From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Jun 2026 13:35:41 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f63.google.com (mail-pj1-f63.google.com [209.85.216.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 651BZb3S024935 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Jun 2026 13:35:38 +0200 Received: by mail-pj1-f63.google.com with SMTP id 98e67ed59e1d1-36bd4146cb2sf2940053a91.1 for ; Mon, 01 Jun 2026 04:35:38 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780313731; cv=pass; d=google.com; s=arc-20240605; b=ff08gZ6txuVdYs70KpGd3vip0qngvEEL1Ez9uoU1emFQ9BAXEoobasr5xB9BHxYASh DlbwhMpWICieggLVVCJ9JdgKK8yIoglkjxuMpsAmYosoWHU5lW8zvWl4mHcvrBaS9DXS 2TqlSlVa2dt5TaSX1MhfBchs3YHoeuHX9HcVAnewWys1A7gu0TbfxwV8VGWX4/mmhNmw dzx6w4PUf3+kDcXwcuOFCPn7VUNSmXbhr1jOB7lQN/Fh0DOL9aHOoZBhfLG+604HaNCp enQZUDLMtR6PsDipnENksIdlH1fSM3v5suKRLNB+1fQmWBVuPNWoU2D0N9yI6abjxczg oRUg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; fh=IVxyxBvShNtyLaMeiKdGrtilN5JVzfTg4ZsGcznKoB4=; b=GUYbCuUgiIwxoMbGK0eG76PCSH6GhHNKE4pE87H1rUk5GLpRL5YsKObBr5QixjNOcm 5Gd3rnMCJfuWX8ALol4vgM4mJssx5OjNLJegpwZg//xgb7NekNEWvzQWCUDVsPWHjT8j hPhaz42X5XqMCdp4mNY7/r60FKUFeNhP631ROkVEtDwZKenhJXdVzKC4f/x0fdSEPPoI BSc6GcoUAwBGqXwbMQc3V+5bBnO9CpGwcPnRKLUzbG9jwzQyCSm49A4DC+xFUzvRVqsX +rCxx2DMiRciubrX+8lEIHdV5RcRH/cxkQL6gMPGcnMzB41Fa55QiT+fEAEntuRsxFzs 5sNg==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780313731; x=1780918531; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; b=QLpawXY4KgwZQTKYl88AClkde3mQfXeVxfGHr4LAasysdr+s78AmrZpIMPz+73JiI8 w+Fs2WGbmSEPpA3E9ZG57FHmVmKFDgAIwrNcN/Eg/ouPL2jThweqLiBs8t+ahhj0fH6c 60HY5BTJZKpz1chW4g6du0i9WWME60AY1tZIByEy/TrWhJIMpGOkLsdwZInQThebYUiT NxZAfA8p2BIdfU1mw47mWxn+lLLeij86WO99ufzUskGUprZ0MlpaQY9JB0uUJCa1FDyK 7e+sv7VnOkRwufutQwr+h2kU5ZIkvYQAx8PVSDvKVLdS8N65Et4CmGvDvR4qv9m1biNv Hwog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780313731; x=1780918531; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y7rVWhkxVLFiZK8467WoMsgFNH7erFJIqzlnKNmbKLE=; b=cDOtk+LlJ8pPIWNupsUeKHgzGVwiUJGVhN0L0dHLMa90EddaHyeZ9ihOksZl/XpKfq 1up7KnvNVzqKwH4CcRrteIsfYuxyBdVjMwQe85QyLcZkbzvGCtx/J9hkDkQ8tcWmXRUh IrQNBAJ1PWG+HJa/109zGJS6VnjjJ5UqcnkYXbSMvu7gG4sSVOJj6zbVZY7uVf3uOS/3 7K+o5oqX+2fbzG7DJ+PVmjY16J8cZYEnvTXiHfcU4mSbAUwzewzVn3yenHY+6SBcqklG Igm4hNcaEMovMiV6h2/SgUxgCvXQnG5ArZQ5jcbW9c/HB0hMOilmlHG4EqCoeRqtGqHH zQ8g== X-Forwarded-Encrypted: i=3; AFNElJ8FRKG5T3oO2fUY/XREG740PqGKligLv1x/PrLKvXtqQkrnLeOw0QOSTiIZINXTGNv0WhSU@ilbers.de X-Gm-Message-State: AOJu0YwFOytxFv2+PTjknebPUk3llz6Gwc6KHE8nWbAyHRVFss8+CMK4 FGAKcUEgCgDYvlEmcmap7htNJYxF8c7EBMwWy4UUF6enZCT1Ic3xUQs9 X-Received: by 2002:a17:90b:1d51:b0:368:3830:a8bd with SMTP id 98e67ed59e1d1-36bbe0b5b21mr11533967a91.7.1780313731323; Mon, 01 Jun 2026 04:35:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMz1ZmXkiZf1tkSlgFoup2/zhraUYnoDQQMN+HTU/ek3g==" Received: by 2002:a17:90b:2e85:b0:36d:b120:8d29 with SMTP id 98e67ed59e1d1-36db1208dc2ls769029a91.0.-pod-prod-00-us; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) X-Received: by 2002:a17:90b:5445:b0:36d:c138:e0a0 with SMTP id 98e67ed59e1d1-36dc138e22amr1427293a91.2.1780313729641; Mon, 01 Jun 2026 04:35:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780313729; cv=pass; d=google.com; s=arc-20240605; b=aBCNqu3eVz8yKqa0zgfispszZ0Q2efke0I9EpcWXWmetvtjaLahw0m38mLmr2siF29 lPV6dGtYtEjUIeHwmUAdQWQT2OvBZ8Zyd2xqVfvr+HjkAlpv6DdFVOosFkOmjWwf1NuT QCxlEhNcWul8T1X54IX1TsZNiS836MZbowMCMCx+Ipdxpz1QpSMbt2XHqzVoajcmIB/B ZGil1mjJQZv/if44J2rHBwfHvKPyNO+WRtOwiREQ90Yp53+fclA935weBuqARJAcSQUj pg/D1ltyu1V8rj1SucBJnUgzBZsFawNFTrDXbijGfwBmv4unCxmKdL6dnVCqPI5q6Kha tdqA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=aY2NW5g9NAy9fouhXkKl1jM/uNfhwO7rqALJuvDh7mbTqkvmGlrxpEvH0C8JnwsybI W5M4WLihi/ME1HQT23b1/EnYtE/MZy+56lpTwf/KOtzf8O82BIcP/SvHrsnYWPGz1btl 0Kol1umYkltuGLg35bvy/NLfQOFabOKYEiyUTNO8DzeiWwyodjDyGPDiNn9DvsNXU5rR fmwJjVIxp+HVrmAmr4siWFjLgqviriwMHugn3XXIJpmT/7Px89QatikHNuROT3VGKMgm SKF0ch+FzkLAIexowWdpKehpWUZHLH1Ee43UQffl09cNM/yrAsL9fTJqcb5wfTvOuujr VIRg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20a::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36bbfc9830bsi359915a91.1.2026.06.01.04.35.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2026 04:35:29 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) client-ip=2a01:111:f403:c20a::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GFPxaanmKPZuO/5kDZ8WiyrsFTqUomYtWmmasUzx6c8Pom1Few5hOHeLcW3x7/SQE2RkMFCk4cchn+l5AQdDPnZBkAicG6znyE0Kw3TSQ9mNPfcbAHsv5l+KQLIcfhBclaH1IRZ4G16GEkuzjfkl9y5lO888MEn3RSFnFqlgwA0uWPONs6bn/XYOimNi9E5zeHzfCRHzIOJT1uekLVoRqAOWejLs02UnPTIPRYr9EcfvgoGOyINSM0oHhpLdxdMiK+U6jrlaf8EZvvbjbDJRr1IrwdLTJ7Z8793ddXktBodeLE2BqYgeekxsSGpd0uL4lcT/OqFCxWlC/O92+Wbazw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=xNP4y3znBJR6tTsIRlv+iHj19mp62QeZXo2z3a/7UUcBBemVums97S/6oQ6czqAgsOBUhjbab9XcvD6ZQXEUtin5Wh+uZDvIqj9V8GIt/SIIwj9Wy5fAARyPpOx3nzSX8h+p2VkPXJGuTzc0fWYf40FYUMIFne6/Z+bLlwmcFzQTbQklldMzNFS46hLdSgTd88HtTnYAX5YtDTd19/jYsyqB+R78WB8nFPKI19nS0G7Q2KEwm1Vzp10uipDO2hrdi+Gmv+GpZ2hLotlsOkhbHbl/0ZXFvosP0plc6+tpHd8AWQDZCZ8rWUxaD1IKrnXtuYjJgtHYUKrlUxOJHHyBXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by DU0PR10MB5773.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:310::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.16; Mon, 1 Jun 2026 11:35:24 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0071.015; Mon, 1 Jun 2026 11:35:23 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v4 14/17] use copy of sbom-chroot for sbom creation Date: Mon, 1 Jun 2026 13:35:01 +0200 Message-ID: <20260601113505.2898877-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260601113505.2898877-1-felix.moessbauer@siemens.com> References: <20260601113505.2898877-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR2P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9e::16) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|DU0PR10MB5773:EE_ X-MS-Office365-Filtering-Correlation-Id: a7a52cb5-d720-40a7-42bd-08debfd1de85 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|55112099003|18002099003|22082099003|56012099006|11063799006|6133799003; X-Microsoft-Antispam-Message-Info: P6Wpo3Q4FFPzK/wKOZaUr+Sfkt8sk4c9qn0prAIo+tmIhzcYStq4uFgXdgcnJTJo1r72R6ph6WXQhDBsEJ/RiK1rRUeU3fJ+TkJknucJn8kzPndcx2/F26HY3dlQ6edpirdGDRAWVx64ZMvWMmwvVEOT5vtPhPSmynNbzXY5gCnCLZ9Ak0Tj7bCisHE5cjtu/aIgSWor1YWbaFyOXTngN6DUHB7DE+mJ7KM4oyy7zNfqvyLpnVEdKvjkyN94wzZhFImyreac3ynL264RkjAtOK6AYYgFSpJ2pUsPTtrf12LjFpHCrbWS+SgShTSW1FA8fFIVMriUxuXi014K2VOwTF5FbYt2O+z7xRXf7tpurwCo4SZ+CRYStcZ+Ef7My8wJarZHgP2Bu7PCWfRkaG7WuSienzNRTN8d3RA0ZFfqYXR9U251gq7tZ8qA84qM/cSSqQnHDXZ8vYn7KeVIzUWvDE2NwymTZP/XYcESgINPsFNtBKviISqsCPeHtRXk4SLaUtK05YLQICgIIGhs959QAF7LRt9aHmgt3c+1PMbrRf/4PxRGxa4IlWdQQojK61XAOwnARbj7WfHqQkiSIDCE2xu9jGpVV08wW80UVkZJIebiaZ8xqbN+ag/pxD2WT1bWFYKC0ylAwzZQ5QdlsqZoLg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(55112099003)(18002099003)(22082099003)(56012099006)(11063799006)(6133799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?5V6Jxe5hr9dPvax/TVSJ7AARP/Ya0UOs/jemOpjJmJHDpE6gSRGJYDNapAqp?= =?us-ascii?Q?T2tcNOMsuMgYwuEErfoSc2iQj7VkWBtbIhnMHN+lOT48haebFps5KCOVU982?= =?us-ascii?Q?uBlzI79QQZcqYZv1tm/JjhUqw5cVu+wfwY+tJAk76nhuYUs/Xy1Jk/pCfqPO?= =?us-ascii?Q?8qbRtCFllFKqAWf0/eXxnUWWSMPedIYJES7Ej3crbmmqR5FUF00wNjOgXi6I?= =?us-ascii?Q?BxlrwCIVYjWrE+e9Bd51d7d7R9E0SZ00DccCBD8boBOm2KH07zWbddY/4739?= =?us-ascii?Q?ijDDHUHHMOEldO84A8D+Eu+9H2eQ8AXMVAx889njiTrX99BcuP32NSxk4rCi?= =?us-ascii?Q?ey7EiFHVqgqOfwPuP31yDI6lR6Bnp+nxHPLWJP7LqopUIJVcTbuu7w7smZ6Z?= =?us-ascii?Q?urEueZqn6WI3FFF6DRz98AuQblXN73anm8ylk/VW9fXBzY2E2boYTbN4upAc?= =?us-ascii?Q?bTJgz/PhboidZTmdewPUhWMo12JiTqprD6c6HZNSCFwTDHGDE3aYEQQYU2Dx?= =?us-ascii?Q?ZE9Ylvnv4x14yMCNttZ2DFkLJiXGorwxq45k/UVJowSHaSA1c78MJFJlyg3C?= =?us-ascii?Q?Ex8I4fXBobs7wGDimIrUdReDS+7cRgV5sv/h2obJvoGEWQq1L+d2Uvyj/1QD?= =?us-ascii?Q?ZxztJHTqmly0BwR4dR54gohruPSnruy06Bp+d31yL3rTP2crOFwrXvC8is8p?= =?us-ascii?Q?wJk597aDIsVSNYpR7qHT2Sycas9E+f50LN+fKIczNOj03XVwVa9EoDKRh+Vp?= =?us-ascii?Q?awMqdd6s8nL9E6FtFrq07q5/P5E0W6z+vE5hOHhbIgiNIjS3Cqr+Du2vZMSd?= =?us-ascii?Q?NYKd5tWbyqr/83VgDR+dRK9NZctVza8Y4it1ICcWkL3PWN6NXNUjbmqTYjPh?= =?us-ascii?Q?LTbNjCBUDTMXno+wO1gSEuToecYDQukjc0IDxRudeB/VDemgz8di4MOBnDWt?= =?us-ascii?Q?0eHXUd6KDdnn5NR/BQMOLaCoqcJFLjIfVw2aEKFY62IY21UM6S1IIT3bjslh?= =?us-ascii?Q?p/DiVWtOMxyjOrLB2MHTuhPz+9WfmHIJ4pWfo9ExgfGmJocTgKTQXWolT/7L?= =?us-ascii?Q?85XCpCYb76uI7acXTdfE8c+3l1G6wgAUk52rFPbuB9liOJhvJI6rg2Ok8JWr?= =?us-ascii?Q?N96C/lj/ptUou0o8tEoDO5AFPmA/CQaDUmogmqo/Gd6yjXmDgXH3LtVem+zC?= =?us-ascii?Q?ui0z95c80fcbE7chXNGdhorevmq0yf13ZOtBLwg7grjv8YzVuWsVXagYU4SH?= =?us-ascii?Q?YW9NgwvuZ0fy8D2z2gBHwHS+1G8g+V2W1uj+UYwbO1SivWROlWcG/3m6VfaC?= =?us-ascii?Q?Q3Wq8ydQSKsbYtQWE6JkSHd2rkibS6+4B8KApnPb2vBVvQlbuhYjESe9RTW0?= =?us-ascii?Q?EPIDRKw7FRxQDWkxKNLGbQ9DLaLgCclkGSTSC6IULemwump5iOWf+GdjSQNz?= =?us-ascii?Q?I8zGbVKXEmwEYEwhn5XNye7MYqoMhQgNBHdTIBJcwhZ6JIRfW9cegLgl7hZD?= =?us-ascii?Q?BW2ykQ7tFjpoUpv3cSBNPMvr82CkE1eb1lpWr8MxfTECWLcBUZvDQ1ZTW1ra?= =?us-ascii?Q?sRKLYg8a8TEXWrRUn2ykw25VaWgwOKSGrLAkUfzOGWr8sXXHpSDoMaHjRWPp?= =?us-ascii?Q?KepzykMFXwPmCeR0oj+jaqgUq/7dXY1QZ829/gB/M6PHQeX15Em2y2l5hOac?= =?us-ascii?Q?pIc7JOpJWPyhzM47IM9eLCd/mXdYtHm/5W4TrqLpMZ5f7d8IECIaANaqfwl1?= =?us-ascii?Q?CP1SQK57+9xZkfND8zrxEF2cbjQZcFaDApvOAlzYfQE7s8HR7efswNj2K76S?= X-MS-Exchange-AntiSpam-MessageData-1: LUt3uq+4ccQsV6HqzyA2KsQYCbRGqXisPaQ= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a7a52cb5-d720-40a7-42bd-08debfd1de85 X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2026 11:35:23.7016 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7ZTQQGUixb7k1QnsnNpyn4QJ2N7zaesyBefmUQyEwIQ2zKX1XYEp6aOeqg8yr7/5O7kAQyELpz/CdW9YQ7WhmiZkkX1ktSmZIQ1c747XCNY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5773 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=o7YZOgyc; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20a::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: TTwJSQzJtMGW We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs -- 2.53.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260601113505.2898877-15-felix.moessbauer%40siemens.com.