From: Claudius Heine <claudius.heine.ext@siemens.com>
To: Henning Schild <henning.schild@siemens.com>, isar-users@googlegroups.com
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images
Date: Thu, 19 Apr 2018 17:35:23 +0200 [thread overview]
Message-ID: <a1575421-d6f0-e061-603c-6b3db593751c@siemens.com> (raw)
In-Reply-To: <20180417153759.17355-1-henning.schild@siemens.com>
Hi,
On 2018-04-17 17:37, Henning Schild wrote:
> debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf
> into all rootfss it builds. That is done so the newly created rootfs
> will have internet access once you chroot into it.
>
> For the buildchroot we need internet and the leakage does not hurt, for
> the final image we probably do not want any of these files anymore.
>
> So split up the apt-get into a download and install phase and delete
> the two files after fetching the packages, but only for the image and
> not the buildchroot.
>
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
> meta-isar/recipes-core/images/isar-image-base.bb | 3 ++-
> meta/classes/isar-bootstrap-helper.bbclass | 13 +++++++++----
> meta/recipes-devtools/buildchroot/buildchroot.bb | 3 ++-
> 3 files changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
> index c4799d3..989386c 100644
> --- a/meta-isar/recipes-core/images/isar-image-base.bb
> +++ b/meta-isar/recipes-core/images/isar-image-base.bb
> @@ -36,7 +36,8 @@ do_rootfs() {
> mkdir -p $CDIRS
> fi
>
> - setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> + setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> + ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
>
> # Configure root filesystem
> sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}"
> diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
> index a06116d..e062921 100644
> --- a/meta/classes/isar-bootstrap-helper.bbclass
> +++ b/meta/classes/isar-bootstrap-helper.bbclass
> @@ -7,8 +7,13 @@
>
> setup_root_file_system() {
> ROOTFSDIR="$1"
> + CLEANHOSTLEAK="$2"
> + shift
> shift
> PACKAGES="$@"
> + APT_ARGS="install --yes --allow-unauthenticated \
> + -o Debug::pkgProblemResolver=yes"
> + CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf"
>
> sudo cp -Trpfx \
> "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \
> @@ -32,8 +37,8 @@ setup_root_file_system() {
> -o Dir::Etc::sourceparts="-" \
> -o APT::Get::List-Cleanup="0"
> sudo -E chroot "$ROOTFSDIR" \
> - /usr/bin/apt-get install -y \
> - --allow-unauthenticated \
> - -o Debug::pkgProblemResolver=yes \
> - $PACKAGES
> + /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> + [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES}
> + sudo -E chroot "$ROOTFSDIR" \
> + /usr/bin/apt-get ${APT_ARGS} $PACKAGES
> }
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
> index b16e63a..0beb188 100644
> --- a/meta/recipes-devtools/buildchroot/buildchroot.bb
> +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
> @@ -44,7 +44,8 @@ do_build() {
> mkdir -p $CDIRS
> fi
>
> - setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL}
> + setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> + ${BUILDCHROOT_PREINSTALL}
>
> # Install package builder script
> sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
>
Good patch. I cherry picked it into my tree, because its also very
useful to split the download an installation of the packages.
Reviewed-by: Claudius Heine <ch@denx.de>
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de
next prev parent reply other threads:[~2018-04-19 15:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 12:46 [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst Henning Schild
2018-04-17 13:03 ` Jan Kiszka
2018-04-17 13:20 ` Henning Schild
2018-04-17 13:23 ` Jan Kiszka
2018-04-17 15:09 ` Henning Schild
2018-04-17 15:37 ` [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images Henning Schild
2018-04-19 15:35 ` Claudius Heine [this message]
2018-04-20 12:05 ` Henning Schild
2018-04-25 11:21 ` Jan Kiszka
2018-04-25 11:52 ` Alexander Smirnov
2018-04-25 13:33 ` Alexander Smirnov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1575421-d6f0-e061-603c-6b3db593751c@siemens.com \
--to=claudius.heine.ext@siemens.com \
--cc=henning.schild@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox