From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6662306179908108288 X-Received: by 2002:a17:906:1959:: with SMTP id b25mr2606231eje.16.1551189036681; Tue, 26 Feb 2019 05:50:36 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:e2ca:: with SMTP id gr10ls3267187ejb.6.gmail; Tue, 26 Feb 2019 05:50:36 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ6JMvsE/vwq+0uZQE/o3MH8DFX3osHjEiz9Ee8ZAUXLXysRLgJTNCKEU1JQs4fhMF5HE8t X-Received: by 2002:a17:906:3744:: with SMTP id e4mr353880ejc.3.1551189036205; Tue, 26 Feb 2019 05:50:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551189036; cv=none; d=google.com; s=arc-20160816; b=PeUVwLyL4vbepC91bdg/0dhnqE3oDd8HzMHYHgOx0kwe0jUxBSRBu1HP2jkQVjOJBA n/hekNjlNBpBHNv1glH6a6ZPTrBxPSmzH4TnkKirqMsarpFFdqnRD6oHPkT9HwTuQGn8 GrRAeV5Tl5LdGQULNP75/NS64+sQ71TfcjD/rNqiP4A6aeNBH+GA9inyBgkpYXdSj5Lx H1Kpi7S9Zwe4FuMRsONSOHHD4DWMQcpYa5PsvSANDbMVJWTRIm4tI3+R5cNzuLWRhHDU 3JoyVb1uTY7oEICeiCK5XGHncOts0BC224NKssn54SSX4WEo7cUUruksXRhJdJuRSbdK iBkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=geThLImxSniqEqXKN+kUESAlk/PvWF6tW57zhM3iOhA=; b=eTqj1jl6Q2k1d+1bFWczvCRbI2qTg/YC/fmHWKws9AH8x2EGcCZZ54tyesNhabP+S7 SfhKapOBR997/fESgZCHyf9LEY6u+SDpD0neP4Z1MNbSaVtDqL3AzKc0gceh9PTQeHEk Y1rTW48wXUKxEukJeG6I5Ep4gmCkCHVBTUO+PB+eQa20CMVMF9xQnRqvPzF5mobVzBrI rsOW+q/OCNbYqnhliXwSKaJfsrKbDcy/FESnDDKYF58FHS/QzHKGUOsOZWBqgXyyvn8m E+PIrnFUaO39OxpXP1oP42U0g1NfzIRY+bNaqqMfloWByvmsO8+yQUIPSBoQwmC0r0aA MXug== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id q1si615536edd.5.2019.02.26.05.50.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Feb 2019 05:50:36 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x1QDoZoS026131 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 26 Feb 2019 14:50:35 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x1QDoZd8003394; Tue, 26 Feb 2019 14:50:35 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [RFC v1 2/3] Refactor gpg code to use apt code Date: Tue, 26 Feb 2019 14:48:43 +0100 Message-Id: <20190226134844.8632-3-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190226134844.8632-1-andreas.reichel.ext@siemens.com> References: <20190226134844.8632-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: p/Ovfrmb0oFH From: Andreas Reichel Don't manually move around keys and keyrings, use `apt-key` to do so Signed-off-by: Andreas Reichel --- meta/classes/isar-bootstrap-helper.bbclass | 9 +++++++++ .../isar-bootstrap/isar-bootstrap.inc | 17 +++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass index d780b85..df6fbee 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ b/meta/classes/isar-bootstrap-helper.bbclass @@ -119,6 +119,14 @@ setup_root_file_system() { export LANG=C export LANGUAGE=C export LC_ALL=C + + if [ -d ${TMPDIR}/aptkeys ]; then + for keyfile in ${TMPDIR}/aptkeys/* + do + cp $keyfile "$ROOTFSDIR"/tmp/$(basename $keyfile) + sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-key add /tmp/$(basename $keyfile) + done + fi sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update \ -o Dir::Etc::sourcelist="sources.list.d/isar-apt.list" \ -o Dir::Etc::sourceparts="-" \ @@ -128,6 +136,7 @@ setup_root_file_system() { sudo -E chroot "$ROOTFSDIR" /usr/bin/dpkg --add-architecture ${DISTRO_ARCH} sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update fi + sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-key update sudo -E chroot "$ROOTFSDIR" \ /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES \ ${IMAGE_TRANSIENT_PACKAGES} diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 25133be..60bd061 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -23,10 +23,8 @@ APTSRCS = "${WORKDIR}/apt-sources" APTSRCS_INIT = "${WORKDIR}/apt-sources-init" BASEAPTSRCS = "${WORKDIR}/base-apt-sources" APTKEYFILES = "" -APTKEYRING = "${WORKDIR}/apt-keyring.gpg" -DEBOOTSTRAP_KEYRING = "" DEPLOY_ISAR_BOOTSTRAP ?= "" -DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" +DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales gnupg2 apt-transport-https ca-certificates" DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }" @@ -37,7 +35,6 @@ python () { distro_apt_keys = d.getVar("DISTRO_APT_KEYS", False) wd = d.getVar("WORKDIR", True) if distro_apt_keys: - d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}") for key in distro_apt_keys.split(): url = urlparse(key) if "https://" in key or "http://" in key: @@ -49,7 +46,6 @@ python () { if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')): own_pub_key = d.getVar("BASE_REPO_KEY", False) if own_pub_key: - d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}") for key in own_pub_key.split(): url = urlparse(key) filename = ''.join([wd, url.path]) @@ -181,9 +177,12 @@ do_generate_keyring[dirs] = "${DL_DIR}" do_generate_keyring[vardeps] += "DISTRO_APT_KEYS" do_generate_keyring() { if [ -n "${@d.getVar("APTKEYFILES", True) or ""}" ]; then + APTKEYTMPDIR="${TMPDIR}"/aptkeys + [ -d "${APTKEYTMPDIR}" ] || { mkdir -p "${APTKEYTMPDIR}"; \ + chmod 777 "${APTKEYTMPDIR}"; } for keyfile in ${@d.getVar("APTKEYFILES", True)}; do - gpg --no-default-keyring --keyring "${APTKEYRING}" \ - --no-tty --homedir "${DL_DIR}" --import "$keyfile" + cp "$keyfile" "${APTKEYTMPDIR}"/"$(basename "$keyfile")" + sudo apt-key add "$keyfile" done fi } @@ -225,7 +224,6 @@ isar_bootstrap() { if [ ${IS_HOST} ]; then ${DEBOOTSTRAP} $debootstrap_args \ ${@get_distro_components_argument(d, True)} \ - ${DEBOOTSTRAP_KEYRING} \ "${@get_distro_suite(d, True)}" \ "${ROOTFSDIR}" \ "${@get_distro_source(d, True)}" @@ -234,7 +232,6 @@ isar_bootstrap() { "${DEBOOTSTRAP}" $debootstrap_args \ --arch="${DISTRO_ARCH}" \ ${@get_distro_components_argument(d, False)} \ - ${DEBOOTSTRAP_KEYRING} \ "${@get_distro_suite(d, False)}" \ "${ROOTFSDIR}" \ "${@get_distro_source(d, False)}" @@ -248,7 +245,7 @@ isar_bootstrap() { if [ "${ISAR_USE_CACHED_BASE_REPO}" = "1" ]; then sed -e "s#{BASE_DISTRO}#"${BASE_DISTRO}"#g" \ -e "s#{BASE_DISTRO_CODENAME}#"${BASE_DISTRO_CODENAME}"#g" \ - -i ${BASEAPTSRCS} + -i ${BASEAPTSRCS} mkdir -p ${ROOTFSDIR}/base-apt sudo mount --bind ${REPO_BASE_DIR} ${ROOTFSDIR}/base-apt install -v -m644 "${BASEAPTSRCS}" \ -- 2.20.1