgSvqxR8VU8SmbfS6PkYw9X028xDwmH8pVtK6KjKcCalv6Ij 6c9kEwWKtWVtUxdQ/9lHwIAtPs0HtopHrKjWkiJtZVjYLzZN+JOYdTtzhXgXLmUVaJLz bYcpGcexTj81i8tyUWQBGztP4UQTcT3rV026Jt1I2FarSFKAhYpD4Sx2wTBgEuGPrzom 3mtYvE+vlMyVgDjoL3jVW5xearMI3JUZ5VGZgEGaKcPvUlzxjUDjC6GGwln/1yyCXazu hhltAkaDjuj/d+sJFVX1xpCYqhAplAxrjz9FyuVkTm7B5jQZwouHkTZ+kexpFXYWbYk6 Ok8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=iHbYJDaiJhlfBi7WdDpCo9pQnHv0qIB6cARmWyZqIRE=; b=kHAIlEoCC7k6a1/eGqMF9mYYXzk94j5xBK9ZvX6RmSboBWM7CeyiEod5HbumfFi3/l V5FxfsPkwlo7oWfrNfy6GujM/3dP6RgPHRhdB2ZZiyvk9xBm0lzMfYMrMsOmib6KE/02 w0K/pIihosBuVG8zpPCPboBSraVi65K+otQGJuSBiF9BklRiOfVyX83zeYcLMU1Cb0ZY HPfLKQrJ8K5+xuaotueS2NYURDxFo9iBTZJ2ny6M/v/7kNF/SNenwik8C15wTrpz0FUa h8mLJMhb563YZ2PVz6N8Q5zX38Y0pIKfxB6JnvyMT/F36bgdGerwz7M9aLj+aUAAHA4L 0c7g== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=Quirin.Gylstorff@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id s65si517188wme.2.2019.09.23.06.52.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Sep 2019 06:52:44 -0700 (PDT) Received-SPF: pass (google.com: domain of quirin.gylstorff@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=Quirin.Gylstorff@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id x8NDqidJ019773 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 23 Sep 2019 15:52:44 +0200 Received: from md2dvrtc.ad001.siemens.net ([139.25.69.120]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x8NDqiUX015415; Mon, 23 Sep 2019 15:52:44 +0200 From: "Q. Gylstorff" To: isar-users@googlegroups.com Cc: Quirin Gylstorff , Jan Kiszka Subject: [PATCH v7] meta/classes: generate bill of material from image Date: Mon, 23 Sep 2019 15:51:54 +0200 Message-Id: <20190923135154.9238-1-Quirin.Gylstorff@siemens.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190923122543.11670-1-Quirin.Gylstorff@siemens.com> References: <20190923122543.11670-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: NJm/9CeZkrzv From: Quirin Gylstorff To create products it is necessary to have a list of used packages for clearance and to security monitoring. To get a simple list of packages use dpkg-query and generate a list with the following pattern: source name| source version | binary package name | binary version All rootfs generate the list by default. Currently the f following lists are generated: - buildchroot-${DISTRO}-${ARCH}.manifest - ${IMAGE}-${DISTRO}-${ARCH}.manifest - optional: sdkchroot-${DISTRO}-${ARCH}.manifest Remove the feature with: ROOTFS_FEATURES_remove = "generate-manifest" Signed-off-by: Quirin Gylstorff --- Changes: v7: Whitespaces v6: Add ROOTFS_MANIFEST_DEPLOY_DIR variable to avoid [1]. [1]: https://groups.google.com/d/msgid/isar-users/c93a7dbdbc9448afc0d0b65ec754ac698ed658c6.1566800787.git.jan.kiszka%40siemens.com v5: Add logic to rootfs.bbclass instead on recipe v4: Add sdk rootfs to manifest Avoid duplicated code and move gen_accounts_array and gen_manifest_array to shell-list-processing-helper call dpkg-query from $PATH v3: Add list of manifest for buildchroot manifest This list can be exdent to add additional output generators v2: use FEATURE instead of own variable meta/classes/image.bbclass | 3 ++- meta/classes/rootfs.bbclass | 10 ++++++++++ meta/recipes-devtools/buildchroot/buildchroot.inc | 2 ++ meta/recipes-devtools/sdkchroot/sdkchroot.bb | 3 ++- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 0965f26..4713555 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -61,8 +61,9 @@ image_do_mounts() { } ROOTFSDIR = "${IMAGE_ROOTFS}" -ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs" +ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs generate-manifest" ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${IMAGE_INSTALL}" +ROOTFS_MANIFEST_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}" inherit rootfs inherit image-sdk-extension diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 314efd7..4dd22b4 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -10,6 +10,7 @@ ROOTFS_PACKAGES ?= "" # 'deploy-package-cache' - copy the package cache ${WORKDIR}/apt_cache # 'clean-package-cache' - delete package cache from rootfs # 'finalize-rootfs' - delete files needed to chroot into the rootfs +# 'generate-manifest' - generate a package manifest of the rootfs into ${ROOTFS_MANIFEST_DEPLOY_DIR} ROOTFS_FEATURES ?= "" ROOTFS_APT_ARGS="install --yes -o Debug::pkgProblemResolver=yes" @@ -222,6 +223,15 @@ rootfs_postprocess_finalize() { EOSUDO } +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" +rootfs_generate_manifest () { + mkdir -p ${ROOTFS_MANIFEST_DEPLOY_DIR} + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + dpkg-query -W -f \ + '${source:Package}|${source:Version}|${binary:Package}|${Version}\n' > \ + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".manifest +} + do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}" python do_rootfs_postprocess() { # Take care that its correctly mounted: diff --git a/meta/recipes-devtools/buildchroot/buildchroot.inc b/meta/recipes-devtools/buildchroot/buildchroot.inc index fc29690..2a48609 100644 --- a/meta/recipes-devtools/buildchroot/buildchroot.inc +++ b/meta/recipes-devtools/buildchroot/buildchroot.inc @@ -19,6 +19,8 @@ BUILDCHROOT_DIR = "${WORKDIR}/rootfs" ROOTFSDIR = "${BUILDCHROOT_DIR}" ROOTFS_PACKAGES = "${BUILDCHROOT_PREINSTALL}" ROOTFS_CLEAN_FILES = "" +ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_BUILDCHROOT}" +ROOTFS_FEATURES += "generate-manifest" BUILDCHROOT_PREINSTALL_COMMON = " \ make \ diff --git a/meta/recipes-devtools/sdkchroot/sdkchroot.bb b/meta/recipes-devtools/sdkchroot/sdkchroot.bb index e658122..467e682 100644 --- a/meta/recipes-devtools/sdkchroot/sdkchroot.bb +++ b/meta/recipes-devtools/sdkchroot/sdkchroot.bb @@ -22,7 +22,8 @@ ROOTFS_ARCH = "${HOST_ARCH}" ROOTFS_DISTRO = "${HOST_DISTRO}" ROOTFSDIR = "${S}" ROOTFS_PACKAGES = "${SDKCHROOT_PREINSTALL} ${TOOLCHAIN}" -ROOTFS_FEATURES += "clean-package-cache" +ROOTFS_FEATURES += "clean-package-cache generate-manifest" +ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_SDKCHROOT}" python() { if d.getVar("HOST_ARCH") not in ['i386', 'amd64']: -- 2.20.1