From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 01 Apr 2025 14:43:46 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f183.google.com (mail-pl1-f183.google.com [209.85.214.183]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 531Chikd029228 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 1 Apr 2025 14:43:45 +0200 Received: by mail-pl1-f183.google.com with SMTP id d9443c01a7336-227e2faab6dsf89227525ad.1 for ; Tue, 01 Apr 2025 05:43:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1743511419; cv=pass; d=google.com; s=arc-20240605; b=HyH+YvjBB3dDIXO3dLPVtnGYyRCSiUbaxdLChn3pSADF5isC81Pe7yzY1DOo4VOmis GcU49+2gpQj0YE3hNn5V7zURTPi0v13yptDwbZvlbFPmJSN1rtZKNZJyHcG5bmIfVpy+ JLA5Ia+NZCfMnrl/GXurTi40cg6aL7kMKWL1ReMSIB6wWBzj79PPDDHp9wWUlJpaOFsq 8UYWa4yWwRmlAi+Z5pEcOEIMWCKonPawbZmWhaw5m4NTQWYqjuuluhyTzCN1VTwEr+6d HJuhHFgKj0QRNE3pRtFOL90EzU5sSYZHahurllhlxXTVUxXaTKlpVhB2iU8INkw8XknS eL3g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:user-agent :content-transfer-encoding:autocrypt:references:in-reply-to:date:to :from:subject:message-id:sender:dkim-signature; bh=WCda7jyYJErUwy3gOtGaH9NDlzzB6PhwyDZ/SWvZdBc=; fh=mcEYILPisrAoBlbtqphXuGDwDK4VZ8sP/l81MKSh1Z8=; b=jRarltpWP0BJPofwK640C2QjSWwSv1Bq7MK+n8Dp2Jl6Vy8wn8jRHLIIE4LoZw20bS An+gfcfdorKF4hewQmN2Tj58SW8vn7hIWZEi/R+jgEiY2dfouzj4X4l6CwMQF5efJiFs 2+AFxBq/0/D5FI9Xf2mE51V3S6Jr18HCFFDig/yIl6MkyGJV2gDqeOBJ4VpySThUT/e4 JvgFkeY+o5XtTvBtWkGYlPf/MfsYXazOuYgkjmkRYf/F6GKzeVg+2qrULOkQlSVuk3jz 2lvEyrWt/jysQJ0VyKmN7DoF3bMR9P337KNXW3efOR8GutO3d+wWk882wzeZMPnxBoCW 9m4w==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1743511419; x=1744116219; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:user-agent:content-transfer-encoding :autocrypt:references:in-reply-to:date:to:from:subject:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=WCda7jyYJErUwy3gOtGaH9NDlzzB6PhwyDZ/SWvZdBc=; b=uxKyde9qrKDuYZTlePijVKg92P4RHjnP7ppiza1HBEpYE9qKrHRDJ8JuNdaOAFIzca SbN0sNXe+hlJ3tKLv6NfF1LUcUew/+UnITgqfOmMwIOdcZZkzl1Ot5LeO78lu86dPcfP 4VhmKNvzBXMM4caMFxIDG5d2OZk1ruNbvgXmUtypC+H+a1bFUEt6/Tzggj22OsbXqw9l 5mw0AB0m5xesYnBBKCcc+iiMK0KYN8dP0Ktw1dRLSx37+KzLZQ4hYj3AlGEoeL9zkGqh ELjZrFJfuYxIgoceSIvw9n32bjHauJg/UVvR7aYZ+f6W12fuCEEcITSrVIGWX9JbJBXJ YyxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743511419; x=1744116219; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :user-agent:content-transfer-encoding:autocrypt:references :in-reply-to:date:to:from:subject:message-id:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=WCda7jyYJErUwy3gOtGaH9NDlzzB6PhwyDZ/SWvZdBc=; b=ldZ9/9Hf6YAwlWLe3frwGI+izEitPUt4pLrrNAHQIubL87Td0OOKIyzXYZ+/oagEoW 6jeCzmvL/nO7pMoVKm0rew0wCpgrjneFC8xrpxT6Cusd3iNmFag3l7xXqNxtbvgAYM76 fXWs7fwuIEP03iRAW/CGy1nyl58Nh30rqCLHRAlnuFlNcNTnA0ZlPlxsWZyKUWqsjXix /yRKKd+ZgoXbfNUonTN4Ik2R3wVXwqOFm67L/wxJJMZs1DjBhZavsQ4pqXPEyFPcE67b 6rCVA+++ImnUYsqs6Z4uotpt+CEfSAABRYrvQ3UZsWsAV5W+6YwjPKkBK3SHU4+E05EM HDsg== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXwEGc1vNlZNlFBaDdf7Zs0ZCoIVMru0WyiUD8/pQxn/VErfsY0gWl01O5G7xgwJRkGLdLk@ilbers.de X-Gm-Message-State: AOJu0Yy+bgRkHD9JrgDQkJZXpEaaRhgC/WRNuK4MJ9bvT27PWJuupw0a WhanqyiOC76YMA1EJxiPVAk6g5wHG7MU/6hnNW1zsvjfQPzi1ZFm X-Google-Smtp-Source: AGHT+IHlkB4JQyoiSCOFHaxSO2g7mpkAq/y3YNuZQdxkxpTgJGyjzbBuPZN4Y1+yUeqoYmd2fLP6Qg== X-Received: by 2002:a17:903:32cb:b0:224:c46:d14b with SMTP id d9443c01a7336-2292f9ff33dmr138163895ad.52.1743511419165; Tue, 01 Apr 2025 05:43:39 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARLLPAIm7B76+4ZOo8EKuaQbpkU0vxLv9j2DyqEMGLImXqte5A== Received: by 2002:a17:903:32ca:b0:226:488e:2ab0 with SMTP id d9443c01a7336-228048ca0e8ls14586675ad.2.-pod-prod-04-us; Tue, 01 Apr 2025 05:43:38 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUrkYymaXZ0PB6k/aG21vhdsaAmRWCzT6R0HMqRTre86tNwCYpTn/SzL4DbdUaiK8oMbSQiNfs+lflm@googlegroups.com X-Received: by 2002:a17:903:41ce:b0:224:e33:889b with SMTP id d9443c01a7336-2292f954b74mr221939065ad.12.1743511417706; Tue, 01 Apr 2025 05:43:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1743511417; cv=none; d=google.com; s=arc-20240605; b=CC4RaBx0hTZ4I9Wh8LJiMEjHKwZOwwTFT6emZuAIiNeOcq/zYWgoq8oNvHhmCzDKP3 OrVGEnfoy1AP8utD1cgD3aXygzOs4ygdrs4AuRDSCDV3DXLXU1+8eS9qg5+Aq+Xbeito 912L0UYM22r9qBFNkb+aAVM3mU/np/UWV29jSn/+vkI2pZGk5yKk35+GE5149eyHq0aA 9q9ltmDfL4T33CJ+MPBGgSLHY2J/9wvq6Bti9633uQoLCaALlwP1kpXmCRmKUC4Spe2+ B7GTY9DzgrAGGAr605Z/PetLQlKMsC6oy/0fHLsl4nSA/z9zK+L9JowxEHjrBBTw23Xe pMhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id; bh=n/iR76QUFyL1h2VPxpVkMiuWZ70lLFgjn0k2pK2qmok=; fh=O8qOVoyC4kVwjYhl6ndzNlnWHnJpUJcq4mpswxQLIKQ=; b=Pqa2QaKqvwOQaArniTpiHVvYsIynhXlaZa3Copaa4aC//f97Ur0vZPvsg9DFL5ycn2 +OYd04np9dfp5DEg+ua0nb2YAR5ORxt7ifZe9QdVhvnHBAbac/yEL3J2GmcgIU/W6DjN bPZk/xDNXNTUU99FQ7WdK/8rx8lO1zehO8VQOVQOdenbzIG9uOzTQdViVVS83olT/3x7 ZltHqsTe7tfuf7myGTquhHgD+S5/3sS50F3v/igVnBzMl+cCXzczzRPVFdXPNSnYZXMD kGljyTRVxFGpautbV/7oXQp0OhbN0NV+adxstbKdNoDXOuTeIKANC2cdFYGTuGKZOI2r UjiA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id d9443c01a7336-2291f1b5833si5186765ad.11.2025.04.01.05.43.37 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 01 Apr 2025 05:43:37 -0700 (PDT) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [IPv6:::1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 531ChX5G029223 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 1 Apr 2025 14:43:34 +0200 Message-ID: Subject: Re: [PATCH 1/2] kas/kas-container: update kas-container to version 4.7 From: Uladzimir Bely To: srinuvasan.a@siemens.com, isar-users@googlegroups.com Date: Tue, 01 Apr 2025 