From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6518759238035046400
X-Received: by 10.176.83.214 with SMTP id l22mr2358322uaa.44.1517767013307;
        Sun, 04 Feb 2018 09:56:53 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.31.167.78 with SMTP id q75ls3433975vke.3.gmail; Sun, 04 Feb
 2018 09:56:53 -0800 (PST)
X-Google-Smtp-Source: AH8x226KJO++Sqrr+43FZMgDSADzUny30kpY/M1OJ5ShGNQst1zQk3tL/hxbJrru/Uhg2XcdUYTE
X-Received: by 10.31.180.4 with SMTP id d4mr22680594vkf.88.1517767013009;
        Sun, 04 Feb 2018 09:56:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517767012; cv=none;
        d=google.com; s=arc-20160816;
        b=zsmc/ln2bIKCSq93tTnMk/OVdSsco7fk3oKlVWa+ZmRaNiWKS+Hb8Aled03XWlWfqS
         6W3Yija7+XkQSN70YhUrX+u2F0HEcJ39A05JxaJTYUq/Vj9HirueWjrSLabZfuFu7c+i
         RT656FoMl09Mj91B7vVa4uiT06FBqzPGU8E0liIKbmHvXizhg8Nbjq2wZtQ1yVsvHHn3
         jSI+ijhL6Ygv1rmXZHo0jQ0rHtVylz3Wn4KAVNmnDdFeWalUb0yCD6st9fI85aADj9q0
         K80iBA9Ss9z8WNb7mptienjzZWHg7rBkDGLl0G4ThtbxHHEuYaLuuLxdgADW5EV3wVht
         gPoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:arc-authentication-results;
        bh=gUN25DFzwNXLMLDgBJ0zZYZ1TmVs9btBEm50Qf//XFQ=;
        b=0Hj0TDTAPOXer+qzB+pGCVeF9iQCPoa1WC05KMVxDPM1O+iH7QCc26+YT/d0r8C6gy
         lAqVgz0lwYKfwnM2yWGqIr8V5X6AJ/JlyIyznDLLjSyekpq0xYPnWT3wlNaXV/SJfxIW
         N2seO5r1Beo2HZyNq8SQND94dkigWs1hqA9YQkNFEvLwgQt5LBUA2b5AaNOf5oKM0GeJ
         CCCgJpcliZBpeiIIEmXfQpxVDDCo7uFU7ZUTN/pd9F8tJbUj+0seViRPbP+hiNOP2kRT
         0a5l1Hfw9RJrcPOo3M44BP0V/lMRlMNhG3cFINtWhGhiU6S5gbOaZ8t8Z7z5mtQ7tB5E
         XA4A==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of cedric_hombourger@mentor.com designates 192.94.38.131 as permitted sender) smtp.mailfrom=Cedric_Hombourger@mentor.com
Return-Path: <Cedric_Hombourger@mentor.com>
Received: from relay1.mentorg.com (relay1.mentorg.com. [192.94.38.131])
        by gmr-mx.google.com with ESMTPS id 73si504224vkg.2.2018.02.04.09.56.52
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 04 Feb 2018 09:56:52 -0800 (PST)
Received-SPF: pass (google.com: domain of cedric_hombourger@mentor.com designates 192.94.38.131 as permitted sender) client-ip=192.94.38.131;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of cedric_hombourger@mentor.com designates 192.94.38.131 as permitted sender) smtp.mailfrom=Cedric_Hombourger@mentor.com
Received: from nat-ies.mentorg.com ([192.94.31.2] helo=svr-ies-mbx-02.mgc.mentorg.com)
	by relay1.mentorg.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-SHA384:256)
	id 1eiOX6-0005nY-6J from Cedric_Hombourger@mentor.com 
	for isar-users@googlegroups.com; Sun, 04 Feb 2018 09:56:52 -0800
Received: from 3a23c91bf2ab.anacadf.mentorg.com (137.202.0.87) by
 svr-ies-mbx-02.mgc.mentorg.com (139.181.222.2) with Microsoft SMTP Server
 (TLS) id 15.0.1320.4; Sun, 4 Feb 2018 17:56:48 +0000
From: <Cedric_Hombourger@mentor.com>
To: <isar-users@googlegroups.com>
CC: Cedric Hombourger <Cedric_Hombourger@mentor.com>
Subject: [PATCH 5/5] multistrap: make the security feed optional
Date: Sun, 4 Feb 2018 17:56:39 +0000
Message-ID: <20180204175639.315-1-Cedric_Hombourger@mentor.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180204175454.220-1-Cedric_Hombourger@mentor.com>
References: <20180204175454.220-1-Cedric_Hombourger@mentor.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [137.202.0.87]
X-ClientProxiedBy: svr-ies-mbx-01.mgc.mentorg.com (139.181.222.1) To
 svr-ies-mbx-02.mgc.mentorg.com (139.181.222.2)
X-TUID: WCLz7GtCtQYD

From: Cedric Hombourger <Cedric_Hombourger@mentor.com>

Leave the security feed commented in the generated multistrap
configuration if DISTRO_APT_SOURCE_SEC is empty or set to "none"

Signed-off-by: Cedric Hombourger <Cedric_Hombourger@mentor.com>
---
 meta-isar/recipes-core/images/files/multistrap.conf.in     | 10 +++++-----
 meta-isar/recipes-core/images/isar-image-base.bb           |  8 ++++++++
 meta/recipes-devtools/buildchroot/buildchroot.bb           |  8 ++++++++
 meta/recipes-devtools/buildchroot/files/multistrap.conf.in | 10 +++++-----
 4 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/meta-isar/recipes-core/images/files/multistrap.conf.in b/meta-isar/recipes-core/images/files/multistrap.conf.in
index 8e4e276..94db7fa 100644
--- a/meta-isar/recipes-core/images/files/multistrap.conf.in
+++ b/meta-isar/recipes-core/images/files/multistrap.conf.in
@@ -24,11 +24,11 @@ suite=##DISTRO_SUITE##-updates
 components=##DISTRO_COMPONENTS##
 omitdebsrc=false
 
-[security]
-source=##DISTRO_APT_SOURCE_SEC##
-suite=##DISTRO_SUITE##/updates
-components=##DISTRO_COMPONENTS##
-omitdebsrc=false
+##SEC_ENABLE_DISABLE## [security]
+##SEC_ENABLE_DISABLE## source=##DISTRO_APT_SOURCE_SEC##
+##SEC_ENABLE_DISABLE## suite=##DISTRO_SUITE##/updates
+##SEC_ENABLE_DISABLE## components=##DISTRO_COMPONENTS##
+##SEC_ENABLE_DISABLE## omitdebsrc=true
 
 [Isar]
 packages=##IMAGE_INSTALL##
diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
index 6ce3d6d..a2c2282 100644
--- a/meta-isar/recipes-core/images/isar-image-base.bb
+++ b/meta-isar/recipes-core/images/isar-image-base.bb
@@ -135,12 +135,20 @@ do_rootfs() {
     cd ${TOPDIR}
     WORKDIR_REL=${@ os.path.relpath(d.getVar("WORKDIR", True))}
 
+    # Check whether to include the distro security feed in the multistrap config
+    if [ -z "${DISTRO_APT_SOURCE_SEC}" ] || [ "${DISTRO_APT_SOURCE_SEC}" = "none" ]; then
+        sec_enable_disable="#"
+    else
+        sec_enable_disable=""
+    fi
+
     # Adjust multistrap config
     sed -e 's|##IMAGE_PREINSTALL##|${IMAGE_PREINSTALL}|g' \
         -e 's|##DISTRO_MULTICONF_BOOTSTRAP##|${DISTRO_MULTICONF_BOOTSTRAP}|g' \
         -e 's|##DISTRO_MULTICONF_APTSOURCES##|${DISTRO_MULTICONF_APTSOURCES}|g' \
         -e 's|##DISTRO_APT_SOURCE##|${DISTRO_APT_SOURCE}|g' \
         -e 's|##DISTRO_APT_SOURCE_SEC##|${DISTRO_APT_SOURCE_SEC}|g' \
+        -e 's|##SEC_ENABLE_DISABLE##|'"$sec_enable_disable"'|g' \
         -e 's|##DISTRO_SUITE##|${DISTRO_SUITE}|g' \
         -e 's|##DISTRO_COMPONENTS##|${DISTRO_COMPONENTS}|g' \
         -e 's|##CONFIG_SCRIPT##|./'"$WORKDIR_REL"'/${DISTRO_CONFIG_SCRIPT}|g' \
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
index 4ebd090..fa335b3 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.bb
+++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
@@ -47,12 +47,20 @@ do_build() {
     cd ${TOPDIR}
     WORKDIR_REL=${@ os.path.relpath(d.getVar("WORKDIR", True))}
 
+    # Check whether to include the distro security feed in the multistrap config
+    if [ -z "${DISTRO_APT_SOURCE_SEC}" ] || [ "${DISTRO_APT_SOURCE_SEC}" = "none" ]; then
+        sec_enable_disable="#"
+    else
+        sec_enable_disable=""
+    fi
+
     # Adjust multistrap config
     sed -e 's|##BUILDCHROOT_PREINSTALL##|${BUILDCHROOT_PREINSTALL}|g' \
         -e 's|##DISTRO_MULTICONF_BOOTSTRAP##|${DISTRO_MULTICONF_BOOTSTRAP}|g' \
         -e 's|##DISTRO_MULTICONF_APTSOURCES##|${DISTRO_MULTICONF_APTSOURCES}|g' \
         -e 's|##DISTRO_APT_SOURCE##|${DISTRO_APT_SOURCE}|g' \
         -e 's|##DISTRO_APT_SOURCE_SEC##|${DISTRO_APT_SOURCE_SEC}|g' \
+        -e 's|##SEC_ENABLE_DISABLE##|'"$sec_enable_disable"'|g' \
         -e 's|##DISTRO_SUITE##|${DISTRO_SUITE}|g' \
         -e 's|##DISTRO_COMPONENTS##|${DISTRO_COMPONENTS}|g' \
         -e 's|##CONFIG_SCRIPT##|./'"$WORKDIR_REL"'/configscript.sh|g' \
diff --git a/meta/recipes-devtools/buildchroot/files/multistrap.conf.in b/meta/recipes-devtools/buildchroot/files/multistrap.conf.in
index a0b28e3..1e3425f 100644
--- a/meta/recipes-devtools/buildchroot/files/multistrap.conf.in
+++ b/meta/recipes-devtools/buildchroot/files/multistrap.conf.in
@@ -24,8 +24,8 @@ suite=##DISTRO_SUITE##-updates
 components=##DISTRO_COMPONENTS##
 omitdebsrc=true
 
-[security]
-source=##DISTRO_APT_SOURCE_SEC##
-suite=##DISTRO_SUITE##/updates
-components=##DISTRO_COMPONENTS##
-omitdebsrc=true
+##SEC_ENABLE_DISABLE## [security]
+##SEC_ENABLE_DISABLE## source=##DISTRO_APT_SOURCE_SEC##
+##SEC_ENABLE_DISABLE## suite=##DISTRO_SUITE##/updates
+##SEC_ENABLE_DISABLE## components=##DISTRO_COMPONENTS##
+##SEC_ENABLE_DISABLE## omitdebsrc=true
-- 
2.11.0