* [PATCH v5 0/5] Fix usage of additional apt keys and repos
@ 2019-03-18 13:31 Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 1/5] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
` (6 more replies)
0 siblings, 7 replies; 10+ messages in thread
From: Andreas J. Reichel @ 2019-03-18 13:31 UTC (permalink / raw)
To: isar-users; +Cc: Andreas Reichel
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
Diff to v4:
* don't remove keyring deployed to target rootfs
so that one can do updates later
* keys are temporarily held in WORKDIR/aptkeys, not
TMPDIR/aptkeys
* variable renamed from APTKEYTMPDIR to APT_KEYS_DIR
Unchanged with reason:
* function for retreiving override for https is unchanged,
since renaming this to one global function
"get_distro_overrides" is better done in a separate patch.
This patch should concentrate on getting things finally
working, before changing too much code that is more or less
a beautification.
* (Other comments on mailing list)
* HAVE_CUSTOM_APT_KEYS is used in patch 4, but introduced in
patch 5, which is okay here, because we check if it exists...
What this series does:
* Enable/fix possibility of additional apt repos
* Enable/fix handling of additional apt keys
* Deduplicate some code
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
Andreas Reichel (5):
Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
Remove duplicate code from apt-keyring generation
Fix fetched key location in apt-keyring generator
Use apt-key to generate apt-keyring
If we use a custom keyring debootstrap may fall to https
.../conf/multiconfig/qemuamd64-buster.conf | 1 -
.../conf/multiconfig/qemuamd64-jessie.conf | 1 -
meta/classes/isar-bootstrap-helper.bbclass | 2 +
meta/conf/bitbake.conf | 1 +
.../isar-bootstrap/isar-bootstrap.inc | 62 +++++++++++++------
5 files changed, 47 insertions(+), 20 deletions(-)
--
2.21.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v5 1/5] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
@ 2019-03-18 13:32 ` Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 2/5] Remove duplicate code from apt-keyring generation Andreas J. Reichel
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Andreas J. Reichel @ 2019-03-18 13:32 UTC (permalink / raw)
To: isar-users; +Cc: Andreas Reichel
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
This reverts commit af983a13b6f4cee5d4af5e5cf6318231e02775c9.
This commit broke usage of remote keys, where they usually come from.
If fetching "http://example.com/dir1/dir2/key", the file is fetched
into the subdir WORKDIR/dir1/dir2/, which breaks with this code.
However it succeeds with absolute paths.
We do not want to guess where the downloaded file will be. This does
not work anymore if the key is downloaded from remote with a URL.
Furthermore, a user could specify "subdir" as fetcher parameter
or other things, which break this.
This is really fixed in a follow-up commit.
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index c1b571a..2910eea 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -40,8 +40,9 @@ python () {
d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
for key in distro_apt_keys.split():
url = urlparse(key)
- d.appendVar("SRC_URI", " " + key)
- d.appendVar("APTKEYFILES", " " + wd + url.path)
+ filename = os.path.basename(url.path)
+ d.appendVar("SRC_URI", " %s" % key)
+ d.appendVar("APTKEYFILES", " %s" % filename)
if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')):
own_pub_key = d.getVar("BASE_REPO_KEY", False)
if own_pub_key:
--
2.21.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v5 2/5] Remove duplicate code from apt-keyring generation
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 1/5] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
@ 2019-03-18 13:32 ` Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 3/5] Fix fetched key location in apt-keyring generator Andreas J. Reichel
` (4 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Andreas J. Reichel @ 2019-03-18 13:32 UTC (permalink / raw)
To: isar-users; +Cc: Andreas Reichel
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
.../isar-bootstrap/isar-bootstrap.inc | 23 +++++++++----------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 2910eea..4526aa7 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -35,22 +35,21 @@ inherit base-apt-helper
python () {
from urllib.parse import urlparse
distro_apt_keys = d.getVar("DISTRO_APT_KEYS", False)
- wd = d.getVar("WORKDIR", True)
+ aptkeys = []
+
if distro_apt_keys:
- d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
- for key in distro_apt_keys.split():
- url = urlparse(key)
- filename = os.path.basename(url.path)
- d.appendVar("SRC_URI", " %s" % key)
- d.appendVar("APTKEYFILES", " %s" % filename)
+ aptkeys += distro_apt_keys.split()
if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')):
own_pub_key = d.getVar("BASE_REPO_KEY", False)
if own_pub_key:
- d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
- for key in own_pub_key.split():
- url = urlparse(key)
- d.appendVar("SRC_URI", " " + key)
- d.appendVar("APTKEYFILES", " " + wd + url.path)
+ aptkeys += own_pub_key.split()
+
+ d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
+ for key in aptkeys:
+ url = urlparse(key)
+ filename = os.path.basename(url.path)
+ d.appendVar("SRC_URI", " %s" % key)
+ d.appendVar("APTKEYFILES", " %s" % filename)
}
def aggregate_files(d, file_list, file_out):
--
2.21.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v5 3/5] Fix fetched key location in apt-keyring generator
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 1/5] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 2/5] Remove duplicate code from apt-keyring generation Andreas J. Reichel
@ 2019-03-18 13:32 ` Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 4/5] Use apt-key to generate apt-keyring Andreas J. Reichel
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Andreas J. Reichel @ 2019-03-18 13:32 UTC (permalink / raw)
To: isar-users; +Cc: Andreas Reichel
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
Use bb.fetch2.Fetch to retrieve the final filename after it is
downloaded. This way we don't have to guess (wrongly), and also
additional SRC_URI parameters like subdir or filename are usable now.
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 4526aa7..1f8f178 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -33,7 +33,6 @@ DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BA
inherit base-apt-helper
python () {
- from urllib.parse import urlparse
distro_apt_keys = d.getVar("DISTRO_APT_KEYS", False)
aptkeys = []
@@ -46,9 +45,9 @@ python () {
d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
for key in aptkeys:
- url = urlparse(key)
- filename = os.path.basename(url.path)
d.appendVar("SRC_URI", " %s" % key)
+ fetcher = bb.fetch2.Fetch([key], d)
+ filename = fetcher.localpath(key)
d.appendVar("APTKEYFILES", " %s" % filename)
}
--
2.21.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v5 4/5] Use apt-key to generate apt-keyring
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
` (2 preceding siblings ...)
2019-03-18 13:32 ` [PATCH v5 3/5] Fix fetched key location in apt-keyring generator Andreas J. Reichel
@ 2019-03-18 13:32 ` Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 5/5] If we use a custom keyring debootstrap may fall to https Andreas J. Reichel
` (2 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Andreas J. Reichel @ 2019-03-18 13:32 UTC (permalink / raw)
To: isar-users; +Cc: Andreas Reichel
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
Use apt-key instead of manually calling gpg.
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
meta/classes/isar-bootstrap-helper.bbclass | 2 ++
meta/conf/bitbake.conf | 1 +
.../isar-bootstrap/isar-bootstrap.inc | 30 ++++++++++++++-----
3 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
index 38d90fb..d80d941 100644
--- a/meta/classes/isar-bootstrap-helper.bbclass
+++ b/meta/classes/isar-bootstrap-helper.bbclass
@@ -117,6 +117,7 @@ setup_root_file_system() {
export LANG=C
export LANGUAGE=C
export LC_ALL=C
+
sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update \
-o Dir::Etc::sourcelist="sources.list.d/isar-apt.list" \
-o Dir::Etc::sourceparts="-" \
@@ -126,6 +127,7 @@ setup_root_file_system() {
sudo -E chroot "$ROOTFSDIR" /usr/bin/dpkg --add-architecture ${DISTRO_ARCH}
sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-get update
fi
+ sudo -E chroot "$ROOTFSDIR" /usr/bin/apt-key update
sudo -E chroot "$ROOTFSDIR" \
/usr/bin/apt-get ${APT_ARGS} --download-only $PACKAGES \
${IMAGE_TRANSIENT_PACKAGES}
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 0e521bb..769ec9a 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -62,6 +62,7 @@ DEBDISTRONAME = "isar"
# Isar apt repository paths
REPO_ISAR_DIR = "${DEPLOY_DIR}/isar-apt/apt"
REPO_ISAR_DB_DIR = "${DEPLOY_DIR}/isar-apt/db"
+ISARKEYRING = "/etc/apt/trusted.gpg.d/isar.gpg"
# Base apt repository paths
REPO_BASE_DIR = "${DL_DIR}/base-apt/apt"
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 1f8f178..f4d8a9b 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -23,10 +23,9 @@ APTSRCS = "${WORKDIR}/apt-sources"
APTSRCS_INIT = "${WORKDIR}/apt-sources-init"
BASEAPTSRCS = "${WORKDIR}/base-apt-sources"
APTKEYFILES = ""
-APTKEYRING = "${WORKDIR}/apt-keyring.gpg"
-DEBOOTSTRAP_KEYRING = ""
DEPLOY_ISAR_BOOTSTRAP ?= ""
DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
+DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2"
DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }"
@@ -43,7 +42,6 @@ python () {
if own_pub_key:
aptkeys += own_pub_key.split()
- d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}")
for key in aptkeys:
d.appendVar("SRC_URI", " %s" % key)
fetcher = bb.fetch2.Fetch([key], d)
@@ -158,6 +156,14 @@ def get_distro_needs_https_support(d, is_host=False):
else:
return ""
+def get_distro_needs_gpg_support(d):
+ apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False)
+ if apt_keys:
+ return "gnupg"
+ return ""
+
+OVERRIDES_append = ":${@get_distro_needs_gpg_support(d)}"
+
def get_distro_source(d, is_host):
return get_distro_primary_source_entry(d, is_host)[0]
@@ -171,13 +177,17 @@ def get_distro_components_argument(d, is_host):
else:
return ""
+APT_KEYS_DIR := "${WORKDIR}/aptkeys"
+
+do_generate_keyring[cleandirs] = "${APT_KEYS_DIR}"
do_generate_keyring[dirs] = "${DL_DIR}"
do_generate_keyring[vardeps] += "DISTRO_APT_KEYS"
do_generate_keyring() {
if [ -n "${@d.getVar("APTKEYFILES", True) or ""}" ]; then
+ chmod 777 "${APT_KEYS_DIR}"
for keyfile in ${@d.getVar("APTKEYFILES", True)}; do
- gpg --no-default-keyring --keyring "${APTKEYRING}" \
- --no-tty --homedir "${DL_DIR}" --import "$keyfile"
+ cp "$keyfile" "${APT_KEYS_DIR}"/"$(basename "$keyfile")"
+ sudo apt-key --keyring "${ISARKEYRING}" add "$keyfile"
done
fi
}
@@ -221,7 +231,6 @@ isar_bootstrap() {
if [ ${IS_HOST} ]; then
${DEBOOTSTRAP} $debootstrap_args \
${@get_distro_components_argument(d, True)} \
- ${DEBOOTSTRAP_KEYRING} \
"${@get_distro_suite(d, True)}" \
"${ROOTFSDIR}" \
"${@get_distro_source(d, True)}"
@@ -230,7 +239,6 @@ isar_bootstrap() {
"${DEBOOTSTRAP}" $debootstrap_args \
--arch="${DISTRO_ARCH}" \
${@get_distro_components_argument(d, False)} \
- ${DEBOOTSTRAP_KEYRING} \
"${@get_distro_suite(d, False)}" \
"${ROOTFSDIR}" \
"${@get_distro_source(d, False)}"
@@ -259,6 +267,14 @@ isar_bootstrap() {
mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d"
install -v -m644 "${WORKDIR}/isar-apt.conf" \
"${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf"
+ for keyfile in ${APT_KEYS_DIR}/*
+ do
+ kfn="$(basename $keyfile)"
+ cp $keyfile "${ROOTFSDIR}/tmp/$kfn"
+ sudo -E chroot "${ROOTFSDIR}" /usr/bin/apt-key \
+ --keyring ${ISARKEYRING} add "/tmp/$kfn"
+ rm "${ROOTFSDIR}/tmp/$kfn"
+ done
if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then
install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \
--
2.21.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v5 5/5] If we use a custom keyring debootstrap may fall to https
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
` (3 preceding siblings ...)
2019-03-18 13:32 ` [PATCH v5 4/5] Use apt-key to generate apt-keyring Andreas J. Reichel
@ 2019-03-18 13:32 ` Andreas J. Reichel
2019-03-18 13:47 ` [PATCH v5 0/5] Fix usage of additional apt keys and repos Claudius Heine
2019-03-18 15:13 ` Maxim Yu. Osipov
6 siblings, 0 replies; 10+ messages in thread
From: Andreas J. Reichel @ 2019-03-18 13:32 UTC (permalink / raw)
To: isar-users; +Cc: Andreas Reichel
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009
So if we have something in aptkeyring, append https-support to
OVERRIDES.
Furthermore, the conditional append for https-support was missing
in qemuamd64-stretch.conf, thus, remove this from all the distros
and put it into the isar-bootstrap.inc.
Furthermore, packages are comma-, not space-separated.
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
meta-isar/conf/multiconfig/qemuamd64-buster.conf | 1 -
meta-isar/conf/multiconfig/qemuamd64-jessie.conf | 1 -
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 11 +++++++++++
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
index 63df75c..da90993 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
@@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35"
QEMU_CPU ?= ""
QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd"
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
index d1335ff..42c71df 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
@@ -15,4 +15,3 @@ QEMU_MACHINE ?= "pc"
QEMU_CPU ?= ""
QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE##"
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index f4d8a9b..d073313 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -26,6 +26,7 @@ APTKEYFILES = ""
DEPLOY_ISAR_BOOTSTRAP ?= ""
DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2"
+DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates"
DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }"
@@ -42,6 +43,12 @@ python () {
if own_pub_key:
aptkeys += own_pub_key.split()
+ if len(aptkeys) > 0:
+ # debootstrap falls back to https if there is no
+ # 'reliable' keyring, whatever that means, but it happened
+ # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009
+ d.setVar("HAVE_CUSTOM_APT_KEYS", "True")
+
for key in aptkeys:
d.appendVar("SRC_URI", " %s" % key)
fetcher = bb.fetch2.Fetch([key], d)
@@ -151,6 +158,10 @@ def get_distro_have_https_source(d, is_host=False):
return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host))
def get_distro_needs_https_support(d, is_host=False):
+ apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False)
+ if apt_keys:
+ return "https-support"
+
if get_distro_have_https_source(d, is_host):
return "https-support"
else:
--
2.21.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v5 0/5] Fix usage of additional apt keys and repos
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
` (4 preceding siblings ...)
2019-03-18 13:32 ` [PATCH v5 5/5] If we use a custom keyring debootstrap may fall to https Andreas J. Reichel
@ 2019-03-18 13:47 ` Claudius Heine
2019-03-18 15:13 ` Maxim Yu. Osipov
6 siblings, 0 replies; 10+ messages in thread
From: Claudius Heine @ 2019-03-18 13:47 UTC (permalink / raw)
To: [ext] Andreas J. Reichel, isar-users
Hi Andi,
On Mon, 2019-03-18 at 14:31 +0100, [ext] Andreas J. Reichel wrote:
> From: Andreas Reichel <andreas.reichel.ext@siemens.com>
>
> Diff to v4:
> * don't remove keyring deployed to target rootfs
> so that one can do updates later
> * keys are temporarily held in WORKDIR/aptkeys, not
> TMPDIR/aptkeys
> * variable renamed from APTKEYTMPDIR to APT_KEYS_DIR
>
> Unchanged with reason:
> * function for retreiving override for https is unchanged,
> since renaming this to one global function
> "get_distro_overrides" is better done in a separate patch.
> This patch should concentrate on getting things finally
> working, before changing too much code that is more or less
> a beautification.
> * (Other comments on mailing list)
> * HAVE_CUSTOM_APT_KEYS is used in patch 4, but introduced in
> patch 5, which is okay here, because we check if it exists...
>
> What this series does:
> * Enable/fix possibility of additional apt repos
> * Enable/fix handling of additional apt keys
> * Deduplicate some code
LGTM
>
> Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
Acked-by: Claudius Heine <ch@denx.de>
>
> Andreas Reichel (5):
> Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
> Remove duplicate code from apt-keyring generation
> Fix fetched key location in apt-keyring generator
> Use apt-key to generate apt-keyring
> If we use a custom keyring debootstrap may fall to https
>
> .../conf/multiconfig/qemuamd64-buster.conf | 1 -
> .../conf/multiconfig/qemuamd64-jessie.conf | 1 -
> meta/classes/isar-bootstrap-helper.bbclass | 2 +
> meta/conf/bitbake.conf | 1 +
> .../isar-bootstrap/isar-bootstrap.inc | 62 +++++++++++++--
> ----
> 5 files changed, 47 insertions(+), 20 deletions(-)
>
> --
> 2.21.0
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v5 0/5] Fix usage of additional apt keys and repos
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
` (5 preceding siblings ...)
2019-03-18 13:47 ` [PATCH v5 0/5] Fix usage of additional apt keys and repos Claudius Heine
@ 2019-03-18 15:13 ` Maxim Yu. Osipov
2019-03-19 9:47 ` Andreas Reichel
2019-03-19 10:16 ` Andreas Reichel
6 siblings, 2 replies; 10+ messages in thread
From: Maxim Yu. Osipov @ 2019-03-18 15:13 UTC (permalink / raw)
To: Andreas J. Reichel, isar-users
Hi Andreas,
I've applied your series and "fast" CI build (just call
`./scripts/ci_build.sh -q -f' failed.
See for details
http://isar-build.org:8080/job/isar_mosipov_develop/61/console
If you need an account on CI build server - just let me know.
