From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Jun 2026 14:34:26 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f59.google.com (mail-pj1-f59.google.com [209.85.216.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 659CYN45005834 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Jun 2026 14:34:24 +0200 Received: by mail-pj1-f59.google.com with SMTP id 98e67ed59e1d1-36d99181eaasf7478244a91.3 for ; Tue, 09 Jun 2026 05:34:24 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781008458; cv=pass; d=google.com; s=arc-20240605; b=GEiwo4BcaGsdEs9NpZvm4yL0e0Cj5JbJ/d1pSWQPNVTSepK+bNPrSAlyeu6xZ5C75g eqVYy1UZRlm6TbTg5t6SfaeNYKR/vg1c0fFHYwow0HEp64A9FJWtHDQ3cdSnqz2xxuhX GfN/vseB2jmfvycNFThGPbGsQeUYcUx7F822yJo6h5Wb0ynl/h6rBKIboV++kQjub2q5 0uAQp5A3Ya1EnTP4NOvmmxTxTN8yFZEpou4F6mjue3Vc28ZARcr2eSRr1WTScTGXyk/S mg3n4743WmhEQeUCZQdV+tLbF1tjFiIeIl0kFqRozxUeFzn4JJDFtuuYFkbKl5niyHUo i1LA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; fh=LUkptM1Do3nPNfNLFNC/U0RxKJphZPuukZSxXhcLNVY=; b=Zp/8TiucRjU6jXc8c+/1Tvwps0SrFZLjUB/7c9SqS1cDf0Wppj1dQhSZiejzJdOEJ2 LO13v+OprLt7Zric3WVuuuom8fAlSrbkYDi9OcmC9s4EJzUtlhaPrHlyxffiUyrQwV+K k3PG8D1K+cJxeKV71hOrP9W2G4mCmwakruYXe9rUA55lVRNew+ANVBdf1M5AqsTl50Cw GrcCgmYm/rNaOMMmafdNDUbVLKqxJUW3wXCvodDrlS0csCDhnqGy2H6fJWdjXr04YSSk iCkNdgolY/baD0SuMGqr2rv2/E9Jm3flHfEwz5Jgvbh0qQ9DM4H07POH/rUNrFTOxKZc gB7g==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781008458; x=1781613258; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; b=qBcT+hvwEfSQ28FatlBjRT3hDbOCxuJxL6Ur6ne1BOBoAB1oOMlnhKescAPIIp8du3 b32njZT+CU6G9q7rjDNE35kCG7nY9/xT+1oe6NXsFWBvdPHwmFbAk9SRmJyZ2QZMNB+e SRA+fuyIMl1+XgcpGMx78g5O+J2DnSe9Wv9hh2eq/adK/GouITnAhq57fOUTKYtDTBa9 JAyovxyG/da8xtRm24dIYEv16McjbhI4qaaKKWqtvfUyXmz68yKh19z/RsYLBxaIwxtf 0qfzlt4YKCJ5KL6hGiXJCkpJaTiQHaczIjDfCtQrPW10beKYxAFVzdSqvHZvfmMGPfo4 9svw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781008458; x=1781613258; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GCcjYURHH79lnzSqJNdo4vv6xt898VlL9m9CiYF+4zg=; b=JP3ZCOXUi6NKxJctiZAcow+SJQnGvDGP5sb029A4yjnWm4b+cxLWgUpZubnqJ7Ic74 G0DFUUXyPBC6XD9LbKHV2fuNuolLeIzv4eccnaE0MnMJV5VnKpQDjJhzj5hLwEXcw8gb fd8XH9uiiIFQgaLS9SER1sZ1X9HaXLSqXAsD5SVzgLA+xNk1ET1Bv5r0+OKkFL+PSpFR YvKy0EEi4z3d9JNf/8hzqPHMq9MATF//aITGemLOeACPt4zVyyWbtlFohcnawhkvAY7h LjhWvk1Os2flOYIOlPmHR0tzP5Yyz5LAqW2CAcvzmX05F556HjYBNpfDOc59FHtLdwAA gXCA== X-Forwarded-Encrypted: i=3; AFNElJ8ifaI31J8+hTRafG7HLd8v60lWc96Y8ye9jOkuruGVr0Y+S055F8Eeurgj76Iz1Zt/sgG2@ilbers.de X-Gm-Message-State: AOJu0YxsDRYBMb+hXVnELXxFoBn/YMhKl/ePTO8uMa0dJEl5IA5HHYbj pknYh3FkiBN39ghaYln1PqveQHOdWATcUit3jUL9Tvumzp+r1zCDPFq+ X-Received: by 2002:a17:90b:57c4:b0:36b:75:6387 with SMTP id 98e67ed59e1d1-370eea202f0mr20776491a91.8.1781008457979; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfQikucPpHx7psw52kZvozEvZJMWvawihLTmk0QJpgkPQ==" Received: by 2002:a17:90b:1b42:b0:368:e574:6b68 with SMTP id 98e67ed59e1d1-36f66221805ls9046162a91.2.-pod-prod-06-us; Tue, 09 Jun 2026 05:34:17 -0700 (PDT) X-Received: by 2002:a17:90b:5906:b0:36a:5d1f:7ac with SMTP id 98e67ed59e1d1-370ee344dc4mr21170819a91.3.1781008456668; Tue, 09 Jun 2026 05:34:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781008456; cv=pass; d=google.com; s=arc-20240605; b=fWiye4W9W+7OXIESWA2ZUhCYQrEKr5D6VhzFIfVS1Dhpivw96HsJRB5JUnbUwzCptA sfeE+ypKGw3KYj4JWhS1PefbnnrW4fXnTwKOemJyvChq8wnk2vpJSUZT+O/23PFQ17AS pjKdBPTVaCYf0MAFGO6DXq0EGK9Ta6AWu88qH9/84nFe7L85/QTQDGG20uXLYcawu9K8 z6zf9+hTEQk8FbNodyrz26FW7SE/5i+9avj1hiPyK6DW/U0gx9pCCZt4T+tz1hzkw5rZ FMBa8zejWYAv6RAe3n75NVtEocpQm7dlO7E9wQWKaVxVQE4ZfSxiL4OfTPwYNLCLEx4s 5stg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=Ap3Uy4/8RrzzuCRoQW0zA0kEePzTd+HYYtYltuWpR7szqGIsfY3qNVM7jB8sRbXTIJ mESpgAugXnFAIl5S/Zq7lCNSUoP0SH8PzMY0pyBBijr/IemdEm8Tf26iCbXCt8MFlRfa fyEr7cD2tTQkuX96bcH3d+h9RGR3LH9gEfOfu4SUXV9rwAibHo1lD6ndSYH3qULP/5gf ep2gvsHX1E1wOGIjhy5A4As8QI4nL5cd2YughW3xX6hVxj0GHCRrLDLlhRXvkT2N9ESN 4qwwLFPu5ttbHnV8Uarjjcx8XIBELNC1G74cN71sPw4q/eOMqG5iWJyYAUT6+0SKJgol 2SIw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-36f7092b0b1si616456a91.3.2026.06.09.05.34.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 05:34:16 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qBd2q7rq9Q+qczjHXE8u0N8YxDmBQvaRfmYdAymfYcxau57VmuK4PnpEt6wcCRad8uWVgefMGqbyi8rJgt3VvxswaaYZqmit4C2TWfJ3UPQJ2BQcBrMYajNyVbrzlu0aX2aYnAsWBcTgjzq3n4kyuSc9Wi7ILh6jf9FYot0JTgimBJa06gxSbQw72fcXc1t/7zAOiJR5xef5g3h8XqKO0G2WpIxOsUXFiESwTgbE4Mmfc5d59M6cMFmc0FhMU3//wXGG25IMlBPTdXrwHcJm/OvQIL38qYcAfSY9M+tuImPb4Oa9ereMmFy/F83lQHYiDAnjRqxvR2aDPBJ8Vk11Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=sZupV37qCwDmtAkw65X+F5mxADdcY66YpA5fiTe2rk7+u9ESNNj7szx6QcFyDUV32iHMwQqBQJwiRWwnLYtPhHP7z78JcRI2UkxdOUxv+A4y5H+7RQDWq2eGl7Ok0V7IGV1CrbFJEYoCklBjXBtY+XngqeQZoBC/Z0A8Y+nRb084sWUh7Nx9+4xRQpXopa12pnI3IHLjIRXlWfzQMXJ5l4sK3WDPujzWqz385QROPBxQbnT9axYTg90Mq6FLkTokvHa+ySn2/twZV3Xte6pQ3HciEOxK/tLCgh1USkJItg5XTas7xG0R+WRyfeNSkmDJGMBodmP/gzoL8/F6A22n0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) by AM8PR10MB4097.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1ec::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.14; Tue, 9 Jun 2026 12:34:13 +0000 Received: from AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a]) by AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM ([fe80::c0c1:ae4a:a803:8b8a%7]) with mapi id 15.21.0092.011; Tue, 9 Jun 2026 12:34:12 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 14/17] use copy of sbom-chroot for sbom creation Date: Tue, 9 Jun 2026 14:33:52 +0200 Message-ID: <20260609123355.2368573-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260609123355.2368573-1-felix.moessbauer@siemens.com> References: <20260609123355.2368573-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: DU7P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:553::18) To AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:619::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR10MB7254:EE_|AM8PR10MB4097:EE_ X-MS-Office365-Filtering-Correlation-Id: d4fcee73-8b71-40de-29dd-08dec623692f X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|55112099003|6133799003|22082099003|18002099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: mikAWhWZ9/RXCWXTPiYeratDhO24/Rh9i1gxQ/vv7w2mC0viUJwJS6AC1YAJa6m5huzfH9/z7KaCi8fcKDxynwU+aKM9w68iyGbIeUHSiIrSieBbe7YNHdeF8Jz0g/DtmWArFGH2kW6GAe2wjpfceajacgKISYwKGScnQLX3Agmlcc+2aS0y1yjB6zdU+LHS2KgyA3QLgx8poPdam9lqQzXBtvNxUbGAsjPXMVXRZ+9DOZ9op3isK35Pk/a0IlxP0dlQuJVatIN2jfzS6qtSPjom2fRnb1eMdMTz36qzlXATdtlFUQOAtbBAeu1Fe1hw/OBxhhBCvZOm9UWkEO73PVo8nPAxx0Lo0z96ZYHnc9zAhTsUVap3eoH+iy7sF/h3/dGbr84u/QEwdrR2AaPZWDnPh0hkVKjWZAVcWHrQmeCjNquwGRg0/qpgsVIyS3848zy0xt2MPFGWstqFMZdIe0TQJ4hamCFCjX4zi8oTG4HLXlHr+TVV5BiG+enyp6yYoZYtmzOEmfb0iYZVV6hyMkUyHWoOPkuBcZXENIXdEpdTnpjPQGtRUJI7gd6CdHDPj3JqMKvI86Xj4nJLDam3h1/OSAKNZWXFGFlrjFmXl7JWf7wA9EFFFoPlvsQAJBiZMGxPsikYW2LYI5wM45kvK8ydjHWiFWO4H+vuO8jdG4lW7lk+j1USszErXCWAavsM X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(55112099003)(6133799003)(22082099003)(18002099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?q8X8ZRHSM4H4FVrji6ckjdf7OlVTzocGFZ7WYHeN34iGVeY8rsHnsE1Qkae1?= =?us-ascii?Q?iXY7Mk+/dF30GAis0bHThrPW7/fVVk3v/Fh7cA25dxZt1okWYN+nOnTdY3N/?= =?us-ascii?Q?5OlmO95Vgln9Ybq+wvvSkPAoZKxA5XM5AYU1L5wpRIdN8PIbz9y/07ychf6j?= =?us-ascii?Q?B5Hte8Hxm2sK7/ANoKjFDH0/Ps7iElmMgrt9Usr3wvjGyJVft2fVDm7ttUUg?= =?us-ascii?Q?Kg7uTzfjO+6FrwzG7ysmcMJ0sydghcBUwj/YGrUJScrqyOWmbZpVf6rN51yh?= =?us-ascii?Q?kXJXtAZ+lKvMXNo6A3QA6JS3jkvLJR1llacnrdfZMefKmM+pWT7RtDhola3o?= =?us-ascii?Q?W0aC10TzhATJ35thRo1R8OuxKjrhJt/Gs9LCvWnK4cikzsk6SqWOZ9jLe/9k?= =?us-ascii?Q?cdcQ9J2yjWLY14VGH8g8YBhEhMSAm0bJTJYZgrvHIQ7FjCzfoqovtGS968oj?= =?us-ascii?Q?P+qtkXeSyMF07cFzeBniYHWJSUpaRj3fQ2kd51xn9AaQ5HEYdVADNj56upng?= =?us-ascii?Q?46p/wvEW4QnTc0LTdqYGWzuC7FoH8cO0QWUL3rgmzDe6qNzl+l96FgD5wPHH?= =?us-ascii?Q?vmA1+ActFagd7AF+InDuNHkF5P+kTtpT8JEoK3runK02pbJ6l3Cbm4UpGxZY?= =?us-ascii?Q?rpAL2v6g3+5IGHjKbdhoum6U//QLe/qoIC+7IBGQVzZvvimAvsM/IMMUv5NK?= =?us-ascii?Q?4BPpEHsWzJAANtRGQpDQpqWvT2OWBT+W3MsDvkdXNaSCiftLntLHDL8FgksK?= =?us-ascii?Q?QytGMmCt1QQ7dCWtwNia0Jfei5PT78/ecKelnkO0I7HYDJkfiOLKpBr4k8UM?= =?us-ascii?Q?TBVJ0UL6FTNlwHVhPPE+Clm0Je9lVzMyZsdkOZ2D/hR4ME9Dl0BkfRgIS4vK?= =?us-ascii?Q?r4pISw2odibVFcZ1lhFZ1faSJsXtJvOzOo2pgyGsBgp9bu1InStIboGbobqJ?= =?us-ascii?Q?v0shy1CCPgav1X863DxQvUvtxId8C5tCRCQNBgFE+hnW2pOdoxhr/fG21BNX?= =?us-ascii?Q?glgFXGlbzqw9E9QnOAiIRs24LgvQvLsqZmdiIm9D2sxEbcnd0n3rSOT2MkoU?= =?us-ascii?Q?5l0z9bORzqK1DV5ZMuNiyTjIkmDnLBzOUCqlzF2YaQyFl/HkbR3OdkUezZ27?= =?us-ascii?Q?oIWtK3R5hG8AimwnxwfDml8JnI+w56YTfFinElYBoGvPyn2z1JSv5Px3PPIU?= =?us-ascii?Q?BNkdwbhumUnn4mjhExbUjn58QT3nk4fXgNS+BV9KEuDCCt6Ai404u8B6ARCp?= =?us-ascii?Q?Qgctvt2uAjlKHkMStaPp8tVHvImsicIefE49XofK+LsfKbuLFSFgdydpn1SX?= =?us-ascii?Q?kCTcM5ZdJ4YRA5qbVMgdpeWjqC1xDudNyB8RTyKNvoETVYnhQTgxn7uymgky?= =?us-ascii?Q?q36YMrJrgh83AgjBxrnaX/j0HbcgSDIINbeucjXpE4cQDfn37oWwoFmrY/+v?= =?us-ascii?Q?OGyBULcq06l09P6jvzXSAq1rojjO9rQup0+oCreC9iwY1sAejuZ5v8gmfqnK?= =?us-ascii?Q?PBd5WqDVrVjprSz3svDFSg77BtVDjkr9X5LOP6siccvNbOealDOkeSj94NuS?= =?us-ascii?Q?m6EnylUY9N8DNXxG0hDzex++wStaJ+3uBqSKYABOl9kpOTrjsjEZ2r4epPil?= =?us-ascii?Q?H00TyrcIqRDXiNjcC99xdUEVtGhx+6m+WVwh9IszZeaOhe+p/kXMVStdnl5m?= =?us-ascii?Q?2SPT/AU84tdvPeAJ4DKezSyWTKVSoTSV3YJHl3rUxjD1RD5ozmTdLuHt8z7m?= =?us-ascii?Q?QTYGocycFvhL1OkUqVhTWLzF2nJKWZ4=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4fcee73-8b71-40de-29dd-08dec623692f X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7254.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2026 12:34:12.6114 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zdcs7USd8Ytmf/Mo3SI50QQwmCSKLdD+5TsemPB9xULO6zYvPhkEJBDKe2xubQK0e5nh70HLOOfpJdHeLnt9oYv8megVdGIHfhW0t0exlHU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4097 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Kpu8qyYE; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: VXo4nXGov0p5 We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs -- 2.53.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260609123355.2368573-15-felix.moessbauer%40siemens.com.