diff --git a/kas-container b/kas-container index 0e99898b..b46682e4 100755 --- a/kas-container +++ b/kas-container @@ -27,8 +27,9 @@ set -e -KAS_CONTAINER_SCRIPT_VERSION="4.8.1" +KAS_CONTAINER_SCRIPT_VERSION="5.1" KAS_IMAGE_VERSION_DEFAULT="${KAS_CONTAINER_SCRIPT_VERSION}" +KAS_CONTAINER_IMAGE_DISTRO_DEFAULT="debian-bookworm" KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas" KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas" KAS_CONTAINER_SELF_NAME="$(basename "$0")" @@ -64,7 +65,8 @@ usage() printf "%b" "menu\t\t\tProvide configuration menu and trigger " \ "configured build.\n" printf "%b" "\nOptional arguments:\n" - printf "%b" "--isar\t\t\tUse kas-isar container to build Isar image.\n" + printf "%b" "--isar\t\t\tUse kas-isar container to build Isar image. To force\n" + printf "%b" " \t\t\tthe use of run0 over sudo, set KAS_SUDO_CMD=run0.\n" printf "%b" "--with-loop-dev Pass a loop device to the " \ "container. Only required if\n" printf "%b" "\t\t\tloop-mounting is used by recipes.\n" @@ -117,6 +119,26 @@ trace() "$@" } +prepare_sudo_cmd() +{ + if [ -z "${KAS_SUDO_CMD}" ]; then + # Try to auto-detect a privileged executor + if command -v sudo >/dev/null; then + KAS_SUDO_CMD="sudo" + elif command -v run0 >/dev/null; then + KAS_SUDO_CMD="run0" + else + fatal_error "No privileged executor found, need sudo or run0." + fi + fi + + case "$KAS_SUDO_CMD" in + sudo) _KAS_SUDO_CMD="sudo --preserve-env";; + run0) _KAS_SUDO_CMD="run0 --background= --unit=kas-container@$$";; + *) fatal_error "Unsupported KAS_SUDO_CMD ('${KAS_SUDO_CMD}'), use sudo or run0.";; + esac +} + enable_isar_mode() { if [ -n "${ISAR_MODE}" ]; then @@ -128,15 +150,17 @@ enable_isar_mode() KAS_ISAR_ARGS="--privileged" if [ "${KAS_CONTAINER_ENGINE}" = "podman" ]; then + prepare_sudo_cmd # sudo is needed for a privileged podman container - KAS_CONTAINER_COMMAND="sudo --preserve-env ${KAS_CONTAINER_COMMAND}" + KAS_CONTAINER_COMMAND="${_KAS_SUDO_CMD} ${KAS_CONTAINER_COMMAND}" # preserved user PATH may lack sbin needed by privileged podman export PATH="${PATH}:/usr/sbin" elif [ "${KAS_DOCKER_ROOTLESS}" = "1" ]; then + prepare_sudo_cmd export DOCKER_HOST="${DOCKER_HOST:-unix:///var/run/docker.sock}" debug "kas-isar does not support rootless docker. Using system docker" # force use of well-known system docker socket - KAS_CONTAINER_COMMAND="sudo --preserve-env ${KAS_CONTAINER_COMMAND}" + KAS_CONTAINER_COMMAND="${_KAS_SUDO_CMD} ${KAS_CONTAINER_COMMAND}" KAS_DOCKER_ROOTLESS=0 fi } @@ -267,10 +291,14 @@ trap kas_container_cleanup EXIT INT TERM set_container_image_var() { KAS_IMAGE_VERSION="${KAS_IMAGE_VERSION:-${KAS_IMAGE_VERSION_DEFAULT}}" + KAS_CONTAINER_IMAGE_DISTRO="${KAS_CONTAINER_IMAGE_DISTRO:-${KAS_CONTAINER_IMAGE_DISTRO_DEFAULT}}" KAS_CONTAINER_IMAGE_NAME="${KAS_CONTAINER_IMAGE_NAME:-${KAS_CONTAINER_IMAGE_NAME_DEFAULT}}" KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}" KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}" KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}" + if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then + KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}" + fi } # SC2034: DIR appears unused (ignore, as they are used inside eval) @@ -283,6 +311,7 @@ setup_kas_dirs() KAS_REPO_REF_DIR="$(check_and_expand KAS_REPO_REF_DIR required)" DL_DIR="$(check_and_expand DL_DIR createrec)" SSTATE_DIR="$(check_and_expand SSTATE_DIR createrec)" + KAS_BUILDTOOLS_DIR="$(check_and_expand KAS_BUILDTOOLS_DIR createrec)" } setup_kas_dirs @@ -339,6 +368,10 @@ while [ $# -gt 0 ]; do if [ "$(id -u)" -eq 0 ]; then fatal_error "loop device not available!" fi + prepare_sudo_cmd + if ! [ "$KAS_SUDO_CMD" = "sudo" ]; then + fatal_error '--with-loop-dev requires sudo for device setup.' + fi sudo_command="/sbin/losetup -f" sudo_message="[sudo] enter password to setup loop" sudo_message="$sudo_message devices by calling" @@ -454,6 +487,7 @@ done [ -n "${KAS_CMD}" ] || usage KAS_EXTRA_BITBAKE_ARGS=0 +KAS_FILES= # parse kas sub-command options while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do @@ -592,6 +626,7 @@ forward_dir KAS_BUILD_DIR "/build" "rw" forward_dir DL_DIR "/downloads" "rw" forward_dir KAS_REPO_REF_DIR "/repo-ref" "rw" forward_dir SSTATE_DIR "/sstate" "rw" +forward_dir KAS_BUILDTOOLS_DIR "/buildtools" "rw" if git_com_dir=$(git -C "${KAS_REPO_DIR}" rev-parse --git-common-dir 2>/dev/null) \ && [ "$git_com_dir" != "$(git -C "${KAS_REPO_DIR}" rev-parse --git-dir)" ]; then @@ -686,12 +721,9 @@ if [ -n "${SSTATE_MIRRORS}" ]; then set -- "$@" -e "SSTATE_MIRRORS=${SSTATE_MIRRORS}" fi -# propagate timezone information -if [ -f "/etc/localtime" ]; then - set -- "$@" -v "$(realpath -e "/etc/localtime")":/etc/localtime:ro -fi -if [ -f "/etc/timezone" ]; then - set -- "$@" -v "$(realpath -e "/etc/timezone")":/etc/timezone:ro +# propagate timezone information to entrypoint (requires systemd 239) +if command -v timedatectl >/dev/null; then + set -- "$@" -e "KAS_HOST_TZ=$(timedatectl show -p Timezone --value 2>/dev/null)" fi for var in TERM KAS_DISTRO KAS_MACHINE KAS_TARGET KAS_TASK KAS_CLONE_DEPTH \ diff --git a/kas/common/base.lock.yml b/kas/common/base.lock.yml index 8c517a29..1e46ceca 100644 --- a/kas/common/base.lock.yml +++ b/kas/common/base.lock.yml @@ -3,4 +3,4 @@ header: overrides: repos: isar: - commit: 2efd5d4ca3b4abf2386fe0089594029becdf2801 + commit: 680c07ee072483329885ba08b7b2b1f763326dc8 diff --git a/kas/opt/ab-rootfs.lock.yml b/kas/opt/ab-rootfs.lock.yml index 159648bf..b51638a3 100644 --- a/kas/opt/ab-rootfs.lock.yml +++ b/kas/opt/ab-rootfs.lock.yml @@ -3,4 +3,4 @@ header: overrides: repos: cip-core: - commit: 31002450feccb382b604f43d9cddd3b229619ad4 + commit: c75b584f32411a03c3ca9a9b023cd4e74d79d32f