From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 18 Feb 2026 12:59:06 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f192.google.com (mail-pl1-f192.google.com [209.85.214.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 61IBx3xh023385 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 18 Feb 2026 12:59:05 +0100 Received: by mail-pl1-f192.google.com with SMTP id d9443c01a7336-2a7d7b87977sf61403645ad.0 for ; Wed, 18 Feb 2026 03:59:04 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1771415938; cv=pass; d=google.com; s=arc-20240605; b=ApzIN73w1AFHSG/Zzl5mhSppqHnoLbhiselrrlfIXuFVJpxf54JQ7Drsjzz4tYc41c IZmSiRe1uDKnH2qKcZvbkpuxw57mjG2cLCuffPFJZpHCM/TJ8r9b2Vi/gpm7A8PDvW3j ab9yO36BBnzlnTG0g73vLavt9AvJt1cfsBvMx4uLvfgkQEcY70Gctpt1bgoI6zPQqLlo JBcqUiqqjT8kWFQoBC+G5XgrQaJ/3dR72j3zdKXPUQf0Eo2JHfrXrL1l1pflTIGuTd+n M88J/6r6pal8EMRv4rTIrxk7GGMH404iuxPLRWdTlAB0b1JKFfMsSOQqYWCllyiTvwx6 0Whw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=3QRyzhHRsSI5GqJyQ4rsG6LiJjMiQfzfLKBG1mW+GW4=; fh=nL6ejlohzz/YFVRsRN3u1VBMg/o9yDploPBcE3T6pXQ=; b=djx3LWvKtYUo5xcmlo34HKzY6H3zvgxD3icUJzmi++RIKGzP389xltBp6epLSOQSQ1 /uFp0COX1OstykUWcx9FWHWbVJoulsevJKK/Gi9t6SePKuz1SX8xIRr+lKPJGJlwUjAR Cxy5WVCZO+UNwshxjBMGfF3hjkSqMU+wx4/Qjkje6VfY4mlqR1xv/U1DsTKO+sUCnF50 acoo195DCpUVG3qNxsmF2FR6e+dlz+3Nir1aDVWl8heuGmI6DwXkiW6NMVcEbcoABSJV sW2uh6lSNNHKpbEOK5jWJ2dWxgQtaVwRZVLbVSwE5oINu10QhqxmkzRXvrkfb7TZMQRp 7inA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odwMnbCM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771415938; x=1772020738; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=3QRyzhHRsSI5GqJyQ4rsG6LiJjMiQfzfLKBG1mW+GW4=; b=veM+orM1XJr7+jnGr+9aLyEZU94iW/5GxB0aHqBGoRtR5Ly0FsMRIRCmW6SWEFlIUL G0Bf01jcjk2ZzHHOhlbpXOJtb8JAOwKAEKI5n1892Cysf1VMmLoEsYIg3C86neDCFH3V dM5y5OL4TnhTR5P4rJ0JF66DZLa8du6FArbjbCVmyhHSesKn3Wd6xjYq8UojelPJtmqM dhUqKZ59xb6vLFlRXt8TtyhbTEXeACrD2pvTVcS+qkh5mCTNMTWLYIIzGL+MayKaTcqM ukJV8zAMkVddCCUxieAqWiDY0vyq9tKtcs9lrVj7vS7J4fTP+DD2grHsuvMy0S3pndOE 9Yow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771415938; x=1772020738; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3QRyzhHRsSI5GqJyQ4rsG6LiJjMiQfzfLKBG1mW+GW4=; b=NDzcHSdeZeUecbSSNUbXt+eAnCE93CoZrnqH28fre4Fu+k84PZPB7YsEK3pVkB/E/f YOxZtHNDOHK9sXuIenKpE/8AVA39ewCAlcYDpjHbFLWXbfmsZB6BsCKhiZXO9d2HHGVy rH8C3UAj6IzmdXpTM6dXsqnHw87Omdrc8Rctr10ql8hX61kSnjMrGgIxcuRMitTJu2f2 q971nZJGcad+KGkCpKS0yPzpkWET6EyLnBqqgBjJyieT6JzM6luIzUNHTp4RTK8YXmHb L31aBkzLaQMTAcpjVWqD+TsvIRKb+ggOAdzrSvR0YG4xbiSJwxbcs5llyYiyHAJ7B76X No7w== X-Forwarded-Encrypted: i=3; AJvYcCU7a5qCzSVckGDg+046IYmh4g+qV9DObzVXmyZ2VPF78RKzFXsZ40Haox0ggFBwKmN+4GDd@ilbers.de X-Gm-Message-State: AOJu0YwoubnPYW1m6ktJBOjg3aniFt1zuqgGzurPYkpwf/Kw9jWU7SWf uUPzX80ig4oiEQ0cpt/O6IPDyoNsXAI86rUBxJM6D2bPLtLDWZzSgMYr X-Received: by 2002:a17:902:ebca:b0:2a0:ccef:a5d3 with SMTP id d9443c01a7336-2ad50e73893mr14666645ad.3.1771415937781; Wed, 18 Feb 2026 03:58:57 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+GsS/M/YlF0ojave9SKEi9k5saCzf5Ju14Um4rnVve6mQ==" Received: by 2002:a17:902:ea11:b0:298:e5:d986 with SMTP id d9443c01a7336-2ab3c3f9143ls72586555ad.1.-pod-prod-09-us; Wed, 18 Feb 2026 03:58:56 -0800 (PST) X-Received: by 2002:a05:6a20:939a:b0:38e:9e4c:ed5c with SMTP id adf61e73a8af0-394fc31b47bmr1623665637.52.1771415936224; Wed, 18 Feb 2026 03:58:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1771415936; cv=pass; d=google.com; s=arc-20240605; b=KfdM1LeMc3YJ7vcuIzYWQjDIH4n37KN44FqVvcugcAFWt8ndKnHLWtyqEiZDxYsLkG RJwUrwdL2U+KgmdBv1rGMI1s+W/JRqL/0SLDeax2xbxaOKP0QEfwSWTw9ln3x86wPD8I y7WVLpJHwgCHjtJ1RJN9Ohm71PONl+ONSKZQbwKKB6joyNnKTf2v91C9uDYaolFr3R17 EzB43gg5od5ZicK0EOKaL01A6HCSn7zrwqyRQJeP/hz4cv65asNNz5v1bTp3so/5CPXr Wo2zJILDOjj/zRqwrGnKNVdRYpyPauUHpw3VBpfNboH7SAxLf8IsUDp86lZFAj9DRGr7 KkLg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=2XG2eCUOtCOrzbKfNpEnjSFGtVrEIHbyuUjORFK5tOg=; fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=; b=O51riz4tBivWQnBXVc1ieVxK0uiqlsWPgqFLSJIk+Gym/A5q3hAS/Ntt9WsXJyEPzK 1uTuZnz/a3mQOqRzNQ95TGOugXa3mOgXnLjS4mtXxH/dvbBqL+LDmwAh7WC3BjRb7K7z N82fkaatopPVJc1UI74nJ0Eh2GrD0nBzHm+qjjYEp+DzhDQjffClrmIpcsJIMKoole0A 9VD28LfTq6IBFgG/Bp8LYF5boJ2QhI3Lvsh4Zm7XDZnQf1tf2hDwKClFuNyGY1GROZ2O wc2jvOKfW3GeUFVRcsJO8lIOy890PsrYjVYxyLURdW7vwpgCDdldJ+ZbdiNCiVWM64Rn Wreg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odwMnbCM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 41be03b00d2f7-c6e52fcefacsi385310a12.1.2026.02.18.03.58.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Feb 2026 03:58:56 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=klazA5gTHmiUyyfkxPt3CHUkrgzbnrq0QEN5qIw5gS/8alYTUcvVipvhd1fTWUZwtUVsuKAhnEtfPSk9wloAI8d1Dko3EOfDTWlNa3N2rw7JI1zP0IJ6Aceb2GEmU3bCiy5Zz2yetTCHUhR5y7NYJK9HOkMSOIBMY7Umlk+Ft2wfWhMX28XA1lCctmVvsbb5gT0aYp15yAfOyn8QlmbVoOL1YUJQLZB+Eg3YrMxjNpV7Z56zLxILCE+ut5FPYQIE2bjiBCNzw37gGvNfMR5fbqMQWGAv2xT0ImMXyMe9agloKCckKVH3nNUvBrmGI2bofEn6o3QhV/cvS+HjRZmtcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2XG2eCUOtCOrzbKfNpEnjSFGtVrEIHbyuUjORFK5tOg=; b=b1fzZVix2iOEs5WOOGoDXtMg29mru/usndop7qDT5+k7d5azIJsAloVm81mwro1UZd4BFEQmYRm7h6RR1idom2nozCmwcncaCFEf0KHzZnPQ5koQt5YkuClY0ufuk4w8xKCDsDxwySPFkpBWpgFOl5zof1drgIntCM0iHpLMJdWsoFx2zNLPDmxFE40lSxVfqsZLgg8RvNdoLHyPKjRH4pr6cFe4zccMndg4SL0XyqlXwuZhorz0Ddox+12GjpHtTK0cN9HaSSfMBklL7Y/MygWQ7x4nS4SJyK+cWKe74ddwO/cu/Y0kDJi8uMJzCXdQGjJVSq05CFDWyVJreWTMeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by FRWPR10MB9395.