From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6654236089293733888
X-Received: by 2002:a17:906:8296:: with SMTP id h22mr137754ejx.3.1549310071134;
        Mon, 04 Feb 2019 11:54:31 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a17:906:4e18:: with SMTP id z24ls2683231eju.10.gmail; Mon,
 04 Feb 2019 11:54:30 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibosp5+ExFW6As9BLKoUp2Q6U4AiZKxACzRZubYzJu135s9py1/OskbpxBFrzGq/wSs8eyk
X-Received: by 2002:a17:906:6093:: with SMTP id t19mr131350ejj.13.1549310070695;
        Mon, 04 Feb 2019 11:54:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549310070; cv=none;
        d=google.com; s=arc-20160816;
        b=w1O0xZDaduNrHM9jhqYg5xlJ+IPAfcuxHylEvBvFkVSQnG1gy3WUxvEtrDA7tA5X2r
         ZLt2pDVgtbJaYPa6vYcm6I3VkhaupkIjNueSbRE+cNzKOU1w+OXJjLvwx0VQZCz/5bdd
         3D/sBpxBTcdG8OE9Vx4pyBloXQjcaNGk66mApNS8j/AijxG64w/O2zm5oMgJU/k5qrCx
         in0HB3v/e3OrG13qSbHDiiTcxoOZGbeF5x3PSUSyalcW7PW8Wdg1cuEDvLgDaJ/17UwF
         d1WZ0fNU1dSjg1dNGFlE0Nx9OYZQB03ldAxCTvAhAF6pSRguz2G7+z0fWKB8t5ppS82B
         qADw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:date:subject:to:from;
        bh=Z4MaXKWDcg9FbSQ0y0CHLoWLG+dOmmXKULZzu5dPR9E=;
        b=dK8PRdua0zk6BNAQkGnfs8LstsCTPFQ9q5lvhEhQiAFkV2yV31zqLoevi1p+jShUK9
         6d9TYRwrI8Hx73T9vYCMIWE7PMwQx3z3PuivXhjhP3ETy4fpWEILJI4UaBZaTPWBrFuD
         g3UnwBACzLF98f5QQJ5gFmHCR/KLxb5azyk3iWUkKIAlDoqREPY20eJJzspkfPRRbGU8
         R97jNGkS0NXf9CIm3QO2/YIggF1l7ZH+osqCMD5rKEXDiYafGbjJ5WjRiS2fgT8kK50g
         WLaasKr/pkhrfUQLHvXRxTyJSGrNdGQtSvZtQ1RhVTCUh1pDmlKOTWdIqQKQzjx0ve96
         1XWQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=mosipov@ilbers.de
Return-Path: <mosipov@ilbers.de>
Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211])
        by gmr-mx.google.com with ESMTPS id l1si1005809ejs.1.2019.02.04.11.54.30
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 04 Feb 2019 11:54:30 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=mosipov@ilbers.de
Received: from azat.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52])
	(authenticated bits=0)
	by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id x14JsKas002778
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <isar-users@googlegroups.com>; Mon, 4 Feb 2019 20:54:29 +0100
From: "Maxim Yu. Osipov" <mosipov@ilbers.de>
To: isar-users@googlegroups.com
Subject: [PATCH 0/3] Signing local cache repo 
Date: Mon,  4 Feb 2019 19:54:17 +0000
Message-Id: <20190204195420.7972-1-mosipov@ilbers.de>
X-Mailer: git-send-email 2.11.0
X-TUID: WiGkPezi9Cu5

Hello everybody,

By default the local caching repo is not gpg signed.
This series adds the ability to sign it.  

Prerequsite: we suppose that gpg is installed on your host system
and a default key pair is generated.

 -  set `BASE_REPO_KEY` in `conf/local.conf` to `SRC_URI` of your public key,
f.e. BASE_REPO_KEY = "file:///home/user/my_pub.key" and 
follow usual procedure of  creation of local apt repo caching: 

 - bitbake -c cache_base_repo multiconfig:qemuamd64-stretch:isar-image-base

 - Set `ISAR_USE_CACHED_BASE_REPO` in `conf/local.conf`:

```
# Uncomment this to enable use of cached base repository
#ISAR_USE_CACHED_BASE_REPO ?= "1"
```
 - Remove build artifacts to use only local base-apt:

```
sudo rm -rf tmp

```
 - Trigger again generation of image (now using local caching repo):

```
bitbake multiconfig:qemuamd64-stretch:isar-image-base
```

Note: Depending on your gpg configuration you may be asked to provide a passphrase 
(if it is non empty).

Kind regards,
Maxim.

Maxim Yu. Osipov (3):
  isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS
  base-apt: Introduce BASE_REPO_KEY to sign local repo
  doc/user_manual: Describe gpg signing of local repo

 doc/user_manual.md                                  | 10 ++++++----
 meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 16 ++++++++++++++--
 meta/recipes-devtools/base-apt/base-apt.bb          |  6 ++++++
 3 files changed, 26 insertions(+), 6 deletions(-)

-- 
2.11.0