[PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Henning Schild]

Issue: debootstrap copies /etc/resolv.conf from the host into the
rootfs, and we need it there to use apt-get. But we do not always want
it there after we are done installing

Fix: remove the leaked file in our image customization package, to reach
a defined state. That happens to be the state we had with multistrap.

Impact: images will not contain a resolv.conf anymore, just like in the
multistrap days. If you want one do not install example-raw and
customize in your own hook

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-isar/recipes-app/example-raw/files/postinst b/meta-isar/recipes-app/example-raw/files/postinst
index f60be8c..385473e 100644
--- a/meta-isar/recipes-app/example-raw/files/postinst
+++ b/meta-isar/recipes-app/example-raw/files/postinst
@@ -19,4 +19,8 @@ chown -R isar:isar /var/lib/isar
 # but we take the same password for this example
 echo "root:root" | chpasswd
 
+# debootstrap will leak these two files from the build host, get them
+# into a defined state
+# every image will have to handle these two somehow
 echo "isar" > /etc/hostname
+rm -f /etc/resolv.conf
-- 
2.16.1

Re: [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Jan Kiszka]

On 2018-04-17 14:46, [ext] Henning Schild wrote:
> Issue: debootstrap copies /etc/resolv.conf from the host into the
> rootfs, and we need it there to use apt-get. But we do not always want
> it there after we are done installing
> 
> Fix: remove the leaked file in our image customization package, to reach
> a defined state. That happens to be the state we had with multistrap.
> 
> Impact: images will not contain a resolv.conf anymore, just like in the
> multistrap days. If you want one do not install example-raw and
> customize in your own hook
> 
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>  meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/meta-isar/recipes-app/example-raw/files/postinst b/meta-isar/recipes-app/example-raw/files/postinst
> index f60be8c..385473e 100644
> --- a/meta-isar/recipes-app/example-raw/files/postinst
> +++ b/meta-isar/recipes-app/example-raw/files/postinst
> @@ -19,4 +19,8 @@ chown -R isar:isar /var/lib/isar
>  # but we take the same password for this example
>  echo "root:root" | chpasswd
>  
> +# debootstrap will leak these two files from the build host, get them
> +# into a defined state
> +# every image will have to handle these two somehow
>  echo "isar" > /etc/hostname
> +rm -f /etc/resolv.conf

That cleaning should go into the generic images. It's not a customization.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Henning Schild]

Am Tue, 17 Apr 2018 15:03:28 +0200
schrieb Jan Kiszka <jan.kiszka@siemens.com>:

> On 2018-04-17 14:46, [ext] Henning Schild wrote:
> > Issue: debootstrap copies /etc/resolv.conf from the host into the
> > rootfs, and we need it there to use apt-get. But we do not always
> > want it there after we are done installing
> > 
> > Fix: remove the leaked file in our image customization package, to
> > reach a defined state. That happens to be the state we had with
> > multistrap.
> > 
> > Impact: images will not contain a resolv.conf anymore, just like in
> > the multistrap days. If you want one do not install example-raw and
> > customize in your own hook
> > 
> > Signed-off-by: Henning Schild <henning.schild@siemens.com>
> > ---
> >  meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/meta-isar/recipes-app/example-raw/files/postinst
> > b/meta-isar/recipes-app/example-raw/files/postinst index
> > f60be8c..385473e 100644 ---
> > a/meta-isar/recipes-app/example-raw/files/postinst +++
> > b/meta-isar/recipes-app/example-raw/files/postinst @@ -19,4 +19,8
> > @@ chown -R isar:isar /var/lib/isar # but we take the same password
> > for this example echo "root:root" | chpasswd
> >  
> > +# debootstrap will leak these two files from the build host, get
> > them +# into a defined state
> > +# every image will have to handle these two somehow
> >  echo "isar" > /etc/hostname
> > +rm -f /etc/resolv.conf  
> 
> That cleaning should go into the generic images. It's not a
> customization.

Just discussed that with Claudius offline. And we came to the
conclusion that it can not really go anywhere else.

Instead our conclusion was, that these two files are special and every
image should contain a customization script to bring those two into a
defined state. We read debootstrap code and confirmed that it is these
two files only. In fact we found resolv.conf after a question around
hostname appeared.

If you delete them in the image-recipe, you can not tune them in hooks
anymore. And the image needs them as long as it needs internet ... want
to use apt-get.

We could handle them in a post do_rootfs task that end-users would
override to customize. The bb-task would not be very debian-like and
would open a tempting hack-vector that end-users might use to smuggle
rootfs-changes around apt.

Henning

> Jan
> 

Re: [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Jan Kiszka]

On 2018-04-17 15:20, Henning Schild wrote:
> Am Tue, 17 Apr 2018 15:03:28 +0200
> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> 
>> On 2018-04-17 14:46, [ext] Henning Schild wrote:
>>> Issue: debootstrap copies /etc/resolv.conf from the host into the
>>> rootfs, and we need it there to use apt-get. But we do not always
>>> want it there after we are done installing
>>>
>>> Fix: remove the leaked file in our image customization package, to
>>> reach a defined state. That happens to be the state we had with
>>> multistrap.
>>>
>>> Impact: images will not contain a resolv.conf anymore, just like in
>>> the multistrap days. If you want one do not install example-raw and
>>> customize in your own hook
>>>
>>> Signed-off-by: Henning Schild <henning.schild@siemens.com>
>>> ---
>>>  meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
>>>  1 file changed, 4 insertions(+)
>>>
>>> diff --git a/meta-isar/recipes-app/example-raw/files/postinst
>>> b/meta-isar/recipes-app/example-raw/files/postinst index
>>> f60be8c..385473e 100644 ---
>>> a/meta-isar/recipes-app/example-raw/files/postinst +++
>>> b/meta-isar/recipes-app/example-raw/files/postinst @@ -19,4 +19,8
>>> @@ chown -R isar:isar /var/lib/isar # but we take the same password
>>> for this example echo "root:root" | chpasswd
>>>  
>>> +# debootstrap will leak these two files from the build host, get
>>> them +# into a defined state
>>> +# every image will have to handle these two somehow
>>>  echo "isar" > /etc/hostname
>>> +rm -f /etc/resolv.conf  
>>
>> That cleaning should go into the generic images. It's not a
>> customization.
> 
> Just discussed that with Claudius offline. And we came to the
> conclusion that it can not really go anywhere else.
> 
> Instead our conclusion was, that these two files are special and every
> image should contain a customization script to bring those two into a
> defined state. We read debootstrap code and confirmed that it is these
> two files only. In fact we found resolv.conf after a question around
> hostname appeared.
> 
> If you delete them in the image-recipe, you can not tune them in hooks
> anymore. And the image needs them as long as it needs internet ... want
> to use apt-get.
> 
> We could handle them in a post do_rootfs task that end-users would
> override to customize. The bb-task would not be very debian-like and
> would open a tempting hack-vector that end-users might use to smuggle
> rootfs-changes around apt.

Host state shall not go into the image. Thus at least emptying that file
is mandatory. In case someone forgets that or is in no need for
networking, this should be done generically, not per customization. A
customization package can still ship its own file, I don't see the
problem here.

Jan
-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Henning Schild]

Am Tue, 17 Apr 2018 15:23:55 +0200
schrieb Jan Kiszka <jan.kiszka@siemens.com>:

> On 2018-04-17 15:20, Henning Schild wrote:
> > Am Tue, 17 Apr 2018 15:03:28 +0200
> > schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> >   
> >> On 2018-04-17 14:46, [ext] Henning Schild wrote:  
> >>> Issue: debootstrap copies /etc/resolv.conf from the host into the
> >>> rootfs, and we need it there to use apt-get. But we do not always
> >>> want it there after we are done installing
> >>>
> >>> Fix: remove the leaked file in our image customization package, to
> >>> reach a defined state. That happens to be the state we had with
> >>> multistrap.
> >>>
> >>> Impact: images will not contain a resolv.conf anymore, just like
> >>> in the multistrap days. If you want one do not install
> >>> example-raw and customize in your own hook
> >>>
> >>> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> >>> ---
> >>>  meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
> >>>  1 file changed, 4 insertions(+)
> >>>
> >>> diff --git a/meta-isar/recipes-app/example-raw/files/postinst
> >>> b/meta-isar/recipes-app/example-raw/files/postinst index
> >>> f60be8c..385473e 100644 ---
> >>> a/meta-isar/recipes-app/example-raw/files/postinst +++
> >>> b/meta-isar/recipes-app/example-raw/files/postinst @@ -19,4 +19,8
> >>> @@ chown -R isar:isar /var/lib/isar # but we take the same
> >>> password for this example echo "root:root" | chpasswd
> >>>  
> >>> +# debootstrap will leak these two files from the build host, get
> >>> them +# into a defined state
> >>> +# every image will have to handle these two somehow
> >>>  echo "isar" > /etc/hostname
> >>> +rm -f /etc/resolv.conf    
> >>
> >> That cleaning should go into the generic images. It's not a
> >> customization.  
> > 
> > Just discussed that with Claudius offline. And we came to the
> > conclusion that it can not really go anywhere else.
> > 
> > Instead our conclusion was, that these two files are special and
> > every image should contain a customization script to bring those
> > two into a defined state. We read debootstrap code and confirmed
> > that it is these two files only. In fact we found resolv.conf after
> > a question around hostname appeared.
> > 
> > If you delete them in the image-recipe, you can not tune them in
> > hooks anymore. And the image needs them as long as it needs
> > internet ... want to use apt-get.
> > 
> > We could handle them in a post do_rootfs task that end-users would
> > override to customize. The bb-task would not be very debian-like and
> > would open a tempting hack-vector that end-users might use to
> > smuggle rootfs-changes around apt.  
> 
> Host state shall not go into the image. Thus at least emptying that
> file is mandatory. In case someone forgets that or is in no need for
> networking, this should be done generically, not per customization. A
> customization package can still ship its own file, I don't see the
> problem here.

OK, came up with another approach that is still being tested. Stay
tuned.

Henning

> Jan

[PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images

[Henning Schild]

debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf
into all rootfss it builds. That is done so the newly created rootfs
will have internet access once you chroot into it.

For the buildchroot we need internet and the leakage does not hurt, for
the final image we probably do not want any of these files anymore.

So split up the apt-get into a download and install phase and delete
the two files after fetching the packages, but only for the image and
not the buildchroot.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta-isar/recipes-core/images/isar-image-base.bb |  3 ++-
 meta/classes/isar-bootstrap-helper.bbclass       | 13 +++++++++----
 meta/recipes-devtools/buildchroot/buildchroot.bb |  3 ++-
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
index c4799d3..989386c 100644
--- a/meta-isar/recipes-core/images/isar-image-base.bb
+++ b/meta-isar/recipes-core/images/isar-image-base.bb
@@ -36,7 +36,8 @@ do_rootfs() {
         mkdir -p $CDIRS
     fi
 
-    setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
+    setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
+        ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
 
