[PATCH 0/3] Signing local cache repo

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: "Maxim Yu. Osipov" <mosipov@ilbers.de>
To: isar-users@googlegroups.com
Subject: [PATCH 0/3] Signing local cache repo
Date: Mon,  4 Feb 2019 19:54:17 +0000	[thread overview]
Message-ID: <20190204195420.7972-1-mosipov@ilbers.de> (raw)

Hello everybody,

By default the local caching repo is not gpg signed.
This series adds the ability to sign it.  

Prerequsite: we suppose that gpg is installed on your host system
and a default key pair is generated.

 -  set `BASE_REPO_KEY` in `conf/local.conf` to `SRC_URI` of your public key,
f.e. BASE_REPO_KEY = "file:///home/user/my_pub.key" and 
follow usual procedure of  creation of local apt repo caching: 

 - bitbake -c cache_base_repo multiconfig:qemuamd64-stretch:isar-image-base

 - Set `ISAR_USE_CACHED_BASE_REPO` in `conf/local.conf`:

```
# Uncomment this to enable use of cached base repository
#ISAR_USE_CACHED_BASE_REPO ?= "1"
```
 - Remove build artifacts to use only local base-apt:

```
sudo rm -rf tmp

```
 - Trigger again generation of image (now using local caching repo):

```
bitbake multiconfig:qemuamd64-stretch:isar-image-base
```

Note: Depending on your gpg configuration you may be asked to provide a passphrase 
(if it is non empty).

Kind regards,
Maxim.

Maxim Yu. Osipov (3):
  isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS
  base-apt: Introduce BASE_REPO_KEY to sign local repo
  doc/user_manual: Describe gpg signing of local repo

 doc/user_manual.md                                  | 10 ++++++----
 meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 16 ++++++++++++++--
 meta/recipes-devtools/base-apt/base-apt.bb          |  6 ++++++
 3 files changed, 26 insertions(+), 6 deletions(-)

-- 
2.11.0

next             reply	other threads:[~2019-02-04 19:54 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-04 19:54 Maxim Yu. Osipov [this message]
2019-02-04 19:54 ` [PATCH 1/3] isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS Maxim Yu. Osipov
2019-02-04 19:54 ` [PATCH 2/3] base-apt: Introduce BASE_REPO_KEY to sign local repo Maxim Yu. Osipov
2019-02-04 19:54 ` [PATCH 3/3] doc/user_manual: Describe gpg signing of " Maxim Yu. Osipov
2019-02-08 14:32 ` [PATCH 0/3] Signing local cache repo Maxim Yu. Osipov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190204195420.7972-1-mosipov@ilbers.de \
    --to=mosipov@ilbers.de \
    --cc=isar-users@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox