From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6665315485307895808
X-Received: by 2002:a1c:f107:: with SMTP id p7mr727748wmh.12.1551889694945;
        Wed, 06 Mar 2019 08:28:14 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:2356:: with SMTP id j83ls286935wmj.4.gmail; Wed, 06 Mar
 2019 08:28:14 -0800 (PST)
X-Google-Smtp-Source: APXvYqxNoN/cyD3F8EDNMhxGuerEcz7FpYEuLnhfPYs6SX2uFUAwCnOri7TgExp6txeIXAplSbhY
X-Received: by 2002:a1c:c00d:: with SMTP id q13mr761379wmf.5.1551889694508;
        Wed, 06 Mar 2019 08:28:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551889694; cv=none;
        d=google.com; s=arc-20160816;
        b=Fqabcneoz/kAaR0Iiw6k5p1zP67uDhDPhiaBEuVSE5pl7CapMQmB4Hivu/af0XnX8O
         oW2WoZlqYJJ8zrC4rVd4Eq7V4W9Ogjd61DZHp8rcJPBQDfSv0RsZ7nH97VbbTZQybAwL
         qvYdYxid3Z2mkQ0+TMLT6xDvHqjgBEQSaP5kWPMlHvHo5EKcGoaQXCJ2zzqqCDkIWBKM
         hAUUBz9snRBCa7jOUruGjpM0LR+4RWg6vp2Np6hasHHDGzqxwqW1KIW2NxpfBzq2HNC5
         zeJasspV09iZCoB0mZikIJs97ii0wotNj1g5ZU83WQTJnvQ3fyin8UfqQNqgGtB+FerW
         7c9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=+YcLHJKW09EM7xd2WXH/ZZsC9m3abyn13lrJpBKDlMQ=;
        b=ZbKFBY/uPdW88XuZS5/Fb30layIybAWLybrcjZX18WfpE4ts4nVaTZzYbOqwYq9wsn
         puAq4s8/aXa3W7az2C+davlOddTVIYGzGi4ue+aKIloHRBeuRnaXahhlVKoczusbv8OA
         x+7ZkbapQkuILqM6sQc6R1awsE20iDzikI+n4S5FMpIeRtkpA0XqxYhdK/H3RZr9l/M4
         YoK74uw8wSFCknEIBkIKlHP/rOPSY0LJDlQcylpiTUCDIGSOVYWTbLgl9JN35G9sA5LS
         mmTwy+v1PVSfIxTvmlMe8BpSjy/KPS+Trq4mTIMJmth/HdGXXOWhwEbSNP+vKo0Pzfur
         8HIA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com
Return-Path: <andreas.reichel.ext@siemens.com>
Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28])
        by gmr-mx.google.com with ESMTPS id 109si79150wrb.0.2019.03.06.08.28.14
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 06 Mar 2019 08:28:14 -0800 (PST)
Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com
Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14])
	by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x26GSEcc026083
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Wed, 6 Mar 2019 17:28:14 +0100
Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17])
	by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id x26GSDvH010079;
	Wed, 6 Mar 2019 17:28:14 +0100
From: "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>
To: isar-users@googlegroups.com
Cc: Andreas Reichel <andreas.reichel.ext@siemens.com>
Subject: [PATCH v3 6/6] If we use a custom keyring debootstrap may fall to https
Date: Wed,  6 Mar 2019 17:26:18 +0100
Message-Id: <20190306162619.826-7-andreas.reichel.ext@siemens.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190306162619.826-1-andreas.reichel.ext@siemens.com>
References: <20190306162619.826-1-andreas.reichel.ext@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: OYO6upsL2HbY

From: Andreas Reichel <andreas.reichel.ext@siemens.com>

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009

So if we have something in aptkeyring, append https-support to
OVERRIDES.

Furthermore, the conditional append for https-support was missing
in qemuamd64-stretch.conf, thus, remove this from all the distros
and put it into the isar-bootstrap.inc.

Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
 meta-isar/conf/multiconfig/qemuamd64-buster.conf    |  1 -
 meta-isar/conf/multiconfig/qemuamd64-jessie.conf    |  1 -
 meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 11 +++++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
index 63df75c..da90993 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
@@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35"
 QEMU_CPU ?= ""
 QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd"
 
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
index d1335ff..42c71df 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
@@ -15,4 +15,3 @@ QEMU_MACHINE ?= "pc"
 QEMU_CPU ?= ""
 QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE##"
 
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 8002a53..64cefc6 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -25,6 +25,7 @@ BASEAPTSRCS = "${WORKDIR}/base-apt-sources"
 APTKEYFILES = ""
 DEPLOY_ISAR_BOOTSTRAP ?= ""
 DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales gnupg2"
+DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
 
 DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org  file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }"
 
@@ -41,6 +42,12 @@ python () {
         if own_pub_key:
             aptkeys += own_pub_key.split()
 
+    if len(aptkeys) > 0:
+        # debootstrap falls back to https if there is no
+        # 'reliable' keyring, whatever that means, but it happened
+        # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009
+        d.setVar("HAVE_CUSTOM_APT_KEYS", "True")
+
     for key in aptkeys:
         d.appendVar("SRC_URI", " %s" % key)
         fetcher = bb.fetch2.Fetch([key], d)
@@ -150,6 +157,10 @@ def get_distro_have_https_source(d, is_host=False):
     return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host))
 
 def get_distro_needs_https_support(d, is_host=False):
+    apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False)
+    if apt_keys:
+        return "https-support"
+
     if get_distro_have_https_source(d, is_host):
         return "https-support"
     else:
-- 
2.21.0