From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 07 Apr 2026 16:23:43 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f57.google.com (mail-oa1-f57.google.com [209.85.160.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 637ENfvq015606 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 7 Apr 2026 16:23:42 +0200 Received: by mail-oa1-f57.google.com with SMTP id 586e51a60fabf-415e1e9aa5dsf10122949fac.0 for ; Tue, 07 Apr 2026 07:23:42 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1775571816; cv=pass; d=google.com; s=arc-20240605; b=bcbrkYxK9E0PRxDpmH3DMAFX1C6PBfo7Bo4nwYtr9TqvM9IBvvqRxtCVKKljFyUns0 A9i4yv4G/qyiLroy681WThHv/rk5lJ8I+NwdD2EN7CUjP6CP/fXXWvlL4FORcaljA1E7 GBPzRyuQ3hDE8mDPTxXXarCmf+mUkZrd/mHNT3KXvPJ0/MJZTJT7kvINdmggBVW//4Vc XI7zkGChb1zdKpDZBTw/RnVpxri0g2qb9tQpbPyGbpggchdV9yrA+BGys+5cajaG+6re Ntzvs3HzZmXxbUBWMBBpBwx6V+S02A/c88O3SwysTezs/Re4zH+Ve8oQRdpgEH+vPtiV CVpA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; fh=3URm/udTeUrxmN3GiJglBPIOKhKxb4Ferb19CMRzarM=; b=h8dPa2JFM/koe2Lg8Z5B+Qn5WgJc5f9i1GxeMY5uK5dYNlmdKV4bsGf0F9ouDX7b9I sDfCn1AfTJMquNvrN9H59mJuUYhRCHb72LEvm8wbo/elO7zfO/gqiPcIyZw2bqzkSML5 nUkyyq79G1ODdBfboVGvaCiCRoYyi9RMNkEVrnP66x0dRiWsLJPt4p3Te+H28I0JPmWx 33ARYBnrNgL3JnjRpEs4Hdi4dbiNpvlOpUYitSk74JwwosJqz2XiBcwCtei9oUIIR8Rf K+j2uPcrwshNBqItHGWuqoPUfOoktBIWgiWzao3jxJSExxLNM0By71xzkw7DZbUz5fnI d1pw==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775571816; x=1776176616; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; b=cXMnGOW+sM76C1jZasFibb6tpZWaWmchBgFx4ph1AUtK9j3fnSfgfnzH7ZR8hD6S9S 8LiV97kDZtN3nom9o8ORPn4qiQ+7xGPyO13p1VQSYTW/oW7IolJM22scGK6uchCVujqG EvisGLlEbbiJNT+JYX+MTQNoBc9RRosYVIgpWf78ad5S0AxV6r6U4CGJBhQ1Z7R18fXd 5ZMeU304blxQmMkvcKBj9sPsmbB3AloSnwI0joMej++XOxkD6HHYmIYdPBH4jn3bJbG2 TYf9QGJbww1koMr0yemHfQupqACAFruVC6BJy3QpS6sUIXCoVsvQf93/L49v8ucO/9b6 D9mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775571816; x=1776176616; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Hv1JyP529TCPDdBnb8QzpHzADgw5+tDAjGNcLMV6aos=; b=gmXZCzVCXdnzcNNtDeakRvglAWXy5Z5eU7el5AAVeeOdBeBlr2kuEOrw9oIutlrI0B r+wS2qaJ2uXfNZxfwwQzPQ1aVb9DqgxGwSNyOc+ZT+h4nyKLreFKLOzNW8yPvNob9dqU oE1SWLQoBdDr9J10hif33WFLmwbdJhWVrQ4CsVFkE91RiownsgCLbkDwlzmLdVrr3wmR 6o/FsZI3Tkx+/OksiDdswhXRx3brdridyBdxbk/bEV5/yZEYMPZ9lZqDU1W8jcukPK75 XUcD4Cw+ZTs2G3LjOKeZLSdHc2Eh4YC+bcHtWUXKOH/L5RZPonPQdnZVu2AYayKqexLF w6nw== X-Forwarded-Encrypted: i=3; AJvYcCUxh2hjGjKjqhRSUrvM4tSsVyfADdDHl9/gGHbnyuDWrKMNfFNACDUSgn9zx/yq3r86OQId@ilbers.de X-Gm-Message-State: AOJu0YzU7j0knCjL89JEV7vSiReko5iKzpq4yZ1QW80VHIkML8uc/juh W8WphJFRkIEItgXEmbxVpXm7O7rUIoj9chDwbOWXXlmQ2dxyZ/qzl8lo X-Received: by 2002:a05:6870:bb0d:b0:40e:dcc9:c3a9 with SMTP id 586e51a60fabf-4230fc10eadmr8665201fac.3.1775571816199; Tue, 07 Apr 2026 07:23:36 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiLCK3FVJwhmsmTlfoLhMwYz3NJ9dvxHi7uUkgFo79TqcA==" Received: by 2002:a05:6871:c91f:b0:409:4c04:fab5 with SMTP id 586e51a60fabf-422ee61aaa7ls2936972fac.2.-pod-prod-05-us; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) X-Received: by 2002:a05:6808:3185:b0:469:fc59:b128 with SMTP id 5614622812f47-46efadbb119mr9280777b6e.25.1775571815108; Tue, 07 Apr 2026 07:23:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775571815; cv=pass; d=google.com; s=arc-20240605; b=idqTQHbiqLeaXpQ3kfJFlWr1CFKzChlIyMfdWK2dSDN7zkvc+bp98VNZ7dql9rwO5b ShMNzCPZGTkMJ3PlSkdU5p/Ij3p3BUqKQL5X5xovpipXs24jhjcbGBy0Q+vKaAo07iZn TIPGeLLVyuuBL/avEwI+SKb245Lh0K88f4OD8cWhidBVAVjQQGlxhtDc/CStnJhx4qat KFPU8Vda4O/fIvQ27AGH1SFt17VK/aGnh0HZPHNABD8lLEovqifh/QjqgZSMKMwPIjLM jZVGfyLuzCSdJViaQXaIEbV/8FUpaFanMGTHp9QPrFeICoiF0DLfcqSF469Oh0Xvt89S AS5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=JiGTJ01jF3C3O/p61b8QVBnkgiSSE/iszvBpcPBUjjrrw9l8GrHP1hLiiVPs4V+SWb CTMkO6kOnJvf+fZupn5CenTFLpeqqX9gBrmsqmM6flk5bHLmlqKGI1LyX6yqiGOIspDt +GspFz5v7FskTtTsHjPNjAVufYgaqEVE10saIXv4VzI9GKUQU7pNtlYGfK86BUJjK9Rr XIcWREjbKB6hpgy+EK01wnvk/lbzX2t1a1njswEx25+M4toT0AuT1Kiwv0+UmkdsDRqK +PAUNkRFoyAYBDk54pKM35fz5yrvPnTgYuK6CGNKG9OyMhrKtmNRRYNRe+PyanE4MDiv FrzQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id 5614622812f47-472a0d2c4f5si241333b6e.2.2026.04.07.07.23.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 07:23:35 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mJeoY6xqiTY3b7mcOn446tSoSPIx15+Qn8GMMROZ1kbkZ+rPtXmK6YaotuMkAS9yYPHJWftkh9johAcqz55Y4QcQy30d+SILh3xXgkbPTMzx8m0rjJV5sp9eGQJPYvbyUXWUvVyPOwFd4WVvmxZWP39TKTq/3ibh4zsAg2D0WYfCvT284CoXyYP/w6VrzKD0zxufFFIF/DBHEjkR16i67TqO3ceP+ntVJtFHQ+Q+9/GWSF9OKvgXmir27zrA0gJOIhTBojOnzfMSU2eNZEcMrmVvsJMSNRQ+m7j9cGttuj0f5gkvx44M36QdUMy/Uga0a8lAWs4Ci7HXwLtbM8Lm1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=MyTcI8nhv7deZ/oesLvwoK0JCYOxZNagRgLMSYo/vGygo5EtLdxN1IfqCJJm3AKMEt/h7Xs3j3h9TFAn2FsM7XGFbXyfXN92NSGcu4BNE/sur2eaV45qLT/j+DHBrcwEOTTaAq8IRnquRtf2oiox5xjENiYA0Bf5l8I5pc+3lKKTsMTXHLfY22PkHEZso8jOO2kyFU48y/09JfSlQvN3ibYOuPpK7UCxsqwXCNb0bhDOI0yy6QOuT/b6K1hn5AoEc4PoCmEtLhWoIobjbPYyiia7cJ7Dbd2MlsBFBvZn//BXkPtjlXuTApcIVLBCgpdv+YSs9MA9UEoSkkXJcx7mFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by AS2PR10MB6376.