From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6662700470316826624 X-Received: by 2002:a50:915d:: with SMTP id f29mr485321eda.12.1551280838721; Wed, 27 Feb 2019 07:20:38 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a50:a3e3:: with SMTP id t32ls593953edb.5.gmail; Wed, 27 Feb 2019 07:20:38 -0800 (PST) X-Google-Smtp-Source: AHgI3Ia40IXFkugmry9y0H6ICULGuSHiSl0ySCACU2vgLhqFiv2GlvibBdxPDlZkAL2/7+5HgIgT X-Received: by 2002:a50:8881:: with SMTP id d1mr494621edd.0.1551280838155; Wed, 27 Feb 2019 07:20:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551280838; cv=none; d=google.com; s=arc-20160816; b=zfSli3WZx0cJ2mdr3fT/t/MUEXBqpt9KcVPzabJXc3NRO4SschodaM50eIX3FEVD32 Tqo/ooIXY4a6WKvDpprCQkA/8jF8DsvQM9V+yIVR+jjm+z/StRJCicbSKIb/KUjiOHcF AZCuDtCv1i7TD8SUYvFrCzwKLtW+3OsBpWYf22IgRBRAkvyDib+CyPS8J585iPYrSqi2 TnTvJZKH2lpYp6FDv3YjZ5V+AEE+R0meN+PBeUrK3CMwlysO97/gTFzcpn0uJONUmquL rGSNTm7xbg5RFeFtRaMbSR2uAnoLel0cXAQfn1T1NTzudCzi0vLchnqprHkL2X/lS0i6 qkVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=kaNzhU86hq1c+YiEHGj0zj2F3/jZE4fTv8apl5RUu54=; b=MO371Ev6AAFWp1yiyEMPUK7B9HwpREAczW7uhQ9DlTn2Et8XKG6mHSlTPCcb6177U7 ZzpKzFqUyXyz3zOKHG6qhrJQSO0DPeqmgQHeCgZ8Rm9xyNOW/+FRLPpSIaxKE/1AQSiy 9noyLMltku8eVyvsGfvbE6f/9FOBkHjpz9IQjDb7VMHIhnZCZp6bQuNDW+Xf0yR/o/oy taV6kZ3Zoewp9h8yC0cQjYuyeMN9kFiAwA+jzs7/Y3Dj30Pu3qFB12BcgRkS2UGShx5T W+EXcgvSHFZNO6eb2sVMdmojNKkH/+oGE4EuqLdUtxmv5crR//LS+0/Q5/OfcTdeW6zG /ImA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id i16si175484ede.0.2019.02.27.07.20.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 07:20:38 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x1RFKb5f010137 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 27 Feb 2019 16:20:37 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x1RFKbHK000863; Wed, 27 Feb 2019 16:20:37 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v2 3/3] Separate apt-key entries from default keyring Date: Wed, 27 Feb 2019 16:18:56 +0100 Message-Id: <20190227151856.11594-4-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190227151856.11594-1-andreas.reichel.ext@siemens.com> References: <20190227151856.11594-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: OZhNZWDka6bB From: Andreas Reichel Per default, apt-key add adds keys to /etc/apt/trusted.gpg. However, when building without a container, we don't want to contaminate the host. Therefore, we specify a keyring file in /etc/apt/trusted.gpg.d directory named `isar.gpg`. This file can be deleted after the build. This is necessary because we don't want to specify single keyrings to debootstrap since we might need a mixture of several keyrings as per default and would have to find all needed keyrings on the system, export their keys and reimport into the build keyring, which is more complicated and unneeded this way. Signed-off-by: Andreas Reichel --- meta/classes/isar-bootstrap-helper.bbclass | 1 + meta/classes/isar-image.bbclass | 1 + meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb | 2 +- meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 2 +- 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass index 26abf62..769cbef 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ b/meta/classes/isar-bootstrap-helper.bbclass @@ -22,6 +22,7 @@ HOST_DISTRO ?= "debian-stretch" HOST_ARCH ?= "${@get_deb_host_arch()}" HOST_DISTRO_APT_SOURCES += "conf/distro/${HOST_DISTRO}.list" +ISARKEYRING = "/etc/apt/trusted.gpg.d/isar.gpg" def reverse_bb_array(d, varname): array = d.getVar(varname, True) diff --git a/meta/classes/isar-image.bbclass b/meta/classes/isar-image.bbclass index cdd1651..4a89bd7 100644 --- a/meta/classes/isar-image.bbclass +++ b/meta/classes/isar-image.bbclass @@ -82,6 +82,7 @@ isar_image_cleanup() { fi rm -f "${IMAGE_ROOTFS}/etc/apt/sources-list" ' + sudo rm -f "${ISARKEYRING}" } do_rootfs() { diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb index a793585..b70d2a8 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb @@ -11,8 +11,8 @@ WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}-${HOST_DISTRO}-${HOST_A DEPLOY_ISAR_BOOTSTRAP = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}" ISAR_BOOTSTRAP_LOCK = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}.lock" -require isar-bootstrap.inc inherit isar-bootstrap-helper +require isar-bootstrap.inc do_generate_keyring[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}" diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 2ef3b1e..4613732 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -179,7 +179,7 @@ do_generate_keyring() { chmod 777 "${APTKEYTMPDIR}" for keyfile in ${@d.getVar("APTKEYFILES", True)}; do cp "$keyfile" "${APTKEYTMPDIR}"/"$(basename "$keyfile")" - sudo apt-key add "$keyfile" + sudo apt-key --keyring "${ISARKEYRING}" add "$keyfile" done fi } -- 2.21.0