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:d10:1a1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 11:58:53 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 11:58:53 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [RFC 08/12] wic: rework image deploy logic to deploy under correct user Date: Wed, 18 Feb 2026 12:58:23 +0100 Message-ID: <20260218115827.3947145-9-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260218115827.3947145-1-felix.moessbauer@siemens.com> References: <20260218115827.3947145-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: CH5P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1ef::28) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|FRWPR10MB9395:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d097a88-723f-4d2f-4597-08de6ee51612 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?/1ctVyqSl9/ltmm5ljd4CGfJ1UNY7pQ84JkrW+YgnNnaUP3myeLqjntRDUMk?= =?us-ascii?Q?RgolOEzvZbykbuEWNZsEFiV/qxl/cxxGn80qEKyToYTP/txSQ/+DZouF+xiW?= =?us-ascii?Q?pSXwxpBd+j4ZaErE3ExMuJnK/mz46TMiBWovOBID7qK6EQ/+rDkIcdWQZHN5?= =?us-ascii?Q?120hApddqKjXaMBgcL5zaXVu/KW5YuSCfvZT9nGM9sVc3QwpK+3lmbcamUpd?= =?us-ascii?Q?z2XIBZBRjsE1ijb8rkp/AZnJGPUL7xfNZ6dgg4/tWINbs/K9SV5jYXLes+yF?= =?us-ascii?Q?6eB/espKjEtiOOj76jbtE4bQ5/oyySmQ+JEs5q5rKIBMrzR6p4MNQqMwr/C9?= =?us-ascii?Q?hmfkEYzp/mABDZ87hAJ/5xXwRo7vVwp89MO+geaspfb+6e2GnsmB6A6pcrnB?= =?us-ascii?Q?qQ0KOsfy27asIG+OAA3ZGK0/v/jGIwUIHhvkcBWdJyeA5w9tXFaFFHhrGwih?= =?us-ascii?Q?mHcll2tfvMmSG8cvqjNViUKulkLSBEql/HaMzasaBDssLpymWamrObnzPNyi?= =?us-ascii?Q?MzUnBkZCnSPbNpA/ygxLxOsD5lZ+V9Qtev361AMDHedYM+nLAVS1tlD/Zbih?= =?us-ascii?Q?CeITMqKZoWFiJ8q1YrkBIoXx9795jxdvocavqK3TLTdKDwGlUAaaSyjd6XcM?= =?us-ascii?Q?SpEOwaVxYWIo6tZ+8M3ES1Q4mPmURAI9XVYQcIEhPn2bes8W198qmhErphYn?= =?us-ascii?Q?WpqsGww1YZ8ivnrFA+IgEJ7tNjLRbVtR/koOew4WNCkv2H7XKqrtn8q4YtFU?= =?us-ascii?Q?Anvqh7rK1w3QsjUV5bE/rC3PdomZ02chfDqi7IaTJEiJgjq910HfgajkusF/?= =?us-ascii?Q?8+4mJ0cCqKt39o35L9cbcbSlu8SlCIW5b6bjjOqibDsTkIvAGpYA39ey9EwG?= =?us-ascii?Q?WN/0uNl1ay8vW06U+6HE7zGB+Oqx/tT8L4qsWsxHpwy/2U3yXQhnYcjdaY9T?= =?us-ascii?Q?bUnO9hQbroQjjJUnbfvmyjHG2nhNeMrOGY9328YaQKrFHjxKvp1oOWQHCPxK?= =?us-ascii?Q?KoASMLUA/iGWELbVYKbGSGtrJ08BxbrrH2TIXTZbPRRh5nfj5ygUhNaJxTwc?= =?us-ascii?Q?z85/QwA6OefRKpw6W7n5uFumX6uIOQQ3poW791Yj+Lh+qQFoKr7tk91gSCnW?= =?us-ascii?Q?ZBehYss7OLO7/Eicnn4iz7fMbVSj1muUaScfVsE+eiUWoLela6dvKJWvwdrG?= =?us-ascii?Q?8PwmzzMaQnX0U2g10Dg6V5HAKq497YJKajal/4y2/lkJb7o9NA4MpX9Qd12d?= =?us-ascii?Q?qKmUKOWWrhLfgVsLZG9yXmp96dQDHdz2NPckPquHyQ30MboJldJ5BCg/++b4?= =?us-ascii?Q?35+pNnhhvKMdg36SZXCBFXyv5bt8WbJ8Xk6AgBeiI990pmJ9X+iLpYg20Us6?= =?us-ascii?Q?xkefhm6pecUIZ3rzOd3k5NTy8f1MB9d59BgjwXXNq1yBd2scpTCi0cNWxi6M?= =?us-ascii?Q?UyjellsT7XtInNIC9Z83zd5ARiAJ7OEczxbvIU0fP5gCsSq6EXQIe4XiXYBJ?= =?us-ascii?Q?/YXpwfKvTZLbCOrUAyrJprQKkvaotkGGylzXFOg+G3FwcQrQyePpYhriAV72?= =?us-ascii?Q?Y2ZBTy3VC6TuM8uc+zM=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?8E7JTpxMCAElK50/jhSgQA4LnrvXij0DMQgYwxqg+9YCBpAIyi1a0fHAjtnB?= =?us-ascii?Q?7HlytopoFLryi9LPSVCLg0a8teBiRlU2gEsuRVpH968Bxss+GzBozNnHxK9R?= =?us-ascii?Q?uXK0rFsKTBlwJwBmL7jdfipJ/b69kV0SVmqop+uaHdvz4v16Gd8H+wpDg04z?= =?us-ascii?Q?zSSL+rvshOrMDLWa4FPxVa2o/KQbMyKngB8rQcEyxa7V68lPdWJSRAhvoxdj?= =?us-ascii?Q?3KhsXhULm7xsUEterSQsAo28vB0iI1UuN3uumIBuD+9gDlgfYPV/qN0swE98?= =?us-ascii?Q?HTvNGC/A30gtAOcFHcJUnzmUP5FjX0N4cbeRL6Y9XNwnr637yNVURTZEcOH5?= =?us-ascii?Q?+dSdz+ZS1jhoiwdFk4OupJ34bzXioZh0Qf6JfLegykOcn2xiYsdi4SKsIG2a?= =?us-ascii?Q?eI98/WOIeLzC6Vc24pjhUH9ZLXhvFfVBj9bAJ9MeXtE0ISZ8yRjAirgf7ndd?= =?us-ascii?Q?8O/tgNnY2aLyEx1zvw+ko8MfLIHa9usC21uNHIbX97+pGUjArMRXOVz3qW+D?= =?us-ascii?Q?TV3+N1gV42tBDixP3ynShFWwkBltr8RGFWy4+cClAxeBi/0PSnguPgjNkXAC?= =?us-ascii?Q?IqDjTwHECRyBZV+dFt+vAJbSlwq5nACRwc+A6wgDKoURiKXj5/CkxhK7FAvX?= =?us-ascii?Q?901ZhYWGlRNYxZKdqcMWrXwgLQbHic48KGRQIM3LnfLrjGVaRuD6w3wlUEUD?= =?us-ascii?Q?NMFO5EWQeuZ+8hLwNYlocMjzF/HabVLmW1VXU/whVhZDc7d9/mhqB5HJfxXB?= =?us-ascii?Q?FQc2FKVHLDj6Ck7H61b3dKzgR3m0NNIJ0aesHvLgRIfugWOXmAQpjzok3CuG?= =?us-ascii?Q?PbMbUTB8p/RpYPIpfs7ocFOuaVzs/la2Q81GVyY9KS8TnxNbSfV0EgVf4E8z?= =?us-ascii?Q?uF/yWIumx5N7Jsmeb17eWOUGSm5QUutE17D3EfZrjdthWwjjqRuWbgzq57Cj?= =?us-ascii?Q?cJy9yc+LG3w7JHmdMV+SVduoS78n3O0xdp2V9T/COBz59O5AWB+IP0b7n82B?= =?us-ascii?Q?OeaJ6R6DehXYLyoBFRLxOMrbDuQQH7Hvz8NkOfgAnKFU8gRm/WpV3rabcYrX?= =?us-ascii?Q?PnwhXRhW4fLlE+ptwQ7lz+gbzSmBt694VAhJvy6B98aCHYLJtizZrsRFr3/M?= =?us-ascii?Q?f5FaZzBc2FSzLB+RdC4pO1RUMpU1FseuA3LxqX/+B4ofb/X7Ntsixfe76rna?= =?us-ascii?Q?kXVmAllRJ3j8p5ah4x01H7zcL3eJ3Fm6rK3jvaez2hnghNPfBX8BAyQKYo/q?= =?us-ascii?Q?CrNP4cERMnprnej9+w5vDz6SoDn8pcIWJ5gAo8XsNTro933+suk0YNDx6vaT?= =?us-ascii?Q?fMgXt9GEYq7Hnkob9aIMQwxjOdrivZjMmXjVHAy3evm4eSs0pn1hjNY1reN8?= =?us-ascii?Q?oZRTCjwYzDxwDwohdP8n91U/xTJ26RW0PvHwfRqGvJ/NG0Pd7MTHqH1Z+6c/?= =?us-ascii?Q?MSNbwlbFTsjZLMT9A2iAm24ufKmMvwEKd+IOZYyS0NbIyW3egTBL6tYuIldy?= =?us-ascii?Q?XUEiGjcfClJTKotf2VojpbJWVctdG5EBPtWFOzjSjBJOnQJdLXFIUfIhxQdh?= =?us-ascii?Q?OKbhoRzQfjIBjZ+aK98zZWVQTCNVQgDniGcka61127pgwuWJaVRLnG6xWLVG?= =?us-ascii?Q?eiIfl80lg04prkshmPpIiBMoLpvkL7WO6MTfmRsyC92BpqgMs8mSE6O8aG4i?= =?us-ascii?Q?KKGUOPFcbNKJzUeIRzMopQHVToMYgswIa389svqEle52E6xKa4xhYZjRh4rH?