From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6524973730788016128
X-Received: by 10.46.112.8 with SMTP id l8mr404557ljc.15.1521043992359;
        Wed, 14 Mar 2018 09:13:12 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.46.88.85 with SMTP id x21ls233957ljd.2.gmail; Wed, 14 Mar 2018
 09:13:11 -0700 (PDT)
X-Google-Smtp-Source: AG47ELv5nBTERdHFSCa3kJXuTYwmH4XMcdbK9Xpz3qMrO7ink3cqs0IxmzDUrQiv11AiPrtuEj72
X-Received: by 10.46.101.142 with SMTP id e14mr423337ljf.36.1521043991626;
        Wed, 14 Mar 2018 09:13:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521043991; cv=none;
        d=google.com; s=arc-20160816;
        b=dbJn2MlmWMFZpUDqiIRKGBZpP2+hdqUFOVQyrsM/Y03JvN1J7A2Bnl06ihHEoTIvQZ
         YbObc19IgGepWfr7AHoorUe3aa4AmeuPN3tePvNg+u7BBQRvi6m/LT42tTyp+Q9J1p9x
         NOHPURFbSZe0V8QpjGhWXpADZTW7oh2pjx7Lm6CqfMlJnngIQmiENrhIX2wg6SuRpX8K
         pYoklVVQituw5IdqdtrZ4eBP/2oWwm3NRcTbKBdA2hb8fB2GUpwpxGmBXuXp9kN8uqZt
         qjSUTIyK4xzbq/cpkfr1ddO2fZxKyQPj4MxaGQZIdju6XSjbr4fI/ZK0VjNxCFPSJ3oY
         lv0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:references:in-reply-to:date:to:from:subject:message-id
         :arc-authentication-results;
        bh=F2LGQqZUcoCt0+dlR/FxCKMF5EF7xpbuDFwiWl495KU=;
        b=egFqr8L4AxQeD7D6pBd+y57w753a+YNGo08KuDovFU7wjzKoQKdYuCdxEluwFAqFBv
         4dCPMdfniBoYA1wneadVc6bjshsr4rGbDofQ0ZkbtJbSeBErqb/7X/opTR37BnBxNxId
         SadpjNKQWlu8FRA8SP22PFwavxg6hc5eMQWLoOo2m807aLzL4QgrL4URPfS6Sl4rVaAr
         wwYoXBumYHBHhUhrcKXMg4hjG+tigE4YIuyPAZcBSf8vYGf4kfUakGcEwyyHsP0Lwbs6
         CpSequrYovmxRFB4IweEaBP8xd3zZyTQ/hV9GTeZzNzwK6JO0//Td0BaYPkcsAtjbd++
         LKuA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of ch@denx.de) smtp.mailfrom=ch@denx.de
Return-Path: <ch@denx.de>
Received: from mail-out.m-online.net (mail-out.m-online.net. [2001:a60:0:28:0:1:25:1])
        by gmr-mx.google.com with ESMTPS id s12si109155lje.3.2018.03.14.09.13.11
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 14 Mar 2018 09:13:11 -0700 (PDT)
Received-SPF: neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of ch@denx.de) client-ip=2001:a60:0:28:0:1:25:1;
Authentication-Results: gmr-mx.google.com;
       spf=neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of ch@denx.de) smtp.mailfrom=ch@denx.de
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
	by mail-out.m-online.net (Postfix) with ESMTP id 401cFy5m4Bz1qwdS;
	Wed, 14 Mar 2018 17:13:10 +0100 (CET)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.70])
	by mail.m-online.net (Postfix) with ESMTP id 401cFy5Slsz1qwkd;
	Wed, 14 Mar 2018 17:13:10 +0100 (CET)
X-Virus-Scanned: amavisd-new at mnet-online.de
Received: from mail.mnet-online.de ([192.168.8.182])
	by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024)
	with ESMTP id xM_NRiCXn_bH; Wed, 14 Mar 2018 17:13:09 +0100 (CET)
X-Auth-Info: fEWdnbjfSmxPY5u9qXNe2PGC3PVffo6UBoIX4bvl9NE=
Received: from Orrorin (p578a821c.dip0.t-ipconnect.de [87.138.130.28])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.mnet-online.de (Postfix) with ESMTPSA;
	Wed, 14 Mar 2018 17:13:09 +0100 (CET)
Message-ID: <1521043988.16621.158.camel@denx.de>
Subject: Re: [PATCH v4 1/5] implement isar-bootstrap using debootstrap
From: Claudius Heine <ch@denx.de>
To: Alexander Smirnov <asmirnov@ilbers.de>, claudius.heine.ext@siemens.com, 
	isar-users@googlegroups.com
Date: Wed, 14 Mar 2018 17:13:08 +0100
In-Reply-To: <a3049335-55c1-d1cf-ef2f-c9ed5afc4cd7@ilbers.de>
References: <20180307164457.31933-1-claudius.heine.ext@siemens.com>
	 <20180307164457.31933-2-claudius.heine.ext@siemens.com>
	 <ccbcd8d4-d3f7-430d-1b0e-5ce23833205a@ilbers.de>
	 <1521037585.16621.124.camel@denx.de>
	 <a3049335-55c1-d1cf-ef2f-c9ed5afc4cd7@ilbers.de>
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature"; boundary="=-lTXv+yoOnj9uY8mdgYv1"
X-Mailer: Evolution 3.26.5 
Mime-Version: 1.0
X-TUID: 6CqReSVkwiP2


--=-lTXv+yoOnj9uY8mdgYv1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2018-03-14 at 17:35 +0300, Alexander Smirnov wrote:
> On 03/14/2018 05:26 PM, Claudius Heine wrote:
> > > > +
> > > > +do_generate_keyring[stamp-extra-info] =3D "${DISTRO}-
> > > > ${DISTRO_ARCH}"
> > > > +do_generate_keyring[dirs] =3D "${WORKDIR}"
> > > > +do_generate_keyring[vardeps] +=3D "DISTRO_APT_KEYS"
> > > > +do_generate_keyring() {
> > > > +    if [ -n "${@d.getVar("APTKEYFILES", True) or ""}" ]; then
> > > > +        for keyfile in ${@d.getVar("APTKEYFILES", True)}; do
> > > > +           gpg --no-default-keyring --keyring "${APTKEYRING}"
> > > > --
> > > > import "$keyfile"
> > >=20
> > > This code touches my private "~/.gnupg" folder's content, what is
> > > not
> > > desirable behavior. Isar should touch files *only* in "build/tmp"
> > > folder.
> >=20
> > Are you sure?
> >=20
> > $ find .gnupg -type f | sort | xargs b2sum > gpgsums.a
> > $ gpg --no-default-keyring --keyring  ./test1.db --import
> > raspbian.public.key
> > gpg: enabled debug flags: memstat
> > gpg: keybox './test1.db' created
> > gpg: key 9165938D90FDDD2E: public key "Mike Thompson (Raspberry Pi
> > Debian armhf ARMv6+VFP) <mpthompson@gmail.com>" imported
> > gpg: Total number processed: 1
> > gpg:               imported: 1
> > gpg: keydb: handles=3D3 locks=3D2 parse=3D2 get=3D2
> > gpg:        build=3D1 update=3D0 insert=3D1 delete=3D0
> > gpg:        reset=3D1 found=3D2 not=3D2 cache=3D0 not=3D0
> > gpg: kid_not_found_cache: count=3D0 peak=3D0 flushes=3D0
> > gpg: sig_cache: total=3D6 cached=3D4 good=3D4 bad=3D0
> > gpg: random usage: poolsize=3D600 mixed=3D0 polls=3D0/0 added=3D0/0
> >                outmix=3D0 getlvl1=3D0/0 getlvl2=3D0/0
> > gpg: rndjent stat: collector=3D0x0000000000000000 calls=3D0 bytes=3D0
> > gpg: secmem usage: 0/32768 bytes in 0 blocks
> > $ find .gnupg -type f | sort | xargs b2sum > gpgsums.b
> > $ diff -u gpgsums.a gpgsums.b
> > [no output]
> >=20
> > I could add the '--homedir' parameter, but normally it shouldn't
> > use it
> > because I manually select a different keyring.
>=20
> For now I have two facts:
>=20
> 1. Our Jenkins server has no home folder for build user, and I have
> the=20
> following error message:
>=20
> NOTE: Running task 46 of 424=20
> (multiconfig:rpi-
> jessie:/workspace/git/isar_asmirnov_devel/meta/recipes-core/isar-
> bootstrap/isar-bootstrap.bb:do_generate_keyring)
> NOTE: recipe isar-bootstrap-1.0-r0: task do_generate_keyring: Started
> ERROR: mc:rpi-jessie:isar-bootstrap-1.0-r0 do_generate_keyring:
> Function=20
> failed: do_generate_keyring (log file is located at=20
> /workspace/build/isar_asmirnov_devel/21/aa2f5faf35816611d0320ec1b615d
> dfc06886ea5/tmp/work/raspbian-jessie-armhf/isar-
> bootstrap/temp/log.do_generate_keyring.25480)
> ERROR: Logfile of failure stored in:=20
> /workspace/build/isar_asmirnov_devel/21/aa2f5faf35816611d0320ec1b615d
> dfc06886ea5/tmp/work/raspbian-jessie-armhf/isar-
> bootstrap/temp/log.do_generate_keyring.25480
> Log data follows:
> > DEBUG: Executing shell function do_generate_keyring
> > gpg: fatal: can't create directory `/root/.gnupg': Permission
> > denied
> > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/65536
> > WARNING: exit code 2 from a shell command.
> > ERROR: Function failed: do_generate_keyring (log file is located
> > at=20
>=20
> /workspace/build/isar_asmirnov_devel/21/aa2f5faf35816611d0320ec1b615d
> dfc06886ea5/tmp/work/raspbian-jessie-armhf/isar-
> bootstrap/temp/log.do_generate_keyring.25480)
> NOTE: recipe isar-bootstrap-1.0-r0: task do_generate_keyring: Failed
> ERROR: Task=20
> (multiconfig:rpi-
> jessie:/workspace/git/isar_asmirnov_devel/meta/recipes-core/isar-
> bootstrap/isar-bootstrap.bb:do_generate_keyring)=20
> failed with exit code '1'
>=20
> So the default HOMEDIR is /root and it tries to create something in
> it.
>=20
> 2. After building on my local machine, timestamp of files in
> ~/.gnugpg=20
> folder are updated.
>=20
> I could be wrong, but with --homedir, the second problem was gone.

Ok, then it looks like gpg modifies the metadata of the directory. If
that is easy to fix with the additional parameter, then I will do it on
the next version of this patchset.

Claudius

--=20
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de

            PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153
                              Keyserver: hkp://pool.sks-keyservers.net
--=-lTXv+yoOnj9uY8mdgYv1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEb/LlnwDGvCgx2GTBEXPLGZgIsVMFAlqpShQACgkQEXPLGZgI
sVPODBAAgw2deJaMcZ1XvXdkgXjNvgWwqi2SrY/6I/3LZ68sUhtyjzf6KksNnKIS
sksEGOfmF9KFB8PyXz8hpCtv/PGhjO08OKKHYoDYSBNkdN76icB2nZ9bga4vMpvS
chPimjahUGtfNGu8qMqdjD6pKLmJWIzbOdQRyuV7XuBSdesII0vGapgKdzmCY7r6
BdgsteuTspMNqz3T/cgtCLs5j2uUxw6b9EBfABvx0q0wGmNkUHuslh/Bc80RDfBD
XbXHAm6OiFlmuzET5Zn3BJTbDmbYo4quo5NsFpg7GjhhUh6zFNdTjLBsgSgEh0nw
SnLwaHJwiBi2e4HMOkeQ5HlUB0nT5EDXxidgCCL7WWcyBNT6dhN8AavAdzeJIWfM
sUSRxrpj9wiRYkb0Tx86RLvrT4K2snRa/d+Qf74nBfoN2vvr0sRVzny880GEdXLN
KhaCGOYl6KpeC/0ME+JoJTsT7O21MKHLZ9pdPAyuEl07unYX7414LZznghFfrXUe
/27AvcCY8vidz46uxd05gzAhyGvoiMeCKxKJiaMjFhLHkNOWvilJ4QoTOtLXppds
fnl4yfhbepPpFmrAc8f8AnQC1zv/xx6ojLV3ivUbmDQ+O6tuFH7M3uyZxe2m/UUX
noWenYRg3eE36onf/6lvLH3gn0AS+kdUAeYCBFWdWcbY/Nl18mk=
=uLT1
-----END PGP SIGNATURE-----

--=-lTXv+yoOnj9uY8mdgYv1--