From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6669723628337102848
X-Received: by 2002:adf:9f42:: with SMTP id f2mr1117663wrg.25.1553002647272;
        Tue, 19 Mar 2019 06:37:27 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:9609:: with SMTP id y9ls449454wmd.0.gmail; Tue, 19 Mar
 2019 06:37:26 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxuSI9POCLszNeY82BlguyOSrYUS8Qz01nu1MKV0HOgyYSMlvW9gWNuRf1XjctuD6f9ppjt
X-Received: by 2002:a1c:4108:: with SMTP id o8mr308061wma.23.1553002646831;
        Tue, 19 Mar 2019 06:37:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553002646; cv=none;
        d=google.com; s=arc-20160816;
        b=0JiKrt6h10K81ZKA1PY5b39vUm8UBvi9c9v/h3xIzj/fIaJOUNsdedTXb1RWLYR0Ge
         MZpzi95OGoJiLRYOs8P0FZhMe1RqjhKjr5MPp/NoMCor3k6JJIky3exwfrRVU97o2mEI
         wC7O9JvC45BprhxffYZRGTJQNyiciVuOTgGvU0fl5qmfoywkiarqzjqwoykuJPAwrCSh
         EXvD70ycA/+xiLfJjDYrbYZg6n6m1+BIj3xzMFiSzGyk/erLxUt04wxtTni3ZTb1UheD
         uUKPrYkZwUlkbPVkJkY2Sakm1BWfe4F8C6qYSjqeecwaX3tPVVUYr0O3FMd0pwmCB66Y
         kUPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=fYSjLJp23M8sL6xpfoKS7mvNW/UdwIDR42yiWycHM0g=;
        b=lqiHZHaEdiSwyuRBdfktdIyaijk6l4eu0mqgv0ivmKyWOzQuEApKukXIMObDeYF0e5
         83Uno/lWsVjmwEUJRA7WXLN0e0GhpufMbB4U2C92K/Q3K4NHlB3HNAVHoGyM8+S0eluH
         CTx0bu+XH6STFA9vt7eo78Er+do4geWJJSaVaf4OpjyJhL+/mrR6uH22XCebXYSG3fem
         juNoSmhzYQGY02VlPq2X3xWV13KH1qgMEjqRRNemhTjs1ryLOoRdc0mJDBYor6/xB5Fl
         yhlcT5T/654c22kGOnVoauUOfDQD97SCz3onb/1c67WWb/U95icpDGE/VBW/UEFhmXQc
         YpSg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com
Return-Path: <andreas.reichel.ext@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id f185si123052wme.1.2019.03.19.06.37.26
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 19 Mar 2019 06:37:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x2JDbQ9r020916
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Tue, 19 Mar 2019 14:37:26 +0100
Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17])
	by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x2JDbPPN023977;
	Tue, 19 Mar 2019 14:37:26 +0100
From: "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>
To: isar-users@googlegroups.com
Cc: Andreas Reichel <andreas.reichel.ext@siemens.com>
Subject: [PATCH v7 5/5] If we use a custom keyring debootstrap may fall to https
Date: Tue, 19 Mar 2019 14:35:23 +0100
Message-Id: <20190319133523.32456-6-andreas.reichel.ext@siemens.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190319133523.32456-1-andreas.reichel.ext@siemens.com>
References: <20190319133523.32456-1-andreas.reichel.ext@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUID: fUuOr1Co1maA

From: Andreas Reichel <andreas.reichel.ext@siemens.com>

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009

So if we have something in aptkeyring, append https-support to
OVERRIDES.

Furthermore, the conditional append for https-support was missing
in qemuamd64-stretch.conf, thus, remove this from all the distros
and put it into the isar-bootstrap.inc.

Furthermore, packages are comma-, not space-separated.

Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>
---
 meta-isar/conf/multiconfig/qemuamd64-buster.conf    |  1 -
 meta-isar/conf/multiconfig/qemuamd64-jessie.conf    |  1 -
 meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 11 +++++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
index 63df75c..da90993 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf
@@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35"
 QEMU_CPU ?= ""
 QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd"
 
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
index d1335ff..42c71df 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-jessie.conf
@@ -15,4 +15,3 @@ QEMU_MACHINE ?= "pc"
 QEMU_CPU ?= ""
 QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE##"
 
-DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates"
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 455a4a1..4e6d1f1 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -26,6 +26,7 @@ APTKEYFILES = ""
 DEPLOY_ISAR_BOOTSTRAP ?= ""
 DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
 DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2"
+DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates"
 
 DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org  file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }"
 
@@ -42,6 +43,12 @@ python () {
         if own_pub_key:
             aptkeys += own_pub_key.split()
 
+    if len(aptkeys) > 0:
+        # debootstrap falls back to https if there is no
+        # 'reliable' keyring, whatever that means, but it happened
+        # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009
+        d.setVar("HAVE_CUSTOM_APT_KEYS", "True")
+
     for key in aptkeys:
         d.appendVar("SRC_URI", " %s" % key)
         fetcher = bb.fetch2.Fetch([key], d)
@@ -151,6 +158,10 @@ def get_distro_have_https_source(d, is_host=False):
     return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host))
 
 def get_distro_needs_https_support(d, is_host=False):
+    apt_keys = d.getVar("HAVE_CUSTOM_APT_KEYS", False)
+    if apt_keys:
+        return "https-support"
+
     if get_distro_have_https_source(d, is_host):
         return "https-support"
     else:
-- 
2.21.0