From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 25 Jun 2025 21:39:12 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oo1-f56.google.com (mail-oo1-f56.google.com [209.85.161.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 55PJdACN007166 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 25 Jun 2025 21:39:11 +0200 Received: by mail-oo1-f56.google.com with SMTP id 006d021491bc7-60bf020e4a1sf261592eaf.0 for ; Wed, 25 Jun 2025 12:39:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750880345; cv=pass; d=google.com; s=arc-20240605; b=G6hZA3MdUchZR0rX9DEmWPhnuUPHccqxgliXuv3rjkq5cvpe5PoEcW9NSayZI+9Gfo zCADtyb7aipSJLzBQ2cqcUyOJxHhwsnM0+X3y2s8b85JONFqexCY6nBDSydw/e3dGrTz pytEm9kWOwAjEvghAqqEvSosipuOEhIaWuNic10+jdnnwrzamKcYhcPOhQ3NGg+FpNI+ iG0xhqsCtYoLPwmz/9KPKT+2W+5ApXua8YWnFFiwHR+ITxeWQcu+9TfKYav+mB+CqgUD mTKGPYNUqaw5yoJt64VSiIw+tlkrPe41QZmk9Lldidxs8eF+VnFv6WWnyRH0SuGRUJVA mq/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=IPPK39Oj/9dVGlCJo3XB1dJjywqlcLflVuZpSqlLMd0=; fh=tXh5UDJ3M40n8ew+assqGsXj5JNi+riWp2qNpXNERR0=; b=BEjIIqS6XedUprbB0Y+Z5wL/UIEgh6Huo4tP4t2lnCKFzg9TP31gKpyFPBwH+zg3qD xOLjhThSkytsnhE7d8OvZqeXXb2e1pBsF4MmbgAG/pp3D6pMlO9HlL/SoE63SjJQ2LMQ UQgqrh74CMhlsuYxZCcHRYk93IMjjQ/ScTwfphs/aFfiwzCXjBB7Yr7ghcZrdMforWVi TBpfTn3IJAPU1+cba34t5Sksbw71m1JrCGyTSVtMVJP8cKu/hXFH3gaWC9jTzluPIVdJ pOuD36faZgmyVnyrJGvTtRCTQTUPgFYHT/0t/jY6x6Iy/FAxBi1NVmhiJ64F/RRkqlxU WpPg==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b="Gv4z/KTb"; spf=pass (google.com: domain of fm-1212295-2025062519390021144cc28f800521c6-4cznus@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-2025062519390021144cc28f800521c6-4CZnus@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1750880345; x=1751485145; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=IPPK39Oj/9dVGlCJo3XB1dJjywqlcLflVuZpSqlLMd0=; b=DYX84AT1faLCMe1ybR8raUyIv3OmmsiucK+YVM0u/HPMdlY8vMDmmkzh1AMAxyDmNj CCxMbDQHJfQaW298XIy5pzEZSk79G7QRa0k+xRcqBn7u7zoTxQaVLrn42tMfD3BdtH7k 78XLNgPmUdctwX95dEHPtlGaVsH7UenVHvOwRehfe5wUsnP8nVBWkaABL0CzWTaugKIA hmK9Z97INcSo7k0IXV0494sN6FKe5nU4FK1vPZi3cnBcChunD05hgZV+cyu1SySa+8oX o4XFvo4O4JIZHCFbahg3/IsVjSCmZjGgc3pzQ/f1pO9qGyGRpon9aKCleNl3LyCv0c2Q GRvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750880345; x=1751485145; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IPPK39Oj/9dVGlCJo3XB1dJjywqlcLflVuZpSqlLMd0=; b=WIOKNnKlZDcJHGdxy2e3ReyegE6ZquwA25fbb3nYHnGISFX4XQUIc680sb/UsIJaLB JlIZK/gz7h6A3b2AaPLNWHwzrBxdnNm1X3bRJkcZeN634pMIzV2R5YIHMiK6awdC3w7/ +hEljHAKQZGZL7ikxyUsan/PoDiLAvZ/XCdBqiYWF8P0BPnWJmYxV0BkDT/hIEjWfL0g jUApOOUg2StJzqKoDbg2fsO7PDGL/I/lEKvUTRhUsXh8zUTontw0oJ9iFU6s2QjSez3V SLMNWmHuM4XxYV+REMpswP/hWEJ1sDIvjjq/4pSzSrElOKNX8odlac8ZWYiM2HvQvS8e FA7w== X-Forwarded-Encrypted: i=2; AJvYcCUToKBdvlCyXDbGzP6zk38TG3yYyTG+zBnx1YUiSwavtljdiO3BKKlGhEM7+msjTGUg/RqY@ilbers.de X-Gm-Message-State: AOJu0Yz1rCni+BslwNCxAtPa3UCcJdX99UNabbSIFNf42+JgnZiY90Bh Pnxk7FtqSnRvf09EgFwto2gYKx3y433Xm6ZlAuHzjSSxVTb35q7+W59/ X-Google-Smtp-Source: AGHT+IHEBi0OFm3Afzs2Je1d2hlUA90mYyhFtxjVguz3XP46+kgJpg3rbSknf0JFpj44alJobzzw4A== X-Received: by 2002:a05:6820:995:b0:611:a238:9e8f with SMTP id 006d021491bc7-611a238a277mr2222087eaf.0.1750880344940; Wed, 25 Jun 2025 12:39:04 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZcTtYPDvMTsyckLXYj4lpTXmcJJMIG+s4pWp84OEcWw2g== Received: by 2002:a05:6820:a102:b0:611:6776:43c5 with SMTP id 006d021491bc7-611ab1d539cls91276eaf.2.-pod-prod-09-us; Wed, 25 Jun 2025 12:39:03 -0700 (PDT) X-Received: by 2002:a05:6808:4f20:b0:403:3195:58cb with SMTP id 5614622812f47-40b05c15b91mr4031552b6e.28.1750880343412; Wed, 25 Jun 2025 12:39:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1750880343; cv=none; d=google.com; s=arc-20240605; b=OEC8zxjIJVLPGlM9mfWQvuFdlxlnjaUuyyRcp93zt07lz//Jq9kJZUpHASh337wG58 L0eKxDhQQy2ff7jbmQztSGnA3n6ZGFlgDG+WY7hJX6FWzGfZBzHmhjZMFtfy3V5GZzck 4Rsg0Dn20g0UArOBfMpZExNsQRNQmaWwYkIMHnf4yJXMiHqw8l2IiCr3P75zy6blF/3A f19YiDoeJvvoNK3VNIKRRc4Kp381yQUJKJfk7483gOGXeTp6vBDLYRHTA8RqdRpl0gNQ MkI5vXMn0RgTHPnY/CijsfTyIAa+PHmq8o4zx4TFd1IU1fQpXXbECbTAGl9FqEvTAoBK DVvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=ELfWIYLHHk6Z+P3mWMds86DgqEr47THu/nBAeqv9Sbw=; fh=D/q4xMKxZDyLo2GtmwQ/2prSr9aCFD3HVqTCj43epLY=; b=Y6JK5jyfOBrgJwYCkgOoVoAdu6phv7RH4mJ+NS/+e9Fp8wzbjceJWEFnaRKpjiSxcX 8HFlZ1H25WO9TltwQacS8QAnYXdgLiM/HBZRTqUx2NoZC4FMQYfIDxmNsu2MaeDHarrl CP/mi3F2Ahvs8mlPwEN4XJf4389dPC3ijwyYq/CHxsj0REJLEcj/QQeRCj4vXucBhY9v oxwrmjp/eP/f3zkuR4i+6p++OZhjH7CLz7PvR3Io4tvMdRQTBpMkWp0Gcx+D18gfVcep PwuSULWs6Mm7GqXBczGNxtYKpoRtAvTnmDQ5m34g9G8uurzCyZnHslNaJrmSCW12jTT/ 3d7w==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b="Gv4z/KTb"; spf=pass (google.com: domain of fm-1212295-2025062519390021144cc28f800521c6-4cznus@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-2025062519390021144cc28f800521c6-4CZnus@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net. [185.136.65.228]) by gmr-mx.google.com with ESMTPS id 5614622812f47-40ac6d458c8si636949b6e.5.2025.06.25.12.39.03 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jun 2025 12:39:03 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-2025062519390021144cc28f800521c6-4cznus@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) client-ip=185.136.65.228; Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 2025062519390021144cc28f800521c6 for ; Wed, 25 Jun 2025 21:39:00 +0200 From: "'Cedric Hombourger' via isar-users" To: isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, Cedric Hombourger Subject: [PATCH v3 0/6] non-privileged commands in chroot Date: Thu, 26 Jun 2025 03:37:42 +0800 Message-Id: <20250625193748.2681-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b="Gv4z/KTb"; spf=pass (google.com: domain of fm-1212295-2025062519390021144cc28f800521c6-4cznus@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1212295-2025062519390021144cc28f800521c6-4CZnus@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 5+EXjPo225V5 When building root filesystems for foreign architectures with package source caching enabled, apt operations are executed within the rootfs through QEMU emulation. This results in significantly degraded performance, particularly when downloading source packages sequentially. This patch series introduces a new wrapper function that enables native command execution against a rootfs while preserving special mount points (such as /isar-apt). The approach: - Improves build performance for foreign architecture builds - Maintains filesystem isolation using bubblewrap - Preserves access to special mount points required by isar Testing: - Basic smoke tests performed successfully (citest.py -t fast) - Performance improvements observed in source package acquisition - Tested with various foreign architecture configurations Dependencies: - Adds bubblewrap as a new host tool requirement - Uses kas-container 4.8.0 or later (see [1]) Changes since v2 patch: - rootfs_install_pkgs_download will no longer use sudo to run apt-get install --download-only. This was added to further demonstrate/test rootfs_cmd in existing Isar code. Changes since v1 patch: - Rebase (resolve RECIPE-API-CHANGELOG.md merge conflicts) - Prefix rootfs variable in rootfs_cmd with bwrap to avoid clashes Changes since RFC patch: - Let caller decide where to bind-mount the rootfs to - Make the rootfs argument optional - Support 32-bit rootfs (no lib64 there) (Re-)validated with "citest.py -t fast" (using kas-container 4.8.1): JOB ID : 2724be97c6711e046fbc2169823c293dc99cd97c JOB LOG : avocado/job-results/job-2025-06-25T15.51-2724be9/job.log (01/19) citest.py:DevTest.test_dev: STARTED (01/19) citest.py:DevTest.test_dev: PASS (1573.34 s) (02/19) citest.py:DevTest.test_dev_apps: STARTED (02/19) citest.py:DevTest.test_dev_apps: PASS (2158.85 s) (03/19) citest.py:DevTest.test_dev_rebuild: STARTED (03/19) citest.py:DevTest.test_dev_rebuild: PASS (349.73 s) (04/19) citest.py:DevTest.test_dev_run_amd64_bookworm: STARTED (04/19) citest.py:DevTest.test_dev_run_amd64_bookworm: PASS (77.79 s) (05/19) citest.py:DevTest.test_dev_run_arm64_bookworm: STARTED (05/19) citest.py:DevTest.test_dev_run_arm64_bookworm: PASS (55.12 s) (06/19) citest.py:DevTest.test_dev_run_arm_bookworm: STARTED (06/19) citest.py:DevTest.test_dev_run_arm_bookworm: PASS (58.94 s) (07/19) citest.py:CrossTest.test_cross: STARTED (07/19) citest.py:CrossTest.test_cross: PASS (1912.25 s) (08/19) citest.py:CrossTest.test_cross_debsrc: STARTED (08/19) citest.py:CrossTest.test_cross_debsrc: PASS (2933.62 s) (09/19) citest.py:CrossTest.test_cross_kselftest: STARTED (09/19) citest.py:CrossTest.test_cross_kselftest: PASS (2024.26 s) (10/19) citest.py:CrossTest.test_cross_rpi: STARTED (10/19) citest.py:CrossTest.test_cross_rpi: PASS (1543.77 s) (11/19) citest.py:VmBootTestFast.test_arm_bullseye: STARTED (11/19) citest.py:VmBootTestFast.test_arm_bullseye: PASS (64.33 s) (12/19) citest.py:VmBootTestFast.test_arm_bullseye_example_module: STARTED (12/19) citest.py:VmBootTestFast.test_arm_bullseye_example_module: PASS (12.72 s) (13/19) citest.py:VmBootTestFast.test_arm_bullseye_getty_target: STARTED (13/19) citest.py:VmBootTestFast.test_arm_bullseye_getty_target: PASS (10.18 s) (14/19) citest.py:VmBootTestFast.test_arm_buster: STARTED (14/19) citest.py:VmBootTestFast.test_arm_buster: PASS (57.01 s) (15/19) citest.py:VmBootTestFast.test_arm_buster_getty_target: STARTED (15/19) citest.py:VmBootTestFast.test_arm_buster_getty_target: PASS (9.73 s) (16/19) citest.py:VmBootTestFast.test_arm_buster_example_module: STARTED (16/19) citest.py:VmBootTestFast.test_arm_buster_example_module: PASS (10.39 s) (17/19) citest.py:VmBootTestFast.test_arm_bookworm: STARTED (17/19) citest.py:VmBootTestFast.test_arm_bookworm: PASS (82.93 s) (18/19) citest.py:VmBootTestFast.test_arm_bookworm_example_module: STARTED (18/19) citest.py:VmBootTestFast.test_arm_bookworm_example_module: PASS (30.40 s) (19/19) citest.py:VmBootTestFast.test_arm_bookworm_getty_target: STARTED (19/19) citest.py:VmBootTestFast.test_arm_bookworm_getty_target: PASS (11.59 s) RESULTS : PASS 19 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 JOB TIME : 13003.86 s Cedric Hombourger (5): rootfs: introduce wrapper to run commands against a rootfs deb-dl-dir: optimize caching of source packages using apt natively image-postproc-extension: refactor systemd version checks image-postproc-extension: extract systemd's version using rootfs_cmd bootstrap: create lock for downloads/deb without sudo rootfs: do not get elevated privileges when downloading packages RECIPE-API-CHANGELOG.md | 7 ++ doc/user_manual.md | 1 + meta/classes/deb-dl-dir.bbclass | 58 ++++++------- meta/classes/image-postproc-extension.bbclass | 12 +-- meta/classes/rootfs.bbclass | 83 ++++++++++++++++++- .../isar-mmdebstrap/isar-mmdebstrap.inc | 4 + 6 files changed, 126 insertions(+), 39 deletions(-) -- 2.39.5 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250625193748.2681-1-cedric.hombourger%40siemens.com.