Update isar, cip-core to latest next and kas-container to 5.1

kas-container

@@ -27,8 +27,9 @@
 
 set -e
 
-KAS_CONTAINER_SCRIPT_VERSION="4.8.1"
+KAS_CONTAINER_SCRIPT_VERSION="5.1"
 KAS_IMAGE_VERSION_DEFAULT="${KAS_CONTAINER_SCRIPT_VERSION}"
+KAS_CONTAINER_IMAGE_DISTRO_DEFAULT="debian-bookworm"
 KAS_CONTAINER_IMAGE_PATH_DEFAULT="ghcr.io/siemens/kas"
 KAS_CONTAINER_IMAGE_NAME_DEFAULT="kas"
 KAS_CONTAINER_SELF_NAME="$(basename "$0")"
@@ -64,7 +65,8 @@ usage()
 	printf "%b" "menu\t\t\tProvide configuration menu and trigger " \
 		    "configured build.\n"
 	printf "%b" "\nOptional arguments:\n"
-	printf "%b" "--isar\t\t\tUse kas-isar container to build Isar image.\n"
+	printf "%b" "--isar\t\t\tUse kas-isar container to build Isar image. To force\n"
+	printf "%b" "      \t\t\tthe use of run0 over sudo, set KAS_SUDO_CMD=run0.\n"
 	printf "%b" "--with-loop-dev		Pass a loop device to the " \
 		    "container. Only required if\n"
 	printf "%b" "\t\t\tloop-mounting is used by recipes.\n"
@@ -117,6 +119,26 @@ trace()
 	"$@"
 }
 
+prepare_sudo_cmd()
+{
+	if [ -z "${KAS_SUDO_CMD}" ]; then
+		# Try to auto-detect a privileged executor
+		if command -v sudo >/dev/null; then
+			KAS_SUDO_CMD="sudo"
+		elif command -v run0 >/dev/null; then
+			KAS_SUDO_CMD="run0"
+		else
+			fatal_error "No privileged executor found, need sudo or run0."
+		fi
+	fi
+
+	case "$KAS_SUDO_CMD" in
+		sudo) _KAS_SUDO_CMD="sudo --preserve-env";;
+		run0) _KAS_SUDO_CMD="run0 --background= --unit=kas-container@$$";;
+		*) fatal_error "Unsupported KAS_SUDO_CMD ('${KAS_SUDO_CMD}'), use sudo or run0.";;
+	esac
+}
+
 enable_isar_mode()
 {
 	if [ -n "${ISAR_MODE}" ]; then
@@ -128,15 +150,17 @@ enable_isar_mode()
 	KAS_ISAR_ARGS="--privileged"
 
 	if [ "${KAS_CONTAINER_ENGINE}" = "podman" ]; then
+		prepare_sudo_cmd
 		# sudo is needed for a privileged podman container
-		KAS_CONTAINER_COMMAND="sudo --preserve-env ${KAS_CONTAINER_COMMAND}"
+		KAS_CONTAINER_COMMAND="${_KAS_SUDO_CMD} ${KAS_CONTAINER_COMMAND}"
 		# preserved user PATH may lack sbin needed by privileged podman
 		export PATH="${PATH}:/usr/sbin"
 	elif [ "${KAS_DOCKER_ROOTLESS}" = "1" ]; then
+		prepare_sudo_cmd
 		export DOCKER_HOST="${DOCKER_HOST:-unix:///var/run/docker.sock}"
 		debug "kas-isar does not support rootless docker. Using system docker"
 		# force use of well-known system docker socket
-		KAS_CONTAINER_COMMAND="sudo --preserve-env ${KAS_CONTAINER_COMMAND}"
+		KAS_CONTAINER_COMMAND="${_KAS_SUDO_CMD} ${KAS_CONTAINER_COMMAND}"
 		KAS_DOCKER_ROOTLESS=0
 	fi
 }
@@ -267,10 +291,14 @@ trap kas_container_cleanup EXIT INT TERM
 set_container_image_var()
 {
 	KAS_IMAGE_VERSION="${KAS_IMAGE_VERSION:-${KAS_IMAGE_VERSION_DEFAULT}}"
+	KAS_CONTAINER_IMAGE_DISTRO="${KAS_CONTAINER_IMAGE_DISTRO:-${KAS_CONTAINER_IMAGE_DISTRO_DEFAULT}}"
 	KAS_CONTAINER_IMAGE_NAME="${KAS_CONTAINER_IMAGE_NAME:-${KAS_CONTAINER_IMAGE_NAME_DEFAULT}}"
 	KAS_CONTAINER_IMAGE_PATH="${KAS_CONTAINER_IMAGE_PATH:-${KAS_CONTAINER_IMAGE_PATH_DEFAULT}}"
 	KAS_CONTAINER_IMAGE_DEFAULT="${KAS_CONTAINER_IMAGE_PATH}/${KAS_CONTAINER_IMAGE_NAME}:${KAS_IMAGE_VERSION}"
 	KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE:-${KAS_CONTAINER_IMAGE_DEFAULT}}"
+	if [ -n "${KAS_CONTAINER_IMAGE_DISTRO}" ]; then
+		KAS_CONTAINER_IMAGE="${KAS_CONTAINER_IMAGE}-${KAS_CONTAINER_IMAGE_DISTRO}"
+	fi
 }
 
 # SC2034: DIR appears unused (ignore, as they are used inside eval)
@@ -283,6 +311,7 @@ setup_kas_dirs()
 	KAS_REPO_REF_DIR="$(check_and_expand KAS_REPO_REF_DIR required)"
 	DL_DIR="$(check_and_expand DL_DIR createrec)"
 	SSTATE_DIR="$(check_and_expand SSTATE_DIR createrec)"
+	KAS_BUILDTOOLS_DIR="$(check_and_expand KAS_BUILDTOOLS_DIR createrec)"
 }
 setup_kas_dirs
 
@@ -339,6 +368,10 @@ while [ $# -gt 0 ]; do
 			if [ "$(id -u)" -eq 0 ]; then
 				fatal_error "loop device not available!"
 			fi
+			prepare_sudo_cmd
+			if ! [ "$KAS_SUDO_CMD" = "sudo" ]; then
+				fatal_error '--with-loop-dev requires sudo for device setup.'
+			fi
 			sudo_command="/sbin/losetup -f"
 			sudo_message="[sudo] enter password to setup loop"
 			sudo_message="$sudo_message devices by calling"
@@ -454,6 +487,7 @@ done
 [ -n "${KAS_CMD}" ] || usage
 
 KAS_EXTRA_BITBAKE_ARGS=0
+KAS_FILES=
 
 # parse kas sub-command options
 while [ $# -gt 0 ] && [ $KAS_EXTRA_BITBAKE_ARGS -eq 0 ]; do
@@ -592,6 +626,7 @@ forward_dir KAS_BUILD_DIR "/build" "rw"
 forward_dir DL_DIR "/downloads" "rw"
 forward_dir KAS_REPO_REF_DIR "/repo-ref" "rw"
 forward_dir SSTATE_DIR "/sstate" "rw"
+forward_dir KAS_BUILDTOOLS_DIR "/buildtools" "rw"
 
 if git_com_dir=$(git -C "${KAS_REPO_DIR}" rev-parse --git-common-dir 2>/dev/null) \
 	&& [ "$git_com_dir" != "$(git -C "${KAS_REPO_DIR}" rev-parse --git-dir)" ]; then
@@ -686,12 +721,9 @@ if [ -n "${SSTATE_MIRRORS}" ]; then
 	set -- "$@" -e "SSTATE_MIRRORS=${SSTATE_MIRRORS}"
 fi
 
-# propagate timezone information
-if [ -f "/etc/localtime" ]; then
-	set -- "$@" -v "$(realpath -e "/etc/localtime")":/etc/localtime:ro
-fi
-if [ -f "/etc/timezone" ]; then
-	set -- "$@" -v "$(realpath -e "/etc/timezone")":/etc/timezone:ro
+# propagate timezone information to entrypoint (requires systemd 239)
+if command -v timedatectl >/dev/null; then
+	set -- "$@" -e "KAS_HOST_TZ=$(timedatectl show -p Timezone --value 2>/dev/null)"
 fi
 
 for var in TERM KAS_DISTRO KAS_MACHINE KAS_TARGET KAS_TASK KAS_CLONE_DEPTH \

kas/common/base.lock.yml

@@ -3,4 +3,4 @@ header:
 overrides:
     repos:
         isar:
-            commit: 2efd5d4ca3b4abf2386fe0089594029becdf2801
+            commit: 680c07ee072483329885ba08b7b2b1f763326dc8

kas/opt/ab-rootfs.lock.yml

@@ -3,4 +3,4 @@ header:
 overrides:
     repos:
         cip-core:
-            commit: 31002450feccb382b604f43d9cddd3b229619ad4
+            commit: c75b584f32411a03c3ca9a9b023cd4e74d79d32f