From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6662700470316826624 X-Received: by 2002:a50:aa70:: with SMTP id p45mr486703edc.6.1551280838405; Wed, 27 Feb 2019 07:20:38 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:348d:: with SMTP id g13ls465526ejb.3.gmail; Wed, 27 Feb 2019 07:20:38 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ0pBRr+e3Xpu54LCqGxBr7a1wxxTrvRlyE25ouiR518rGVL2inHqE+F/xBlz4Z7QMwc/BF X-Received: by 2002:a17:906:c9d2:: with SMTP id hk18mr97435ejb.5.1551280837985; Wed, 27 Feb 2019 07:20:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551280837; cv=none; d=google.com; s=arc-20160816; b=eJZ8EAjIbQrQWgXS4gM/t438UTh7AnmfSIa49qxIpj/glBFC6R8AQhNP2cW5wJLBmz i8tjGIWD0Ge2UGqzkN/JYrNNzma3W/AdXR839J5q6a6zXe9CtW/z1vq8EgbSJGLM4o3o ++2BWh94iatl+otQtHw1hK5sJi7lvL99ar6StFVHgp9cbF7Jhy22RLx0AqwKPlfCy73U GXB8lX7wgU//3A+M6JsU0eV7j3ZEyaqQEIBUjNzpoNNi+jxUfIhEws2KYImT/hATzq25 U7JODrznAFXgOBwia1m9rxbOViAlnf6EKv5jH/qfrPKGLWuk+b4QR6pYRN00G75GHidT Vjtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=ItwCbtP0Zud620sTGHik+iBJV3fQVc5pxkyGVCuUki0=; b=KZaRtSDhiGdjbZoka0xZWea50zTEQJXRA972lxiUbJyc62awidlKfDWMEE6GZZuMST XXvw1ne5R2kUz8OvWLrxOy6glc0mQZql35y61NIK1WgreTerMWGvfghRPzMmoL/kOaUt 6Vxs4i2Ilm0oe9mdQjze4Ovbvz0L/9KYVCchdf57LEcvlZG7O7OP2BcgTMxioxpYmARf czJbyulydzbLY3PJkv0PDWN/364CKZCPzJqvKsHAjb2gHPOy6X6Zvc0IYUDyMk/c+rl9 ui65ehN9o2akp6E+9yG9g4qlJt3xHphZPnCqEExaA6lv2X6yvUmZgUdiistFyQlFMnDj uYwA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id r37si439474edd.2.2019.02.27.07.20.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 07:20:37 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x1RFKadV016716 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 27 Feb 2019 16:20:37 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x1RFKbHI000863; Wed, 27 Feb 2019 16:20:37 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v2 1/3] Fix and simplify apt keyring generation Date: Wed, 27 Feb 2019 16:18:54 +0100 Message-Id: <20190227151856.11594-2-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190227151856.11594-1-andreas.reichel.ext@siemens.com> References: <20190227151856.11594-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: /jX6nuOK+jyc From: Andreas Reichel Different fetcher stored keys in different sub dirs, and we can never be sure about where downloaded files go. To avoid this without making any assumptions, we ask the fetcher where the file will be after it is downloaded. This way we also don't need to parse the URL manually. The code is simplified by removing duplicate code and using apt-key instead of manually calling gpg. Signed-off-by: Andreas Reichel --- meta/classes/isar-bootstrap-helper.bbclass | 11 ++++++ .../isar-bootstrap/isar-bootstrap.inc | 39 +++++++++---------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass index d780b85..b8c41f9 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ b/meta/classes/isar-bootstrap-helper.bbclass @@ -119,6 +119,16 @@ setup_root_file_system() { export LANG=C export LANGUAGE=C export LC_ALL=C + + if [ -d ${TMPDIR}/aptkeys ]; then + for keyfile in ${TMPDIR}/aptkeys/* + do + kfn="tmp/$(basename $keyfile)" + cp $keyfile "$ROOTFSDIR/$kfn" + sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-key add "/$kfn" + rm "$ROOTFSDIR/$kfn" + done + fi sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update \ -o Dir::Etc::sourcelist="sources.list.d/isar-apt.list" \ -o Dir::Etc::sourceparts="-" \ @@ -128,6 +138,7 @@ setup_root_file_system() { sudo -E chroot "$ROOTFSDIR" /usr/bin/dpkg --add-architecture ${DISTRO_ARCH} sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update fi + sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-key update sudo -E chroot "$ROOTFSDIR" \ /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES \ ${IMAGE_TRANSIENT_PACKAGES} diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 234d339..2ef3b1e 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -23,35 +23,30 @@ APTSRCS = "${WORKDIR}/apt-sources" APTSRCS_INIT = "${WORKDIR}/apt-sources-init" BASEAPTSRCS = "${WORKDIR}/base-apt-sources" APTKEYFILES = "" -APTKEYRING = "${WORKDIR}/apt-keyring.gpg" -DEBOOTSTRAP_KEYRING = "" DEPLOY_ISAR_BOOTSTRAP ?= "" -DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" +DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales gnupg2 apt-transport-https ca-certificates" DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }" inherit base-apt-helper python () { - from urllib.parse import urlparse distro_apt_keys = d.getVar("DISTRO_APT_KEYS", False) - wd = d.getVar("WORKDIR", True) + aptkeys = [] + if distro_apt_keys: - d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}") - for key in distro_apt_keys.split(): - url = urlparse(key) - filename = ''.join([wd, url.path]) - d.appendVar("SRC_URI", " %s" % key) - d.appendVar("APTKEYFILES", " %s" % filename) + aptkeys += distro_apt_keys.split() + if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')): own_pub_key = d.getVar("BASE_REPO_KEY", False) if own_pub_key: - d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}") - for key in own_pub_key.split(): - url = urlparse(key) - filename = ''.join([wd, url.path]) - d.appendVar("SRC_URI", " %s" % key) - d.appendVar("APTKEYFILES", " %s" % filename) + aptkeys += own_pub_keys.split() + + for key in aptkeys: + d.appendVar("SRC_URI", " %s" % key) + fetcher = bb.fetch2.Fetch([key], d) + filename = fetcher.localpath(key) + d.appendVar("APTKEYFILES", " %s" % filename) } def aggregate_files(d, file_list, file_out): @@ -174,13 +169,17 @@ def get_distro_components_argument(d, is_host): else: return "" +APTKEYTMPDIR := "${TMPDIR}/aptkeys" + +do_generate_keyring[cleandirs] = "${APTKEYTMPDIR}" do_generate_keyring[dirs] = "${DL_DIR}" do_generate_keyring[vardeps] += "DISTRO_APT_KEYS" do_generate_keyring() { if [ -n "${@d.getVar("APTKEYFILES", True) or ""}" ]; then + chmod 777 "${APTKEYTMPDIR}" for keyfile in ${@d.getVar("APTKEYFILES", True)}; do - gpg --no-default-keyring --keyring "${APTKEYRING}" \ - --no-tty --homedir "${DL_DIR}" --import "$keyfile" + cp "$keyfile" "${APTKEYTMPDIR}"/"$(basename "$keyfile")" + sudo apt-key add "$keyfile" done fi } @@ -222,7 +221,6 @@ isar_bootstrap() { if [ ${IS_HOST} ]; then ${DEBOOTSTRAP} $debootstrap_args \ ${@get_distro_components_argument(d, True)} \ - ${DEBOOTSTRAP_KEYRING} \ "${@get_distro_suite(d, True)}" \ "${ROOTFSDIR}" \ "${@get_distro_source(d, True)}" @@ -231,7 +229,6 @@ isar_bootstrap() { "${DEBOOTSTRAP}" $debootstrap_args \ --arch="${DISTRO_ARCH}" \ ${@get_distro_components_argument(d, False)} \ - ${DEBOOTSTRAP_KEYRING} \ "${@get_distro_suite(d, False)}" \ "${ROOTFSDIR}" \ "${@get_distro_source(d, False)}" -- 2.21.0