From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <isar-users+bncBDB6LLF7YUBRBSEIZPBAMGQEVGJBDXY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 18 Jun 2025 15:51:11 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-oo1-f64.google.com (mail-oo1-f64.google.com [209.85.161.64])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55IDpAnJ003041
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupi@ilbers.de>; Wed, 18 Jun 2025 15:51:11 +0200
Received: by mail-oo1-f64.google.com with SMTP id 006d021491bc7-60f3442c58csf5817370eaf.0
        for <iupi@ilbers.de>; Wed, 18 Jun 2025 06:51:10 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750254664; cv=pass;
        d=google.com; s=arc-20240605;
        b=TV9B2geUh0tRCi9k8KvUuEaa8EWjgK0N6YyZg58k1m0ISNXVAJVDmF1bc02q1J5NBw
         QZxjUqpV81MK+jAQPo5GRxjW0SAHjouYXU08jm8iK2ls42MCU4rAqRNFefBg6v00r8Ej
         3NqB+7wmHCedXFZBXRRRnXUCJojKcvYGNtBjQ0bhuic5hseaMfmdkzdSWp84k93UTUxu
         dAJqcsabDfwjajj2gzzbKq7nAXuMsB1neQSxyQGvHmAinbfPrbBVnl0JBxE8C/9HWw8H
         hMnzpj+KnTv1clRcs8oUEJQHfL6aYRTbP/HVdddhwkRMu5+FC9JbV2ScZ/Pi649knM8m
         K++w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=eAcrMEpEyXdeiDcCKaCnPNPni1E6OrXxyBPhScbAN3E=;
        fh=I7YvM0LM2y/NbLzNYmVJk0Iuc2F6P9aOY0HHa7exRz4=;
        b=axeUmwomYKCnMZj7nQJ5sZmuvWRLyI7JsLaLB8slVT4NGwCcUXKPbIvOouvqJXnX0L
         wtM/vOXluOG+d2vMANWUeXJZSN8SNqfwJy8RIboV05Z7T9FxEKrcyN7Hk+SV1Q2vcgmx
         5zEFoRAoRTzMRdMjNw+Sqt1xGYwX43s44+pLXgNuYx0Y51FCjoAtbH9K5s6kALG8YF6L
         bVv0/JQgIimjvmxzUklaSItCdsenophtobcJ7m1yVsoA/1hJbrpXgs7V7zEARxR+FmM2
         eW2MSgtAn1xSqMpudZQFJuI+SvieqS0fV5eQhFqiDJrWnEInXln5PbVetH2zReUNVleK
         2DRw==;
        darn=ilbers.de
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=CSyPH8iz;
       spf=pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250618135100d2af4189c1887e8583-JcD_kS@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750254664; x=1750859464; darn=ilbers.de;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=eAcrMEpEyXdeiDcCKaCnPNPni1E6OrXxyBPhScbAN3E=;
        b=hiGD6n6NKmczo0Z2VzAajXJ1XsCIaXp2XlSn4v3Tm2FleQKusVrsL3llqOeh4dLWwm
         DLDp8Oi9SRqLV8IZ3Q1BnEM5WlWY1Gw0gMpWElNJ1jz149klcEu3nHQ7eIjU9QC4coHe
         xVR4ECvplPcXhRXWpDlTmkgWNgDokSUSYQJ+KHd9SOZyrIwjkzsPRKoX6UbLrCTy0EBd
         N5sfQiB7Ts+pgALO+T7KYJuKzM3y4OjoRH62+VgwETZIvxea0gciK59vKQ7FDnIhfv2L
         SZ1awzBj/QKJeP1QyN2rnp24g4+oSZGy3YF4AGdwqNHwTIapu4Qtsixo3sT5P5NIqrGW
         +Ajg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750254664; x=1750859464;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=eAcrMEpEyXdeiDcCKaCnPNPni1E6OrXxyBPhScbAN3E=;
        b=abfgflf80WXeKhENo5K2+o51I6H5vGpDcbyEHkrX6NtfIv8yOC0tGqxwHccYnQcMld
         Lh7Exd81uKkVEWm82+XAW36+QZF3oXNEH2pesH7MhDx57NCizL1bPm8klCLeSOgDG4m9
         ulelH/8NToSRWFjBt4/irj/2jaMUtzKnUHeSZPfyXaPlIabX9zR8XmxpK29nO9+mxm59
         tL7jLxK4tk78qF0zLTx7WdeRz+A9aOqCJifaAuLCXyLYJDdxMSMTM/kALGOqZxudDUHz
         YvNaNUG7kVgLHO4yROSgDGyYgB0lbwHc1G4OWdo8xlOhN676N4F6C5eKK3gNAFL1Mqvg
         mjDQ==
X-Forwarded-Encrypted: i=2; AJvYcCUEa7A9r3dvlruXYka4lexjwLvmyAKrVo72EhHceDqSgCOX43WmIVoz1odS3fvFxkhBpiQE@ilbers.de
X-Gm-Message-State: AOJu0YwXyCKG2QSLFVviJ7brWqhxaOhYOnUh0o6jCEtVtbdgvFD3U/ko
	dD0KMiCEgW00zTBeMqGG59BXBoHO7Pk++5Gedz4KOUmS+xvB5pgqdnim
X-Google-Smtp-Source: AGHT+IGLPPIPsQh4yHh9j4XWIjvlUb1zuuGBXB41cjbd9JSIJULFk6M2SUyCL7FpYA8nYVO90Ja6NA==
X-Received: by 2002:a05:6820:4418:b0:611:11a3:7cd8 with SMTP id 006d021491bc7-61111a37e81mr8693173eaf.3.1750254664482;
        Wed, 18 Jun 2025 06:51:04 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com; h=AZMbMZfPwHOUv+c2gloG9ypG/PvLA/QqZDmKoA6tUN5Ilx92og==
Received: by 2002:a4a:c546:0:b0:611:3b40:74a0 with SMTP id 006d021491bc7-6113b407531ls908308eaf.2.-pod-prod-08-us;
 Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
X-Received: by 2002:a05:6820:221e:b0:610:ee96:eca9 with SMTP id 006d021491bc7-61111020f63mr10321173eaf.8.1750254663493;
        Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750254663; cv=none;
        d=google.com; s=arc-20240605;
        b=Nmd/0Ucwr2C+L1lof8di5ydUjYyvfj5YmYw/HhVq30E4bXtkW9Xm5mHSDg2EkqoGtz
         F1mYVUl4mBkoBWaXfSDYlc6hUTp7Lh18rbwJRot1bMy/7ImRydq02Vv+Gv1eFGcFWeUo
         mx8iP98PeICOWgYiHLjU2KVXRQVyDiU5gaLHUxASL+krL9jlbX/jaEB5A0tqKjuE6MGq
         xM0tNNEuFrtYlxQiaG6ccajiBwsdup3apMSDehO/tXk0t/lWNRdJVrjInZEVMufbk8cj
         v6j1n1IX3HmKS3VzWb2xhuMcGNS4xkEJxd1QDAhrIybniEp6RMttKbWsYdEos0Lu0s2d
         MrYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=TiaRTtgILeSX7ToLdgpDkqJiu7zRz+7jAza4vy/Qz/o=;
        fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=;
        b=E+8aC3gC6B4to5U5TnGZV5ah1vTOAuVEcsFcbXRG8TvkvqZ1CdZNgAOCkUZU2rjCTT
         FCEo09WijQ+X6sIdoA0RZmazeMp4RUPgwdyoAkGPrwbsN8xGXAihAfYUj2+aztEGdz8Z
         0mS/SBjhasYHNRdp3Y08fGPbulpImg2yaK2I0N3vqxGJhlUyjQJeNZOQbZOfLIkwixRq
         R3Ut47rxr0TKt0KYaZ2AAyRaUiiDK8nouO9aH9kAuZZvU0q+JuIFrRiJsxCOj6MaPdLN
         DNZ+53IgN26b/CujNkYqwi3p6zUT9qBNxhDT+K5XYGslr32EBYxCBsMR0E42mKZMWHH0
         Bfvg==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=CSyPH8iz;
       spf=pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250618135100d2af4189c1887e8583-JcD_kS@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226])
        by gmr-mx.google.com with ESMTPS id 006d021491bc7-61108c5e76fsi518193eaf.0.2025.06.18.06.51.03
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Jun 2025 06:51:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226;
Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 20250618135100d2af4189c1887e8583
        for <isar-users@googlegroups.com>;
        Wed, 18 Jun 2025 15:51:00 +0200
From: "'Cedric Hombourger' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: felix.moessbauer@siemens.com,
        Cedric Hombourger <cedric.hombourger@siemens.com>
Subject: [PATCH v2 0/4] non-privileged commands in chroot
Date: Wed, 18 Jun 2025 15:50:36 +0200
Message-Id: <20250618135040.8252-1-cedric.hombourger@siemens.com>
In-Reply-To: <20250519115750.3195300-1-cedric.hombourger@siemens.com>
References: <20250519115750.3195300-1-cedric.hombourger@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1212295:519-21489:flowmailer
X-Original-Sender: cedric.hombourger@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b=CSyPH8iz;       spf=pass
 (google.com: domain of fm-1212295-20250618135100d2af4189c1887e8583-jcd_ks@rts-flowmailer.siemens.com
 designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1212295-20250618135100d2af4189c1887e8583-JcD_kS@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Cedric Hombourger <cedric.hombourger@siemens.com>
Reply-To: Cedric Hombourger <cedric.hombourger@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>, <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>, <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
	RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: JbGfMekL/nt4

