From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7120476383164235776
X-Received: by 2002:a67:f881:0:b0:357:9673:4b4f with SMTP id h1-20020a67f881000000b0035796734b4fmr9680048vso.73.1658236174630;
        Tue, 19 Jul 2022 06:09:34 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6122:24d:b0:374:bc2a:90dd with SMTP id
 t13-20020a056122024d00b00374bc2a90ddls112733vko.3.-pod-prod-gmail; Tue, 19
 Jul 2022 06:09:34 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vC/969uR8Tm1v9RicLxGiSTf/S7KIjc+XBdPcVil+rpnj1fFMkUmnhYd6/5tBnaqVVmMi4
X-Received: by 2002:a1f:4a45:0:b0:373:e1a4:8178 with SMTP id x66-20020a1f4a45000000b00373e1a48178mr11265510vka.34.1658236174111;
        Tue, 19 Jul 2022 06:09:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658236174; cv=none;
        d=google.com; s=arc-20160816;
        b=er2gBACAIKiA6Hc1/jl+kNEBlRBgwV5rNPpKquECj+ZmRsQos9zFEtyBgy6t5kvI6R
         qithtnRnbP/t5J+BGI0X5MfwnTAiYZgaYw/JFlUyflq803u3wqpSiHVAJ1gHqdPQty9c
         eKZxkOLrJ9/H4qecd2ZJBf/p9O1abnuCk4geu5AD1vxyrzv9GBRg+K3ydLLj8JMuZWYF
         PQCJBFxGADbTQuW5/0tgEC/XFQRNSh5mAcNAprBg1usrtkPRTe8xJZfto7N2ZwaBySku
         j89XDmmILOHZOcxtzDO4OuqthmFgCEWKhdIlq/vuxAYfUxOqcTXByjxPt9EweJs8+6xU
         6SLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:to
         :content-language:subject:user-agent:mime-version:date:message-id;
        bh=B2Ij1P6yNXt2cGqC+CdfC2biSNI4rMb3CSJMY24ryD0=;
        b=ok1P77Uf/k7s2itQ61Uha0r9SSjhKfV7G75/FH+dcjPu98RzdVS8TYCVCbfh39un00
         RVfkh6zksikKUGgKe3K4xMJQ1DIw+Nya9VQwOTY5EZio8zBRXrE9Vf7XbDSVjpRr2rDt
         WFCmY+gL4p28t9Lhjb6fRmiN0p5ed7HvhxbctCoFeT9PfP3Y1QovpDJp7kHoFx+L0vlx
         /skXJBUNDBHV8HRWGQpttb8SiBma/8p/tXpahq3r7uUrobpSBZ52ZA0Qxj6CGbwL88G/
         itYLw9ii410xbxys/D+VZI6RyvDRK6njMGpL1ENl9/4PycECd0Tq1o731Z0H6HVUox47
         iIpQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Return-Path: <amikan@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id f81-20020a1f9c54000000b0037467483219si615522vke.0.2022.07.19.06.09.33
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 19 Jul 2022 06:09:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de
Received: from [127.0.0.1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 26JD9Uj7015742
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 19 Jul 2022 15:09:31 +0200
Message-ID: <d86e2480-8e84-1840-e82f-72c347c1f1b0@ilbers.de>
Date: Tue, 19 Jul 2022 16:09:30 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.9.1
Subject: Re: [PATCH v2 00/18] Migrate to Bitbake 2.0
Content-Language: en-US
To: "Schmidt, Adriaan" <adriaan.schmidt@siemens.com>,
        "isar-users@googlegroups.com" <isar-users@googlegroups.com>
References: <20220715060442.18063-1-amikan@ilbers.de>
 <AS4PR10MB53186729487A5C0ACD0EBD6AED8F9@AS4PR10MB5318.EURPRD10.PROD.OUTLOOK.COM>
From: Anton Mikanovich <amikan@ilbers.de>
In-Reply-To: <AS4PR10MB53186729487A5C0ACD0EBD6AED8F9@AS4PR10MB5318.EURPRD10.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: kPuaVM3GBS/L

19.07.2022 14:36, Schmidt, Adriaan wrote:
> Anton Mikanovich, Freitag, 15. Juli 2022 08:04:
>> This patchset moves Isar to use Bitbake 2.0 branch.
> Hi Anton,
>
> Looks great overall!
>
>> scripts/contrib/convert-overrides.py is the script for overrides update and
>> it
>> needs some testing on downstream layers. Usage:
>> $ ./scripts/contrib/convert-overrides.py meta-customlayer
> I found a number of variables in the image(r) context in meta that we use with
> overrides, and that are not yet covered by the conversion script:
> IMAGE_FSTYPES
> IMAGE_SRC_URI
> IMAGE_TEMPLATE_FILES
> IMAGE_TEMPLATE_VARS
> IMAGE_CMD_REQUIRED_ARGS
> IMAGE_FULLNAME
> CONVERSION_DEPS
> BUILDCHROOT_PREINSTALL
> IMAGER_BUILD_DEPS
> IMAGER_INSTALL
>
> And then there's the issue with the [network] flag we currently add to
> tasks that need network, but also to those that use sudo.
> I'm not sure if there's a reason why bitbake creates a new user namespace
> when disabling network. We could discuss with upsteam. This patch would
> enable sudo for Isar:
> ---
> diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
> index 05adb415..d11da978 100644
> --- a/bitbake/lib/bb/utils.py
> +++ b/bitbake/lib/bb/utils.py
> @@ -1618,7 +1618,7 @@ def disable_network(uid=None, gid=None):
>       if gid is None:
>           gid = os.getgid()
>   
> -    ret = libc.unshare(CLONE_NEWNET)
> +    ret = libc.unshare(CLONE_NEWNET | CLONE_NEWUSER)
>       if ret != 0:
>           logger.debug("System doesn't suport disabling network without admin privs")
>           return
> ---
>
> Adriaan

Hello, Adriaan

I've just send v3 which is already good enough to pass CI tests.
Will look into imagetypes-related vars for the next version.

Does CLONE_NEWUSER flag disable network task checking also?
If yes, this is not the right way, because we should keep documented 
bitbake checks.