From: "'Jan Kiszka' via isar-users" <isar-users@googlegroups.com>
To: Felix Moessbauer <felix.moessbauer@siemens.com>,
isar-users@googlegroups.com
Cc: quirin.gylstorff@siemens.com
Subject: Re: [RFC v2 12/19] add helper script to clean artifacts in build dir
Date: Fri, 20 Feb 2026 19:24:20 +0100 [thread overview]
Message-ID: <a6986531-7990-430b-aa6f-3f41e6c1f162@siemens.com> (raw)
In-Reply-To: <20260220171601.3845113-13-felix.moessbauer@siemens.com>
On 20.02.26 18:15, Felix Moessbauer wrote:
> When running in rootless mode, cleaning the build directory from outside
> the build environment is a non trivial task due to mixed file
> ownerships. To simplify this, we introduce the isar-clean-builddir
> script that can perform the cleanup without requiring root privileges.
>
> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
> RECIPE-API-CHANGELOG.md | 5 +++
> scripts/isar-clean-builddir | 73 +++++++++++++++++++++++++++++++++++++
> 2 files changed, 78 insertions(+)
> create mode 100755 scripts/isar-clean-builddir
>
> diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md
> index 59ea3110..8cbafbba 100644
> --- a/RECIPE-API-CHANGELOG.md
> +++ b/RECIPE-API-CHANGELOG.md
> @@ -1015,3 +1015,8 @@ check the kas mailing list).
> Note, that the following features are not supported yet in rootless mode:
>
> - devshell
> +
> +Note, that the build dir may contain files that were generated within the rootless
> +environment and cannot be deleted from the outside by the calling user. To simplify
> +the cleanup, we provide the `isar-clean-builddir` script that helps purging
> +directories with mixed ownerships (without requiring root privileges).
> diff --git a/scripts/isar-clean-builddir b/scripts/isar-clean-builddir
> new file mode 100755
> index 00000000..81b52561
> --- /dev/null
> +++ b/scripts/isar-clean-builddir
> @@ -0,0 +1,73 @@
> +#!/bin/sh
> +# isar-clean-builddir - Clean the build/tmp directory
> +#
> +# This script removes all files from the specified directory, including those
> +# owned by other users (which requires elevated privileges).
> +#
> +# Rootless Mode:
> +# When --rootless is specified, no privileged commands are executed. This
> +# requires that the UID namespace where files were generated matches the
> +# cleanup environment. When running from a container, this script must be
> +# called from within the same container.
> +#
> +# Part of the Isar API. External tools may call this script for cleanup.
> +#
> +# Copyright (c) Siemens AG, 2026
> +# SPDX-License-Identifier: MIT
> +
> +DRY_RUN=0
> +ROOTLESS=0
> +
> +usage()
> +{
> + EXIT_CODE="$1"
> + SELF="isar-clean-builddir"
> + printf "%b" "Usage: ${SELF} [--rootless] [--dry-run] [dir]\n"
> +
> + exit "${EXIT_CODE:-1}"
> +}
> +
> +while [ $# -gt 0 ]; do
> + case "$1" in
> + --dry-run)
> + DRY_RUN=1
> + shift 1
> + ;;
> + -h | --help)
> + usage 0
> + ;;
> + --rootless)
> + ROOTLESS=1
> + shift 1
> + ;;
> + --*)
> + usage 1
> + ;;
> + *)
> + break
> + ;;
> + esac
> +done
> +
> +[ $# -eq 1 ] || usage 1
> +if ! [ -d "$1" ]; then
> + echo "error: \"$1\" is not a directory"
> + exit 1
> +fi
> +
> +if [ $ROOTLESS -eq 1 ]; then
> + PRIVILEGED_CMD="mmdebstrap --unshare-helper"
> +else
> + PRIVILEGED_CMD="sudo"
> +fi
> +
> +if [ $DRY_RUN -eq 1 ]; then
> + echo "dry-run, not executing"
> + DRY_RUN_PREFIX="/bin/echo"
> +fi
> +
> +# clean all files that do not belong to us
> +# shellcheck disable=2086
> +find "$1" \( ! -user "$(whoami)" -type d -prune \) -exec $DRY_RUN_PREFIX $PRIVILEGED_CMD rm -rf {} \;
> +# clean remaining files
> +$DRY_RUN_PREFIX rm -rf "$1"
Works in rootless, folder is gone, but it suggests something different:
$ isar/scripts/isar-clean-builddir --rootless build/tmp
rm: cannot remove 'build/tmp/ccache/xenomai-demo-riscv64-amd64/a':
Permission denied
E: system failed: 256
E: unshared command failed
rm: cannot remove 'build/tmp/ccache/xenomai-demo-riscv64-amd64/8':
Permission denied
E: system failed: 256
E: unshared command failed
rm: cannot remove 'build/tmp/ccache/xenomai-demo-riscv64-amd64/c':
Permission denied
E: system failed: 256
E: unshared command failed
...
$ ls build/tmp
ls: cannot access 'build/tmp': No such file or directory
Jan
--
Siemens AG, Foundational Technologies
Linux Expert Center
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/a6986531-7990-430b-aa6f-3f41e6c1f162%40siemens.com.
next prev parent reply other threads:[~2026-02-20 18:24 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-20 17:15 [RFC v2 00/20] add support to build isar unprivileged 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 01/19] refactor bootstrap: store rootfs tar with user permissions 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 02/19] deb-dl-dir: export without root privileges 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 03/19] download debs without locking 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 04/19] introduce wrappers for privileged execution 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 05/19] bootstrap: move cleanup trap to function 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 06/19] rootfs: rework sstate caching of rootfs artifact 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 07/19] rootfs_generate_initramfs: rework deployment to avoid chowning 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 08/19] wic: rework image deploy logic to deploy under correct user 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 09/19] use bitbake function to generate mounting scripts 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 10/19] apt-fetcher: prepare for chroot specific fetching 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 11/19] add support for fully rootless builds 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 12/19] add helper script to clean artifacts in build dir 'Felix Moessbauer' via isar-users
2026-02-20 18:24 ` 'Jan Kiszka' via isar-users [this message]
2026-02-20 17:15 ` [RFC v2 13/19] apt-fetcher: implement support for unshare backend 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 14/19] vm images: make compatible with rootless build 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 15/19] ddi image: convert to two stage deploy 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 16/19] container images: make compatible with rootless build 'Felix Moessbauer' via isar-users
2026-02-20 17:15 ` [RFC v2 17/19] dpkg-source: implement multiarch support for unshare backend 'Felix Moessbauer' via isar-users
2026-02-20 17:16 ` [RFC v2 18/19] rootfs: remove temporary sstate deploy directory after task execution 'Felix Moessbauer' via isar-users
2026-02-20 17:16 ` [RFC v2 19/19] use copy of sbom-chroot for sbom creation 'Felix Moessbauer' via isar-users
2026-02-24 10:33 ` Uladzimir Bely
2026-02-24 11:36 ` 'MOESSBAUER, Felix' via isar-users
2026-02-24 11:59 ` Uladzimir Bely
2026-02-24 12:28 ` 'MOESSBAUER, Felix' via isar-users
2026-02-20 17:24 ` [RFC v2 00/20] add support to build isar unprivileged 'Jan Kiszka' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a6986531-7990-430b-aa6f-3f41e6c1f162@siemens.com \
--to=isar-users@googlegroups.com \
--cc=felix.moessbauer@siemens.com \
--cc=jan.kiszka@siemens.com \
--cc=quirin.gylstorff@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox