From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6658246660386193408
X-Received: by 2002:a5d:4a87:: with SMTP id o7mr863302wrq.18.1550666165749;
        Wed, 20 Feb 2019 04:36:05 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:6503:: with SMTP id z3ls773309wmb.2.canary-gmail; Wed,
 20 Feb 2019 04:36:05 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZQRjMta8aCkq6lV3+KDskvBFZan2RypRLtdoHCmBPCO60zbHTf+DdSTjVuZl5nmcYZEt2k
X-Received: by 2002:a05:600c:2110:: with SMTP id u16mr699969wml.11.1550666165322;
        Wed, 20 Feb 2019 04:36:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550666165; cv=none;
        d=google.com; s=arc-20160816;
        b=d0q3Pp0lNy56dQAKHWC6nrdGTAxql5o4TFVKRKGhTta078Z/vsDdSMEDwLnPk4pkMF
         C+y9NXkMlbmac0QoHO01CiwcmW9w6715/hvalgOzwcQxVZpnnO+pusq3Vz/UY5DaS3n6
         m3SZoJOxZt3COTjuamVtyJdyktStA0W2URMIF4upNAVq2PJAxcxXM3JcXZpEETlYKVMa
         pi4VqP+GFunljetOqTNXFPNeLAnHgINdQK14CZBFrby667BuGgf40ESM3wLAlKDsmXY8
         35VimSYL08IDGoyCE6fR8aGmshaoD5BVXGpWMAwjrhBSIz5qAVjEejMHJVXCVKnnOz5l
         IahA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date;
        bh=7rFhnLyme5dXdMdknr4Jt/Q5S1W6aNjPiBuQY/qlab0=;
        b=rU2Q4LhVbdNpFiiE8Yh2MONPgIFjYWMc2t7/BjN/iONT9v46SUDQKGm1RlOOzT4sHr
         mbqVl6x9eqdJV/zvaQCx7n9RaxAbyjinvdma5XeEL00Pg5b4/EjI1hRONqAG4LwtSZh3
         78SV1TgluSzrc4NXO1x8kDaZ3+u+b3LkATfeQWc43uz1B0vaBZWPcu2HpfWpSDPswFHm
         rV/qLczxBiPwXNFje9gVpB3h8WBJIZSA4KliVSM0iF2X15+reQR5yIWfEEFl3PYkx8PA
         1tR35+ep3vZzFQYFk4YcaKR8rzpKlBY3so6hzegUxJh9D6laFz0Yo8C7uS6IaFvXKdFi
         d9uA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com
Return-Path: <henning.schild@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id t2si891049wrn.3.2019.02.20.04.36.05
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 20 Feb 2019 04:36:05 -0800 (PST)
Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x1KCa4mD022035
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Wed, 20 Feb 2019 13:36:04 +0100
Received: from md1za8fc.ad001.siemens.net ([139.25.68.200])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x1KCa3vU003461;
	Wed, 20 Feb 2019 13:36:03 +0100
Date: Wed, 20 Feb 2019 13:36:03 +0100
From: Henning Schild <henning.schild@siemens.com>
To: "[ext] Andreas J. Reichel" <andreas.reichel.ext@siemens.com>
Cc: <isar-users@googlegroups.com>
Subject: Re: [PATCH 0/1] Fix remote key fetching apt keyring
Message-ID: <20190220133603.4017a04e@md1za8fc.ad001.siemens.net>
In-Reply-To: <20190220112133.23122-1-andreas.reichel.ext@siemens.com>
References: <20190219162942.6bfb794b@md1za8fc.ad001.siemens.net>
	<20190220112133.23122-1-andreas.reichel.ext@siemens.com>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-TUID: d1r1TaQZT8cy

On Wed, 20 Feb 2019 12:21:32 +0100
"[ext] Andreas J. Reichel" <andreas.reichel.ext@siemens.com> wrote:

> From: Andreas Reichel <andreas.reichel.ext@siemens.com>
> 
> Since my last mail was not answered, but this is an important topic,
> here is a patch that shows what the problem is.
> 
> If we fetch the user apt key from remote, we need the basename,
> if we fetch it locally we need the absolute path...
> 
> While this might not be the best way to fix this, it works as good
> as the rest of this code...
> 
> At least it fixes Isar again up to adding the key to the keyring.
> 
> But this still does not fix the next problem with the docker-ce key:
> 
> | I: Running command: debootstrap --arch arm64 --foreign --verbose
> --variant=minbase --include=locales
> --components=main,contrib,non-free
> --keyring /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg
> stretch /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/rootfs
> http://ftp.debian.org/debian | I: Retrieving InRelease | I:
> Retrieving Release | I: Retrieving Release.gpg | I: Checking Release
> signature | E: Release signed by unknown key (key id EF0F382A1A7B6500)
> 
> So something additionally must be done. Since I am not an expert on
> debian keyring/debootstrap and dpkg signing I will try to find a
> solution but maybe somebody has a good idea already?

A hack that will probably work is a recipe that fetches all the debs
with unpack=false and overrides do_build with true. You will have
many .debs in your WORKDIR and they will get into our repo as if you
built them ;). Now you can sign them with your own key, or forget about
signatures alltogether.

Henning

> Andreas Reichel (1):
>   Fix path to user gpg-keys
> 
>  meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>