From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 20 Oct 2025 11:14:01 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wr1-f61.google.com (mail-wr1-f61.google.com [209.85.221.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 59K9E0Wi006479 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 20 Oct 2025 11:14:00 +0200 Received: by mail-wr1-f61.google.com with SMTP id ffacd0b85a97d-4278c82dce6sf1354366f8f.3 for ; Mon, 20 Oct 2025 02:14:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1760951635; cv=pass; d=google.com; s=arc-20240605; b=WKBRyS4rpsx1QGJbzdtxHRq7IfY994GSqtdLQwOEHrS7RgLU0isosoxj1JwAiPJZyx jcftXdrIfFL9ZjgCULWUabcC7YflxgpT+Mzom4up48igf2wwz27T+/3xLrY1pf/vYOxR eomhU2DEztKk1iRiEd6RnPRjkpKGoOBQceTx9oR97VJ7N8VN9rrlPBKDqqPNym4O8dd1 wUKY2TFD2YxpZc4kevtEotRFuuU93f5RD++hREcd7Ulfl8zJDST42Z71/rSFADdgbzjW MIW0R8SgQ5cG29aXP8hemJnwz1CnrGBg/RMXtX6ZrkZ54YXNrIsHjy13qsyw4paVzcXI Yp4A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :sender:dkim-signature; bh=HHgid9hUc9pCv7lRvcvVE82DOQNgSclDf43M0A0yIQ0=; fh=yWhtwiXCb18PBjBQVwZQa5xtQgzIbJkJzAMyGu30JJE=; b=WMXgMjK/mtmgl4bjYgR34CUgFDa1HxgAsVdZeSlxhAr5IuFQtO0mFGylSm0nWj3EEh Ny0UQzMqafeXdVtUKh3veHMbDHiWOJP+WLbgfG/Tjie5rT0//M2ukDUbBIyj5DRLnICB qZx11+GyZoH+c205mQI8iqnje7bXMEO054xidsSMyuPCw8XI7/jGkav+d3zWZe2vmf3R paVefS6TzfGqdERrUyDx3ckHCCH553W/A1DbRUp3VVJPbb5tE8koAWqAVLiYp2/QGeIa rkjDHiSOgDuwe5Ns9usii4s3GwTDUp5dqq6iKiCOQ4G+RqByau+3Gb8qN8ZX7X9GRLiO VnuQ==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1760951635; x=1761556435; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:from:content-language:references:to :subject:user-agent:mime-version:date:message-id:sender:from:to:cc :subject:date:message-id:reply-to; bh=HHgid9hUc9pCv7lRvcvVE82DOQNgSclDf43M0A0yIQ0=; b=TVfUod4wiPTs8nPUQv1/Y2B6pu+YsIRFFhRyAlu0tKrGB3706m3WWz3Ofc6C5uG0mu 1p4ZGcgybFQuHwNqrbz92erprUkEeH0ljrLQLMmQ1nvo4LQlr5aIdOyFWC0GLn1Dj6J5 Rb/A7rV1TDf7BJsOaauWlAACEr5gLmcjJjV37a7TAcgBCGyzD/UzPA1N4QRj/dG4ixkI KqhK0xA3UXEVvj6WSDj3h3cQgG8vTyRn+GsllpM+YcgjxvZjJTUnphB2OCkUd99mcQup 3Q/+BdeVvqajHTNdBtu2kLf1GENERZ6YlDZET6pWOjkV9yZhEpC9uqFQS3Ip59D1Oyc2 SM8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760951635; x=1761556435; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:in-reply-to :from:content-language:references:to:subject:user-agent:mime-version :date:message-id:x-beenthere:x-gm-message-state:sender:from:to:cc :subject:date:message-id:reply-to; bh=HHgid9hUc9pCv7lRvcvVE82DOQNgSclDf43M0A0yIQ0=; b=qWDDx66UPR7+/a8XwOivc07t+vniHoeDTJnrN9GMKC9eS9MNYqLR8vcOCIckmcbb10 JBz24sf+k3oI1q8Kdw9vnJ6xdlSsgVn5lI1n1Eno4gQNiGr7K1cGwQMSX+40FraHf+r4 lnfZcbuq0E8907qkyEV0TAvWI4tyjkjIFj07YIScEgOph1sSt1fssQ54RGn1S3zd1T1n lDIxVOvrET/ZSC8lNjc8NeBhECc5PRSEixo7swNuNC977Ga6gHsOtgYMwozZUH3jvGSm 62pjMMf/G3uf7alDpi2T3NASXSLoSMR3f1vS9ZwYSumty5DltMexGl4zl9U9CV8Ph8rK 9UrQ== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXFfeuMcWhXOzuxTYIooUKBHaPtoG4lRbDnvDTRzOe9241iCQqKMhXCFgYMkOdWenwy6d0a@ilbers.de X-Gm-Message-State: AOJu0YxJpjmWsrwnWnE02hIlxkOI6+Sf9LqR9sS8JFnKi0o5v3/n6Imf nWbnd1p5pNA7+sFbQ8s1WiYRiysDa7xo2NYtEzDz37hTbkS66SM0TSpO X-Google-Smtp-Source: AGHT+IGOWdW3VkXuA3y8Ov5SxIBa4UZdyiIHNUX7/ntXauM0RBoUxO3R+q2lWvSKhcGUD93jVjsSYg== X-Received: by 2002:a05:6000:188e:b0:428:3c66:a022 with SMTP id ffacd0b85a97d-4283c66a3a1mr4874859f8f.40.1760951634891; Mon, 20 Oct 2025 02:13:54 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="ARHlJd7daZ/+1m9a3RgirwFgGi0KCd/XS3Onz1xQ2pNB++j/iA==" Received: by 2002:a5d:4a82:0:b0:426:f2f7:295c with SMTP id ffacd0b85a97d-426ff51d7f5ls2236489f8f.1.-pod-prod-04-eu; Mon, 20 Oct 2025 02:13:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWcrWTaQC02IyjGnwfT9jiPi88A/ozjuJXaYCYYBQ/mSQum+a+qfqO1F2qU3y1Jxh3yGYyuYOteMlwv@googlegroups.com X-Received: by 2002:a05:6000:2284:b0:425:75ab:cce5 with SMTP id ffacd0b85a97d-42704d14427mr9725992f8f.5.1760951632268; Mon, 20 Oct 2025 02:13:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1760951632; cv=none; d=google.com; s=arc-20240605; b=NF+WJSo/mtM2kO1Qn+OIaSTMFPjmhZPChMugxYDGeTKXFPxAHade5mZ0HIKgaQV/4u 89jpmY7duiiISidH0TBRX1hjOfq4oG88yUxYKaTjqXfPgSjffCRK8LLacghGiF9TXxdM Qd/TM417FSmaOAEkjCvUFKRvnFMHECS/ilmoctsCoT2K1jKGDhD7y8+XG4thDmzsnoXV JOkItpIEmjFvMefI9aqG0V2xXw4n/lJo5urnh++J6kCFkvNmO6SYHwtU2nvhIr9wcJB4 4dEzEw3XDLG7AXFGTDKQdmcPmvzcDoJ01LK3+T5NxwPMnvC53wH/MBX+WP8MOHI9e/xU 1Plw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id; bh=TXnM6JhSRROtmx+go9vmKq47R2SIo3bJGw2lKYYSk90=; fh=1x/T85rXr8yhgzXWAa7zssXnuyt2jGlhJYPIGFWr6UE=; b=gWWFpwsP2SDmrn+uw9eAh4SVtVGwbfc4QWJtlGU5axltzaLA+cRMxfUfCxvat9cVgc QmVRfm4HPD8GDw6wpck3Y9LetiobSKAh8r7xvLIWX6leIPYfSnXhy1fgjcatjtMJuKjV 8PPc6Fj7TeEdt5NO7Yr2FQIjAfJDlz57AoDVmt7LH2Y86E2D2iJ0nMS+VimKeeYslYnn 6UHQ42rio9tU4x24aB4envCFntUGh6chva4YDWiUduDgFTtDr423GhxLRvLlVSiVDtqf 1CNglYELy5OmsPj0zp5IctJHMHnbUdX11Kr/Mkc4VNd3kr1asijp8pEsQ0stsgRvoI7o ujcw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-427ea5e97c7si188213f8f.5.2025.10.20.02.13.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 20 Oct 2025 02:13:52 -0700 (PDT) Received-SPF: pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [192.168.178.117] ([88.130.203.42]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 59K9Do23006473 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Oct 2025 11:13:50 +0200 Message-ID: <594a3b32-0194-4d3b-972d-ba1ae199b339@ilbers.de> Date: Mon, 20 Oct 2025 11:13:50 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v4 0/4] non-privileged commands in chroot To: Cedric Hombourger , isar-users@googlegroups.com References: <20250925065433.4180883-1-cedric.hombourger@siemens.com> Content-Language: en-US From: Zhihang Wei In-Reply-To: <20250925065433.4180883-1-cedric.hombourger@siemens.com> Content-Type: text/plain; charset="UTF-8"; format=flowed X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: wzh@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: asW0ykWS7/TL Applied to next, thanks. On 9/25/25 08:54, 'Cedric Hombourger' via isar-users wrote: > When building root filesystems for foreign architectures with package source > caching enabled, apt operations are executed within the rootfs through QEMU > emulation. This results in significantly degraded performance, particularly > when downloading source packages sequentially. > > This patch series introduces a new wrapper function that enables native > command execution against a rootfs while preserving special mount points > (such as /isar-apt). The approach: > > - Improves build performance for foreign architecture builds > - Maintains filesystem isolation using bubblewrap > - Preserves access to special mount points required by isar > > Additional notes: > - rootfs_cmd may be used to run commands from the host root file-system: > use with extreme care to avoid host contamination problems. > - mmdebstrap already calls apt-get of the host to download packages (in > other words, a build of a bookworm image from a trixie host will > result in mmdebstrap (from trixie), call apt-get (from trixie) to > download bookworm packages. This is the behavior we have before and > after these changes. > - With these changes and when caching of Debian source packages is > enabled/requested, Isar will use apt-get of the host to download > source packages (it will however do this from a bubblewrap'ed > environment to avoid a non-required privilege elevation; Isar has > many but we need to start from somewhere). > > Testing: > - Tested against 9e62337953fbb8371c846c44e8a99d62a8d220ba > - Basic smoke tests performed successfully (citest.py -t fast) > - Performance improvements observed in source package acquisition > - Tested with various foreign architecture configurations > > Dependencies: > - Adds bubblewrap as a new host tool requirement > - Uses kas-container 4.8.0 or later (see [1]) > > Changes since v3 patch: > - drop image-postproc-extension patches (refactoring and use of > rootfs_cmd). They are not strictly needed and were only meant > to provide another potential use of rootfs_cmd. > - Rebase changes to RECIPE-API-CHANGELOG.md and added a few extra > words about the motivation. > > Changes since v2 patch: > - rootfs_install_pkgs_download will no longer use sudo to run > apt-get install --download-only. This was added to further > demonstrate/test rootfs_cmd in existing Isar code. > > Changes since v1 patch: > - Rebase (resolve RECIPE-API-CHANGELOG.md merge conflicts) > - Prefix rootfs variable in rootfs_cmd with bwrap to avoid clashes > > Changes since RFC patch: > - Let caller decide where to bind-mount the rootfs to > - Make the rootfs argument optional > - Support 32-bit rootfs (no lib64 there) > > Test Results (avocado started from a kas-container version 4.8.1): > (01/22) citest.py:DevTest.test_dev: STARTED > (01/22) citest.py:DevTest.test_dev: PASS (1132.17 s) > (02/22) citest.py:DevTest.test_dev_apps: STARTED > (02/22) citest.py:DevTest.test_dev_apps: PASS (845.24 s) > (03/22) citest.py:DevTest.test_dev_rebuild: STARTED > (03/22) citest.py:DevTest.test_dev_rebuild: PASS (689.53 s) > (04/22) citest.py:DevTest.test_dev_run_amd64_bookworm: STARTED > (04/22) citest.py:DevTest.test_dev_run_amd64_bookworm: PASS (53.79 s) > (05/22) citest.py:DevTest.test_dev_run_arm64_bookworm: STARTED > (05/22) citest.py:DevTest.test_dev_run_arm64_bookworm: PASS (32.64 s) > (06/22) citest.py:DevTest.test_dev_run_arm_bookworm: STARTED > (06/22) citest.py:DevTest.test_dev_run_arm_bookworm: PASS (34.15 s) > (07/22) citest.py:CrossTest.test_cross: STARTED > (07/22) citest.py:CrossTest.test_cross: PASS (488.24 s) > (08/22) citest.py:CrossTest.test_cross_debsrc: STARTED > (08/22) citest.py:CrossTest.test_cross_debsrc: PASS (1409.06 s) > (09/22) citest.py:CrossTest.test_cross_trixie: STARTED > (09/22) citest.py:CrossTest.test_cross_trixie: PASS (216.54 s) > (10/22) citest.py:CrossTest.test_cross_kselftest: STARTED > (10/22) citest.py:CrossTest.test_cross_kselftest: PASS (340.48 s) > (11/22) citest.py:CrossTest.test_cross_rpi: STARTED > (11/22) citest.py:CrossTest.test_cross_rpi: PASS (1053.48 s) > (12/22) citest.py:VmBootTestFast.test_arm_bullseye: STARTED > (12/22) citest.py:VmBootTestFast.test_arm_bullseye: PASS (41.03 s) > (13/22) citest.py:VmBootTestFast.test_arm_bullseye_example_module: STARTED > (13/22) citest.py:VmBootTestFast.test_arm_bullseye_example_module: PASS (7.07 s) > (14/22) citest.py:VmBootTestFast.test_arm_bullseye_getty_target: STARTED > (14/22) citest.py:VmBootTestFast.test_arm_bullseye_getty_target: PASS (7.82 s) > (15/22) citest.py:VmBootTestFast.test_arm_buster: STARTED > (15/22) citest.py:VmBootTestFast.test_arm_buster: PASS (37.54 s) > (16/22) citest.py:VmBootTestFast.test_arm_buster_getty_target: STARTED > (16/22) citest.py:VmBootTestFast.test_arm_buster_getty_target: PASS (6.79 s) > (17/22) citest.py:VmBootTestFast.test_arm_buster_example_module: STARTED > (17/22) citest.py:VmBootTestFast.test_arm_buster_example_module: PASS (7.57 s) > (18/22) citest.py:VmBootTestFast.test_arm_bookworm: STARTED > (18/22) citest.py:VmBootTestFast.test_arm_bookworm: PASS (49.58 s) > (19/22) citest.py:VmBootTestFast.test_arm_bookworm_example_module: STARTED > (19/22) citest.py:VmBootTestFast.test_arm_bookworm_example_module: PASS (8.06 s) > (20/22) citest.py:VmBootTestFast.test_arm_bookworm_getty_target: STARTED > (20/22) citest.py:VmBootTestFast.test_arm_bookworm_getty_target: PASS (8.18 s) > (21/22) citest.py:VmBootTestFast.test_amd64_trixie: STARTED > (21/22) citest.py:VmBootTestFast.test_amd64_trixie: PASS (37.14 s) > (22/22) citest.py:VmBootTestFast.test_arm64_trixie: STARTED > (22/22) citest.py:VmBootTestFast.test_arm64_trixie: PASS (41.79 s) > RESULTS : PASS 22 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 > JOB TIME : 6585.87 s > > cedric.hombourger@siemens.com (4): > rootfs: introduce wrapper to run commands against a rootfs > deb-dl-dir: optimize caching of source packages using apt natively > bootstrap: create lock for downloads/deb without sudo > rootfs: do not get elevated privileges when downloading packages > > RECIPE-API-CHANGELOG.md | 8 ++ > doc/user_manual.md | 1 + > meta/classes/deb-dl-dir.bbclass | 58 ++++++------- > meta/classes/rootfs.bbclass | 83 ++++++++++++++++++- > .../isar-mmdebstrap/isar-mmdebstrap.inc | 4 + > 5 files changed, 120 insertions(+), 34 deletions(-) > -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/594a3b32-0194-4d3b-972d-ba1ae199b339%40ilbers.de.