From: "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>
To: isar-users@googlegroups.com
Cc: Andreas Reichel <andreas.reichel.ext@siemens.com>
Subject: [PATCH v7 5/5] If we use a custom keyring debootstrap may fall to https
Date: Tue, 19 Mar 2019 14:35:23 +0100 [thread overview]
Message-ID: <20190319133523.32456-6-andreas.reichel.ext@siemens.com> (raw)
In-Reply-To: <20190319133523.32456-1-andreas.reichel.ext@siemens.com>
From: Andreas Reichel <andreas.reichel.ext@siemens.com>
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009
So if we have something in aptkeyring, append https-support to
OVERRIDES.
Furthermore, the conditional append for https-support was missing
in qemuamd64-stretch.conf, thus, remove this from all the distros
and put it into the isar-bootstrap.inc.
Furthermore, packages are comma-, not space-separated.
Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
meta-isar/conf/multiconfig/qemuamd64-buster.conf | 1 -
meta-isar/conf/multiconfig/qemuamd64-jessie.conf | 1 -
meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 11 +++++++++++
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
index 63df75c..da90993 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
@@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35"
QEMU_CPU ?= ""
QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd"
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
index d1335ff..42c71df 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
@@ -15,4 +15,3 @@ QEMU_MACHINE ?= "pc"
QEMU_CPU ?= ""
QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE##"
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 455a4a1..4e6d1f1 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -26,6 +26,7 @@ APTKEYFILES = ""
DEPLOY_ISAR_BOOTSTRAP ?= ""
DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2"
+DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates"
DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }"
@@ -42,6 +43,12 @@ python () {
if own_pub_key:
aptkeys += own_pub_key.split()
+ if len(aptkeys) > 0:
+ # debootstrap falls back to https if there is no
+ # 'reliable' keyring, whatever that means, but it happened
+ # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009
+ d.setVar("HAVE_CUSTOM_APT_KEYS", "True")
+
for key in aptkeys:
d.appendVar("SRC_URI", " %s" % key)
fetcher = bb.fetch2.Fetch([key], d)
@@ -151,6 +158,10 @@ def get_distro_have_https_source(d, is_host=False):
return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host))
def get_distro_needs_https_support(d, is_host=False):
+ apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False)
+ if apt_keys:
+ return "https-support"
+
if get_distro_have_https_source(d, is_host):
return "https-support"
else:
--
2.21.0
next prev parent reply other threads:[~2019-03-19 13:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 13:35 [PATCH v7 0/5] Fix usage of additional apt keys and repos Andreas J. Reichel
2019-03-19 13:35 ` [PATCH v7 1/5] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
2019-03-19 13:35 ` [PATCH v7 2/5] Remove duplicate code from apt-keyring generation Andreas J. Reichel
2019-03-19 13:35 ` [PATCH v7 3/5] Fix fetched key location in apt-keyring generator Andreas J. Reichel
2019-03-19 13:35 ` [PATCH v7 4/5] Use apt-key to generate apt-keyring Andreas J. Reichel
2019-03-19 13:35 ` Andreas J. Reichel [this message]
2019-03-19 13:36 ` [PATCH v7 0/5] Fix usage of additional apt keys and repos Andreas Reichel
2019-03-19 14:26 ` Maxim Yu. Osipov
2019-03-19 15:39 ` Andreas Reichel
2019-03-19 21:58 ` Maxim Yu. Osipov
2019-03-20 6:26 ` Jan Kiszka
2019-03-20 6:48 ` Maxim Yu. Osipov
2019-03-20 7:12 ` Jan Kiszka
2019-03-20 7:55 ` Maxim Yu. Osipov
2019-03-20 8:22 ` Jan Kiszka
2019-03-20 8:53 ` Maxim Yu. Osipov
2019-03-20 10:25 ` Andreas Reichel
2019-03-20 10:32 ` Maxim Yu. Osipov
2019-03-20 11:50 ` Andreas Reichel
2019-03-20 10:37 ` Jan Kiszka
2019-03-20 11:05 ` Maxim Yu. Osipov
2019-03-20 12:39 ` Jan Kiszka
2019-03-20 7:16 ` Claudius Heine
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190319133523.32456-6-andreas.reichel.ext@siemens.com \
--to=andreas.reichel.ext@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox