From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6545397795972448256
X-Received: by 10.80.250.8 with SMTP id b8mr2226777edq.11.1524152125065;
        Thu, 19 Apr 2018 08:35:25 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.80.205.69 with SMTP id d5ls889774edj.0.gmail; Thu, 19 Apr 2018
 08:35:24 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/DZ6GczcxJtPodRABPZKP8MkX1FcE6pd5m3Qt0AjlJiYocMOr+11X2kPuI7xFq6/IvBJh0
X-Received: by 10.80.250.8 with SMTP id b8mr2226755edq.11.1524152124560;
        Thu, 19 Apr 2018 08:35:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524152124; cv=none;
        d=google.com; s=arc-20160816;
        b=PcDseRemjLx5j0lgGIpVn/B5BxeiAwJSm1jNdT6PcsD8WNTLcMTMxsuzkTOV/8sdkV
         akjXfRKoQ1lmzDJGsHfTR3U4gUfBEYjvEmrHAp4t2K+7LOZKP77sC2WEXgz2vUy8wIKT
         w2zSJoJahmDyYEWO1Zi9+DasZjLxkovvSZxt13EBFJAdWeoLMIsoFrSixuoq0J34JGUt
         Brsi71oxck8QD8ISbVR5kRtz5F6463Ocx0HId8/cM28ZkDon436FBD7BdGzjNuNrZMDC
         lhVsaScpjmACHb2H6rN+ioEkqCLB7sOurk3e4REqnb0nwN71F6VfTLR/wKE3Ci7qI0U4
         JonA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:cc:to:subject
         :arc-authentication-results;
        bh=tCn6zNSC7mY5uL9W45UTSmp9JCMQvwNi0Cmm0xhCaps=;
        b=ajpzRY6+Aafruh5LIeOLk3jV4WzxTAVq2GO2eEfGMBtXwX8IBsqrotEJ4jUFDOPc73
         m2F76dBi4kwgVSBCk5ghF7B7+wS2YUF31e8vY2Zgz3l6JBt2raZdfynddQnCer2Mg2qq
         9zdOBaPs4LO9NBLrWPDWcP9+wHuH1Tn++qf8/0DK4HUxltnG697WRGVIsVHzXKRu860j
         Uwn36gNVuOvTh/8IW98Uh8rocgpssYprCwLc5YWk1mjnMw9jkP0XRI95e7bgNIEn1xCI
         d1QYCNX2yINuUH4ys5E1RRttFQ3S3LtDsZG4zrI7azxyYp74AUcNRJmWWklL39ETJ8vW
         r3pg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com
Return-Path: <claudius.heine.ext@siemens.com>
Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40])
        by gmr-mx.google.com with ESMTPS id t16si248607edi.0.2018.04.19.08.35.24
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 19 Apr 2018 08:35:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id w3JFZOLh028519
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Thu, 19 Apr 2018 17:35:24 +0200
Received: from [139.25.69.226] (linux-ses-ext02.ppmd.siemens.net [139.25.69.226])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id w3JFZN1A030121;
	Thu, 19 Apr 2018 17:35:23 +0200
Subject: Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf
 from images
To: Henning Schild <henning.schild@siemens.com>, isar-users@googlegroups.com
Cc: Jan Kiszka <jan.kiszka@siemens.com>
References: <20180417124618.30964-1-henning.schild@siemens.com>
 <20180417153759.17355-1-henning.schild@siemens.com>
From: Claudius Heine <claudius.heine.ext@siemens.com>
Message-ID: <a1575421-d6f0-e061-603c-6b3db593751c@siemens.com>
Date: Thu, 19 Apr 2018 17:35:23 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180417153759.17355-1-henning.schild@siemens.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: Qp85GKdm2Qw5

Hi,

On 2018-04-17 17:37, Henning Schild wrote:
> debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf
> into all rootfss it builds. That is done so the newly created rootfs
> will have internet access once you chroot into it.
> 
> For the buildchroot we need internet and the leakage does not hurt, for
> the final image we probably do not want any of these files anymore.
> 
> So split up the apt-get into a download and install phase and delete
> the two files after fetching the packages, but only for the image and
> not the buildchroot.
> 
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>   meta-isar/recipes-core/images/isar-image-base.bb |  3 ++-
>   meta/classes/isar-bootstrap-helper.bbclass       | 13 +++++++++----
>   meta/recipes-devtools/buildchroot/buildchroot.bb |  3 ++-
>   3 files changed, 13 insertions(+), 6 deletions(-)
> 
> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
> index c4799d3..989386c 100644
> --- a/meta-isar/recipes-core/images/isar-image-base.bb
> +++ b/meta-isar/recipes-core/images/isar-image-base.bb
> @@ -36,7 +36,8 @@ do_rootfs() {
>           mkdir -p $CDIRS
>       fi
>   
> -    setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
> +    setup_root_file_system "${IMAGE_ROOTFS}" "clean" \
> +        ${IMAGE_PREINSTALL} ${IMAGE_INSTALL}
>   
>       # Configure root filesystem
>       sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}"
> diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
> index a06116d..e062921 100644
> --- a/meta/classes/isar-bootstrap-helper.bbclass
> +++ b/meta/classes/isar-bootstrap-helper.bbclass
> @@ -7,8 +7,13 @@
>   
>   setup_root_file_system() {
>       ROOTFSDIR="$1"
> +    CLEANHOSTLEAK="$2"
> +    shift
>       shift
>       PACKAGES="$@"
> +    APT_ARGS="install --yes --allow-unauthenticated \
> +              -o Debug::pkgProblemResolver=yes"
> +    CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf"
>   
>       sudo cp -Trpfx \
>           "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \
> @@ -32,8 +37,8 @@ setup_root_file_system() {
>           -o Dir::Etc::sourceparts="-" \
>           -o APT::Get::List-Cleanup="0"
>       sudo -E chroot "$ROOTFSDIR" \
> -        /usr/bin/apt-get install -y \
> -            --allow-unauthenticated \
> -            -o Debug::pkgProblemResolver=yes \
> -        $PACKAGES
> +        /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES
> +    [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES}
> +    sudo -E chroot "$ROOTFSDIR" \
> +        /usr/bin/apt-get ${APT_ARGS} $PACKAGES
>   }
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
> index b16e63a..0beb188 100644
> --- a/meta/recipes-devtools/buildchroot/buildchroot.bb
> +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
> @@ -44,7 +44,8 @@ do_build() {
>           mkdir -p $CDIRS
>       fi
>   
> -    setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL}
> +    setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \
> +        ${BUILDCHROOT_PREINSTALL}
>   
>       # Install package builder script
>       sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder"
> 

Good patch. I cherry picked it into my tree, because its also very 
useful to split the download an installation of the packages.

Reviewed-by: Claudius Heine <ch@denx.de>

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de