From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6669723628337102848 X-Received: by 2002:a2e:290:: with SMTP id y16mr983452lje.20.1552916045960; Mon, 18 Mar 2019 06:34:05 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:4601:: with SMTP id t1ls583133lja.2.gmail; Mon, 18 Mar 2019 06:34:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqwi7LEjowL0M448rQii9opQCf2EMswa5+P+VBt0lxJZz6FB+JnTTY+tGJCwiux8+cndR5p+ X-Received: by 2002:a2e:8ec9:: with SMTP id e9mr919832ljl.6.1552916045514; Mon, 18 Mar 2019 06:34:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552916045; cv=none; d=google.com; s=arc-20160816; b=kTUlBangDfMCKmbDcT/GZFN3J4OvQ9i8H90DlXOWiPZGaMkcuvD35qQC5oazh+Mdh9 VklCSf/p/23Bfn5lMBy4YakXZImOqPqIqGCYVqiWS6yQav+jLS6ECwi7y2YE70HQttr/ uR46ydHjnTPW27uO7c+bUI9l6Kg+Qe1Ls4kOdP7u8BCcYFBlQEnxaME/qd2WG/YtA1/r D2n8J7OlHYNGyv/QWB0eqilqFbY7+RqQdMOcQIHtkxt5hfO1bYAiBPiVlSYwKEI41uYL FXzIqY8zQ/tAH4qOwseQG7mDPmLZhoFhcfLYKMNrPy65Deql3Nu6SHQ5fEtTScZ8EjBK CIHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=tRmS9SPLb9nZJ462IbO6/nxlQu3KvhW4vZfBkDx9YF8=; b=iw8/pfwYNmp/CItr5YlGWFoawH7+IeUHjZzridLWvSaj+bS85l7PCAaLlXZ5bTaSAG Xg5sQ379akNaJbWYTQvL5M1/TCo6nirLJiN2j57oObcfM3K7jMF1YIeUntHG4oisevl8 MevwBCLMm+Ik6009ZyNqSybEYxVdQ46Jz2YJV21DJauS9oeOBIoAUp5lEmNDI87jgWgz M71OzA6nG2wXzXKKrIDz5r4elIfnDx+cAQ5SAAHO3RGu9WlEptrU1dInu+NLl+QFfdVB 7WOFKeoCFA5PF/xa3KZEygcLud30UMiEKGKkyeIrLgXoYRZtq/qXQwWF4uj9d94DT5pC Yong== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id y1si600948lfe.1.2019.03.18.06.34.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Mar 2019 06:34:05 -0700 (PDT) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x2IDY4CJ031039 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 18 Mar 2019 14:34:04 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x2IDY3tA014851; Mon, 18 Mar 2019 14:34:04 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v5 5/5] If we use a custom keyring debootstrap may fall to https Date: Mon, 18 Mar 2019 14:32:04 +0100 Message-Id: <20190318133205.29705-6-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190318133205.29705-1-andreas.reichel.ext@siemens.com> References: <20190318133205.29705-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: o/uyOvELpPpE From: Andreas Reichel See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 So if we have something in aptkeyring, append https-support to OVERRIDES. Furthermore, the conditional append for https-support was missing in qemuamd64-stretch.conf, thus, remove this from all the distros and put it into the isar-bootstrap.inc. Furthermore, packages are comma-, not space-separated. Signed-off-by: Andreas Reichel --- meta-isar/conf/multiconfig/qemuamd64-buster.conf | 1 - meta-isar/conf/multiconfig/qemuamd64-jessie.conf | 1 - meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 11 +++++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf index 63df75c..da90993 100644 --- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf +++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf @@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35" QEMU_CPU ?= "" QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates" diff --git a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf index d1335ff..42c71df 100644 --- a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf +++ b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf @@ -15,4 +15,3 @@ QEMU_MACHINE ?= "pc" QEMU_CPU ?= "" QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE##" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates" diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index f4d8a9b..d073313 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -26,6 +26,7 @@ APTKEYFILES = "" DEPLOY_ISAR_BOOTSTRAP ?= "" DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2" +DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates" DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }" @@ -42,6 +43,12 @@ python () { if own_pub_key: aptkeys += own_pub_key.split() + if len(aptkeys) > 0: + # debootstrap falls back to https if there is no + # 'reliable' keyring, whatever that means, but it happened + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 + d.setVar("HAVE_CUSTOM_APT_KEYS", "True") + for key in aptkeys: d.appendVar("SRC_URI", " %s" % key) fetcher = bb.fetch2.Fetch([key], d) @@ -151,6 +158,10 @@ def get_distro_have_https_source(d, is_host=False): return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host)) def get_distro_needs_https_support(d, is_host=False): + apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False) + if apt_keys: + return "https-support" + if get_distro_have_https_source(d, is_host): return "https-support" else: -- 2.21.0