From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6721684426774806528 X-Received: by 2002:a1c:5fd6:: with SMTP id t205mr6939272wmb.124.1569070923794; Sat, 21 Sep 2019 06:02:03 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:c408:: with SMTP id v8ls2724718wrf.10.gmail; Sat, 21 Sep 2019 06:02:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqylQ0AlTvLvs/95wxMMeSmFK5S/90lYTzo7UKA5CQn50NDgo3vzhQLYpxRF7u/REkAuz63j X-Received: by 2002:adf:e591:: with SMTP id l17mr16002589wrm.199.1569070923255; Sat, 21 Sep 2019 06:02:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569070923; cv=none; d=google.com; s=arc-20160816; b=W2T88AZeXjM8iG6hTb2LVfu2IGJmS52H1qbHlY5Gl9DSYbWLuimeebtu7T6CZIYdGP AwmlCWnNlghk7FwbzU43y4/6dNbbhe56DAOBViHJwohw4/zPeTVYjPDxgIj0pq5nBun6 zNdG2hQxqipzwv4Cnra217cDFEh2v7m+lC7Hnhm8JOBCdnB0qweCoMgzCcDLY3wHtWbe VkPYOhRbpGAztPgPnLQmvxeuqtt4KTl2UPnDoOYH49YVM+BfIMulbp2ZWC/hZTvfKrOd wBvR4dC2AzdVTSQGt9aF1lo/ZPLluGLYvUWx8uewvFOolN7GHkNtVmsyWQd30hFmAY3Y uacg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=MJnlyZbsTufA5pjOA9Tqwz6YmC5LzO/Lyf2cQbc6mpY=; b=sMqRsGJjg0tndcgsoPoaMOEmd+hhWyvYph+GWelbLiyQ5tG+UjFDiALDDkOLhqZfI8 VQrjTMEpsz6pqL02vVyT5Qa+w6KwmqwSZMoGfow4w3efY9EaKv69B2gLE/JYFW3M6v8o 3CCVqOjc5QA4A2ukNmHpFql8VOgG5lmWGoThLsesXoFCNjz/kz8pXOoozxuVww3Zlk6S IIefzzf1R07MJKEY+GTsdwyOEWeh+IRAzlNmdLb+q6f/4j77M/8DY/s1dKgyUeU5gHqV 9O7mFp7wx5zSx6YKk1yUt/iTbGppXwkLUSTQ2C7nZHiKD0hARnxIimnIXCy1enQqmFsI dHZQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id s65si221405wme.2.2019.09.21.06.02.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 21 Sep 2019 06:02:03 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x8LD224G009491 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 21 Sep 2019 15:02:02 +0200 Received: from [167.87.38.138] ([167.87.38.138]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x8LD21mS008125; Sat, 21 Sep 2019 15:02:02 +0200 Subject: Re: [PATCH v5] meta/classes: generate bill of material from image To: "[ext] Q. Gylstorff" , isar-users@googlegroups.com Cc: Claudius Heine References: <3e792ace-44e8-e1aa-3a44-21a7c2c1f375@siemens.com> <20190813134059.30102-1-Quirin.Gylstorff@siemens.com> From: Jan Kiszka Message-ID: Date: Sat, 21 Sep 2019 15:02:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190813134059.30102-1-Quirin.Gylstorff@siemens.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: HCEMczyo2qsz On 13.08.19 15:40, [ext] Q. Gylstorff wrote: > From: Quirin Gylstorff > > To create products it is necessary to have a list > of used packages for clearance and to security monitoring. > To get a simple list of packages use dpkg-query and generate > a list with the following pattern: > > source name| source version | binary package name | binary version > > All rootfs generate the list by default. Currently the f > following lists are generated: > - buildchroot-${DISTRO}-${ARCH}.manifest > - ${IMAGE}-${DISTRO}-${ARCH}.manifest > - optional: sdkchroot-${DISTRO}-${ARCH}.manifest > > Remove the feature with: > ROOTFS_FEATURES_remove = "generate-manifest" > > Signed-off-by: Quirin Gylstorff > --- > meta/classes/image.bbclass | 2 +- > meta/classes/rootfs.bbclass | 12 +++++++++++- > 2 files changed, 12 insertions(+), 2 deletions(-) > > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > index ec6bd39..70c46d2 100644 > --- a/meta/classes/image.bbclass > +++ b/meta/classes/image.bbclass > @@ -58,7 +58,7 @@ image_do_mounts() { > } > > ROOTFSDIR = "${IMAGE_ROOTFS}" > -ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs" > +ROOTFS_FEATURES += "copy-package-cache clean-package-cache finalize-rootfs generate-manifest" > ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${IMAGE_INSTALL}" > > inherit rootfs > diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass > index c7e0435..59edcde 100644 > --- a/meta/classes/rootfs.bbclass > +++ b/meta/classes/rootfs.bbclass > @@ -10,7 +10,8 @@ ROOTFS_PACKAGES ?= "" > # 'deploy-package-cache' - copy the package cache ${WORKDIR}/apt_cache > # 'clean-package-cache' - delete package cache from rootfs > # 'finalize-rootfs' - delete files needed to chroot into the rootfs > -ROOTFS_FEATURES ?= "" > +# 'generate-manifest' - generate a package manifest of the rootfs into ${IMAGE_DEPLOY_DIR} > +ROOTFS_FEATURES ?= "generate-manifest" > > ROOTFS_APT_ARGS="install --yes -o Debug::pkgProblemResolver=yes" > > @@ -212,6 +213,15 @@ rootfs_postprocess_finalize() { > EOSUDO > } > > +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-manifest', 'rootfs_generate_manifest', '', d)}" > +rootfs_generate_manifest () { > + mkdir -p ${DEPLOY_DIR_IMAGE} > + sudo -E chroot '${ROOTFSDIR}' \ > + dpkg-query \ > + -f '${source:Package}|${source:Version}|${binary:Package}|${Version}\n' -W > \ > + ${DEPLOY_DIR_IMAGE}/"${PF}".manifest > +} > + > do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}" > python do_rootfs_postprocess() { > # Take care that its correctly mounted: > This "nicely" triggers [1]. And after running bitbake-diffsigs, it's also clear why: $ bitbake-diffsigs tmp/stamps/debian-stretch-armhf/buildchroot-host/1.0-r0.do_rootfs_postprocess.sigdata.8ea37df88464fe5477148b167fd61c80 tmp/stamps/debian-stretch-armhf/buildchroot-host/1.0-r0.do_rootfs_postprocess.sigdata.fae265f1d4686b64bc01ddb05f972db6 basehash changed from dd03388909f6c4c2b905ebaf2539a435 to 2f9b6886ae7f15d5288e7d0ceb493750 Variable MACHINE value changed from 'qemuarm' to 'de0-nano-soc' You pull an image dependency into the buildchroot by using DEPLOY_DIR_IMAGE. And that opens the doors to parallel-build hell. It's also semantically incorrect for the buildchroot because those have nothing image-specific in them. The good news: After my patch series, there are also DEPLOY_DIR_BUILDCHROOT and DEPLOY_DIR_SDKCHROOT. The bad news: You need to find out which one to use. Jan [1] https://groups.google.com/d/msgid/isar-users/c93a7dbdbc9448afc0d0b65ec754ac698ed658c6.1566800787.git.jan.kiszka%40siemens.com -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux