From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6658246660386193408 X-Received: by 2002:a19:a411:: with SMTP id q17mr1695104lfc.14.1550590184734; Tue, 19 Feb 2019 07:29:44 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a19:c110:: with SMTP id r16ls712420lff.11.gmail; Tue, 19 Feb 2019 07:29:44 -0800 (PST) X-Google-Smtp-Source: AHgI3IYWrFM72W2eqxXz4CZSaQ/tL6jrGaUmcY51mhf74nCmkUvr0UCBtmrQAUfUYpUlL2MFwBdf X-Received: by 2002:a19:7506:: with SMTP id y6mr1693874lfe.11.1550590184226; Tue, 19 Feb 2019 07:29:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550590184; cv=none; d=google.com; s=arc-20160816; b=KUxcP4R65aJVtv1W6ObIV2b8G+7YQnoIsRzAhiCug9Of7FEc2s/5ftwiQLGb2TzbYH joU9/6l1a2YVvAh+L+LZLnanoGUjNXSYtlr6Q1jr8Av8LVxJVLg1ZcjvLYCBE/IMGcxT wxSvvWT+63L6p9zK3kX/lbDgxQr3PqtrvOnoWisMGzJSpAQ2sb9xQP2Q3Mp4EZJw+Qqk 8TVi0qPQDZmUUSQW2Pv/aFeChLQ6fNFNzApxlkolWhWRH0KpwfkregNLuHT3D9Q8cqXT 32+rLiW3WS5xeuGpv7WgIV7eh7AvsuIt1+IhgrSjkylFUZZE42u7U1G3+yffElZJ0pTx 0TwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=5kWvPZx51jUdVSzL6IgtyVeiHiovSTuZqK2/eosz004=; b=MpLknjNrt05xeJIPJCnCsaePNiD0Vlr9Djx0hGjA3gh2GSrYzzABcVNIBTf1GwB760 rZ5LJsfOHpTJ+kRQGsQ2KvQFJOAXNO8vFTHjG6C9/K+JneCKWwIimM1utUE+EmBG9M5z kkWN65X7SrPrFNB4c5HZAs/xausrTHeRZ7Qq6OV6gU6vCl7HqA/UWBsGeJ2y1uMCAi72 iF+yaXzAYpPVK/W2xwPmwWSxGqiMyVNeNjww/m2Kl1B8w5nOOaPirg6yJR3W7Kuu5+16 beCy4upt6tvp5auP0A7imEh7RwIDGPi26GC3LtkFGi5M1/T3nJKkpQTrZ4s4rIZGPsX3 EURw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id v27si140728lje.0.2019.02.19.07.29.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Feb 2019 07:29:44 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x1JFTh8p016640 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 19 Feb 2019 16:29:43 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.68.200]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x1JFTh1x012200; Tue, 19 Feb 2019 16:29:43 +0100 Date: Tue, 19 Feb 2019 16:29:42 +0100 From: Henning Schild To: "[ext] Andreas Reichel" Cc: , "Maxim Yu. Osipov" Subject: Re: Additional debian repo with different pgp key Message-ID: <20190219162942.6bfb794b@md1za8fc.ad001.siemens.net> In-Reply-To: <20190215151608.GA5175@iiotirae> References: <20190215151608.GA5175@iiotirae> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: TpvVwN7UedZW On Fri, 15 Feb 2019 16:16:10 +0100 "[ext] Andreas Reichel" wrote: > Hi, > > I have a problem with using a separate docker repository together with > its key. > > As far as I understood it, I have to do the following: > > 1st, create a list file which mentions the docker repository: > > So I created a docker-stretch.list, where I have the line > > ---- > deb http://download.docker.com/linux/debian > stretch stable ---- > > This file is added via > > ---- > DISTRO_APT_SOURCES_append = " conf/distro/docker-stretch.list" > ---- > > which is working. > > Then I add the `docker-ce` package to `IMAGE_PREINSTALL` which does > not work because the package is untrusted. Therefore I have to import > the pgp key, which I should be able to do with > > 2nd: add the key to apt keys: > > ---- > DISTRO_APT_KEYS_append = " > https://download.docker.com/linux/debian/gpg;sha256sum=1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" > ---- > > However, then I get the following error: > > ---- > | DEBUG: Executing shell function do_generate_keyring > | gpg: WARNING: unsafe permissions on homedir '/build/build/downloads' > | gpg: keybox > '/build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg' > created | gpg: can't open > '/build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/linux/debian/gpg': > No such file or directory | gpg: Total number processed: 0 | WARNING: > exit code 2 from a shell command. > > ---- > > It seems, that the last part of the URL is appended to the working > directory. But the resulting directory does not exist. What is the > intended course of action for this standard scenario to use another > debian repo for image building? > > Last patch I saw on next was about local keys. But standard should be > remote keys with URI I think, because every repo that needs one should > provide one this way... am I wrong? Yes every repo we get from the internet most likely also has its key there. With the recent introduction of a file:// based signed repo there was a patch. What happens if you revert af983a13b, i guess that may have caused your issue. I think that is one of our hidden features that never had a test-case, and silently broke ... We need a testcase for adding an extra repo and installing stuff from it. Henning > vG > Andreas >