On Wed, 2018-03-14 at 17:35 +0300, Alexander Smirnov wrote: > On 03/14/2018 05:26 PM, Claudius Heine wrote: > > > > + > > > > +do_generate_keyring[stamp-extra-info] = "${DISTRO}- > > > > ${DISTRO_ARCH}" > > > > +do_generate_keyring[dirs] = "${WORKDIR}" > > > > +do_generate_keyring[vardeps] += "DISTRO_APT_KEYS" > > > > +do_generate_keyring() { > > > > + if [ -n "${@d.getVar("APTKEYFILES", True) or ""}" ]; then > > > > + for keyfile in ${@d.getVar("APTKEYFILES", True)}; do > > > > + gpg --no-default-keyring --keyring "${APTKEYRING}" > > > > -- > > > > import "$keyfile" > > > > > > This code touches my private "~/.gnupg" folder's content, what is > > > not > > > desirable behavior. Isar should touch files *only* in "build/tmp" > > > folder. > > > > Are you sure? > > > > $ find .gnupg -type f | sort | xargs b2sum > gpgsums.a > > $ gpg --no-default-keyring --keyring ./test1.db --import > > raspbian.public.key > > gpg: enabled debug flags: memstat > > gpg: keybox './test1.db' created > > gpg: key 9165938D90FDDD2E: public key "Mike Thompson (Raspberry Pi > > Debian armhf ARMv6+VFP) " imported > > gpg: Total number processed: 1 > > gpg: imported: 1 > > gpg: keydb: handles=3 locks=2 parse=2 get=2 > > gpg: build=1 update=0 insert=1 delete=0 > > gpg: reset=1 found=2 not=2 cache=0 not=0 > > gpg: kid_not_found_cache: count=0 peak=0 flushes=0 > > gpg: sig_cache: total=6 cached=4 good=4 bad=0 > > gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 > > outmix=0 getlvl1=0/0 getlvl2=0/0 > > gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0 > > gpg: secmem usage: 0/32768 bytes in 0 blocks > > $ find .gnupg -type f | sort | xargs b2sum > gpgsums.b > > $ diff -u gpgsums.a gpgsums.b > > [no output] > > > > I could add the '--homedir' parameter, but normally it shouldn't > > use it > > because I manually select a different keyring. > > For now I have two facts: > > 1. Our Jenkins server has no home folder for build user, and I have > the > following error message: > > NOTE: Running task 46 of 424 > (multiconfig:rpi- > jessie:/workspace/git/isar_asmirnov_devel/meta/recipes-core/isar- > bootstrap/isar-bootstrap.bb:do_generate_keyring) > NOTE: recipe isar-bootstrap-1.0-r0: task do_generate_keyring: Started > ERROR: mc:rpi-jessie:isar-bootstrap-1.0-r0 do_generate_keyring: > Function > failed: do_generate_keyring (log file is located at > /workspace/build/isar_asmirnov_devel/21/aa2f5faf35816611d0320ec1b615d > dfc06886ea5/tmp/work/raspbian-jessie-armhf/isar- > bootstrap/temp/log.do_generate_keyring.25480) > ERROR: Logfile of failure stored in: > /workspace/build/isar_asmirnov_devel/21/aa2f5faf35816611d0320ec1b615d > dfc06886ea5/tmp/work/raspbian-jessie-armhf/isar- > bootstrap/temp/log.do_generate_keyring.25480 > Log data follows: > > DEBUG: Executing shell function do_generate_keyring > > gpg: fatal: can't create directory `/root/.gnupg': Permission > > denied > > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/65536 > > WARNING: exit code 2 from a shell command. > > ERROR: Function failed: do_generate_keyring (log file is located > > at > > /workspace/build/isar_asmirnov_devel/21/aa2f5faf35816611d0320ec1b615d > dfc06886ea5/tmp/work/raspbian-jessie-armhf/isar- > bootstrap/temp/log.do_generate_keyring.25480) > NOTE: recipe isar-bootstrap-1.0-r0: task do_generate_keyring: Failed > ERROR: Task > (multiconfig:rpi- > jessie:/workspace/git/isar_asmirnov_devel/meta/recipes-core/isar- > bootstrap/isar-bootstrap.bb:do_generate_keyring) > failed with exit code '1' > > So the default HOMEDIR is /root and it tries to create something in > it. > > 2. After building on my local machine, timestamp of files in > ~/.gnugpg > folder are updated. > > I could be wrong, but with --homedir, the second problem was gone. Ok, then it looks like gpg modifies the metadata of the directory. If that is easy to fix with the additional parameter, then I will do it on the next version of this patchset. Claudius -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153 Keyserver: hkp://pool.sks-keyservers.net