= =?us-ascii?Q?WVp9LFMRstlORHttfmHsW72t5gA3JsU=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d097a88-723f-4d2f-4597-08de6ee51612 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2026 11:58:53.2534 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uLNgURIKbBOLHCF0zX0pcxEfndKl+5+fLq255XliMS4V6Aa61I93qPy+uLGSKqva72CRrTh1LozvDzKEW5IWyGP21DzcoJXoFbb8eyHuojI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWPR10MB9395 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=odwMnbCM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 0R0Y4LpyRtGd We previously deployed the image file as root and then chowned the deployed files to the calling user. Hereby the chown command itself requires to be run under root, which is not possible on rootless. As a preparation for rootless, we rework the deploy logic to deploy the files under the calling user. For that, we deploy to a temporary directory within workdir that is writeable from inside the chroot and then copy out under the calling user. Signed-off-by: Felix Moessbauer --- RECIPE-API-CHANGELOG.md | 12 +++++ .../image-tools-extension.bbclass | 11 +++++ meta/classes-recipe/image.bbclass | 10 +++- meta/classes-recipe/imagetypes.bbclass | 47 +++++++++++-------- meta/classes-recipe/imagetypes_wic.bbclass | 10 ++-- meta/classes-recipe/squashfs.bbclass | 2 +- 6 files changed, 66 insertions(+), 26 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index bc40a403..f80630a0 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -978,3 +978,15 @@ specifies the rootfs path. Using these helpers instead of direct `sudo` invocations centralizes platform-specific privileged execution logic in `base.bbclass`. Direct use of `sudo` is discouraged in downstream layers. + +### Changes to image types + +The way different image types are handled has changed to be be compatible with +rootless builds. For that, the deployment of images happens in two steps: + +1. generate the image in the `${IMAGE_STAGE_CHROOT}` +2. the `imager_run` or `${SUDO_CHROOT}` command takes care of deploying the image + into the `${DEPLOY_DIR_IMAGE}` + +Conversion commands need to follow this strategy as well, but can read the image +(prior to conversion) from `${IMAGE_FILE_CHROOT}`. diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index e88557f6..2eac3619 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -17,6 +17,17 @@ SCHROOT_MOUNTS = "${WORKDIR}:${PP_WORK} ${IMAGE_ROOTFS}:${PP_ROOTFS} ${DEPLOY_DI SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt" imager_run() { + IMAGE_STAGE_DIR=$(dirname $IMAGE_STAGE_HOST) + create_chroot_parent_dir $IMAGE_STAGE_DIR + imager_run_${ISAR_CHROOT_MODE} "$@" + + # copy locally deployed files with correct permissions to deploy dir + find $IMAGE_STAGE_DIR -type f -exec cp {} ${DEPLOY_DIR_IMAGE} \; + # on error keep the files for investigation + run_privileged rm -rf $IMAGE_STAGE_DIR +} + +imager_run_schroot() { local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass index ca449ec5..e0e19adf 100644 --- a/meta/classes-recipe/image.bbclass +++ b/meta/classes-recipe/image.bbclass @@ -180,8 +180,14 @@ IMGCLASSES += "${IMAGE_CLASSES}" inherit ${IMGCLASSES} # convenience variables to be used by CMDs +# Note, that the variables are only valid within the type specific task itself +# but not in transitively called shell functions IMAGE_FILE_HOST = "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.${type}" +# view (only for reading) the image in the deploy dir (useful for conversion commands) IMAGE_FILE_CHROOT = "${PP_DEPLOY}/${IMAGE_FULLNAME}.${type}" +# staging location for copy-out (should only be written to from chroot) +IMAGE_STAGE_HOST = "${WORKDIR}/deploy-image-${type}/${IMAGE_FULLNAME}.${type}" +IMAGE_STAGE_CHROOT = "${PP_WORK}/deploy-image-${type}/${IMAGE_FULLNAME}.${type}" SUDO_CHROOT = "imager_run -d ${PP_ROOTFS} -u root --" # hook up IMAGE_CMD_* @@ -262,8 +268,8 @@ python() { image_cmd = localdata.getVar('IMAGE_CMD:' + bt_clean) if image_cmd: localdata.setVar('type', bt) + cmds.append(localdata.expand('\tIMAGE_STAGE_HOST="${IMAGE_STAGE_HOST}"')) cmds.append(localdata.expand(image_cmd)) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}')) else: bb.fatal("No IMAGE_CMD for %s" % bt) vardeps.add('IMAGE_CMD:' + bt_clean) @@ -292,8 +298,8 @@ python() { localdata.setVar('type', t) cmd = '\t' + localdata.getVar('CONVERSION_CMD:' + c) if cmd not in cmds: + cmds.append(localdata.expand('\tIMAGE_STAGE_HOST="${IMAGE_STAGE_HOST}"')) cmds.append(cmd) - cmds.append(localdata.expand('\tsudo chown $(id -u):$(id -g) ${IMAGE_FILE_HOST}.%s' % c)) vardeps.add('CONVERSION_CMD:' + c) for dep in (localdata.getVar('CONVERSION_DEPS:' + c) or '').split(): conversion_install.add(dep) diff --git a/meta/classes-recipe/imagetypes.bbclass b/meta/classes-recipe/imagetypes.bbclass index f802c11c..78b89393 100644 --- a/meta/classes-recipe/imagetypes.bbclass +++ b/meta/classes-recipe/imagetypes.bbclass @@ -9,7 +9,7 @@ TAR_TRANSFORM = "--transform='s|rootfs|.|'" TAR_OPTIONS:append = " ${TAR_TRANSFORM}" IMAGE_CMD:tar() { ${SUDO_CHROOT} tar ${TAR_OPTIONS} -cvSf \ - ${IMAGE_FILE_CHROOT} --one-file-system -C ${PP} rootfs + ${IMAGE_STAGE_CHROOT} --one-file-system -C ${PP} rootfs } # image type: ext4 @@ -38,10 +38,11 @@ do_image_ext4[prefuncs] = "set_mke2fs_args" IMAGE_CMD:ext4() { export E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" - truncate -s ${ROOTFS_SIZE}K '${IMAGE_FILE_HOST}' - - ${SUDO_CHROOT} /sbin/mke2fs ${MKE2FS_ARGS} \ - -F -d '${PP_ROOTFS}' '${IMAGE_FILE_CHROOT}' + ${SUDO_CHROOT} /bin/bash -s <<'EOF' + set -e + truncate -s ${ROOTFS_SIZE}K '${IMAGE_STAGE_CHROOT}' + /sbin/mke2fs ${MKE2FS_ARGS} -F -d '${PP_ROOTFS}' '${IMAGE_STAGE_CHROOT}' +EOF } # image type: cpio @@ -49,10 +50,12 @@ IMAGER_INSTALL:cpio += "cpio" CPIO_IMAGE_FORMAT ?= "newc" IMAGE_CMD:cpio() { - ${SUDO_CHROOT} \ - sh -c "cd ${PP_ROOTFS}; /usr/bin/find . | \ - /usr/bin/cpio -H ${CPIO_IMAGE_FORMAT} -o > \ - ${IMAGE_FILE_CHROOT}" + imager_run -p -d ${PP_WORK} -u root <<'EOIMAGER' + set -e + cd '${PP_ROOTFS}'; /usr/bin/find . | \ + /usr/bin/cpio -H ${CPIO_IMAGE_FORMAT} -o > \ + '${IMAGE_STAGE_CHROOT}' +EOIMAGER } # image type: fit @@ -72,8 +75,9 @@ IMAGE_CMD:fit() { die "FIT_IMAGE_SOURCE does not contain fitimage source file" fi - ${SUDO_CHROOT} /usr/bin/mkimage ${MKIMAGE_ARGS} \ - -f '${PP_WORK}/${FIT_IMAGE_SOURCE}' '${IMAGE_FILE_CHROOT}' + ${SUDO_CHROOT} /usr/bin/mkimage \ + ${MKIMAGE_ARGS} -f '${PP_WORK}/${FIT_IMAGE_SOURCE}' \ + '${IMAGE_STAGE_CHROOT}' } IMAGE_CMD:fit[depends] = "${PN}:do_transform_template" @@ -90,8 +94,9 @@ THIS_ISAR_CROSS_COMPILE := "${ISAR_CROSS_COMPILE}" ISAR_CROSS_COMPILE:armhf = "${@bb.utils.contains('IMAGE_BASETYPES', 'ubifs', '1', '${THIS_ISAR_CROSS_COMPILE}', d)}" IMAGE_CMD:ubifs() { - ${SUDO_CHROOT} /usr/sbin/mkfs.ubifs ${MKUBIFS_ARGS} \ - -r '${PP_ROOTFS}' '${IMAGE_FILE_CHROOT}' + ${SUDO_CHROOT} /usr/sbin/mkfs.ubifs \ + ${MKUBIFS_ARGS} -r '${PP_ROOTFS}' \ + '${IMAGE_FILE_CHROOT}' } # image type: ubi @@ -108,22 +113,26 @@ IMAGE_CMD:ubi() { die "UBINIZE_CFG does not contain ubinize config file." fi - ${SUDO_CHROOT} /usr/sbin/ubinize ${UBINIZE_ARGS} \ - -o '${IMAGE_FILE_CHROOT}' '${PP_WORK}/${UBINIZE_CFG}' + ${SUDO_CHROOT} /usr/sbin/ubinize \ + ${UBINIZE_ARGS} -o '${IMAGE_STAGE_CHROOT}' \ + '${PP_WORK}/${UBINIZE_CFG}' } IMAGE_CMD:ubi[depends] = "${PN}:do_transform_template" # image conversions IMAGE_CONVERSIONS = "gz xz zst zck" -CONVERSION_CMD:gz = "${SUDO_CHROOT} sh -c 'gzip -f -9 -n -c --rsyncable ${IMAGE_FILE_CHROOT} > ${IMAGE_FILE_CHROOT}.gz'" +# image conversions +IMAGE_CONVERSIONS = "gz xz zst zck" + +CONVERSION_CMD:gz = "${SUDO_CHROOT} sh -c 'gzip -f -9 -n -c --rsyncable ${IMAGE_FILE_CHROOT} > ${IMAGE_STAGE_CHROOT}.gz'" CONVERSION_DEPS:gz = "gzip" -CONVERSION_CMD:xz = "${SUDO_CHROOT} sh -c 'xz -c ${XZ_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_FILE_CHROOT}.xz'" +CONVERSION_CMD:xz = "${SUDO_CHROOT} sh -c 'xz -c ${XZ_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_STAGE_CHROOT}.xz'" CONVERSION_DEPS:xz = "xz-utils" -CONVERSION_CMD:zst = "${SUDO_CHROOT} sh -c 'zstd -c --sparse ${ZSTD_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_FILE_CHROOT}.zst'" +CONVERSION_CMD:zst = "${SUDO_CHROOT} sh -c 'zstd -c --sparse ${ZSTD_DEFAULTS} ${IMAGE_FILE_CHROOT} > ${IMAGE_STAGE_CHROOT}.zst'" CONVERSION_DEPS:zst = "zstd" -CONVERSION_CMD:zck = "${SUDO_CHROOT} sh -c 'cd $(dirname ${IMAGE_FILE_CHROOT}); zck ${ZCK_DEFAULTS} ${IMAGE_FILE_CHROOT}'" +CONVERSION_CMD:zck = "${SUDO_CHROOT} sh -c 'cd $(dirname ${IMAGE_FILE_CHROOT}); zck ${ZCK_DEFAULTS} ${IMAGE_STAGE_CHROOT}'" CONVERSION_DEPS:zck = "zchunk" diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 63974a3e..ebf3ce8e 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -145,6 +145,9 @@ check_for_wic_warnings() { do_image_wic[file-checksums] += "${WKS_FILE_CHECKSUM}" IMAGE_CMD:wic() { + # variable is type specific, hence capture here and + # forward to functions via export + export IMAGE_STAGE_CHROOT="${IMAGE_STAGE_CHROOT}" generate_wic_image check_for_wic_warnings } @@ -181,20 +184,19 @@ generate_wic_image() { -e "${IMAGE_BASENAME}" ${WIC_CREATE_EXTRA_ARGS} WIC_DIRECT=$(ls -t -1 /tmp/${IMAGE_FULLNAME}.wic/*.direct | head -1) - mv -f ${WIC_DIRECT} ${PP_DEPLOY}/${IMAGE_FULLNAME}.wic - mv -f ${WIC_DIRECT}.bmap ${PP_DEPLOY}/${IMAGE_FULLNAME}.wic.bmap + mv -f ${WIC_DIRECT} $IMAGE_STAGE_CHROOT + mv -f ${WIC_DIRECT}.bmap $IMAGE_STAGE_CHROOT.bmap # deploy partition files if requested (ending with .p) if [ "${WIC_DEPLOY_PARTITIONS}" -eq "1" ]; then # locate *.direct.p partition files find "/tmp/${IMAGE_FULLNAME}.wic/" -type f -regextype sed -regex ".*\.direct.*\.p[0-9]\{1,\}" | while read f; do suffix=$(basename $f | sed 's/.*\.direct\(.*\)/\1/') - mv -f ${f} ${PP_DEPLOY}/${IMAGE_FULLNAME}.wic${suffix} + mv -f ${f} $IMAGE_STAGE_CHROOT${suffix} done fi EOIMAGER run_privileged chown -R $(stat -c "%U" ${LAYERDIR_core}) ${LAYERDIR_core} ${LAYERDIR_isar} ${SCRIPTSDIR} || true - run_privileged chown -R $(id -u):$(id -g) "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic"* rm -rf ${IMAGE_ROOTFS}/../pseudo cat ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.manifest \ diff --git a/meta/classes-recipe/squashfs.bbclass b/meta/classes-recipe/squashfs.bbclass index 9cd7ed3d..8330ffb5 100644 --- a/meta/classes-recipe/squashfs.bbclass +++ b/meta/classes-recipe/squashfs.bbclass @@ -42,6 +42,6 @@ IMAGE_CMD:squashfs[depends] = "${PN}:do_transform_template" IMAGE_CMD:squashfs[vardepsexclude] += "SQUASHFS_CREATION_LIMITS" IMAGE_CMD:squashfs() { ${SUDO_CHROOT} /bin/mksquashfs \ - '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \ + '${SQUASHFS_CONTENT}' '${IMAGE_STAGE_CHROOT}' \ -noappend ${SQUASHFS_CREATION_LIMITS} ${SQUASHFS_CREATION_ARGS} } -- 2.51.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260218115827.3947145-9-felix.moessbauer%40siemens.com.