[PATCH v2 0/4] non-privileged commands in chroot

["'Cedric Hombourger' via isar-users" <isar-users@googlegroups.com>]

When building root filesystems for foreign architectures with package source
caching enabled, apt operations are executed within the rootfs through QEMU
emulation. This results in significantly degraded performance, particularly
when downloading source packages sequentially.

This patch series introduces a new wrapper function that enables native
command execution against a rootfs while preserving special mount points
(such as /isar-apt). The approach:

- Improves build performance for foreign architecture builds
- Maintains filesystem isolation using bubblewrap
- Preserves access to special mount points required by isar

Testing:
- Basic smoke tests performed successfully (citest.py -t dev)
- Performance improvements observed in source package acquisition
- Tested with various foreign architecture configurations

Dependencies:
- Adds bubblewrap as a new host tool requirement
- Uses kas-container 4.8.0 or later (see [1])

Changes since v1 patch:
  - Rebase (resolve RECIPE-API-CHANGELOG.md merge conflicts)
  - Prefix rootfs variable in rootfs_cmd with bwrap to avoid clashes

Changes since RFC patch:
  - Let caller decide where to bind-mount the rootfs to
  - Make the rootfs argument optional
  - Support 32-bit rootfs (no lib64 there)

(Re-)validated with "citest.py -t dev" (using kas-container 4.8.1):

 JOB ID  : be45cf0e3937b95d283e7acd687787df259c4341
 JOB LOG : job-results/job-2025-06-18T12.43-be45cf0/job.log
  (1/6) citest.py:DevTest.test_dev: STARTED
  (1/6) citest.py:DevTest.test_dev: PASS (1177.32 s)
  (2/6) citest.py:DevTest.test_dev_apps: STARTED
  (2/6) citest.py:DevTest.test_dev_apps: PASS (1128.83 s)
  (3/6) citest.py:DevTest.test_dev_rebuild: STARTED
  (3/6) citest.py:DevTest.test_dev_rebuild: PASS (412.72 s)
  (4/6) citest.py:DevTest.test_dev_run_amd64_bookworm: STARTED
  (4/6) citest.py:DevTest.test_dev_run_amd64_bookworm: PASS (77.60 s)
  (5/6) citest.py:DevTest.test_dev_run_arm64_bookworm: STARTED
  (5/6) citest.py:DevTest.test_dev_run_arm64_bookworm: PASS (50.17 s)
  (6/6) citest.py:DevTest.test_dev_run_arm_bookworm: STARTED
  (6/6) citest.py:DevTest.test_dev_run_arm_bookworm: PASS (52.95 s)
 RESULTS    : PASS 6 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0
 JOB TIME   : 2905.62 s

Cedric Hombourger' via isar-users (4):
  rootfs: introduce wrapper to run commands against a rootfs
  deb-dl-dir: optimize caching of source packages using apt natively
  image-postproc-extension: refactor systemd version checks
  image-postproc-extension: extract systemd's version using rootfs_cmd

 RECIPE-API-CHANGELOG.md                       |  7 ++
 doc/user_manual.md                            |  1 +
 meta/classes/deb-dl-dir.bbclass               | 37 +++--------
 meta/classes/image-postproc-extension.bbclass | 12 ++--
 meta/classes/rootfs.bbclass                   | 66 +++++++++++++++++++
 5 files changed, 90 insertions(+), 33 deletions(-)

[1] https://lists.isar-build.org/isar-users/20250616155748.561641-1-cedric.hombourger@siemens.com/T/#u

-- 
2.39.5

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250618135040.8252-1-cedric.hombourger%40siemens.com.