15:43:33 +0300 In-Reply-To: <20250324070833.2280190-1-srinuvasan.a@siemens.com> References: <20250324070833.2280190-1-srinuvasan.a@siemens.com> Autocrypt: addr=ubely@ilbers.de; prefer-encrypt=mutual; keydata=mQENBGO2eUkBCACtT+T3OrPVSExBmqfgXT3lp9XcdxRzjYp26wezkgYjjBXaf36bxtaAf S471VoQtpar0RVeFfW7WDDdfX9ZclSj36zBQe+RVSJzoNoNQfjOXWuSHb5Z+cpAFtqBY4muxK4+ia IlLJd6CN3ejOsLHATtCeHHq8wi0z2T+KdLQO+wQRgo2hjj0Lp9pGTrKJry50HP/o7Vbdu14dOx2xq r8+wPc6SQbBIrcqaa4MqCQC00vQG7eXvo+k2MOw59FDdpMH0KR9mHgp3u/s4I+4YRBArukt9G9xz/ rsEFmxAIBC6N/a6Hzwg4puc91n7ABDsPg8Vp+X3MDraujN0dvR6OKVNtABEBAAG0IFVsYWR6aW1pc iBCZWx5IDx1YmVseUBpbGJlcnMuZGU+iQFOBBMBCAA4FiEEJqPNVhVGyk12Eh+PAUQYBM/2FkoFAm O2eUkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQAUQYBM/2FkprlAgAmuna8Hm9EyoEtTl DBGDg6Zm4ZLp5ffvZBE946h92jepDrteoxsJ7pSzJVC2HmDLa4iZUao7lLLbDsUj5x45/iLJcqBZK k3YnAxP2r6a+kI+1VVQY1pxdG1nlJAbdNzoojm/qmezNPSrqni61KVMQKsXBCWhIjSXDSM9CsBj21 a+9qaVqfxovJGTn9lgrZO+xzKQNMKZeOouJlscVuFj21P0ww3/YENiU/nMeTSuYypO76mDtAd08Jo nc3yuHa9MJGei5ixN3wT+IrGR2aL2hdw2M6NgH7sYbL2Zi4ugD6RXHJai1Bh2yvFSVqSQ+M6QOInT 4ud7wslm1XRB065dXtA== Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.56.0 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ubely@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: oGJSkhnVahFd On Mon, 2025-03-24 at 12:38 +0530, srinuvasan.a via isar-users wrote: > From: Srinuvasan A >=20 > Signed-off-by: Srinuvasan A > --- > =C2=A0kas/kas-container | 99 +++++++++++++++++++++++++++++++++++++-------= - > -- > =C2=A01 file changed, 78 insertions(+), 21 deletions(-) >=20 > diff --git a/kas/kas-container b/kas/kas-container > index 6b2131c3..d6118b97 100755 > --- a/kas/kas-container > +++ b/kas/kas-container > @@ -27,24 +27,28 @@ > =C2=A0 > =C2=A0set -e > =C2=A0 > -KAS_IMAGE_VERSION_DEFAULT=3D"4.5" > +KAS_IMAGE_VERSION_DEFAULT=3D"4.7" > =C2=A0KAS_CONTAINER_IMAGE_PATH_DEFAULT=3D"ghcr.io/siemens/kas" > =C2=A0KAS_CONTAINER_IMAGE_NAME_DEFAULT=3D"kas" > =C2=A0KAS_CONTAINER_SELF_NAME=3D"$(basename "$0")" > =C2=A0 > +# usage [exit_code] > =C2=A0usage() > =C2=A0{ > + EXIT_CODE=3D"$1" > =C2=A0 SELF=3D"${KAS_CONTAINER_SELF_NAME}" > + > =C2=A0 printf "%b" "Usage: ${SELF} [OPTIONS] { build | shell } > [KASOPTIONS] [KASFILE]\n" > - printf "%b" "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${SELF} [OPTIONS] { c= heckout | dump } > [KASOPTIONS] [KASFILE]\n" > + printf "%b" "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${SELF} [OPTIONS] { c= heckout | dump | > lock } [KASOPTIONS] [KASFILE]\n" > =C2=A0 printf "%b" "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${SELF} [OPTIONS= ] for-all-repos > [KASOPTIONS] [KASFILE] COMMAND\n" > - printf "%b" "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${SELF} [OPTIONS] { c= lean | cleansstate > | cleanall} [KASFILE]\n" > + printf "%b" "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${SELF} [OPTIONS] { c= lean | cleansstate > | cleanall } [KASFILE]\n" > =C2=A0 printf "%b" "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${SELF} [OPTIONS= ] menu [KCONFIG]\n" > =C2=A0 printf "%b" "\nPositional arguments:\n" > =C2=A0 printf "%b" "build\t\t\tCheck out repositories and build > target.\n" > =C2=A0 printf "%b" "checkout\t\tCheck out repositories but do not > build.\n" > =C2=A0 printf "%b" "dump\t\t\tCheck out repositories and write flat > version\n" > =C2=A0 printf "%b" "=C2=A0=C2=A0=C2=A0 \t\t\tof config to stdout.\n" > + printf "%b" "lock\t\t\tCreate and update kas project > lockfiles\n" > =C2=A0 printf "%b" "shell\t\t\tRun a shell in the build > environment.\n" > =C2=A0 printf "%b" "for-all-repos\t\tRun specified command in each > repository.\n" > =C2=A0 printf "%b" "clean\t\t\tClean build artifacts, keep sstate > cache and " \ > @@ -63,9 +67,7 @@ usage() > =C2=A0 printf "%b" "--runtime-args\t\tAdditional arguments to pass > to the " \ > =C2=A0 "container runtime\n" > =C2=A0 printf "%b" "\t\t\tfor running the build.\n" > - printf "%b" "-d\t\t\tPrint debug output (deprecated, use -l > debug).\n" > =C2=A0 printf "%b" "-l, --log-level\t\tSet log level > (default=3Dinfo).\n" > - printf "%b" "-v\t\t\tSame as -d (deprecated).\n" > =C2=A0 printf "%b" "--version\t\tprint program version.\n" > =C2=A0 printf "%b" "--ssh-dir\t\tDirectory containing SSH > configurations.\n" > =C2=A0 printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust > the " \ > @@ -80,28 +82,39 @@ usage() > =C2=A0 =C2=A0=C2=A0=C2=A0 "\t\t\t(default for build command)\n" > =C2=A0 printf "%b" "--repo-rw\t\tMount current repository > writeable\n" \ > =C2=A0 =C2=A0=C2=A0=C2=A0 "\t\t\t(default for shell command)\n" > + printf "%b" "-h, --help\t\tShow this help message and > exit.\n" > =C2=A0 printf "%b" "\n" > =C2=A0 printf "%b" "You can force the use of podman over docker > using " \ > =C2=A0 =C2=A0=C2=A0=C2=A0 "KAS_CONTAINER_ENGINE=3Dpodman.\n" > - exit 1 > + > + exit "${EXIT_CODE:-1}" > =C2=A0} > =C2=A0 > -fatal_error(){ > +fatal_error() > +{ > =C2=A0 echo "${KAS_CONTAINER_SELF_NAME}: Error: $*" >&2 > =C2=A0 exit 1 > =C2=A0} > =C2=A0 > -warning(){ > +warning() > +{ > =C2=A0 echo "${KAS_CONTAINER_SELF_NAME}: Warning: $*" >&2 > =C2=A0} > =C2=A0 > +debug(){ > + if [ -n "${KAS_VERBOSE}" ]; then > + echo "${KAS_CONTAINER_SELF_NAME}: Debug: $*" >&2 > + fi > +} > + > =C2=A0trace() > =C2=A0{ > =C2=A0 [ -n "${KAS_VERBOSE}" ] && echo "+ $*" >&2 > =C2=A0 "$@" > =C2=A0} > =C2=A0 > -enable_isar_mode() { > +enable_isar_mode() > +{ > =C2=A0 if [ -n "${ISAR_MODE}" ]; then > =C2=A0 return > =C2=A0 fi > @@ -118,7 +131,8 @@ enable_isar_mode() { > =C2=A0 fi > =C2=A0} > =C2=A0 > -enable_oe_mode() { > +enable_oe_mode() > +{ > =C2=A0 if [ "${KAS_CONTAINER_ENGINE}" =3D "podman" ]; then > =C2=A0 # The container entry point expects that the current > userid > =C2=A0 # calling "podman run" has a 1:1 mapping > @@ -126,7 +140,23 @@ enable_oe_mode() { > =C2=A0 fi > =C2=A0} > =C2=A0 > -run_clean() { > +enable_unpriv_userns_docker() > +{ > + if [ -f /etc/os-release ] && grep -q 'NAME=3D"Ubuntu"' > /etc/os-release && > + =C2=A0=C2=A0 [ -f > /proc/sys/kernel/apparmor_restrict_unprivileged_userns ] && > + =C2=A0=C2=A0 [ "$(cat > /proc/sys/kernel/apparmor_restrict_unprivileged_userns)" =3D "1" ]; > then > + if [ -f /etc/apparmor.d/rootlesskit ]; then > + debug "AppArmor restricts unprivileged > userns, using \"rootlesskit\" profile" > + KAS_RUNTIME_ARGS=3D"${KAS_RUNTIME_ARGS} -- > security-opt apparmor=3Drootlesskit" > + else > + warning "AppArmor restricts unprivileged > userns but no suitable apparmor " \ > + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "profile found. Consider s= etting > apparmor_restrict_unprivileged_userns=3D0" > + fi > + fi > +} > + > +run_clean() > +{ > =C2=A0 if [ -n "${KAS_ISAR_ARGS}" ]; then > =C2=A0 # SC2086: Double quote to prevent globbing and word > splitting. > =C2=A0 # shellcheck disable=3D2086 > @@ -149,7 +179,17 @@ run_clean() { > =C2=A0 fi > =C2=A0} > =C2=A0 > -set_container_image_var() { > +KAS_GIT_OVERLAY_FILE=3D"" > +kas_container_cleanup() > +{ > + if [ -f "${KAS_GIT_OVERLAY_FILE}" ]; then > + trace rm -f "${KAS_GIT_OVERLAY_FILE}" > + fi > +} > +trap kas_container_cleanup EXIT INT TERM > + > +set_container_image_var() > +{ > =C2=A0 KAS_IMAGE_VERSION=3D"${KAS_IMAGE_VERSION:- > ${KAS_IMAGE_VERSION_DEFAULT}}" > =C2=A0 KAS_CONTAINER_IMAGE_NAME=3D"${KAS_CONTAINER_IMAGE_NAME:- > ${KAS_CONTAINER_IMAGE_NAME_DEFAULT}}" > =C2=A0 KAS_CONTAINER_IMAGE_PATH=3D"${KAS_CONTAINER_IMAGE_PATH:- > ${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}" > @@ -158,8 +198,10 @@ set_container_image_var() { > =C2=A0} > =C2=A0 > =C2=A0KAS_WORK_DIR=3D$(readlink -fv "${KAS_WORK_DIR:-$(pwd)}") > -# KAS_WORK_DIR needs to exist for the subsequent code > -trace mkdir -p "${KAS_WORK_DIR}" > +if ! [ -d "${KAS_WORK_DIR}" ]; then > + fatal_error "KAS_WORK_DIR '${KAS_WORK_DIR}' is not a > directory" > +fi > + > =C2=A0KAS_BUILD_DIR=3D$(readlink -fv "${KAS_BUILD_DIR:- > ${KAS_WORK_DIR}/build}") > =C2=A0trace mkdir -p "${KAS_BUILD_DIR}" > =C2=A0 > @@ -192,6 +234,7 @@ KAS_RUNTIME_ARGS=3D"--log-driver=3Dnone --user=3Droot= " > =C2=A0case "${KAS_CONTAINER_ENGINE}" in > =C2=A0docker) > =C2=A0 KAS_CONTAINER_COMMAND=3D"docker" > + enable_unpriv_userns_docker > =C2=A0 ;; > =C2=A0podman) > =C2=A0 KAS_CONTAINER_COMMAND=3D"podman" > @@ -269,11 +312,6 @@ while [ $# -gt 0 ]; do > =C2=A0 KAS_REPO_MOUNT_OPT=3D"rw" > =C2=A0 shift 1 > =C2=A0 ;; > - -v | -d) > - KAS_VERBOSE=3D1 > - KAS_OPTIONS_DIRECT=3D"${KAS_OPTIONS_DIRECT} -d" > - shift 1 > - ;; > =C2=A0 -l | --log-level) > =C2=A0 if [ "$2" =3D "debug" ]; then > =C2=A0 KAS_VERBOSE=3D1 > @@ -285,6 +323,9 @@ while [ $# -gt 0 ]; do > =C2=A0 echo "${KAS_CONTAINER_SELF_NAME} > $KAS_IMAGE_VERSION_DEFAULT" > =C2=A0 exit 0 > =C2=A0 ;; > + -h | --help) > + usage 0 > + ;; > =C2=A0 --*) > =C2=A0 usage > =C2=A0 ;; > @@ -293,7 +334,7 @@ while [ $# -gt 0 ]; do > =C2=A0 shift 1 > =C2=A0 break > =C2=A0 ;; > - shell) > + shell|lock) > =C2=A0 KAS_REPO_MOUNT_OPT_DEFAULT=3D"rw" > =C2=A0 KAS_CMD=3D$1 > =C2=A0 shift 1 > @@ -459,6 +500,22 @@ set -- "$@" -v > "${KAS_REPO_DIR}:/repo:${KAS_REPO_MOUNT_OPT}" \ > =C2=A0 -e KAS_BUILD_DIR=3D/build \ > =C2=A0 -e USER_ID=3D"$(id -u)" -e GROUP_ID=3D"$(id -g)" --rm --init > =C2=A0 > +if git_com_dir=3D$(git -C "${KAS_REPO_DIR}" rev-parse --git-common-dir > 2>/dev/null) \ > + && [ "$git_com_dir" !=3D "$(git -C "${KAS_REPO_DIR}" rev-parse > --git-dir)" ]; then > + # If (it's a git repo) and the common dir isn't the git-dir, > it is shared worktree and > + # we have to mount the common dir in the container to make > git work > + # The mount path inside the container is different from the > host path. Hence, we over-mount > + # the .git file to point to the correct path. > + KAS_GIT_OVERLAY_FILE=3D$(mktemp) > + sed "s|gitdir: ${git_com_dir}/|gitdir: /repo-common/|" > "${KAS_REPO_DIR}/.git" > "${KAS_GIT_OVERLAY_FILE}" > + set -- "$@" -v "${git_com_dir}:/repo- > common:${KAS_REPO_MOUNT_OPT}" \ > + -v "${KAS_GIT_OVERLAY_FILE}:/repo/.git:ro" > + # if the workdir is the same as the repo dir, it is the same > shared worktree > + if [ "${KAS_WORK_DIR}" =3D "${KAS_REPO_DIR}" ]; then > + set -- "$@" -v > "${KAS_GIT_OVERLAY_FILE}:/work/.git:ro" > + fi > +fi > + > =C2=A0if [ -n "${KAS_SSH_DIR}" ] ; then > =C2=A0 if [ ! -d "${KAS_SSH_DIR}" ]; then > =C2=A0 fatal_error "passed KAS_SSH_DIR '${KAS_SSH_DIR}' is > not a directory" > @@ -484,7 +541,7 @@ if [ -n "${KAS_AWS_DIR}" ] ; then > =C2=A0fi > =C2=A0if [ -n "${AWS_WEB_IDENTITY_TOKEN_FILE}" ] ; then > =C2=A0 if [ ! -f "${AWS_WEB_IDENTITY_TOKEN_FILE}" ]; then > - echo "Passed AWS_WEB_IDENTITY_TOKEN_FILE > '${AWS_WEB_IDENTITY_TOKEN_FILE}' is not a directory" > + echo "Passed AWS_WEB_IDENTITY_TOKEN_FILE > '${AWS_WEB_IDENTITY_TOKEN_FILE}' is not a file" > =C2=A0 exit 1 > =C2=A0 fi > =C2=A0 set -- "$@" -v "$(readlink -fv > "${AWS_WEB_IDENTITY_TOKEN_FILE}")":/var/kas/userdata/.aws/web_identit > y_token:ro \ > --=20 > 2.34.1 Applied to next, thanks. --=20 Best regards, Uladzimir. --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= c60a4790c4bcc212fec8f67c0518f660fcbc8473.camel%40ilbers.de.