From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6665315485307895808 X-Received: by 2002:a1c:55c9:: with SMTP id j192mr688042wmb.21.1551889694587; Wed, 06 Mar 2019 08:28:14 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:4488:: with SMTP id j8ls564662wrq.1.gmail; Wed, 06 Mar 2019 08:28:14 -0800 (PST) X-Google-Smtp-Source: APXvYqyHfmFNejMalx+Ipo6VW+jNyhO/wZtCMc4tDw22OoktwU+RgbQ615Spp95bEf9T6R+D0sel X-Received: by 2002:adf:ebce:: with SMTP id v14mr327177wrn.20.1551889694178; Wed, 06 Mar 2019 08:28:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551889694; cv=none; d=google.com; s=arc-20160816; b=NrAZLBWQjrfSFWmgvXG3A0BHYVcLqyzexuCIgYN0tROrUJH2fT8gjxBFeaKXncoapg Nrwkk+9YzVCxXHsjmJ/ofOIxWOXThOBhsTqcPgyPLoGhZCKiEtc0pw6cDH2UkIGkk1ye Z72QfiruwaGPj2bcrLesAPU+HJvLf+dhpDRGAwXmayu++I2MmMTebreCJyImDyCaJ6dd sjkmV6PRie0To+OJBdlgf070+uulLE8UweB76T/2FptB6JVFEpGbFg7syYUuGYvHvx2V O7ABHDJs7PX8uVCClhhyNokaLPtI3uyMqJFZ3LSNEJBc63EUGvJqTr9x6o/2tn+SsHuR 9K8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=gcioLdgpjzsWHy8BOs8F9672U68URdfYzyy5d04dwG8=; b=0UXXtPp8q55oUgkZwErem3RL8rLo6bMNWLlBpt4z/5WPYciaVP1U+jUS0c0dnsqAMH K2QA/2mysappYlJ9NzLtCTITZ3Mb6Q8l6CsuPncWzTu9JqvdAANZfk7iXikU9wgMdO+s QDEvW3on3QOQ/PBKSFNOYh1BbMfSY8TPK8P2vGYB3xLp+16ZjpsWl8Nxqg12f8xAt5Sm br2rlOI031MHdeIR/XOjisLOfaw6YAzyszFMTjS7+ZHAyJTVgdNqhb5g87mTdbHoahVF ldcS6SnmHRqfOcvX5p14aWwmULACXJfWvbhaPX7BNxYgdq1a7f8/LYjNiay+CDCuDHh7 itfA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id f185si121353wme.1.2019.03.06.08.28.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Mar 2019 08:28:14 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x26GSDES002349 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 6 Mar 2019 17:28:13 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id x26GSDvB010079; Wed, 6 Mar 2019 17:28:13 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v3 0/6] Fixes usage of additional apt keys and repos Date: Wed, 6 Mar 2019 17:26:12 +0100 Message-Id: <20190306162619.826-1-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: Fu743FxHSOxt From: Andreas Reichel Diff to v2: * split patches in a clean way: * only install https-support and ca-certificates if we have provided a custom apt-key (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009) - use the existing override mechanism for this * first improve existing isar code before adding my own * don't include "tmp/" inside of $kfn What this series does: Enable the user to really ADD bootstrap repos and keys without replacing existing ones. The existing keyring is not replaced but keys are added to /ect/apt/trusted.gpg.d/isar.gpg instead, where debootstrap and any apt call can find it. Furthermore, the code to add keys is simplified by removing duplicate code and not manually parsing URIs and guessing about download locations as well as not manually handling gpg and giving apt config overrides. It is much simpler by using `apt-key` and default apt keyring paths. Furthermore, apt-get must not use a given single source list which was used from debootstrapping. Otherwise, additional packages are always unauthenticated, which is a quite misleading error. Instead, apt-get should use all source lists available in the built root. Signed-off-by: Andreas Reichel Andreas Reichel (6): Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Remove duplicate code from apt-keyring generation Fix key filename in apt-keyring generator Use apt-key to generate apt-keyring Use all source lists in target root apt If we use a custom keyring debootstrap may fall to https .../conf/multiconfig/qemuamd64-buster.conf | 1 - .../conf/multiconfig/qemuamd64-jessie.conf | 1 - meta/classes/isar-bootstrap-helper.bbclass | 17 +++++-- meta/classes/isar-image.bbclass | 1 + .../isar-bootstrap/isar-bootstrap-host.bb | 2 +- .../isar-bootstrap/isar-bootstrap.inc | 49 +++++++++++-------- 6 files changed, 43 insertions(+), 28 deletions(-) -- 2.21.0