From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6665315485307895808 X-Received: by 2002:a2e:5c88:: with SMTP id q130mr674566ljb.2.1551968713800; Thu, 07 Mar 2019 06:25:13 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac2:550a:: with SMTP id j10ls100404lfk.8.gmail; Thu, 07 Mar 2019 06:25:13 -0800 (PST) X-Google-Smtp-Source: APXvYqzGwTKg3EZ3OAaaIRf81H0pa5reITWJ19HJ38Sr9CMxU+no6kDpJbYC58eYsTvnGDYIrq79 X-Received: by 2002:ac2:4207:: with SMTP id y7mr830549lfh.7.1551968713279; Thu, 07 Mar 2019 06:25:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551968713; cv=none; d=google.com; s=arc-20160816; b=AYS56C5LyOpbbYxLFXPDiNkIt5xWf7hQrugGzXELg72xctcz1Wow9ynqzwp45TZzCr YjqYyZDMZoSLhsLDzSWiz/XMnTkH7DrQXshTVap9JKEHuFc0ArHiDFXr4J+sJEkvb6EI Piq8ztKDfo+dJ962jJxyhUh82qFCBbyUxBeAGdBYiXVLvjBZHO/OUa9BJr7mOxwtaijN VnohrO3KR3OTDqAfNrVSsCc8RHWtWJvQI1HRqXNnVHkWSLo9HkLftySul+3cNgyJcuwW ANlJiTrKuDElLMsjbZMoR98ITfBdj8Nik7uOVMDzL0EkfNDsMIiMJ8OrC4LVi+476+3Q nJXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=+0b/9qBUsO4o4mDzCJleg8714xJoyvSpunDxCEUnOR8=; b=fkiH2wXqbcCxoirOL4bObSDfX0oQqxWerCCQIAWqAZbmswapav0YPLT/zJstJgDWIE 5JUfsEVtSraD74MT92zB5Ev4sz8WV7E2zYeDECunyHVlY+3zbMt3n4/f6daf7pclVp1I fHn3MCH3b/YBc8cGjYa42DZjV8/IEXoNuNYZQK7QPAKR3jaTroq1dJOfbG9qgCJNsdR0 kbvbpy89G6Bw5+agS/uszx9egvlb+zgOICnx0UMhfldvz+VWQPdtG9hddI8jcPrJEH5b oNFkDOTOSQzAlIFv1/u4NHfbUD+hyipRYIYzBn3KxRUkeTcpKJzup6EaHObxSljjMO5y vVWQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id n21si225042lfl.2.2019.03.07.06.25.13 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Mar 2019 06:25:13 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x27EPABq007560 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 7 Mar 2019 15:25:10 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x27EP9RL020333; Thu, 7 Mar 2019 15:25:09 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v4 6/6] If we use a custom keyring debootstrap may fall to https Date: Thu, 7 Mar 2019 15:23:04 +0100 Message-Id: <20190307142304.14508-7-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190307142304.14508-1-andreas.reichel.ext@siemens.com> References: <20190307142304.14508-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: QU5tE1bVdAbt From: Andreas Reichel See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 So if we have something in aptkeyring, append https-support to OVERRIDES. Furthermore, the conditional append for https-support was missing in qemuamd64-stretch.conf, thus, remove this from all the distros and put it into the isar-bootstrap.inc. Furthermore, packages are comma-, not space-separated. Signed-off-by: Andreas Reichel --- meta-isar/conf/multiconfig/qemuamd64-buster.conf | 1 - meta-isar/conf/multiconfig/qemuamd64-jessie.conf | 1 - meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 11 +++++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf index 63df75c..da90993 100644 --- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf +++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf @@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35" QEMU_CPU ?= "" QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates" diff --git a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf index d1335ff..42c71df 100644 --- a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf +++ b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf @@ -15,4 +15,3 @@ QEMU_MACHINE ?= "pc" QEMU_CPU ?= "" QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE##" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates" diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 2fb5c5b..4c10633 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -26,6 +26,7 @@ APTKEYFILES = "" DEPLOY_ISAR_BOOTSTRAP ?= "" DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2" +DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates" DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }" @@ -42,6 +43,12 @@ python () { if own_pub_key: aptkeys += own_pub_key.split() + if len(aptkeys) > 0: + # debootstrap falls back to https if there is no + # 'reliable' keyring, whatever that means, but it happened + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 + d.setVar("HAVE_CUSTOM_APT_KEYS", "True") + for key in aptkeys: d.appendVar("SRC_URI", " %s" % key) fetcher = bb.fetch2.Fetch([key], d) @@ -151,6 +158,10 @@ def get_distro_have_https_source(d, is_host=False): return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host)) def get_distro_needs_https_support(d, is_host=False): + apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False) + if apt_keys: + return "https-support" + if get_distro_have_https_source(d, is_host): return "https-support" else: -- 2.21.0