     # Configure root filesystem
     sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}"
diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
index a06116d..e062921 100644
--- a/meta/classes/isar-bootstrap-helper.bbclass
+++ b/meta/classes/isar-bootstrap-helper.bbclass
@@ -7,8 +7,13 @@
 
 setup_root_file_system() {
     ROOTFSDIR="$1"
+    CLEANHOSTLEAK="$2"
+    shift
     shift
     PACKAGES="$@"
+    APT_ARGS="install --yes --allow-unauthenticated \
+              -o Debug::pkgProblemResolver=yes"
+    CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf"
 
     sudo cp -Trpfx \
         "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \
@@ -32,8 +37,8 @@ setup_root_file_system() {
         -o Dir::Etc::sourceparts="-" \
         -o APT::Get::List-Cleanup="0"
     sudo -E chroot "$ROOTFSDIR" \
-        /usr/bin/apt-get install -y \
-            --allow-unauthenticated \
-            -o Debug::pkgProblemResolver=yes \
-        $PACKAGES
+        /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
+    [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES}
+    sudo -E chroot "$ROOTFSDIR" \
+        /usr/bin/apt-get ${APT_ARGS} $PACKAGES
 }
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
index b16e63a..0beb188 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.bb
+++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
@@ -44,7 +44,8 @@ do_build() {
         mkdir -p $CDIRS
     fi
 
-    setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL}
+    setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
+        ${BUILDCHROOT_PREINSTALL}
 
     # Install package builder script
     sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
-- 
2.16.1

Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images

[Claudius Heine]

Hi,

On 2018-04-17 17:37, Henning Schild wrote:
> debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf
> into all rootfss it builds. That is done so the newly created rootfs
> will have internet access once you chroot into it.
> 
> For the buildchroot we need internet and the leakage does not hurt, for
> the final image we probably do not want any of these files anymore.
> 
> So split up the apt-get into a download and install phase and delete
> the two files after fetching the packages, but only for the image and
> not the buildchroot.
> 
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>   meta-isar/recipes-core/images/isar-image-base.bb |  3 ++-
>   meta/classes/isar-bootstrap-helper.bbclass       | 13 +++++++++----
>   meta/recipes-devtools/buildchroot/buildchroot.bb |  3 ++-
>   3 files changed, 13 insertions(+), 6 deletions(-)
> 
> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
> index c4799d3..989386c 100644
> --- a/meta-isar/recipes-core/images/isar-image-base.bb
> +++ b/meta-isar/recipes-core/images/isar-image-base.bb
> @@ -36,7 +36,8 @@ do_rootfs() {
>           mkdir -p $CDIRS
>       fi
>   
> -    setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> +    setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> +        ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
>   
>       # Configure root filesystem
>       sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}"
> diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
> index a06116d..e062921 100644
> --- a/meta/classes/isar-bootstrap-helper.bbclass
> +++ b/meta/classes/isar-bootstrap-helper.bbclass
> @@ -7,8 +7,13 @@
>   
>   setup_root_file_system() {
>       ROOTFSDIR="$1"
> +    CLEANHOSTLEAK="$2"
> +    shift
>       shift
>       PACKAGES="$@"
> +    APT_ARGS="install --yes --allow-unauthenticated \
> +              -o Debug::pkgProblemResolver=yes"
> +    CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf"
>   
>       sudo cp -Trpfx \
>           "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \
> @@ -32,8 +37,8 @@ setup_root_file_system() {
>           -o Dir::Etc::sourceparts="-" \
>           -o APT::Get::List-Cleanup="0"
>       sudo -E chroot "$ROOTFSDIR" \
> -        /usr/bin/apt-get install -y \
> -            --allow-unauthenticated \
> -            -o Debug::pkgProblemResolver=yes \
> -        $PACKAGES
> +        /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> +    [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES}
> +    sudo -E chroot "$ROOTFSDIR" \
> +        /usr/bin/apt-get ${APT_ARGS} $PACKAGES
>   }
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
> index b16e63a..0beb188 100644
> --- a/meta/recipes-devtools/buildchroot/buildchroot.bb
> +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
> @@ -44,7 +44,8 @@ do_build() {
>           mkdir -p $CDIRS
>       fi
>   
> -    setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL}
> +    setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> +        ${BUILDCHROOT_PREINSTALL}
>   
>       # Install package builder script
>       sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
> 

Good patch. I cherry picked it into my tree, because its also very 
useful to split the download an installation of the packages.

