From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6665315485307895808
X-Received: by 2002:a05:600c:21c8:: with SMTP id x8mr1056968wmj.14.1551968710976;
        Thu, 07 Mar 2019 06:25:10 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a5d:4141:: with SMTP id c1ls1228851wrq.4.gmail; Thu, 07 Mar
 2019 06:25:10 -0800 (PST)
X-Google-Smtp-Source: APXvYqyW3x1j+hH6QkNOuH5gQzs/jpjfLziK0tEWEVikGxpWrBG2HEG03EHZ1PajyErzbdBvIbTn
X-Received: by 2002:a5d:4d87:: with SMTP id b7mr648308wru.21.1551968710508;
        Thu, 07 Mar 2019 06:25:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551968710; cv=none;
        d=google.com; s=arc-20160816;
        b=imEx6kBynmIaDQzneBVqe4uKEjC42R/nPuGwlaOcmMUmXLnRiFtN/5uXnQRhnFApvR
         oALWU+Fr30FBD7nMYs8/Ng+jN6hdR3kMvXWeYH06BTNDIYuGHqUjTV7qyhUzXm3OGS28
         usuysx3zfw84zozGp14BvEVNCIPcpNZf1Uu6yyWZvbo+mIF5Oe/0Zz1BcMOvc0E6k+KG
         pL4QLwhU1hK/JNGGKNaZoMbtJbYLCf0rbxEad9/P4syzcF4A+PX79ZEjaRyK8NxfsaC+
         w1cIEGwcgFiwr+wQ/0/IPXr+zykGw+NDEZmRJkt4TTN0AjRzy8eqcwQNECYKtPrLoFi3
         MO1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=/HF3ScZBruxGI35ZAr1yFDE9RQ6Y3Qt1522gMvWriu0=;
        b=pEF2frw42sy9b5QS5cSpxy2uzI9J1qR4ENvXP37S/1YFuUuSWPceFBuaWY6ilfVIo2
         Sej6/TFD2GuEm6xQ0aB9uIlPZQHXJdUg07+FmKP8Fzpp8Dl7pnLlOvBFVSM1x9uYVD93
         VYK0V9l1OCMA5xBilAjnnY2lIutyfBzyMaeck+3X05aiLagUjWYnQiq0d3i2K1Fs4K/1
         Sm5I9qqViD6WRjhijjPMhqrqvHJFgIQhxlpCxVR6UYof1Im/Ql4PH9gSM4gGWDKHP7cg
         Smr6Aku150t8U+r9fG64MHktCDCTB0KFP74hAMuO7sTKsXFlxBWWURsZW5LF4mLB5U+R
         wbrQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com
Return-Path: <andreas.reichel.ext@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id q192si283805wme.3.2019.03.07.06.25.10
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 07 Mar 2019 06:25:10 -0800 (PST)
Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x27EP9ps023587
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Thu, 7 Mar 2019 15:25:10 +0100
Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17])
	by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x27EP9RK020333;
	Thu, 7 Mar 2019 15:25:09 +0100
From: "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>
To: isar-users@googlegroups.com
Cc: Andreas Reichel <andreas.reichel.ext@siemens.com>
Subject: [PATCH v4 5/6] Use apt-key to generate apt-keyring
Date: Thu,  7 Mar 2019 15:23:03 +0100
Message-Id: <20190307142304.14508-6-andreas.reichel.ext@siemens.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190307142304.14508-1-andreas.reichel.ext@siemens.com>
References: <20190307142304.14508-1-andreas.reichel.ext@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: klEkuQbj10lf

From: Andreas Reichel <andreas.reichel.ext@siemens.com>

Use apt-key instead of manually calling gpg.

Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
 meta/classes/isar-bootstrap-helper.bbclass    |  2 ++
 meta/classes/isar-image.bbclass               |  1 +
 meta/conf/bitbake.conf                        |  1 +
 .../isar-bootstrap/isar-bootstrap.inc         | 32 +++++++++++++++----
 4 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
index d780b85..c5e39e9 100644
--- a/meta/classes/isar-bootstrap-helper.bbclass
+++ b/meta/classes/isar-bootstrap-helper.bbclass
@@ -119,6 +119,7 @@ setup_root_file_system() {
     export LANG=C
     export LANGUAGE=C
     export LC_ALL=C
+
     sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update \
         -o Dir::Etc::sourcelist="sources.list.d/isar-apt.list" \
         -o Dir::Etc::sourceparts="-" \
@@ -128,6 +129,7 @@ setup_root_file_system() {
         sudo -E chroot "$ROOTFSDIR" /usr/bin/dpkg --add-architecture ${DISTRO_ARCH}
         sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update
     fi
+    sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-key update
     sudo -E chroot "$ROOTFSDIR" \
         /usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES \
             ${IMAGE_TRANSIENT_PACKAGES}
diff --git a/meta/classes/isar-image.bbclass b/meta/classes/isar-image.bbclass
index cdd1651..4a89bd7 100644
--- a/meta/classes/isar-image.bbclass
+++ b/meta/classes/isar-image.bbclass
@@ -82,6 +82,7 @@ isar_image_cleanup() {
         fi
         rm -f "${IMAGE_ROOTFS}/etc/apt/sources-list"
     '
+    sudo rm -f "${ISARKEYRING}"
 }
 
 do_rootfs() {
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 0e521bb..769ec9a 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -62,6 +62,7 @@ DEBDISTRONAME = "isar"
 # Isar apt repository paths
 REPO_ISAR_DIR = "${DEPLOY_DIR}/isar-apt/apt"
 REPO_ISAR_DB_DIR = "${DEPLOY_DIR}/isar-apt/db"
+ISARKEYRING = "/etc/apt/trusted.gpg.d/isar.gpg"
 
 # Base apt repository paths
 REPO_BASE_DIR = "${DL_DIR}/base-apt/apt"
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index dbc3938..2fb5c5b 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -23,10 +23,9 @@ APTSRCS = "${WORKDIR}/apt-sources"
 APTSRCS_INIT = "${WORKDIR}/apt-sources-init"
 BASEAPTSRCS = "${WORKDIR}/base-apt-sources"
 APTKEYFILES = ""
-APTKEYRING = "${WORKDIR}/apt-keyring.gpg"
-DEBOOTSTRAP_KEYRING = ""
 DEPLOY_ISAR_BOOTSTRAP ?= ""
 DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
+DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2"
 
 DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org  file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }"
 
@@ -43,7 +42,6 @@ python () {
         if own_pub_key:
             aptkeys += own_pub_key.split()
 
-    d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
     for key in aptkeys:
         d.appendVar("SRC_URI", " %s" % key)
         fetcher = bb.fetch2.Fetch([key], d)
@@ -158,6 +156,14 @@ def get_distro_needs_https_support(d, is_host=False):
     else:
         return ""
 
+def get_distro_needs_gpg_support(d):
+    apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False)
+    if apt_keys:
+        return "gnupg"
+    return ""
+
+OVERRIDES_append = ":${@get_distro_needs_gpg_support(d)}"
+
 def get_distro_source(d, is_host):
     return get_distro_primary_source_entry(d, is_host)[0]
 
@@ -171,13 +177,17 @@ def get_distro_components_argument(d, is_host):
     else:
         return ""
 
+APTKEYTMPDIR := "${TMPDIR}/aptkeys"
+
+do_generate_keyring[cleandirs] = "${APTKEYTMPDIR}"
 do_generate_keyring[dirs] = "${DL_DIR}"
 do_generate_keyring[vardeps] += "DISTRO_APT_KEYS"
 do_generate_keyring() {
     if [ -n "${@d.getVar("APTKEYFILES", True) or ""}" ]; then
+        chmod 777 "${APTKEYTMPDIR}"
         for keyfile in ${@d.getVar("APTKEYFILES", True)}; do
-           gpg --no-default-keyring --keyring "${APTKEYRING}" \
-               --no-tty --homedir "${DL_DIR}"  --import "$keyfile"
+           cp "$keyfile" "${APTKEYTMPDIR}"/"$(basename "$keyfile")"
+           sudo apt-key --keyring "${ISARKEYRING}" add "$keyfile"
         done
     fi
 }
@@ -221,7 +231,6 @@ isar_bootstrap() {
             if [ ${IS_HOST} ]; then
                 ${DEBOOTSTRAP} $debootstrap_args \
                                ${@get_distro_components_argument(d, True)} \
-                               ${DEBOOTSTRAP_KEYRING} \
                                "${@get_distro_suite(d, True)}" \
                                "${ROOTFSDIR}" \
                                "${@get_distro_source(d, True)}"
@@ -230,7 +239,6 @@ isar_bootstrap() {
                  "${DEBOOTSTRAP}" $debootstrap_args \
                                   --arch="${DISTRO_ARCH}" \
                                   ${@get_distro_components_argument(d, False)} \
-                                  ${DEBOOTSTRAP_KEYRING} \
                                   "${@get_distro_suite(d, False)}" \
                                   "${ROOTFSDIR}" \
                                   "${@get_distro_source(d, False)}"
@@ -259,6 +267,16 @@ isar_bootstrap() {
             mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d"
             install -v -m644 "${WORKDIR}/isar-apt.conf" \
                              "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf"
+            if [ -d ${TMPDIR}/aptkeys ]; then
+                for keyfile in ${TMPDIR}/aptkeys/*
+                do
+                    kfn="$(basename $keyfile)"
+                    cp $keyfile "${ROOTFSDIR}/tmp/$kfn"
+                    sudo -E chroot "${ROOTFSDIR}" /usr/bin/apt-key \
+                       --keyring ${ISARKEYRING} add "/tmp/$kfn"
+                    rm "${ROOTFSDIR}/tmp/$kfn"
+                done
+            fi
 
             if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then
                 install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \
-- 
2.21.0