* [cip-dev] [isar-cip-core] export dpkg status for debsecan @ 2020-09-30 2:08 Daniel Sangorrin 2020-09-30 2:08 ` [cip-dev] [isar-cip-core] image: export dpkg status file " Daniel Sangorrin 0 siblings, 1 reply; 6+ messages in thread From: Daniel Sangorrin @ 2020-09-30 2:08 UTC (permalink / raw) To: jan.kiszka; +Cc: cip-dev [-- Attachment #1: Type: text/plain, Size: 470 bytes --] Hi Jan, This is a patch to isar-cip-core for exporting the dpkg status file which is needed by debsecan and its wrapper cip-core-sec. At the moment the code is duplicated for each image target. I could use the trick of putting the code in customizations.bb instead if you prefer, because currently it is imported from both image targets (cip-core-image.bb and cip-core-image-security.bb) [isar-cip-core] image: export dpkg status file for debsecan Thanks, Daniel [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5481): https://lists.cip-project.org/g/cip-dev/message/5481 Mute This Topic: https://lists.cip-project.org/mt/77210405/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan 2020-09-30 2:08 [cip-dev] [isar-cip-core] export dpkg status for debsecan Daniel Sangorrin @ 2020-09-30 2:08 ` Daniel Sangorrin 2020-09-30 7:11 ` Jan Kiszka 0 siblings, 1 reply; 6+ messages in thread From: Daniel Sangorrin @ 2020-09-30 2:08 UTC (permalink / raw) To: jan.kiszka; +Cc: cip-dev [-- Attachment #1: Type: text/plain, Size: 1600 bytes --] Although the currently exported manifest probably has enough information, the tool debsecan and our wrapper cip-core-sec depend on the dpkg status format. Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp> --- recipes-core/images/cip-core-image-security.bb | 8 ++++++++ recipes-core/images/cip-core-image.bb | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb index 61ddc39..928774c 100644 --- a/recipes-core/images/cip-core-image-security.bb +++ b/recipes-core/images/cip-core-image-security.bb @@ -34,3 +34,11 @@ IMAGE_PREINSTALL += " \ uuid-runtime \ sudo \ " + +# for cip-core-sec/debsecan +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" +export_dpkg_status() { + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + cat /var/lib/dpkg/status > \ + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status +} diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb index 2cecde3..0139819 100644 --- a/recipes-core/images/cip-core-image.bb +++ b/recipes-core/images/cip-core-image.bb @@ -19,3 +19,11 @@ IMAGE_INSTALL += "customizations" # for swupdate SWU_DESCRIPTION ??= "swupdate" include ${SWU_DESCRIPTION}.inc + +# for cip-core-sec/debsecan +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" +export_dpkg_status() { + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ + cat /var/lib/dpkg/status > \ + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status +} -- 2.25.1 [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5480): https://lists.cip-project.org/g/cip-dev/message/5480 Mute This Topic: https://lists.cip-project.org/mt/77210404/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan 2020-09-30 2:08 ` [cip-dev] [isar-cip-core] image: export dpkg status file " Daniel Sangorrin @ 2020-09-30 7:11 ` Jan Kiszka 2020-10-01 0:20 ` Daniel Sangorrin ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Jan Kiszka @ 2020-09-30 7:11 UTC (permalink / raw) To: cip-dev, Daniel Sangorrin [-- Attachment #1: Type: text/plain, Size: 2047 bytes --] On 30.09.20 04:08, Daniel Sangorrin wrote: > Although the currently exported manifest probably has > enough information, the tool debsecan and our wrapper > cip-core-sec depend on the dpkg status format. > > Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp> > --- > recipes-core/images/cip-core-image-security.bb | 8 ++++++++ > recipes-core/images/cip-core-image.bb | 8 ++++++++ > 2 files changed, 16 insertions(+) > > diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb > index 61ddc39..928774c 100644 > --- a/recipes-core/images/cip-core-image-security.bb > +++ b/recipes-core/images/cip-core-image-security.bb > @@ -34,3 +34,11 @@ IMAGE_PREINSTALL += " \ > uuid-runtime \ > sudo \ > " > + > +# for cip-core-sec/debsecan > +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" > +export_dpkg_status() { > + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ > + cat /var/lib/dpkg/status > \ > + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status This is just a copy-out, I don't see the chroot need here. > +} > diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb > index 2cecde3..0139819 100644 > --- a/recipes-core/images/cip-core-image.bb > +++ b/recipes-core/images/cip-core-image.bb > @@ -19,3 +19,11 @@ IMAGE_INSTALL += "customizations" > # for swupdate > SWU_DESCRIPTION ??= "swupdate" > include ${SWU_DESCRIPTION}.inc > + > +# for cip-core-sec/debsecan > +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" > +export_dpkg_status() { > + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ > + cat /var/lib/dpkg/status > \ > + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status > +} > Please avoid code duplication. We have means like "require some.inc" in bitbake. I'm also wondering if this should go to isar upstream directly. debsecan is a generic Debian tool, nothing CIP-specific per se. Jan [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5496): https://lists.cip-project.org/g/cip-dev/message/5496 Mute This Topic: https://lists.cip-project.org/mt/77210404/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan 2020-09-30 7:11 ` Jan Kiszka @ 2020-10-01 0:20 ` Daniel Sangorrin 2020-10-01 0:23 ` Daniel Sangorrin 2020-10-01 3:03 ` Daniel Sangorrin 2 siblings, 0 replies; 6+ messages in thread From: Daniel Sangorrin @ 2020-10-01 0:20 UTC (permalink / raw) To: jan.kiszka, cip-dev [-- Attachment #1: Type: text/plain, Size: 2547 bytes --] OK, I will send it to ISAR then. > -----Original Message----- > From: Jan Kiszka <jan.kiszka@web.de> > Sent: Wednesday, September 30, 2020 4:12 PM > To: cip-dev@lists.cip-project.org; sangorrin daniel(サンゴリン ダニエル □SWC◯ACT) <daniel.sangorrin@toshiba.co.jp> > Subject: Re: [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan > > On 30.09.20 04:08, Daniel Sangorrin wrote: > > Although the currently exported manifest probably has enough > > information, the tool debsecan and our wrapper cip-core-sec depend on > > the dpkg status format. > > > > Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp> > > --- > > recipes-core/images/cip-core-image-security.bb | 8 ++++++++ > > recipes-core/images/cip-core-image.bb | 8 ++++++++ > > 2 files changed, 16 insertions(+) > > > > diff --git a/recipes-core/images/cip-core-image-security.bb > > b/recipes-core/images/cip-core-image-security.bb > > index 61ddc39..928774c 100644 > > --- a/recipes-core/images/cip-core-image-security.bb > > +++ b/recipes-core/images/cip-core-image-security.bb > > @@ -34,3 +34,11 @@ IMAGE_PREINSTALL += " \ > > uuid-runtime \ > > sudo \ > > " > > + > > +# for cip-core-sec/debsecan > > +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" > > +export_dpkg_status() { > > + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ > > + cat /var/lib/dpkg/status > \ > > + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status > > This is just a copy-out, I don't see the chroot need here. > > > +} > > diff --git a/recipes-core/images/cip-core-image.bb > > b/recipes-core/images/cip-core-image.bb > > index 2cecde3..0139819 100644 > > --- a/recipes-core/images/cip-core-image.bb > > +++ b/recipes-core/images/cip-core-image.bb > > @@ -19,3 +19,11 @@ IMAGE_INSTALL += "customizations" > > # for swupdate > > SWU_DESCRIPTION ??= "swupdate" > > include ${SWU_DESCRIPTION}.inc > > + > > +# for cip-core-sec/debsecan > > +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" > > +export_dpkg_status() { > > + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ > > + cat /var/lib/dpkg/status > \ > > + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status > > +} > > > > Please avoid code duplication. We have means like "require some.inc" in bitbake. > > I'm also wondering if this should go to isar upstream directly. debsecan is a generic Debian tool, nothing CIP-specific per se. > > Jan [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5483): https://lists.cip-project.org/g/cip-dev/message/5483 Mute This Topic: https://lists.cip-project.org/mt/77210404/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan 2020-09-30 7:11 ` Jan Kiszka 2020-10-01 0:20 ` Daniel Sangorrin @ 2020-10-01 0:23 ` Daniel Sangorrin 2020-10-01 3:03 ` Daniel Sangorrin 2 siblings, 0 replies; 6+ messages in thread From: Daniel Sangorrin @ 2020-10-01 0:23 UTC (permalink / raw) To: jan.kiszka, cip-dev [-- Attachment #1: Type: text/plain, Size: 570 bytes --] Hi Jan, I forgot to reply one comment. > > +# for cip-core-sec/debsecan > > +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" > > +export_dpkg_status() { > > + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ > > + cat /var/lib/dpkg/status > \ > > + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status > > This is just a copy-out, I don't see the chroot need here. This was based on the generate_manifest function. For some reason, copying without chroot didn't work for me. I will give it another try. Thanks, Daniel [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5484): https://lists.cip-project.org/g/cip-dev/message/5484 Mute This Topic: https://lists.cip-project.org/mt/77210404/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan 2020-09-30 7:11 ` Jan Kiszka 2020-10-01 0:20 ` Daniel Sangorrin 2020-10-01 0:23 ` Daniel Sangorrin @ 2020-10-01 3:03 ` Daniel Sangorrin 2 siblings, 0 replies; 6+ messages in thread From: Daniel Sangorrin @ 2020-10-01 3:03 UTC (permalink / raw) To: jan.kiszka, cip-dev [-- Attachment #1: Type: text/plain, Size: 1032 bytes --] Hi Jan, Now it seems to work. I think it was some subtle issue with the use of quotes. Thanks, Daniel > -----Original Message----- > From: sangorrin daniel(サンゴリン ダニエル □SWC◯ACT) > Sent: Thursday, October 1, 2020 9:23 AM > To: 'Jan Kiszka' <jan.kiszka@web.de>; cip-dev@lists.cip-project.org > Subject: RE: [cip-dev] [isar-cip-core] image: export dpkg status file for debsecan > > Hi Jan, > > I forgot to reply one comment. > > > > +# for cip-core-sec/debsecan > > > +ROOTFS_POSTPROCESS_COMMAND += "export_dpkg_status" > > > +export_dpkg_status() { > > > + sudo -E chroot --userspec=$(id -u):$(id -g) '${ROOTFSDIR}' \ > > > + cat /var/lib/dpkg/status > \ > > > + ${ROOTFS_MANIFEST_DEPLOY_DIR}/"${PF}".dpkg_status > > > > This is just a copy-out, I don't see the chroot need here. > > This was based on the generate_manifest function. > For some reason, copying without chroot didn't work for me. I will give it another try. > > Thanks, > Daniel [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5486): https://lists.cip-project.org/g/cip-dev/message/5486 Mute This Topic: https://lists.cip-project.org/mt/77210404/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-04 14:58 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-09-30 2:08 [cip-dev] [isar-cip-core] export dpkg status for debsecan Daniel Sangorrin 2020-09-30 2:08 ` [cip-dev] [isar-cip-core] image: export dpkg status file " Daniel Sangorrin 2020-09-30 7:11 ` Jan Kiszka 2020-10-01 0:20 ` Daniel Sangorrin 2020-10-01 0:23 ` Daniel Sangorrin 2020-10-01 3:03 ` Daniel Sangorrin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).