From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Jun 2026 11:25:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f64.google.com (mail-qv1-f64.google.com [209.85.219.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65F9PdZU009683 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Jun 2026 11:25:40 +0200 Received: by mail-qv1-f64.google.com with SMTP id 6a1803df08f44-8cec2c6b821sf68546886d6.3 for ; Mon, 15 Jun 2026 02:25:40 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781515534; cv=pass; d=google.com; s=arc-20240605; b=YQi38YXQTVfD5dk51YLfkf3K5fZpXM3nZxD6E8TXRDRVbQz4IEJHGl0zn9eRKRbS6J hjTkQhVEnHhil3au/jLfhhC6fT+QR9jUQGrEH+7pWGDG8co9Wb3R9dWw4JgLvssTg5MH Y8Yyq8UI3Xs6veiGXKevR2p4CRCh2xXeuxY2dhciCGM8HSrEHHKQOBQ1stuKnxikWj6a cp+4bBjFrpfFQNvVvUrUVo0CXi/bCswCSyLQMSvzcSIIO5FAZIn1hO4/lyLfPU54XfqE EAjy6s9nS97mMMwxiSSSSbd6rkUWZFfZXm0Ytly8DPP7goIxanEpG+2QUhq3th1fByME q4cg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; fh=IapxjSMkyVNvEmkTM3AKG+oVXeKvfpdp1AAzjU1EdAU=; b=Ib4Pl7dBR7x9XRAlWYkgwCLPERj0GmzkJpLI7w3NN0a1YkS0e4hUX0PFAry0/FWLCp 7OZ90i08WnKHzZ8xuwekuHtWN1gY/IJILLWd4mBrmHH0V3W2LvZKWgzfeaK51cfG3wtR +cxEwPtp/9feKiLkycD/wUib5QkCPTR40qgJre61HafE+mb/R2flANbhS0zWeWZsb1Bs 4X8f1eKfr3reFnYcmRRlCvnSaYtfHhQzf/l7S0+C0yDVE9hTHVpHXXboDh57Hqh1eMWV yU0Jg3nHwQO2apU6jkUzrvofS/ZkOr5hcrWwcCJMQC1UVUGs9pfY8CkjALhlJ57J1OOP HwnA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781515534; x=1782120334; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; b=b8UxfvxezD6h6Dur4uMKC0Vwgy3YiYZ5834mIIwOlD5N8GKuFTCGKHYsIhe7ZyVuy5 78o1+z9n3BCCgL5Cexlp2W/UUYwtIlraL5XJ4Zs6YvjB7Y61WJvFqbZubxxfnkfMf4bF Idpea4v4mMyJ+nFGsJ72vShLIDUvG7G/N24wQZD8ilmbGGBuoHXp8gn+UgHjzDF61nyz EvZ5tsz6y00tntkDhY9EVP0jPyje8oexsMM5aiK/ca87Wb3XJjP2xoqWa55ykr4ieZQI A4A6V125VqdVUyEqgyQTHSWU2FtYbiNXJN4PDPOL7FvuhvChXk2cSJa8Z223UGlrVwvd gXjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781515534; x=1782120334; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gq603HJm8E3vlXv7CZAzStaGtN6qsTKlI2heLn6dhmE=; b=dJSEafZqMqdIQ0vDyPfNLLJkgv0AHSqamBUuwHsgX3pNu+SxACwtOTP7TvIGD9DuGu j5KXQH1BEUGZ+4KxLb+lflwGGhCycviOgCPKgGgxFfBrDUrzxYVrAjjrPsB7bGHWN4uw DmUnULedZnfJkPBNC+t3g3Nx5k+YOml0D2sLaDGRwvMGnS8Q3icfKth4MEwNR1OOvjR0 ZtlB/A+P49Lw23O9I0vjTIIFeN8U0xcInpG1yICFxxhJby1mm54GpVUE2qUn0bucPLpk CBmxCAucvnvw20oM9rrhGoIu4a8yLO6VrX9i0OQ/vTgK/QpREAuQGQgMIVimy6DcSTVX 7zwQ== X-Forwarded-Encrypted: i=3; AFNElJ8ohkYdvVBLSiO6VzrRc+nyBvUaUDgg8jScVDjgcxlXoRFihI6VgQogPAEDsWT/XSL2P4Gx@ilbers.de X-Gm-Message-State: AOJu0YzbWlK9b7dTPqSfRpTKQm9W70mmRmkz1eEA8WQCczPkyKtvZr4s txnSJNRcJ3pB3ese3WD7OrgEyBw8CCx3STzG6oY+jWg8QjkDZC294H3c X-Received: by 2002:a05:6214:5d11:b0:8ce:ba04:7bcd with SMTP id 6a1803df08f44-8d32e9d9a25mr220724936d6.38.1781515533909; Mon, 15 Jun 2026 02:25:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUfBHkq4iWcF/wmARz7+mglOvrBRZIjB3FKscb1pOkHLAA==" Received: by 2002:a0c:f102:0:b0:89a:a50:7183 with SMTP id 6a1803df08f44-8d2f305509els57931666d6.1.-pod-prod-07-us; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) X-Received: by 2002:a05:6102:1613:b0:6c1:85f8:29b3 with SMTP id ada2fe7eead31-71e88aba610mr7317545137.6.1781515531789; Mon, 15 Jun 2026 02:25:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781515531; cv=pass; d=google.com; s=arc-20240605; b=CG6KTs8rB+HZQ3uyR374332RjWlJTT5wl+Cr7PD8jsOJF5MSsH4fBp4HhY0ua3w4N8 lIMPl1pB9h/n/PmfOoWBN6bhikBjdls5go+pHFlC6K75zY0i+VblgmpQ34dYUty/nP2i PONFL6/7GKbkBwk+MuP9rkheKf90R5/XrPY+tu5//vxRx+NpUMCjlva/m9yhoinJJsJO REhewXDRbwyYqGQLbg8YpUmeCBFzGk6u3op++HubF97UEvFFnTXdBE5u3C6gRApqa6kt STCC1+bV3OKReTyNhhqHinzv1FG7DvBlko9NtxWEdaIFt+Sj3gf0T1cltuLPPCMPX37L 2aBA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; fh=WkhL8kaJc+l2wQon1t06Ej3uvBGj9sVhNcE8PaS/XbI=; b=OuMM5joRoQ9znUDt8LQkbXz3TfhPBMFIdVJ6xhZOedQspbrU4kLUpNpo6Sz7Y+K/2o sIXJLJUg+WVr8kMGQU3IH/nWZf3lFAkjk2bzlxAAcppDiNh+HnMC14M8y3UZFqHqpPCD dZMvby2XI68n/FSyRxq6edLJvETvrsDx/Zd7SoRp9n1aJbJKD/sNVaUFWjKEGoedSEYY LWBD592SxNAHoQ3kWryWza3lb4fElraSUvNB+ai7DVIE9s83/xHXEJ53tKMzT9OoBSe1 aEYarbPAdtrSg7IrGzKDWm2wGp3IMv7N/5u2Vwd8/iann+dAYTcBj9yqQ9oxsswxTL9E rvCg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-966a05d589csi133727241.4.2026.06.15.02.25.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jun 2026 02:25:31 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AAxygSpJEkZqByMmXFZhHepxxY7XKh5Lg2jRS6ZnqksE7hVgONGE075VHovNEwc3AVVtW4q6pE/sjMIM/8oQBbaA0oaFhqA6DUSpYXfGOdg/+YV4euIfe6sY2AWzyCzKX2/cKofCy+DbuCVuGgqGznMZE9yU5wYdRYpxu6yPhr15lsNVz0nqjdO5H6rOfZ6e9zXMK+7C6P/Rrfslx7Bk58NQyXGOJHmPMfcPNqof/lqYMMEr4QA2H0/NDwg/a0tHsVm+S6r78QJEKXw3j6RSkvUfbc91ZZcijOoN5Bh3ycBL12IPLCOgaOvt6vY4SWlpcbXXh9BhG6XBxXC8pUeuFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E9CIYWFCfY8Lg9dy+yvbArQsEe54g11ZfE/jmggJiLI=; b=mpk1Q4R12Bh5lA0tm4SENwEZJ8J9Mjsc2SyBjayRdBaAGbtp7vUKZ0AocuVCuyKNpgTolz6pywBKaqFvdCyhCDfEF4gh1196iNV8MJwOSbITIMgyZ4vhZ9irNWwxj8kqubsRuVJEKou21Ns2H4GBmudptibLd59MHlo3kvl2IhJf50BKDeD+nkrrXL821pq7qL+cA/t2rawMNOUubLYd8qSlm9UjmfVNYm33DKdC3womj1ZLPgc2oM02bHZmHy12JIOpKsRC7oAqLcjpiKuhC5whLoO5Y1EXdunOXq4OR1jXMxy417NzU+TGWlnMuXVkflUYaCsBMV4h/lnAfVQX6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) by AS2PR10MB7023.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:599::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun 2026 09:25:26 +0000 Received: from AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c]) by AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM ([fe80::c54c:ccd8:ebbf:477c%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026 09:25:26 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 14/17] use copy of sbom-chroot for sbom creation Date: Mon, 15 Jun 2026 11:24:55 +0200 Message-ID: <20260615092458.259691-15-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260615092458.259691-1-felix.moessbauer@siemens.com> References: <20260615092458.259691-1-felix.moessbauer@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR4P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::13) To AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:17e::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7PR10MB3956:EE_|AS2PR10MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: 8f05e475-8bd0-4769-2634-08decac00791 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|10070799003|55112099003|56012099006|11063799006|6133799003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: B/kUa9vqR/5AS1aNcIP6HVhu/I7WcTHI8ILwV8ZA/C8s24+xUwmTHR+P8Xgf2CFfPJc8MoW0zLNVga8oiWhQH2Ir41522Tti8/D1Jy3ijhwc1Tpl14z35rime1cBK/6TKhe+R+8Q0KGQ/Lhnusoc+ckbkw4z58QveTcyeUIlx6UgW3d1Qmld9AK5NQ5hNgw6iDLubPBpn+wkP/WUcUGOa52kBSA1sg+Jhj+8pkbvCAWyN++zlPIXYWCAbUHxr8gpIrrD3Bvq6K3lvuglIwF7dNRH3n0nBMH5nVY5LWz8tH91nbG5eZwTXc+Drtw3KPjTH8LEDy8NMXmybFyqnyDk8dYF6pHZ4vaUs8Kj5jiIGecp1g4di610ze7sPiAF+Gvswg3VplqmFhJE4/I7vED4PhBgXOXO7bDX7LhihVRf4Dg74azb9Yxqy9eSfqLGRKgo81e0WgiKLCEQCjW7j9wxoOUeGIpitmWnJ3r9jbWYjFwDReEBLquD3K39L7LC1NSwjpAf0ZYUHcarNZ6mu67BVyBBnHEdGszwxxHWKA6k9eUBCr8KUKDuM5aIwPg7WjrjBCMpDUTcgNPfbzCiEPqQQmcOIpXJdUtc+V3sEsqEiqz7xcYHOjDBEl/U4vGSjbDtqVYCesFQ+cZTaSAoM4q6LRumlxeDjgv6UOoyEA64+ouZpgs0ajC0gjUOZ4N0MuMg X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(10070799003)(55112099003)(56012099006)(11063799006)(6133799003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?J75+dQxTbVt9RyXyu5jV1a4DZLC3fYZGmjig6d04RPCw47FIsC5bXktBOEbL?= =?us-ascii?Q?Jfka8RkdkBgHkOiJQh5pzVNt00Y5ALxD+jd5LoDcZi1qGK1IIkLL/TNhjcVu?= =?us-ascii?Q?wRB8Vo5hEdPlln8/oveBT3+kYbtZsN9+YRo5g9IJCLXh0u98MLDqpu095sgh?= =?us-ascii?Q?ofvhzsKiZiV3irj7o1XycGt9azrF8CTa/BG6YQhSFFrSY2CTVXmtOt0ASWfo?= =?us-ascii?Q?K4dYRpUjtor2u/ez9c2kyCrMxKDkuMDDLTXl7Nf+i7hO6gf7IVc6J1I3E/5J?= =?us-ascii?Q?CvREgoCYXOUBSIRYvYPZpKyzP5G2CxE9HhXyg3k9dlOmV0AFXkHFXy1qJMEV?= =?us-ascii?Q?6LugbQFVxlp8+XZT755QUKdh9vDJUe/CNEtCgaZc2XUohbhO65ZQ+ZsmslD5?= =?us-ascii?Q?7EzQKctFmTpO4WH9VEfwLi21sKxmf7I8IRJETSsO8Sjhvs6HRdU+Pao70R1I?= =?us-ascii?Q?Fybr1IyO4O7/YgRhGUfRnhdSl0MCsIWfSFSQZAegsaeKVpmUIMYMjX4Q0F5b?= =?us-ascii?Q?ujqtlXLFy1eJDkuRgGUBAEsmX88KN27JSpaaLsYsE/uUIY8rU+A3Kh1y4Hv0?= =?us-ascii?Q?Mzy8Jjd0c8uypplh+DZoOGgtrpZ7/iEF7VV4G2JXQu+hPti4MX1zHVeqhGuM?= =?us-ascii?Q?dAqVYAbrVibkmKaP4Gn3mdbZKckPYa/ZRP6oUFZt4zysbj0NPXUV2MuCtfjc?= =?us-ascii?Q?ArHONPuUeYPMWLA1lDCml7mKdLJz3ClNeKdJqRKydzOoksAaNveqfrtMaHfN?= =?us-ascii?Q?Ma4TrijVcCgXTdhMCvXfaYV2AVbLvgpCEtVjvvVMzkZfe/hx3n7EANtFjhxc?= =?us-ascii?Q?iUT9JZmkZ3OZi76WYjP4x4NCFS1Lf8zdxWIitD+TmTEs3uFdzeRnlHNpMGlv?= =?us-ascii?Q?Y2706f7rKRtDaECCJuArEuQ5LuHigpInlZsPfw1skiuONqgIYSGSFpB+ibfj?= =?us-ascii?Q?eH1BFupsBzl8U+onv67TdknZmvQ97E36Qpr8uUVm4JH+VHiRSkeVVMUpyZe+?= =?us-ascii?Q?ZnJROKdiCurKUDtNqdBRvcUhNzOwcEQWxbaU4DcWnX4xGuzxvGap5SSdfaKM?= =?us-ascii?Q?Q/mrLiKuOg4cxLf04nwTygc2NZI/owrlZQQxFf81ptCdNLqHVehmJXsFnSWM?= =?us-ascii?Q?+rPKJEXXOhxg499IS13DC6ASFLBTr+P2AlVNqHOH0j2fgDQ7Nymw3oYVCxZv?= =?us-ascii?Q?nwVJgDyQa8E/wXp++9cKpCpOICnShcxyio6YRNOdW30e169GwyP1avvh/X9e?= =?us-ascii?Q?3iw88yEVAVmZZazsLsvJIUplqI8YaHmVLb/XaTjNIvW+MIRaBKydEYp/0G3t?= =?us-ascii?Q?tNe+1UAZ1Ns8sDcUI1V8ei2OChX9UogFSfCFzWyYGYTOa/bGHLSRea55QFZO?= =?us-ascii?Q?0xgzOCpjFkP0W46AMusAG8YXmAKzhiAfekmXLKoTCNQhTFpCp/JNEFOEZ7T2?= =?us-ascii?Q?YqRrjV7uMLhYI9d2U+mWxGQOGzjiYZu7dq2B2mx7xZahvXSHJZ/PPiSRz2P4?= =?us-ascii?Q?TKrh+YhghlL4uKyfTPEA4QW0u0cu+rWHHbq7wSDA9pcUvrc+oyGd00+RKCJu?= =?us-ascii?Q?nxHpNBDRbkn92ogQcQ/hcRgXar7aU7GRsQy9vGNTqF2fwu5eaaFgXe7kg+48?= =?us-ascii?Q?d8D0oB4vM44EHt7EGeO66jbZslbuidZcV+ueWDNgMmtQORhcHaPxHdiU2bWI?= =?us-ascii?Q?OaPInWRUO8qJkNmzlwu0DJxdpZYOueJT0zeEqvde8J6oGG/FQ7jICDgFhDUT?= =?us-ascii?Q?ITiaaaxx4772r+zczYHjy9y1GdTUTmygvIxm0uFNod6IV2TlfHNCA+lBpfJ0?= X-MS-Exchange-AntiSpam-MessageData-1: 9TI5x59lsmF377vNt1iF4LVlKHsSYeTrQqw= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8f05e475-8bd0-4769-2634-08decac00791 X-MS-Exchange-CrossTenant-AuthSource: AM7PR10MB3956.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2026 09:25:24.4037 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bTncdaER5uU2VFkrNfPTP9+AXjefxJqiGTppXKic/7ywzw31k4cF5vV6LaMDpnk+wGLA8BpiC3EQyXsJEStOi7QiMNvjIDEz6mkk359p9Vo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7023 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=JGxlx4ra; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: GDTzR4+SW8Xi We previously used the same sbom-chroot for generating the sbom of different root filesystems. This required to have a live copy of the sbom-chroot in the deploy dir, on which also was operated on. Further, this copy was left behind in the deploy dir. We improve this by just storing a minimized tarball of the sbom-chroot in the deploy dir and extract that into the workdir of the rootfs. With the new logic in place, we also enable the sbom generation in unshare mode again. Signed-off-by: Felix Moessbauer --- .../image-tools-extension.bbclass | 27 +++++++++++++++--- meta/classes-recipe/imagetypes_wic.bbclass | 4 ++- meta/classes/sbom.bbclass | 28 ++++++++++++++++--- .../sbom-chroot/sbom-chroot.bb | 11 +++++++- 4 files changed, 60 insertions(+), 10 deletions(-) diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass index cc046fdb..c75025ca 100644 --- a/meta/classes-recipe/image-tools-extension.bbclass +++ b/meta/classes-recipe/image-tools-extension.bbclass @@ -82,7 +82,7 @@ EOAPT dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ ${WORKDIR}/imager.manifest - ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom', '', d)} + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom $schroot_dir', '', d)} fi schroot -e -c ${session_id} @@ -91,14 +91,18 @@ EOAPT schroot_delete_configs } -generate_imager_sbom() { +generate_imager_sbom_in_chroot() { + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ - --bind $schroot_dir /mnt/rootfs \ + --bind ${SBOM_CHROOT_LOCAL} / \ + --bind $1 /mnt/rootfs \ --bind ${WORKDIR} /mnt/deploy-dir \ -- debsbom -vv generate ${SBOM_DEBSBOM_TYPE_ARGS} \ --from-pkglist -r /mnt/rootfs -o /mnt/deploy-dir/imager \ @@ -128,6 +132,7 @@ imager_run_unshare() { fi local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" + local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}" run_privileged_heredoc <<'EOF' set -e @@ -185,5 +190,19 @@ EOF chroot ${ROOTFS_IMAGETOOLS} "$@" <&3 EOF + if [ -n "${local_bom}" ]; then + run_in_chroot ${ROOTFS_IMAGETOOLS} \ + dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \ + ${WORKDIR}/imager.manifest + + ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'generate_imager_sbom {}'.format(d.getVar('ROOTFS_IMAGETOOLS')), '', d)} + fi + run_privileged rm -rf ${ROOTFS_IMAGETOOLS} } + +generate_imager_sbom() { + prepare_sbom_chroot + trap 'cleanup_sbom_chroot' EXIT + generate_imager_sbom_in_chroot "$1" +} diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index 3e261622..3c65ed0d 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -205,9 +205,11 @@ EOIMAGER | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" if ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'true', 'false', d)} ; then + prepare_sbom_chroot for bomtype in ${SBOM_TYPES}; do merge_wic_sbom $bomtype done + cleanup_sbom_chroot fi } @@ -227,7 +229,7 @@ merge_wic_sbom() { bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ -- debsbom -v merge -t $BOMTYPE \ --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass index b4fcddaa..2e6d579f 100644 --- a/meta/classes/sbom.bbclass +++ b/meta/classes/sbom.bbclass @@ -23,7 +23,8 @@ SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" SBOM_DIR = "${DEPLOY_DIR}/sbom" -SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot.tar.zst" +SBOM_CHROOT_LOCAL = "${WORKDIR}/sbom-chroot" # adapted from the isar-cip-core image_uuid.bbclass def generate_document_uuid(d, warn_not_repr=True): @@ -40,14 +41,24 @@ def sbom_doc_uuid(d): if not d.getVar("SBOM_DOCUMENT_UUID"): d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) +prepare_sbom_chroot() { + run_privileged_heredoc <<'EOF' + set -e + mkdir -p ${SBOM_CHROOT_LOCAL} + tar -xf ${SBOM_CHROOT} -C ${SBOM_CHROOT_LOCAL} +EOF +} + generate_sbom() { - run_privileged mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + run_privileged mkdir -p \ + ${SBOM_CHROOT_LOCAL}/mnt/rootfs \ + ${SBOM_CHROOT_LOCAL}/mnt/deploy-dir TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) bwrap \ --unshare-user \ --unshare-pid \ - --bind ${SBOM_CHROOT} / \ + --bind ${SBOM_CHROOT_LOCAL} / \ --bind ${ROOTFSDIR} /mnt/rootfs \ --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${ROOTFS_PACKAGE_SUFFIX}' \ @@ -59,8 +70,17 @@ generate_sbom() { --timestamp $TIMESTAMP ${SBOM_DEBSBOM_EXTRA_ARGS} } +cleanup_sbom_chroot() { + run_privileged rm -rf ${SBOM_CHROOT_LOCAL} +} + do_generate_sbom[dirs] += "${DEPLOY_DIR_SBOM}" +do_generate_sbom[network] = "${TASK_USE_SUDO}" python do_generate_sbom() { sbom_doc_uuid(d) - bb.build.exec_func("generate_sbom", d) + try: + bb.build.exec_func("prepare_sbom_chroot", d) + bb.build.exec_func("generate_sbom", d) + finally: + bb.build.exec_func("cleanup_sbom_chroot", d) } diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb index 182432a0..f347327b 100644 --- a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -27,7 +27,16 @@ ROOTFSDIR = "${WORKDIR}/rootfs" ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy[network] = "${TASK_USE_SUDO}" do_sbomchroot_deploy() { - ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" + # deploy with empty var to make it smaller + lopts="--one-file-system --exclude=var/*" + ZSTD="zstd -${SSTATE_ZSTD_CLEVEL} -T${ZSTD_THREADS}" + + run_privileged \ + tar -C ${ROOTFSDIR} -cpS $lopts ${ROOTFS_TAR_ATTR_FLAGS} . \ + | $ZSTD > ${SBOM_CHROOT} + # cleanup extracted rootfs + run_privileged rm -rf ${ROOTFSDIR} } addtask do_sbomchroot_deploy before do_build after do_rootfs -- 2.53.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260615092458.259691-15-felix.moessbauer%40siemens.com.