Reviewed-by: Claudius Heine <ch@denx.de>

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de

Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images

[Henning Schild]

Am Thu, 19 Apr 2018 17:35:23 +0200
schrieb Claudius Heine <claudius.heine.ext@siemens.com>:

> Hi,
> 
> On 2018-04-17 17:37, Henning Schild wrote:
> > debootstrap will leak the build hosts /etc/hostname
> > and /etc/resolv.conf into all rootfss it builds. That is done so
> > the newly created rootfs will have internet access once you chroot
> > into it.
> > 
> > For the buildchroot we need internet and the leakage does not hurt,
> > for the final image we probably do not want any of these files
> > anymore.
> > 
> > So split up the apt-get into a download and install phase and delete
> > the two files after fetching the packages, but only for the image
> > and not the buildchroot.
> > 
> > Signed-off-by: Henning Schild <henning.schild@siemens.com>
> > ---
> >   meta-isar/recipes-core/images/isar-image-base.bb |  3 ++-
> >   meta/classes/isar-bootstrap-helper.bbclass       | 13
> > +++++++++---- meta/recipes-devtools/buildchroot/buildchroot.bb |  3
> > ++- 3 files changed, 13 insertions(+), 6 deletions(-)
> > 
> > diff --git a/meta-isar/recipes-core/images/isar-image-base.bb
> > b/meta-isar/recipes-core/images/isar-image-base.bb index
> > c4799d3..989386c 100644 ---
> > a/meta-isar/recipes-core/images/isar-image-base.bb +++
> > b/meta-isar/recipes-core/images/isar-image-base.bb @@ -36,7 +36,8
> > @@ do_rootfs() { mkdir -p $CDIRS
> >       fi
> >   
> > -    setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL}
> > ${IMAGE_INSTALL}
> > +    setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> > +        ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> >   
> >       # Configure root filesystem
> >       sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}"
> > "${IMAGE_ROOTFS}" diff --git
> > a/meta/classes/isar-bootstrap-helper.bbclass
> > b/meta/classes/isar-bootstrap-helper.bbclass index a06116d..e062921
> > 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++
> > b/meta/classes/isar-bootstrap-helper.bbclass @@ -7,8 +7,13 @@
> >   
> >   setup_root_file_system() {
> >       ROOTFSDIR="$1"
> > +    CLEANHOSTLEAK="$2"
> > +    shift
> >       shift
> >       PACKAGES="$@"
> > +    APT_ARGS="install --yes --allow-unauthenticated \
> > +              -o Debug::pkgProblemResolver=yes"
> > +    CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname
> > ${ROOTFSDIR}/etc/resolv.conf" 
> >       sudo cp -Trpfx \
> >           "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/"
> > \ @@ -32,8 +37,8 @@ setup_root_file_system() {
> >           -o Dir::Etc::sourceparts="-" \
> >           -o APT::Get::List-Cleanup="0"
> >       sudo -E chroot "$ROOTFSDIR" \
> > -        /usr/bin/apt-get install -y \
> > -            --allow-unauthenticated \
> > -            -o Debug::pkgProblemResolver=yes \
> > -        $PACKAGES
> > +        /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> > +    [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f
> > ${CLEANHOSTLEAK_FILES}
> > +    sudo -E chroot "$ROOTFSDIR" \
> > +        /usr/bin/apt-get ${APT_ARGS} $PACKAGES
> >   }
> > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb
> > b/meta/recipes-devtools/buildchroot/buildchroot.bb index
> > b16e63a..0beb188 100644 ---
> > a/meta/recipes-devtools/buildchroot/buildchroot.bb +++
> > b/meta/recipes-devtools/buildchroot/buildchroot.bb @@ -44,7 +44,8
> > @@ do_build() { mkdir -p $CDIRS
> >       fi
> >   
> > -    setup_root_file_system "${BUILDCHROOT_DIR}"
> > ${BUILDCHROOT_PREINSTALL}
> > +    setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> > +        ${BUILDCHROOT_PREINSTALL}
> >   
> >       # Install package builder script
> >       sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
> >   
> 
> Good patch. I cherry picked it into my tree, because its also very 
> useful to split the download an installation of the packages.

I started pushing my changes to github, since the backlog is getting
bigger every day and what was posted here might be forgotten.

https://github.com/henning-schild-work/isar/

branches
 henning/wic
 henning/staging

Henning

> Reviewed-by: Claudius Heine <ch@denx.de>
> 

Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images

[Jan Kiszka]

On 2018-04-17 17:37, Henning Schild wrote:
> debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf
> into all rootfss it builds. That is done so the newly created rootfs
> will have internet access once you chroot into it.
> 
> For the buildchroot we need internet and the leakage does not hurt, for
> the final image we probably do not want any of these files anymore.
> 
> So split up the apt-get into a download and install phase and delete
> the two files after fetching the packages, but only for the image and
> not the buildchroot.
> 
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>  meta-isar/recipes-core/images/isar-image-base.bb |  3 ++-
>  meta/classes/isar-bootstrap-helper.bbclass       | 13 +++++++++----
>  meta/recipes-devtools/buildchroot/buildchroot.bb |  3 ++-
>  3 files changed, 13 insertions(+), 6 deletions(-)
> 
> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
> index c4799d3..989386c 100644
> --- a/meta-isar/recipes-core/images/isar-image-base.bb
> +++ b/meta-isar/recipes-core/images/isar-image-base.bb
> @@ -36,7 +36,8 @@ do_rootfs() {
>          mkdir -p $CDIRS
>      fi
>  
> -    setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> +    setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> +        ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
>  
>      # Configure root filesystem
>      sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}"
> diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
> index a06116d..e062921 100644
> --- a/meta/classes/isar-bootstrap-helper.bbclass
> +++ b/meta/classes/isar-bootstrap-helper.bbclass
> @@ -7,8 +7,13 @@
>  
>  setup_root_file_system() {
>      ROOTFSDIR="$1"
> +    CLEANHOSTLEAK="$2"
> +    shift
>      shift
>      PACKAGES="$@"
> +    APT_ARGS="install --yes --allow-unauthenticated \
> +              -o Debug::pkgProblemResolver=yes"
> +    CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf"
>  
>      sudo cp -Trpfx \
>          "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \
> @@ -32,8 +37,8 @@ setup_root_file_system() {
>          -o Dir::Etc::sourceparts="-" \
>          -o APT::Get::List-Cleanup="0"
>      sudo -E chroot "$ROOTFSDIR" \
> -        /usr/bin/apt-get install -y \
> -            --allow-unauthenticated \
> -            -o Debug::pkgProblemResolver=yes \
> -        $PACKAGES
> +        /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> +    [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES}
> +    sudo -E chroot "$ROOTFSDIR" \
> +        /usr/bin/apt-get ${APT_ARGS} $PACKAGES
>  }
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
> index b16e63a..0beb188 100644
> --- a/meta/recipes-devtools/buildchroot/buildchroot.bb
> +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
> @@ -44,7 +44,8 @@ do_build() {
>          mkdir -p $CDIRS
>      fi
>  
> -    setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL}
> +    setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> +        ${BUILDCHROOT_PREINSTALL}
>  
>      # Install package builder script
>      sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
> 

What's the status of this fix? Would like to update a consumer layer
that would benefit from it to an official next revision.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images

[Alexander Smirnov]

> What's the status of this fix? Would like to update a consumer layer
> that would benefit from it to an official next revision.

Started test build, will apply afterwards.

Alex

Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images

[Alexander Smirnov]

On 04/25/2018 02:52 PM, Alexander Smirnov wrote:
>> What's the status of this fix? Would like to update a consumer layer
>> that would benefit from it to an official next revision.
> 
> Started test build, will apply afterwards.

Applied to next, thanks!

Alex