From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6545397795972448256 X-Received: by 10.28.133.211 with SMTP id h202mr1795448wmd.28.1524655281203; Wed, 25 Apr 2018 04:21:21 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.28.5.77 with SMTP id 74ls2994802wmf.8.gmail; Wed, 25 Apr 2018 04:21:20 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+OywfcKDvB2VxDyRupwOlHbF2iMuiSHQOelocAQV3jbI2QygFa/sVVEbhCy9zQPGt4q230 X-Received: by 10.28.92.139 with SMTP id q133mr2001766wmb.20.1524655280579; Wed, 25 Apr 2018 04:21:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524655280; cv=none; d=google.com; s=arc-20160816; b=G5XsNqkZcoQ5XY+cgBsIODTttLwuz4T/DXpo4oWLEcFrVkj9K2BjWkfeJKkwyliiEa cIYCjGHs6vO26KpVEV3PDaG7aO/BlbEx8+AcuwOT3qcapHolVQ/TFp1OJAro784nsww3 l7pCX5SXjvnMe3AsmVlxdY3UUcq57fYJqvtyPRdHPUmCc4UOOVLEKbDEntX1+HKRAJUG xiV2OXRq0i2DzaRdgQ9D/DGBeeDh+MWiHWykINp8DtEoyWynM6SaVYpC0ZoIYLO43utB szNvv/pxVJA0SNiDZXXKTUZFuLBauZEXNqzwEQnrVPMlum2IsrtZ6b/RiWxYA6MILEwB U4jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=zO23kUpgfFOdpc8Td2bs8c5ONbC+/UkQNKdUXBgGWFo=; b=bN5YcqcIGwLzpK2XCV1dfP9vY98qmfLEEMSAGNtH5bUxOS3RTUTuSlhJ+y690kdI3C ZSlrl9bJZFS2CgcY69SHbkBMqmtSuzkWcJ3mwN60Xr09KZUieoSOTbpcADjLVfNIInex F0SEy8ZWFl9bbK+rhWcTKud+2Kuxc51E5XFsLf6j/yt/sov7uOizf6VB1TXHKm3tM24S Ddzemj6p12GuAvxxyXEaomcu1etyRI1UWIr2SjXwtpHXIPyvCjXVscM6UFqZNGD1g/NB S41tpxwnvmuMkOe37/RmfnOxE+fWccXHl7u84+jq0fJqR8HSi8b8HvsFtDuH8ATg8ocz T6lQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id t10si292047wmh.0.2018.04.25.04.21.20 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Apr 2018 04:21:20 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id w3PBLKLG031758 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Apr 2018 13:21:20 +0200 Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged)) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id w3PBLJeL012145; Wed, 25 Apr 2018 13:21:19 +0200 Subject: Re: [PATCH] isar-bootstrap: Remove leaked hostname and resolv.conf from images To: Henning Schild , isar-users@googlegroups.com, Baurzhan Ismagulov Cc: claudius.heine.ext@siemens.com References: <20180417124618.30964-1-henning.schild@siemens.com> <20180417153759.17355-1-henning.schild@siemens.com> From: Jan Kiszka Openpgp: preference=signencrypt Message-ID: Date: Wed, 25 Apr 2018 13:21:18 +0200 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <20180417153759.17355-1-henning.schild@siemens.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: 5yEmQCxr+BgF On 2018-04-17 17:37, Henning Schild wrote: > debootstrap will leak the build hosts /etc/hostname and /etc/resolv.conf > into all rootfss it builds. That is done so the newly created rootfs > will have internet access once you chroot into it. > > For the buildchroot we need internet and the leakage does not hurt, for > the final image we probably do not want any of these files anymore. > > So split up the apt-get into a download and install phase and delete > the two files after fetching the packages, but only for the image and > not the buildchroot. > > Signed-off-by: Henning Schild > --- > meta-isar/recipes-core/images/isar-image-base.bb | 3 ++- > meta/classes/isar-bootstrap-helper.bbclass | 13 +++++++++---- > meta/recipes-devtools/buildchroot/buildchroot.bb | 3 ++- > 3 files changed, 13 insertions(+), 6 deletions(-) > > diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb > index c4799d3..989386c 100644 > --- a/meta-isar/recipes-core/images/isar-image-base.bb > +++ b/meta-isar/recipes-core/images/isar-image-base.bb > @@ -36,7 +36,8 @@ do_rootfs() { > mkdir -p $CDIRS > fi > > - setup_root_file_system "${IMAGE_ROOTFS}" ${IMAGE_PREINSTALL} ${IMAGE_INSTALL} > + setup_root_file_system "${IMAGE_ROOTFS}" "clean" \ > + ${IMAGE_PREINSTALL} ${IMAGE_INSTALL} > > # Configure root filesystem > sudo install -m 755 "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}" "${IMAGE_ROOTFS}" > diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass > index a06116d..e062921 100644 > --- a/meta/classes/isar-bootstrap-helper.bbclass > +++ b/meta/classes/isar-bootstrap-helper.bbclass > @@ -7,8 +7,13 @@ > > setup_root_file_system() { > ROOTFSDIR="$1" > + CLEANHOSTLEAK="$2" > + shift > shift > PACKAGES="$@" > + APT_ARGS="install --yes --allow-unauthenticated \ > + -o Debug::pkgProblemResolver=yes" > + CLEANHOSTLEAK_FILES="${ROOTFSDIR}/etc/hostname ${ROOTFSDIR}/etc/resolv.conf" > > sudo cp -Trpfx \ > "${DEPLOY_DIR_IMAGE}/isar-bootstrap-${DISTRO}-${DISTRO_ARCH}/" \ > @@ -32,8 +37,8 @@ setup_root_file_system() { > -o Dir::Etc::sourceparts="-" \ > -o APT::Get::List-Cleanup="0" > sudo -E chroot "$ROOTFSDIR" \ > - /usr/bin/apt-get install -y \ > - --allow-unauthenticated \ > - -o Debug::pkgProblemResolver=yes \ > - $PACKAGES > + /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES > + [ "clean" = ${CLEANHOSTLEAK} ] && sudo rm -f ${CLEANHOSTLEAK_FILES} > + sudo -E chroot "$ROOTFSDIR" \ > + /usr/bin/apt-get ${APT_ARGS} $PACKAGES > } > diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb > index b16e63a..0beb188 100644 > --- a/meta/recipes-devtools/buildchroot/buildchroot.bb > +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb > @@ -44,7 +44,8 @@ do_build() { > mkdir -p $CDIRS > fi > > - setup_root_file_system "${BUILDCHROOT_DIR}" ${BUILDCHROOT_PREINSTALL} > + setup_root_file_system "${BUILDCHROOT_DIR}" "noclean" \ > + ${BUILDCHROOT_PREINSTALL} > > # Install package builder script > sudo chmod -R a+rw "${BUILDCHROOT_DIR}/home/builder" > What's the status of this fix? Would like to update a consumer layer that would benefit from it to an official next revision. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux