From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 16 Jun 2025 17:58:22 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f189.google.com (mail-qt1-f189.google.com [209.85.160.189]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55GFwKdM025967 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 16 Jun 2025 17:58:21 +0200 Received: by mail-qt1-f189.google.com with SMTP id d75a77b69052e-4a46163297esf125239451cf.1 for ; Mon, 16 Jun 2025 08:58:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750089495; cv=pass; d=google.com; s=arc-20240605; b=XS8vlHb6/5RNSOrV3s/mQeFXXYw92BBWIqBFIYjh6pzxe6KW0x3vjMniTTlriSdYk9 9L/WAtWbQn33fNwjcsCdY0ehr3GIolDJAfoFLABtwW600IuEiBnnflySVQ8dTn5PbvNf JBGETOx0zq5J7J8iRMfUp+yD71srQugF47oIpoaDuqiu065TQy+u9fj1PkeuUB1fcEM1 aWmisHEUwix37Nevljwh4oy3LroEjhD1VzNBqgRCOLEPWRhDHac8pOWtI72p8Kb2gvP+ Fmojw8T6KQ+USEXTyLVwMQrLkw0AIPaYbTMqHOQw51A4CTVfAXph1JXUepOx+j1MtkV6 hpyg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=8rKlczcXkYE9t6pYcAhP5oadcJeoIOzOC1Or+NQVPsY=; fh=DMuSr+D4OSZoJPIT1e7vxbm3ixRFTgeVnaJEjNzliqo=; b=NGtRD2mhuRIU37XD1yOur7P38ijGcG5tfxiH2RUJGm9SsTzb+Sb4Dk1dTtm9yD5tiA irlEdmjJemwJNgP8ETV/KViw6MXXOjxSl1+iz2apvfOwdHOMg7+QSMFaPNGq0LR3AbPJ msvSpcGz2jARmnnzMDf3clOh5kTUrZyULiL5UR/KQ0DOBBNsosTLyOcw24pI5pNxg3cT +7ytitus88/1Bh5gDj970ZTjH16PWlIQFma5hBJUmjQMvbRpz8HmDbDo4DyqMqjjlQHn VsMdwy7EWNurN6Z9oidg3IuRbI7mk0UvJwlQUis+t+VAT/ywPSlHRlT5sZAbYjQJiijo jeJA==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=AFstziCe; spf=pass (google.com: domain of fm-1212295-20250616155808475ff5ac9ae629b20b-bqzulr@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250616155808475ff5ac9ae629b20b-bQzuLR@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750089495; x=1750694295; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=8rKlczcXkYE9t6pYcAhP5oadcJeoIOzOC1Or+NQVPsY=; b=va+CQvM+eknNPMt6jo0fnVAhdjYBQoh+uFVmPD3nSyKaR10jn+GGQT6/AQVOWqbPIO Eh1jKQNow/JwiSbwUMgWOQVBH8y9lvHRIH/J2IC4CRjvgom+mDazxD/tikuZAAbUuxt5 QkbTJh3XJG49GK0O1NxO5VJCEU26pnbNdHuykcUxA4TT8xjXkAs75qbBw/4zbmBrGxkC ftaPe0Ypz+wqvOhU42WDeWr7To71sYKyPVOOJVQWvcWWyT5vHBDWZQh5oqWjGZ/btrR/ Ol/pGkan9daiYuO2b9L/J+W1VR2UQ7BI6bj5p6pP9zGIjsCewOeUbq/Jcczydy7TVWMM 9R2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750089495; x=1750694295; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8rKlczcXkYE9t6pYcAhP5oadcJeoIOzOC1Or+NQVPsY=; b=bMaTlYv2z1m+6K2kr4IBTMc61aq1FQhUQqNvNgHT3mzK37h62hNZt+hi6qvbnIOxTQ lqqFlBhWvvqZdhH1zR5CodLOEJaJGVJHukErQh1+LgzbXIeD7skdbL3KK21t1UIVmlEY iI7f+Oq0f4JuYuWJTlUEsm0Xe19xcqG7pbcK5K03GwW/HI/GCGqIkF43Z9LgW9KRAfhQ GOuVTDxSCOyV/5dU1rRco6D3Y997aopRfwS/hjOCNbf3xduoGD9JyFeZBq1jbF6/tyXI T79rHhN2pZmffN2EMWu2+R288nM3F63YAULXRoTwnpVTw2tazc0eraLKZi9nAv5idTxX 6CRA== X-Forwarded-Encrypted: i=2; AJvYcCUwcB7g8XYIZPLMNE/49i9dyn8oD6o57lvMSn5kgB+QwuYCB8mdFJ55fb0yLiDUfBL8txOQ@ilbers.de X-Gm-Message-State: AOJu0Yzgfy9P7UVpNsbNmw+tK/6AZggEbMj2PF1wTKAFKGJ/sgGc2rsX /2bIreJ1QmtwEXsJ9VbiDny9su7a9BpxyY4ncXMAyugIi0+6I+9BcTuN X-Google-Smtp-Source: AGHT+IH2aT9jszfXNrRfugR2458YrhkTTzdMPawFpvKENCk9SUPNDyH0aVJUeDynjTYvZWuc8noxtw== X-Received: by 2002:a05:6214:2682:b0:6fa:c634:dc01 with SMTP id 6a1803df08f44-6fb47786d90mr157894486d6.16.1750089495119; Mon, 16 Jun 2025 08:58:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZcCyMfEsExCNx3p63VnjbmK8qZ22S5WCj+N2jP9BswyGw== Received: by 2002:a05:6214:2266:b0:6fb:4bc7:dc0d with SMTP id 6a1803df08f44-6fb4bc7de25ls44143276d6.1.-pod-prod-06-us; Mon, 16 Jun 2025 08:58:14 -0700 (PDT) X-Received: by 2002:a05:6102:2c81:b0:4e7:b940:4aa1 with SMTP id ada2fe7eead31-4e7f625fb8cmr6685866137.12.1750089494056; Mon, 16 Jun 2025 08:58:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750089494; cv=none; d=google.com; s=arc-20240605; b=YRmbhw5L9x0H0ls3SIWl/n+eImx4Ht47AFqIAKcD9vDtkhA+iTBA+ElU2LdIK07Ycm V5AYA5jYCJeS8R3noJBpx42FkCkeuBnQ3S8d5oJgZTDjrK+EdBF05cDbZJb6yLxzXDbt PJ6FAAigLkkv/+UbMh+AhD0qNkht6pnyAT8oQqnDHFvn2d8HO+zCjvcL2ifP1vMJRcG2 kmObtuJYDvrVv2ryUt3Mpu4DC6isTjime7tyNYLmUiqMbF7uIC7yfWHhsbiRLfiltCUv CVGuicty6yocGJfjNVB4iuNqJ6efj+8qtrgbYBVT7nOy9av2AkRsMy35fttKKrp/SwOh wEYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=xRRR/P+I4HL8uULGFlhfAidbuJ0rmMf6kjIKBWS8Pcc=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=At3R0a8eLBcUh4EzJnw1ZSmEmqZQxso1sPt9LYehoKYxkJFxYkDCA26l9bJlpWYjgn Q5quL9/1Uu5RimIybdFBaefZFhji6olCOkb3Md7MGMTd/WVtMmvfNtQ/0BrkAvj5haFc FrZJnrKP/zL5qcgGasnMD5uCWieKfIKa9jvel/+v8l9jx/uBXGiHqzatbnFNHGm3u8hf 6h6UU4twUq3rNKTdoVJcd772ZVh3QKAgj99dWd4FShgrThkniJmBMHZFDnjovDZneQbh oQNyck7MOIIY1t+9rxn3Fz2IAaW9U9iYtBRKlWE7zIaQlCw20u1hMIK1gxnlzcVnPECc Byzg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=AFstziCe; spf=pass (google.com: domain of fm-1212295-20250616155808475ff5ac9ae629b20b-bqzulr@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250616155808475ff5ac9ae629b20b-bQzuLR@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net. [185.136.65.228]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-87f0f9f384fsi280778241.1.2025.06.16.08.58.13 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Jun 2025 08:58:13 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20250616155808475ff5ac9ae629b20b-bqzulr@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) client-ip=185.136.65.228; Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20250616155808475ff5ac9ae629b20b for ; Mon, 16 Jun 2025 17:58:08 +0200 From: "'Cedric Hombourger' via isar-users" To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH] kas: update to kas-container 4.8.1 Date: Mon, 16 Jun 2025 17:57:48 +0200 Message-Id: <20250616155748.561641-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=AFstziCe; spf=pass (google.com: domain of fm-1212295-20250616155808475ff5ac9ae629b20b-bqzulr@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-20250616155808475ff5ac9ae629b20b-bQzuLR@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 2r5QzNZr1pn2 Update our copy of kas-container from version 4.7 to 4.8.1 pulled from https://github.com/siemens/kas (see commit abcd58202370108d721b11a6164032971ed055ac). This is needed to get bubblewrap in the build container but Isar would also benefit from the following features: - diff plugin to compare config files and repos - verify signatures of git repos - better error reporting for yaml files - propagate user timezone to build containers Contributors of that release: Aidan Moss, Ding Meng, Eric Meyers, Felix Moessbauer, Frieder Schrempf, Jan Kiszka, Jose Quaresma, Michael Adler. Signed-off-by: Cedric Hombourger --- kas/kas-container | 293 +++++++++++++++++++++++++++++----------------- 1 file changed, 187 insertions(+), 106 deletions(-) diff --git a/kas/kas-container b/kas/kas-container index d6118b97..0e99898b 100755 --- a/kas/kas-container +++ b/kas/kas-container @@ -2,7 +2,7 @@ # # kas - setup tool for bitbake based projects # -# Copyright (c) Siemens AG, 2018-2024 +# Copyright (c) Siemens AG, 2018-2025 # # Authors: # Jan Kiszka @@ -27,7 +27,8 @@ set -e -KAS_IMAGE_VERSION_DEFAULT="4.7" +KAS_CONTAINER_SCRIPT_VERSION="4.8.1" +KAS_IMAGE_VERSION_DEFAULT="${KAS_CONTAINER_SCRIPT_VERSION}" KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas" KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas" KAS_CONTAINER_SELF_NAME="$(basename "$0")" @@ -40,8 +41,9 @@ usage() printf "%b" "Usage: ${SELF} [OPTIONS] { build | shell } [KASOPTIONS] [KASFILE]\n" printf "%b" " ${SELF} [OPTIONS] { checkout | dump | lock } [KASOPTIONS] [KASFILE]\n" + printf "%b" " ${SELF} [OPTIONS] { diff } [KASOPTIONS] config1 config2\n" printf "%b" " ${SELF} [OPTIONS] for-all-repos [KASOPTIONS] [KASFILE] COMMAND\n" - printf "%b" " ${SELF} [OPTIONS] { clean | cleansstate | cleanall } [KASFILE]\n" + printf "%b" " ${SELF} [OPTIONS] { clean | cleansstate | cleanall | purge} [KASFILE]\n" printf "%b" " ${SELF} [OPTIONS] menu [KCONFIG]\n" printf "%b" "\nPositional arguments:\n" printf "%b" "build\t\t\tCheck out repositories and build target.\n" @@ -57,6 +59,8 @@ usage() "keep downloads.\n" printf "%b" "cleanall\t\tClean build artifacts, sstate cache and " \ "downloads.\n" + printf "%b" "purge\t\t\tRemove all data managed by kas. Run with '--dry-run'\n" + printf "%b" " \t\t\tto check what would be removed\n" printf "%b" "menu\t\t\tProvide configuration menu and trigger " \ "configured build.\n" printf "%b" "\nOptional arguments:\n" @@ -80,7 +84,7 @@ usage() "environment.\n" printf "%b" "--repo-ro\t\tMount current repository read-only\n" \ "\t\t\t(default for build command)\n" - printf "%b" "--repo-rw\t\tMount current repository writeable\n" \ + printf "%b" "--repo-rw\t\tMount current repository writable\n" \ "\t\t\t(default for shell command)\n" printf "%b" "-h, --help\t\tShow this help message and exit.\n" printf "%b" "\n" @@ -128,6 +132,12 @@ enable_isar_mode() KAS_CONTAINER_COMMAND="sudo --preserve-env ${KAS_CONTAINER_COMMAND}" # preserved user PATH may lack sbin needed by privileged podman export PATH="${PATH}:/usr/sbin" + elif [ "${KAS_DOCKER_ROOTLESS}" = "1" ]; then + export DOCKER_HOST="${DOCKER_HOST:-unix:///var/run/docker.sock}" + debug "kas-isar does not support rootless docker. Using system docker" + # force use of well-known system docker socket + KAS_CONTAINER_COMMAND="sudo --preserve-env ${KAS_CONTAINER_COMMAND}" + KAS_DOCKER_ROOTLESS=0 fi } @@ -155,28 +165,94 @@ enable_unpriv_userns_docker() fi } -run_clean() +# Params: NAME CREATE_MODE +check_and_expand() +{ + eval _varval=\"\$"$1"\" + [ -z "$_varval" ] && return + case "$2" in + required) + [ ! -d "$_varval" ] && fatal_error "Variable $1 set, but \"$_varval\" is not a directory." + ;; + create) + [ ! -d "$_varval" ] && trace mkdir "$_varval" + ;; + createrec) + trace mkdir -p "$_varval" + ;; + esac + realpath -e "$_varval" +} + +# Params: FILE +# Returns: root repo dir of file +repo_path_of_file() +{ + _DIR="$(dirname "$1")" + _REPO_DIR=$(git -C "${_DIR}" rev-parse --show-toplevel 2>/dev/null) \ + || _REPO_DIR=$(hg --cwd "${_DIR}" root 2>/dev/null) \ + || _REPO_DIR=${_DIR} + echo "$_REPO_DIR" +} + +# Params: ARG +process_file_arg() +{ + _KAS_FILES= + _KAS_FIRST_FILE= + _KAS_REPO_DIR= + # SC2086: Double quote to prevent globbing and word splitting. + # shellcheck disable=2086 + for FILE in $(IFS=':'; echo $ARG); do + if ! KAS_REAL_FILE="$(realpath -qe "$FILE")"; then + fatal_error "configuration file '${FILE}' not found" + fi + if [ -z "${_KAS_FILES}" ]; then + _KAS_FIRST_FILE="${KAS_REAL_FILE}" + _KAS_FILES="${KAS_REAL_FILE}" + _KAS_REPO_DIR=$(repo_path_of_file "${_KAS_FIRST_FILE}") + else + _KAS_FILES="${_KAS_FILES}:${KAS_REAL_FILE}" + fi + done + KAS_FILES="${KAS_FILES} ${_KAS_FILES}" + KAS_FIRST_FILES="${KAS_FIRST_FILES} ${_KAS_FIRST_FILE}" + KAS_REPO_DIRS="${KAS_REPO_DIRS} ${_KAS_REPO_DIR}" +} + +# Params: NAME CONTAINER_PATH MODE +# If the dir is not below KAS_WORK_DIR, the dir is mounted into the container. +forward_dir() { - if [ -n "${KAS_ISAR_ARGS}" ]; then - # SC2086: Double quote to prevent globbing and word splitting. - # shellcheck disable=2086 - trace ${KAS_CONTAINER_COMMAND} run -v "${KAS_BUILD_DIR}":/build:rw \ - --workdir=/build --rm ${KAS_ISAR_ARGS} \ - ${KAS_CONTAINER_IMAGE} \ - sudo rm -rf tmp + eval _varval=\"\$"$1"\" + [ -z "$_varval" ] && return + FW_DIR_REL=$(realpath -q --relative-base="${KAS_WORK_DIR}" "$_varval") + if [ "${FW_DIR_REL}" = "$_varval" ]; then + KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} -v ${FW_DIR_REL}:$2:$3 -e $1=$2" else - trace rm -rf "${KAS_BUILD_DIR}"/tmp* + KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} -e $1=/work/${FW_DIR_REL}" fi +} - if [ "$1" != "clean" ]; then - SSTATE_DIR=${SSTATE_DIR:-${KAS_BUILD_DIR}/sstate-cache} - trace rm -rf "${SSTATE_DIR}" +check_docker_rootless() +{ + KAS_DOCKER_ROOTLESS=0 + if [ "$(docker context show)" = "rootless" ]; then + KAS_DOCKER_ROOTLESS=1 + fi +} - if [ "$1" = "cleanall" ]; then - DL_DIR=${DL_DIR:-${KAS_BUILD_DIR}/downloads} - trace rm -rf "${DL_DIR}" - fi +enable_docker_rootless() +{ + warning "Rootless docker used, only limited functionality available." + if [ "${KAS_WORK_DIR}" = "${KAS_REPO_DIR}" ]; then + warning "On docker rootless a exclusive KAS_WORK_DIR should be used" \ + "as kas temporarily changes the ownership of this directory." + fi + if [ "${KAS_REPO_MOUNT_OPT}" = "rw" ]; then + fatal_error "Docker rootless requires read-only repo." fi + KAS_RUNTIME_ARGS="${KAS_RUNTIME_ARGS} -e KAS_DOCKER_ROOTLESS=1" } KAS_GIT_OVERLAY_FILE="" @@ -197,13 +273,18 @@ set_container_image_var() KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}" } -KAS_WORK_DIR=$(readlink -fv "${KAS_WORK_DIR:-$(pwd)}") -if ! [ -d "${KAS_WORK_DIR}" ]; then - fatal_error "KAS_WORK_DIR '${KAS_WORK_DIR}' is not a directory" -fi - -KAS_BUILD_DIR=$(readlink -fv "${KAS_BUILD_DIR:-${KAS_WORK_DIR}/build}") -trace mkdir -p "${KAS_BUILD_DIR}" +# SC2034: DIR appears unused (ignore, as they are used inside eval) +# shellcheck disable=2034 +setup_kas_dirs() +{ + KAS_WORK_DIR="${KAS_WORK_DIR:-$(pwd)}" + KAS_WORK_DIR="$(check_and_expand KAS_WORK_DIR required)" + KAS_BUILD_DIR="$(check_and_expand KAS_BUILD_DIR create)" + KAS_REPO_REF_DIR="$(check_and_expand KAS_REPO_REF_DIR required)" + DL_DIR="$(check_and_expand DL_DIR createrec)" + SSTATE_DIR="$(check_and_expand SSTATE_DIR createrec)" +} +setup_kas_dirs KAS_CONTAINER_ENGINE="${KAS_CONTAINER_ENGINE:-${KAS_DOCKER_ENGINE}}" if [ -z "${KAS_CONTAINER_ENGINE}" ]; then @@ -235,6 +316,7 @@ case "${KAS_CONTAINER_ENGINE}" in docker) KAS_CONTAINER_COMMAND="docker" enable_unpriv_userns_docker + check_docker_rootless ;; podman) KAS_CONTAINER_COMMAND="podman" @@ -287,7 +369,7 @@ while [ $# -gt 0 ]; do if [ -z "${SSH_AUTH_SOCK}" ]; then fatal_error "no SSH agent running" fi - KAS_SSH_AUTH_SOCK=$(readlink -fv "$SSH_AUTH_SOCK") + KAS_SSH_AUTH_SOCK=$(realpath -e "$SSH_AUTH_SOCK") shift 1 ;; --aws-dir) @@ -329,7 +411,8 @@ while [ $# -gt 0 ]; do --*) usage ;; - clean|cleansstate|cleanall) + clean|cleansstate|cleanall|purge) + KAS_REPO_MOUNT_OPT_DEFAULT="ro" KAS_CMD=$1 shift 1 break @@ -346,6 +429,12 @@ while [ $# -gt 0 ]; do shift 1 break ;; + diff) + KAS_REPO_MOUNT_OPT_DEFAULT="ro" + KAS_CMD=$1 + shift 1 + break + ;; dump) if printf '%s\0' "$@" | grep -xqz -- '--inplace\|-i'; then KAS_REPO_MOUNT_OPT_DEFAULT="rw" @@ -369,7 +458,7 @@ KAS_EXTRA_BITBAKE_ARGS=0 # parse kas sub-command options while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do case "$1" in - --skip|--target|--task) + --format|--indent|--provenance|--skip|--target|--task) KAS_OPTIONS="${KAS_OPTIONS} $1 $2" shift 1 shift 1 || KAS_OPTIONS="--help" @@ -382,11 +471,6 @@ while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do -E|--preserve-env) fatal_error "$1 is not supported with ${KAS_CONTAINER_SELF_NAME}" ;; - --provenance) - KAS_OPTIONS="${KAS_OPTIONS} $1 $2" - shift 1 - shift 1 || KAS_OPTIONS="--help" - ;; --) KAS_EXTRA_BITBAKE_ARGS=$# ;; @@ -406,29 +490,13 @@ while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do unset ARG fi fi - KAS_FILES= - # SC2086: Double quote to prevent globbing and word splitting. - # shellcheck disable=2086 - for FILE in $(IFS=':'; echo $ARG); do - if ! KAS_REAL_FILE="$(realpath -qe "$FILE")"; then - fatal_error "configuration file '${FILE}' not found" - fi - if [ -z "${KAS_FILES}" ]; then - KAS_FIRST_FILE="${KAS_REAL_FILE}" - KAS_FILES="${KAS_REAL_FILE}" - else - KAS_FILES="${KAS_FILES}:${KAS_REAL_FILE}" - fi - done + process_file_arg "$ARG" ;; esac done -if [ -n "${KAS_FIRST_FILE}" ]; then - KAS_FILE_DIR="$(dirname "${KAS_FIRST_FILE}")" - KAS_REPO_DIR=$(git -C "${KAS_FILE_DIR}" rev-parse --show-toplevel 2>/dev/null) \ - || KAS_REPO_DIR=$(hg --cwd "${KAS_FILE_DIR}" root 2>/dev/null) \ - || KAS_REPO_DIR=${KAS_FILE_DIR} +if [ -n "${KAS_FIRST_FILES}" ]; then + KAS_REPO_DIR=$(echo "${KAS_REPO_DIRS}" | awk '{print $1}') else KAS_REPO_DIR=$(pwd) fi @@ -441,8 +509,8 @@ if [ -n "${SOURCE_DIR_HOST}" ]; then fi if [ "${KAS_CMD}" = "menu" ]; then - if [ -z "${KAS_FIRST_FILE}" ]; then - KAS_FIRST_FILE="Kconfig" + if [ -z "${KAS_FIRST_FILES}" ]; then + KAS_FIRST_FILES="Kconfig" fi # When using the menu plugin, we need to track the KAS_REPO_DIR outside @@ -451,20 +519,26 @@ if [ "${KAS_CMD}" = "menu" ]; then # on the host. This data is then added to the .config.yaml where it can # be evaluated by the next invocation of kas-container. - if ! [ "$(realpath -qe "${KAS_REPO_DIR}")" = "$(realpath -qe "${KAS_WORK_DIR}")" ]; then - set -- "$@" -e _KAS_REPO_DIR_HOST="$(readlink -fv "${KAS_REPO_DIR}")" + KAS_REPO_DIR=$(check_and_expand KAS_REPO_DIR required) + if ! [ "${KAS_REPO_DIR}" = "${KAS_WORK_DIR}" ]; then + set -- "$@" -e _KAS_REPO_DIR_HOST="${KAS_REPO_DIR}" fi - BUILD_SYSTEM=$(tr '\n' '\f' 2>/dev/null < "${KAS_FIRST_FILE}" | \ + if [ "$(echo "${KAS_FIRST_FILES}" | wc -w)" -ne "1" ]; then + fatal_error "menu plugin only supports a single Kconfig file" + fi + BUILD_SYSTEM=$(tr '\n' '\f' 2>/dev/null < "${KAS_FIRST_FILES}" | \ sed -e 's/\(.*\fconfig KAS_BUILD_SYSTEM\f\(.*\)\|.*\)/\2/' \ -e 's/\f\([[:alpha:]].*\|$\)//' \ -e 's/.*default \"\(.*\)\".*/\1/') else - if [ -z "${KAS_FIRST_FILE}" ]; then - KAS_FIRST_FILE="${KAS_WORK_DIR}/.config.yaml" + if [ -z "${KAS_FIRST_FILES}" ]; then + KAS_FIRST_FILES="${KAS_WORK_DIR}/.config.yaml" fi - BUILD_SYSTEM=$(grep -e "^build_system: " "${KAS_FIRST_FILE}" 2>/dev/null | \ + # We only get the first build system and let kas check if mixed + _KAS_FIRST_FILE=$(echo "${KAS_FIRST_FILES}" | awk '{print $1}') + BUILD_SYSTEM=$(grep -e "^build_system: " "${_KAS_FIRST_FILE}" 2>/dev/null | \ sed 's/build_system:[ ]\+//') fi @@ -474,32 +548,51 @@ elif [ -z "${ISAR_MODE}" ]; then enable_oe_mode fi +# clean can be executed without config, hence manually forward the build system +if [ "${ISAR_MODE}" = "1" ] && echo "${KAS_CMD}" | grep -qe "^clean\|purge"; then + KAS_OPTIONS="${KAS_OPTIONS} --isar" +fi + set_container_image_var -# short circuit for clean* commands. We just need -# the build-system information, but no repo mounts, etc... -if echo "${KAS_CMD}" | grep -qe "^clean"; then - run_clean "${KAS_CMD}" - exit 0 +if [ "${KAS_DOCKER_ROOTLESS}" = "1" ]; then + KAS_REPO_MOUNT_OPT_DEFAULT="ro" fi - KAS_REPO_MOUNT_OPT="${KAS_REPO_MOUNT_OPT:-${KAS_REPO_MOUNT_OPT_DEFAULT}}" -KAS_FILES="$(echo "${KAS_FILES}" | sed 's|'"${KAS_REPO_DIR}"'/|/repo/|g')" - if [ "$(id -u)" -eq 0 ] && [ "${KAS_ALLOW_ROOT}" != "yes" ] ; then fatal_error "Running as root - may break certain recipes." \ "Better give a regular user docker access. Set" \ "KAS_ALLOW_ROOT=yes to override." fi +if [ "${KAS_DOCKER_ROOTLESS}" = "1" ]; then + enable_docker_rootless +fi + +if [ "${KAS_CMD}" = "diff" ]; then + if [ "$(echo "${KAS_FILES}" | wc -w)" -eq "2" ]; then + _KAS_REPO_DIR1="$(echo "${KAS_REPO_DIRS}" | awk '{print $1}')" + _KAS_REPO_DIR2="$(echo "${KAS_REPO_DIRS}" | awk '{print $2}')" + _KAS_FILES1="$(echo "${KAS_FILES}" | awk '{print $1}' | sed 's|'"${_KAS_REPO_DIR1}"'/|/repo/|g')" + _KAS_FILES2="$(echo "${KAS_FILES}" | awk '{print $2}' | sed 's|'"${_KAS_REPO_DIR2}"'/|/repo2/|g')" + KAS_FILES="${_KAS_FILES1} ${_KAS_FILES2}" + set -- "$@" -v "${_KAS_REPO_DIR2}:/repo2:${KAS_REPO_MOUNT_OPT}" + fi +else + KAS_FILES="$(echo "${KAS_FILES}" | sed 's|'"${KAS_REPO_DIR}"'/|/repo/|g')" +fi set -- "$@" -v "${KAS_REPO_DIR}:/repo:${KAS_REPO_MOUNT_OPT}" \ -v "${KAS_WORK_DIR}":/work:rw -e KAS_WORK_DIR=/work \ - -v "${KAS_BUILD_DIR}":/build:rw \ --workdir=/repo \ - -e KAS_BUILD_DIR=/build \ + -e KAS_CONTAINER_SCRIPT_VERSION="${KAS_CONTAINER_SCRIPT_VERSION}" \ -e USER_ID="$(id -u)" -e GROUP_ID="$(id -g)" --rm --init +forward_dir KAS_BUILD_DIR "/build" "rw" +forward_dir DL_DIR "/downloads" "rw" +forward_dir KAS_REPO_REF_DIR "/repo-ref" "rw" +forward_dir SSTATE_DIR "/sstate" "rw" + if git_com_dir=$(git -C "${KAS_REPO_DIR}" rev-parse --git-common-dir 2>/dev/null) \ && [ "$git_com_dir" != "$(git -C "${KAS_REPO_DIR}" rev-parse --git-dir)" ]; then # If (it's a git repo) and the common dir isn't the git-dir, it is shared worktree and @@ -516,11 +609,9 @@ if git_com_dir=$(git -C "${KAS_REPO_DIR}" rev-parse --git-common-dir 2>/dev/null fi fi +KAS_SSH_DIR="$(check_and_expand KAS_SSH_DIR required)" if [ -n "${KAS_SSH_DIR}" ] ; then - if [ ! -d "${KAS_SSH_DIR}" ]; then - fatal_error "passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory" - fi - set -- "$@" -v "$(readlink -fv "${KAS_SSH_DIR}")":/var/kas/userdata/.ssh:ro + set -- "$@" -v "${KAS_SSH_DIR}":/var/kas/userdata/.ssh:ro fi if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then @@ -531,11 +622,9 @@ if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then -e SSH_AUTH_SOCK=/ssh-agent/ssh-auth-sock fi +KAS_AWS_DIR="$(check_and_expand KAS_AWS_DIR required)" if [ -n "${KAS_AWS_DIR}" ] ; then - if [ ! -d "${KAS_AWS_DIR}" ]; then - fatal_error "passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory" - fi - set -- "$@" -v "$(readlink -fv "${KAS_AWS_DIR}")":/var/kas/userdata/.aws:ro \ + set -- "$@" -v "${KAS_AWS_DIR}":/var/kas/userdata/.aws:ro \ -e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/config}" \ -e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/var/kas/userdata/.aws/credentials}" fi @@ -544,7 +633,7 @@ if [ -n "${AWS_WEB_IDENTITY_TOKEN_FILE}" ] ; then echo "Passed AWS_WEB_IDENTITY_TOKEN_FILE '${AWS_WEB_IDENTITY_TOKEN_FILE}' is not a file" exit 1 fi - set -- "$@" -v "$(readlink -fv "${AWS_WEB_IDENTITY_TOKEN_FILE}")":/var/kas/userdata/.aws/web_identity_token:ro \ + set -- "$@" -v "$(realpath -e "${AWS_WEB_IDENTITY_TOKEN_FILE}")":/var/kas/userdata/.aws/web_identity_token:ro \ -e AWS_WEB_IDENTITY_TOKEN_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/web_identity_token}" \ -e AWS_ROLE_ARN="${AWS_ROLE_ARN}" fi @@ -556,7 +645,7 @@ if [ -n "${KAS_GIT_CREDENTIAL_STORE}" ] ; then fatal_error "passed KAS_GIT_CREDENTIAL_STORE '${KAS_GIT_CREDENTIAL_STORE}' is not a file" fi KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/var/kas/userdata/.git-credentials" - set -- "$@" -v "$(readlink -fv "${KAS_GIT_CREDENTIAL_STORE}")":/var/kas/userdata/.git-credentials:ro + set -- "$@" -v "$(realpath -e "${KAS_GIT_CREDENTIAL_STORE}")":/var/kas/userdata/.git-credentials:ro fi GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER:-${KAS_GIT_CREDENTIAL_HELPER_DEFAULT}}" @@ -566,17 +655,22 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then fi if [ -f "${NETRC_FILE}" ]; then - set -- "$@" -v "$(readlink -fv "${NETRC_FILE}")":/var/kas/userdata/.netrc:ro \ + set -- "$@" -v "$(realpath -e "${NETRC_FILE}")":/var/kas/userdata/.netrc:ro \ -e NETRC_FILE="/var/kas/userdata/.netrc" fi +if [ -f "${NPMRC_FILE}" ]; then + set -- "$@" -v "$(realpath -e "${NPMRC_FILE}")":/var/kas/userdata/.npmrc:ro \ + -e NPMRC_FILE="/var/kas/userdata/.npmrc" +fi + if [ -f "${GITCONFIG_FILE}" ]; then - set -- "$@" -v "$(readlink -fv "${GITCONFIG_FILE}")":/var/kas/userdata/.gitconfig:ro \ + set -- "$@" -v "$(realpath -e "${GITCONFIG_FILE}")":/var/kas/userdata/.gitconfig:ro \ -e GITCONFIG_FILE="/var/kas/userdata/.gitconfig" fi if [ -f "${REGISTRY_AUTH_FILE}" ]; then - set -- "$@" -v "$(readlink -fv "${REGISTRY_AUTH_FILE}")":/var/kas/userdata/.docker/config.json:ro \ + set -- "$@" -v "$(realpath -e "${REGISTRY_AUTH_FILE}")":/var/kas/userdata/.docker/config.json:ro \ -e REGISTRY_AUTH_FILE="/var/kas/userdata/.docker/config.json" fi @@ -584,19 +678,6 @@ if [ -t 1 ]; then set -- "$@" -t -i fi -if [ -n "${DL_DIR}" ]; then - trace mkdir -p "${DL_DIR}" - set -- "$@" \ - -v "$(readlink -fv "${DL_DIR}")":/downloads:rw \ - -e DL_DIR=/downloads -fi - -if [ -n "${SSTATE_DIR}" ]; then - trace mkdir -p "${SSTATE_DIR}" - set -- "$@" \ - -v "$(readlink -fv "${SSTATE_DIR}")":/sstate:rw \ - -e SSTATE_DIR=/sstate -fi if [ -n "${SSTATE_MIRRORS}" ]; then if echo "${SSTATE_MIRRORS}" | grep -q "file:///"; then warning "SSTATE_MIRRORS contains a local path." \ @@ -605,18 +686,18 @@ if [ -n "${SSTATE_MIRRORS}" ]; then set -- "$@" -e "SSTATE_MIRRORS=${SSTATE_MIRRORS}" fi -if [ -n "${KAS_REPO_REF_DIR}" ]; then - if [ ! -d "${KAS_REPO_REF_DIR}" ]; then - fatal_error "Passed KAS_REPO_REF_DIR '${KAS_REPO_REF_DIR}' is not a directory" - fi - set -- "$@" \ - -v "$(readlink -fv "${KAS_REPO_REF_DIR}")":/repo-ref:rw \ - -e KAS_REPO_REF_DIR=/repo-ref +# propagate timezone information +if [ -f "/etc/localtime" ]; then + set -- "$@" -v "$(realpath -e "/etc/localtime")":/etc/localtime:ro +fi +if [ -f "/etc/timezone" ]; then + set -- "$@" -v "$(realpath -e "/etc/timezone")":/etc/timezone:ro fi for var in TERM KAS_DISTRO KAS_MACHINE KAS_TARGET KAS_TASK KAS_CLONE_DEPTH \ KAS_PREMIRRORS DISTRO_APT_PREMIRRORS BB_NUMBER_THREADS PARALLEL_MAKE \ - GIT_CREDENTIAL_USEHTTPPATH; do + GIT_CREDENTIAL_USEHTTPPATH \ + TZ; do if [ -n "$(eval echo \$${var})" ]; then set -- "$@" -e "${var}=$(eval echo \"\$${var}\")" fi -- 2.39.5 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250616155748.561641-1-cedric.hombourger%40siemens.com.