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:557::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Tue, 7 Apr 2026 14:23:30 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::9412:cd7f:3f72:92ab%3]) with mapi id 15.20.9745.030; Tue, 7 Apr 2026 14:23:29 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v3 14/16] use copy of sbom-chroot for sbom creation Date: Tue, 7 Apr 2026 16:23:08 +0200 Message-ID: <20260407142310.2327696-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407142310.2327696-1-felix.moessbauer@siemens.com> References: <20260407142310.2327696-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR4P281CA0367.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f8::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|AS2PR10MB6376:EE_ X-MS-Office365-Filtering-Correlation-Id: e2c7cf3b-44f6-4bff-0b3b-08de94b13c5e X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|18002099003|22082099003|56012099003|55112099003; X-Microsoft-Antispam-Message-Info: ZNhT6pPxmo9BuxTEclfFG2CCPfqvi6PkZqwnH24u5HMLuLYw7xYON1pOLFYPK1pfgzwZmHGaK46jgrbA9Fp9c9b8shIzvmzh9bNH+s/H8q+i5T/79Koftrma6+jjI3SDSDEHqvbL52qxQ2EouqY4l+yrYflkXdLBXuAlIQOrP2muKKvbB7OoBkU9UtL8VHC2uw4EN3JpFWjahvvlEAPntepDK+aGJntMoq8jFuRovSJf10oz0H5mKXv5tMsPqOCX4XvVcNG4BlDcNFg2tp3RXlvuXZsuu3aWp4kcqzGimVrE+6nRD0p5dUoZctIFVcdKOvnfZfcZ/+7DRsBPh2h+GOsPgs76/l20n2oHn2b0BIQz4jIq+QJ1XjjdAzh1YdCHwuD7wi3w/DAGHFvIUOtjA98byxBc+otDppF6RLgshesWoA79cFKNIjR/pywEEEzZWYQAheMg+LXquJ4Ntn/wIBIbZIwU7HR7iqyYMES3XXtMhwqYBeo9hKQ3nIVed+chJolYAdXvSboO7IibA7laZBa3aWyfohG0Rl/YQ1OTHSjqTQW0Mvp76S7ZTs9fyMai58OzRX/+hPtxRMdRTk27xbEK7B9y06yH4EuZVz3FF6F5iM/HR9cNBnwlvZWHFoDTxRzMhow+FOfG6PTE1qlhQqFZBj3tlxSI+AwpH0ajHuQW4OVe7Z9PhIM/ZvIq/JUw X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(18002099003)(22082099003)(56012099003)(55112099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Wcg6ARCt9zQeyZm8P0sE30DrhqwU6etqBR3nA+eNCviaB/sWsIdu5sda/02Q?= =?us-ascii?Q?B2/VzBWrPcwNFyd8NxxsjQxe3vP4nFWWgt+L87e4LVLlXfNsko8bvV7JqmPQ?= =?us-ascii?Q?UJ0fzJ/PySEeEvwEWeWluROPeCOArs6tCief8rCCm7dqznvSyfwKORVeP3ir?= =?us-ascii?Q?R/jzkqJDEqMSX/dRIjq+oRXbkgIvIPc08RAVK1lXvAW3GSPrXAWnV5l984h0?= =?us-ascii?Q?eik7JdDEisHZLnBhsureNFzCmUk2QxzTSeqSNIFHqolMHeD6y0//cjUTcFXY?= =?us-ascii?Q?n6jEmNYtBmNsidotDV1G6mlJkEIkS3y1pTq0QXTAnIyDHP2EE/Ru42Yol1ei?= =?us-ascii?Q?AoJkw2k/0hw86m8mhXBKnVO8TqDN2GTHNBdwxLJPP8pZNZXhsNsGA5xUDAxS?= =?us-ascii?Q?cc/usHOgBFi3dy7ZTMC1FHZnu72hi9Yl3VKrwZKXRgZL0WY72CuzXZjCLpjo?= =?us-ascii?Q?SoVKU2G4cpWml0M27qYQBo6nM22UV6iMXX1uSaFcX5plpAmQdopuoFlqi4cR?= =?us-ascii?Q?gZRIs3NqW14IDvAFgWBuMJGaIwzfWQKKe+/6Z5XjjFxZFK91gJCtKUlK0hI6?= =?us-ascii?Q?cKnLo9hsodEARiiiJvbsF8WkKTaLqwHldiPxmbXIqjz2MvxK+wT10ht92SDz?= =?us-ascii?Q?B8J6n4IVcnh9OCycTM6wSySKqYmkkghlGZajSyTKQkeW5SWAwsgf7UmHTwx7?= =?us-ascii?Q?eDBpv8Zr59ZqgaPmmbrTj7O7q6bGA3aePVHgMpdZF6GYRCLtnIHtACZWhu8A?= =?us-ascii?Q?c+DxIjClTyahm5CfuLXdc1lgiYBO2YOP/g6NOn9t/giLIHgOvtuYZeMIX+Fb?= =?us-ascii?Q?C44Fneyq0z+0dssoIIb65HPI4/oCDm1KWQFV+jTJgqBJsmVlIthxgZ35YDNG?= =?us-ascii?Q?r0P5gXzFNPK/vQ0K6uncloaA8avmhast74h/elY+Q24gk4VmlFyEGKGNhtX3?= =?us-ascii?Q?qYDclPBUJv/Mxmp5rP3Do3X5XnjBISBYgMcHjYCr4K2j2NP4CUDLD9g8zyOB?= =?us-ascii?Q?mVMLwEJOrQpNrv1zBQuGdJ8GOyI49xEJ6pipx11rkQKVZ0MoBGaF4ndbi4ay?= =?us-ascii?Q?y3wMMUWbgQdqIn5l/w7RzniMBx4yYi0UlKrFZIB0wuD71jqcSAq/NNYMcaiU?= =?us-ascii?Q?uNjSBgU9Pba3Pta5Ojq5OIbZoPaujkE1MJ/ml+3QI8SyqY+ljd4OGmHyFBrz?= =?us-ascii?Q?2aMnC5EKWqypurJ3CYJeaH+dXEiyKYn/1Mf5RH+7b+jwFcVXkPZn2TEO560b?= =?us-ascii?Q?cfpJy/qWxLu8erq5Tw/Yo1VfK2ZEG2jrq3XF+sBrLvfG/KWhy97VU4vVfd5f?= =?us-ascii?Q?hbl92JawffaUanA4dqQ38DkZLcueNG7cqSC+1xSG3ZKGTn3t8Et1cZVFZz6D?= =?us-ascii?Q?XqdyCqR+x+bp3yg+d6n/iZW0BEBqqgcxMOfB7EwzzxnldWNd6lVu52120JXS?= =?us-ascii?Q?1vcbNO5c1eJpI9yIcbfVJVciRW9CFgtjKhgbDipkS9dteNQz4eXUdO+IkdqF?= =?us-ascii?Q?p2rNKaeFiK+AOsCI3Jmq+xuH9Vt8cxb5a/8Bgq+QtHE5rsc5o3+wDx5R1Y3r?= =?us-ascii?Q?fTUo41yURgQBXdiS1v0kLELoAbdpaK3N07Zm+r9YPFB9p76NXtZrJwsPStvU?= =?us-ascii?Q?/P4g1JAJCm/weRoTd4+Ym4ot8y951p/mN+zXzyQsTXDMUCvqPDBW9FE+Z/iu?= =?us-ascii?Q?W6z5aYMZLSiLxk489wS6IGSYFX1qzhgV1MYL0qDSGCYFPNSckobGBcD4f1Zh?= =?us-ascii?Q?WW/v7aPsZwAGYX3hCA5iPLYOXv8XQMU=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2c7cf3b-44f6-4bff-0b3b-08de94b13c5e X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2026 14:23:27.7970 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Xru3U90XvDeD0FqhKfgugq6cxxeurd+KIN0U6+8bZusApcd+Xes5Prw35qDWYLX71HZC6ds4BYXKFcb5ZpBVIEp2MWkKSV+T4o1ym5PFLLs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB6376 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RG5WczhO; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: CU+57Hlc/YJ6 We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs -- 2.53.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260407142310.2327696-15-felix.moessbauer%40siemens.com.