When building root filesystems for foreign architectures with package source
caching enabled, apt operations are executed within the rootfs through QEMU
emulation. This results in significantly degraded performance, particularly
when downloading source packages sequentially.

This patch series introduces a new wrapper function that enables native
command execution against a rootfs while preserving special mount points
(such as /isar-apt). The approach:

- Improves build performance for foreign architecture builds
- Maintains filesystem isolation using bubblewrap
- Preserves access to special mount points required by isar

Testing:
- Basic smoke tests performed successfully (citest.py -t dev)
- Performance improvements observed in source package acquisition
- Tested with various foreign architecture configurations

Dependencies:
- Adds bubblewrap as a new host tool requirement
- Uses kas-container 4.8.0 or later (see [1])

Changes since v1 patch:
  - Rebase (resolve RECIPE-API-CHANGELOG.md merge conflicts)
  - Prefix rootfs variable in rootfs_cmd with bwrap to avoid clashes

Changes since RFC patch:
  - Let caller decide where to bind-mount the rootfs to
  - Make the rootfs argument optional
  - Support 32-bit rootfs (no lib64 there)

(Re-)validated with "citest.py -t dev" (using kas-container 4.8.1):

 JOB ID  : be45cf0e3937b95d283e7acd687787df259c4341
 JOB LOG : job-results/job-2025-06-18T12.43-be45cf0/job.log
  (1/6) citest.py:DevTest.test_dev: STARTED
  (1/6) citest.py:DevTest.test_dev: PASS (1177.32 s)
  (2/6) citest.py:DevTest.test_dev_apps: STARTED
  (2/6) citest.py:DevTest.test_dev_apps: PASS (1128.83 s)
  (3/6) citest.py:DevTest.test_dev_rebuild: STARTED
  (3/6) citest.py:DevTest.test_dev_rebuild: PASS (412.72 s)
  (4/6) citest.py:DevTest.test_dev_run_amd64_bookworm: STARTED
  (4/6) citest.py:DevTest.test_dev_run_amd64_bookworm: PASS (77.60 s)
  (5/6) citest.py:DevTest.test_dev_run_arm64_bookworm: STARTED
  (5/6) citest.py:DevTest.test_dev_run_arm64_bookworm: PASS (50.17 s)
  (6/6) citest.py:DevTest.test_dev_run_arm_bookworm: STARTED
  (6/6) citest.py:DevTest.test_dev_run_arm_bookworm: PASS (52.95 s)
 RESULTS    : PASS 6 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0
 JOB TIME   : 2905.62 s

Cedric Hombourger' via isar-users (4):
  rootfs: introduce wrapper to run commands against a rootfs
  deb-dl-dir: optimize caching of source packages using apt natively
  image-postproc-extension: refactor systemd version checks
  image-postproc-extension: extract systemd's version using rootfs_cmd

 RECIPE-API-CHANGELOG.md                       |  7 ++
 doc/user_manual.md                            |  1 +
 meta/classes/deb-dl-dir.bbclass               | 37 +++--------
 meta/classes/image-postproc-extension.bbclass | 12 ++--
 meta/classes/rootfs.bbclass                   | 66 +++++++++++++++++++
 5 files changed, 90 insertions(+), 33 deletions(-)

[1] https://lists.isar-build.org/isar-users/20250616155748.561641-1-cedric.hombourger@siemens.com/T/#u

-- 
2.39.5

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250618135040.8252-1-cedric.hombourger%40siemens.com.