Regards,
Maxim.
On 3/18/19 2:31 PM, Andreas J. Reichel wrote:
> From: Andreas Reichel <andreas.reichel.ext@siemens.com>
>
> Diff to v4:
> * don't remove keyring deployed to target rootfs
> so that one can do updates later
> * keys are temporarily held in WORKDIR/aptkeys, not
> TMPDIR/aptkeys
> * variable renamed from APTKEYTMPDIR to APT_KEYS_DIR
>
> Unchanged with reason:
> * function for retreiving override for https is unchanged,
> since renaming this to one global function
> "get_distro_overrides" is better done in a separate patch.
> This patch should concentrate on getting things finally
> working, before changing too much code that is more or less
> a beautification.
> * (Other comments on mailing list)
> * HAVE_CUSTOM_APT_KEYS is used in patch 4, but introduced in
> patch 5, which is okay here, because we check if it exists...
>
> What this series does:
> * Enable/fix possibility of additional apt repos
> * Enable/fix handling of additional apt keys
> * Deduplicate some code
>
> Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
>
> Andreas Reichel (5):
> Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
> Remove duplicate code from apt-keyring generation
> Fix fetched key location in apt-keyring generator
> Use apt-key to generate apt-keyring
> If we use a custom keyring debootstrap may fall to https
>
> .../conf/multiconfig/qemuamd64-buster.conf | 1 -
> .../conf/multiconfig/qemuamd64-jessie.conf | 1 -
> meta/classes/isar-bootstrap-helper.bbclass | 2 +
> meta/conf/bitbake.conf | 1 +
> .../isar-bootstrap/isar-bootstrap.inc | 62 +++++++++++++------
> 5 files changed, 47 insertions(+), 20 deletions(-)
>
--
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v5 0/5] Fix usage of additional apt keys and repos
2019-03-18 15:13 ` Maxim Yu. Osipov
@ 2019-03-19 9:47 ` Andreas Reichel
2019-03-19 10:16 ` Andreas Reichel
1 sibling, 0 replies; 10+ messages in thread
From: Andreas Reichel @ 2019-03-19 9:47 UTC (permalink / raw)
To: Maxim Yu. Osipov; +Cc: isar-users
On Mon, Mar 18, 2019 at 04:13:19PM +0100, Maxim Yu. Osipov wrote:
> Hi Andreas,
>
> I've applied your series and "fast" CI build (just call
> `./scripts/ci_build.sh -q -f' failed.
>
> See for details
> http://isar-build.org:8080/job/isar_mosipov_develop/61/console
>
> If you need an account on CI build server - just let me know.
>
Yes please.
Andreas
> Regards,
> Maxim.
>
>
>
> On 3/18/19 2:31 PM, Andreas J. Reichel wrote:
> > From: Andreas Reichel <andreas.reichel.ext@siemens.com>
> >
> > Diff to v4:
> > * don't remove keyring deployed to target rootfs
> > so that one can do updates later
> > * keys are temporarily held in WORKDIR/aptkeys, not
> > TMPDIR/aptkeys
> > * variable renamed from APTKEYTMPDIR to APT_KEYS_DIR
> >
> > Unchanged with reason:
> > * function for retreiving override for https is unchanged,
> > since renaming this to one global function
> > "get_distro_overrides" is better done in a separate patch.
> > This patch should concentrate on getting things finally
> > working, before changing too much code that is more or less
> > a beautification.
> > * (Other comments on mailing list)
> > * HAVE_CUSTOM_APT_KEYS is used in patch 4, but introduced in
> > patch 5, which is okay here, because we check if it exists...
> >
> > What this series does:
> > * Enable/fix possibility of additional apt repos
> > * Enable/fix handling of additional apt keys
> > * Deduplicate some code
> >
> > Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
> >
> > Andreas Reichel (5):
> > Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
> > Remove duplicate code from apt-keyring generation
> > Fix fetched key location in apt-keyring generator
> > Use apt-key to generate apt-keyring
> > If we use a custom keyring debootstrap may fall to https
> >
> > .../conf/multiconfig/qemuamd64-buster.conf | 1 -
> > .../conf/multiconfig/qemuamd64-jessie.conf | 1 -
> > meta/classes/isar-bootstrap-helper.bbclass | 2 +
> > meta/conf/bitbake.conf | 1 +
> > .../isar-bootstrap/isar-bootstrap.inc | 62 +++++++++++++------
> > 5 files changed, 47 insertions(+), 20 deletions(-)
> >
>
>
> --
> Maxim Osipov
> ilbers GmbH
> Maria-Merian-Str. 8
> 85521 Ottobrunn
> Germany
> +49 (151) 6517 6917
> mosipov@ilbers.de
> http://ilbers.de/
> Commercial register Munich, HRB 214197
> General Manager: Baurzhan Ismagulov
--
Andreas Reichel
Dipl.-Phys. (Univ.)
Software Consultant
Andreas.Reichel@tngtech.com, +49-174-3180074
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v5 0/5] Fix usage of additional apt keys and repos
2019-03-18 15:13 ` Maxim Yu. Osipov
2019-03-19 9:47 ` Andreas Reichel
@ 2019-03-19 10:16 ` Andreas Reichel
1 sibling, 0 replies; 10+ messages in thread
From: Andreas Reichel @ 2019-03-19 10:16 UTC (permalink / raw)
To: Maxim Yu. Osipov; +Cc: isar-users
On Mon, Mar 18, 2019 at 04:13:19PM +0100, Maxim Yu. Osipov wrote:
> Hi Andreas,
>
> I've applied your series and "fast" CI build (just call
> `./scripts/ci_build.sh -q -f' failed.
>
> See for details
> http://isar-build.org:8080/job/isar_mosipov_develop/61/console
>
> If you need an account on CI build server - just let me know.
>
Fix - patchset v5 is on the way... -
Andreas
> Regards,
> Maxim.
>
>
>
> On 3/18/19 2:31 PM, Andreas J. Reichel wrote:
> > From: Andreas Reichel <andreas.reichel.ext@siemens.com>
> >
> > Diff to v4:
> > * don't remove keyring deployed to target rootfs
> > so that one can do updates later
> > * keys are temporarily held in WORKDIR/aptkeys, not
> > TMPDIR/aptkeys
> > * variable renamed from APTKEYTMPDIR to APT_KEYS_DIR
> >
> > Unchanged with reason:
> > * function for retreiving override for https is unchanged,
> > since renaming this to one global function
> > "get_distro_overrides" is better done in a separate patch.
> > This patch should concentrate on getting things finally
> > working, before changing too much code that is more or less
> > a beautification.
> > * (Other comments on mailing list)
> > * HAVE_CUSTOM_APT_KEYS is used in patch 4, but introduced in
> > patch 5, which is okay here, because we check if it exists...
> >
> > What this series does:
> > * Enable/fix possibility of additional apt repos
> > * Enable/fix handling of additional apt keys
> > * Deduplicate some code
> >
> > Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
> >
> > Andreas Reichel (5):
> > Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
> > Remove duplicate code from apt-keyring generation
> > Fix fetched key location in apt-keyring generator
> > Use apt-key to generate apt-keyring
> > If we use a custom keyring debootstrap may fall to https
> >
> > .../conf/multiconfig/qemuamd64-buster.conf | 1 -
> > .../conf/multiconfig/qemuamd64-jessie.conf | 1 -
> > meta/classes/isar-bootstrap-helper.bbclass | 2 +
> > meta/conf/bitbake.conf | 1 +
> > .../isar-bootstrap/isar-bootstrap.inc | 62 +++++++++++++------
> > 5 files changed, 47 insertions(+), 20 deletions(-)
> >
>
>
> --
> Maxim Osipov
> ilbers GmbH
> Maria-Merian-Str. 8
> 85521 Ottobrunn
> Germany
> +49 (151) 6517 6917
> mosipov@ilbers.de
> http://ilbers.de/
> Commercial register Munich, HRB 214197
> General Manager: Baurzhan Ismagulov
--
Andreas Reichel
Dipl.-Phys. (Univ.)
Software Consultant
Andreas.Reichel@tngtech.com, +49-174-3180074
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-03-19 10:18 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-18 13:31 [PATCH v5 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 1/5] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 2/5] Remove duplicate code from apt-keyring generation Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 3/5] Fix fetched key location in apt-keyring generator Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 4/5] Use apt-key to generate apt-keyring Andreas J. Reichel
2019-03-18 13:32 ` [PATCH v5 5/5] If we use a custom keyring debootstrap may fall to https Andreas J. Reichel
2019-03-18 13:47 ` [PATCH v5 0/5] Fix usage of additional apt keys and repos Claudius Heine
2019-03-18 15:13 ` Maxim Yu. Osipov
2019-03-19 9:47 ` Andreas Reichel
2019-03-19 10:16 ` Andreas Reichel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox