From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6658246660386193408 X-Received: by 2002:a5d:5111:: with SMTP id s17mr915243wrt.13.1550662697245; Wed, 20 Feb 2019 03:38:17 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:ea4e:: with SMTP id j14ls15070wrn.8.gmail; Wed, 20 Feb 2019 03:38:16 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ0eQ8hzd/u1OrfhKHTC+xlVMHXbb124YZAGps42NuKmu2bBnRSsdu2fWcuF/iryMgiLpaq X-Received: by 2002:adf:9d22:: with SMTP id k34mr1839646wre.0.1550662696805; Wed, 20 Feb 2019 03:38:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550662696; cv=none; d=google.com; s=arc-20160816; b=Hg3u7ojHQJ9HiLxVYPCVVHJO/YXxB9Yz85TjaZdP2G8F0/kYkx/iO41UfnM5XKAAbB tNG43OGs18QyyhMvAuTXeQllIYh8W/DD5jY0oGoHO3eZqSOtIYijgGIrLREIiSXEPp3+ 02ZkzzrF59P/Lkh9+jAgCHIMh9SJlMsGuCAVYZc1Z8WUuGTPwLncGXCr+x6pJOzaWpfv QWFuAdRcbHVGUkcYDaCU2HTU46pa6krHnDhetOdOAN6fOpd63YwJiIchyrp8jKgeZsGQ /NKz67fcAGWov/e/6rxdGfNhNyCDGFDOro1l3iLVO/u2k4fJz9TSgFiRu2B2WhfEPKCQ 5nqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:content-description :mime-version:references:message-id:subject:cc:to:from:date; bh=Av+UWPBA7pin4N73Mfw7wPHRioyflFAYZPckKbPtjk0=; b=oqe3qOaQMRM6WHNDPxMeGgjVzPDC7UTdcg7ffYBQintMqWbi3sTzb2d11U36o1wvdy Likk/YeLsDyje+pZHa+j8Zn7V5Cf3HsWJSNXvBc7CG9xJyVkvdE0c0dgzyvBA84r5rve yprCKRdvJAtXECXQq6H4X8kHNAf+K61TdKudyayKX6DAUSa7EQxelExemtJr7sUOLjAi YNR3vJLD7yHtADhbyF9jzDfaBYaqjnCCdxCmZeeCKvLrruIXfLbl8leXo26Gas4fgIU5 jcOJRC5cHSDP5aVOWKSOZ2cIn7DS3Whc+OjU7GiXoK6oXsy44SVgyy77L5FnDI+b/a9U xlJA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id s124si181543wmf.0.2019.02.20.03.38.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Feb 2019 03:38:16 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id x1KBcG4q003487 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Feb 2019 12:38:16 +0100 Received: from iiotirae (golem.ppmd.siemens.net [139.25.69.17]) by mail1.sbs.de (8.15.2/8.15.2) with SMTP id x1KBcGPv022802; Wed, 20 Feb 2019 12:38:16 +0100 Date: Wed, 20 Feb 2019 12:36:44 +0100 From: Andreas Reichel To: Jan Kiszka Cc: isar-users@googlegroups.com, Baurzhan Ismagulov , Maksim Osipov Subject: Re: [PATCH 0/1] Fix remote key fetching apt keyring Message-ID: <20190220113644.GA29247@iiotirae> References: <20190219162942.6bfb794b@md1za8fc.ad001.siemens.net> <20190220112133.23122-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Description: message Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.3 (2019-02-01) X-TUID: F0nGXjiljkSJ On Wed, Feb 20, 2019 at 12:27:15PM +0100, Jan Kiszka wrote: > On 20.02.19 12:21, [ext] Andreas J. Reichel wrote: > > From: Andreas Reichel > > > > Since my last mail was not answered, but this is an important topic, > > here is a patch that shows what the problem is. > > > > If we fetch the user apt key from remote, we need the basename, > > if we fetch it locally we need the absolute path... > > > > While this might not be the best way to fix this, it works as good > > as the rest of this code... > > > > At least it fixes Isar again up to adding the key to the keyring. > > > > But this still does not fix the next problem with the docker-ce key: > > > > | I: Running command: debootstrap --arch arm64 --foreign --verbose --variant=minbase --include=locales --components=main,contrib,non-free --keyring /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg stretch /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/rootfs http://ftp.debian.org/debian > > | I: Retrieving InRelease > > | I: Retrieving Release > > | I: Retrieving Release.gpg > > | I: Checking Release signature > > | E: Release signed by unknown key (key id EF0F382A1A7B6500) > > > > So something additionally must be done. Since I am not an expert on > > debian keyring/debootstrap and dpkg signing I will try to find a > > solution but maybe somebody has a good idea already? > > > > Baurzhan, Maxim, any idea? > I foudn a solution, one has to trust the key manually: The following snippet can do this: gpg --keyring build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg --list-keys --with-colons | \ sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' | \ gpg --import-ownertrust --keyring build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg I will try and write a patch for this. Andreas > Jan > > -- > Siemens AG, Corporate Technology, CT RDA IOT SES-DE > Corporate Competence Center Embedded Linux -- Andreas Reichel Dipl.-Phys. (Univ.) Software Consultant Andreas.Reichel@tngtech.com, +49-174-3180074 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082