[PATCH v8 0/7] Fix usage of additional apt keys and repos

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: "Andreas J. Reichel" <andreas.reichel.ext@siemens.com>
To: isar-users@googlegroups.com
Cc: Andreas Reichel <andreas.reichel.ext@siemens.com>
Subject: [PATCH v8 0/7] Fix usage of additional apt keys and repos
Date: Thu, 21 Mar 2019 16:15:19 +0100	[thread overview]
Message-ID: <20190321151526.12001-1-andreas.reichel.ext@siemens.com> (raw)

From: Andreas Reichel <andreas.reichel.ext@siemens.com>

Diff to v7: Complete rework :)

After a hard discussion things turned out to be cleaner and less error
prone. Thank you, Claudius!

* No keys added to host at all
* Keys needed for bootstrapping go to a separated keyring in the
  workdir
* Third party apt keys are added to
  /etc/apt/trusted.gpg.d/third_party.gpg only in the generated rootfs

* The following variables are renamed/created:

  Old name                New name
  -                       DISTRO_BOOTSTRAP_KEYRING
  DISTRO_APT_KEYS         DISTRO_BOOTSTRAP_KEYS
  -                       DISTRO_BOOTSTRAP_KEYFILES
  ISARKEYRING             THIRD_PARTY_APT_KEYRING
  -                       THIRD_PARTY_APT_KEYS
  APTKEYFILES             THIRD_PARTY_APT_KEYFILES

Tested building without error:
  qemuarm64-stretch
  qemuarm64-stretch with 3rd party docker repo
  raspbian-jessie

Not working yet:
  qemuarm64-stretch with BASE_REPO_KEY and do_cache_base_repo

| gpgme gave error GPGME:54:  Unusable secret key

I have created a keypair inside the build container and exported the
public key to a file "blabla.key". Then I set

BASE_REPO_KEY = "file:///build/blabla.key"

Any idea?

Signed-off-by: Andreas Reichel <andreas.reichel.ext@siemens.com>

Andreas Reichel (7):
  Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS"
  Remove duplicate code from apt-keyring generation
  Fix fetched key location in apt-keyring generator
  Use apt-key to generate keyrings
  If we use a custom keyring debootstrap may fall to https
  raspbian-jessie: Use DISTRO_BOOTSTRAP_KEYS
  docs: Update user_manual.md

 doc/user_manual.md                            |  7 +-
 meta-isar/conf/distro/raspbian-jessie.conf    |  2 +-
 .../conf/multiconfig/qemuamd64-buster.conf    |  1 -
 .../conf/multiconfig/qemuamd64-jessie.conf    |  1 -
 meta/conf/bitbake.conf                        |  1 +
 .../isar-bootstrap/isar-bootstrap-host.bb     |  4 +-
 .../isar-bootstrap/isar-bootstrap-target.bb   |  4 +-
 .../isar-bootstrap/isar-bootstrap.inc         | 95 +++++++++++++------
 8 files changed, 79 insertions(+), 36 deletions(-)

-- 
2.21.0

next             reply	other threads:[~2019-03-21 15:17 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-21 15:15 Andreas J. Reichel [this message]
2019-03-21 15:15 ` [PATCH v8 1/7] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
2019-03-25 11:20   ` Maxim Yu. Osipov
2019-04-15 11:11     ` Andreas Reichel
2019-04-16  4:54       ` Maxim Yu. Osipov
2019-04-16  8:12         ` Henning Schild
2019-04-22 13:56           ` Maxim Yu. Osipov
2019-03-21 15:15 ` [PATCH v8 2/7] Remove duplicate code from apt-keyring generation Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 3/7] Fix fetched key location in apt-keyring generator Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 4/7] Use apt-key to generate keyrings Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 5/7] If we use a custom keyring debootstrap may fall to https Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 6/7] raspbian-jessie: Use DISTRO_BOOTSTRAP_KEYS Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 7/7] docs: Update user_manual.md Andreas J. Reichel
2019-03-25 10:19 ` [PATCH v8 0/7] Fix usage of additional apt keys and repos Andreas Reichel
2019-03-25 10:35   ` Maxim Yu. Osipov
2019-03-25 11:28     ` Andreas Reichel
2019-03-25 11:39       ` Maxim Yu. Osipov
2019-04-12 12:52         ` Henning Schild
2019-04-15 13:14           ` Andreas Reichel
2019-07-09 11:04             ` Henning Schild

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190321151526.12001-1-andreas.reichel.ext@siemens.com \
    --to=andreas.reichel.ext@siemens.com \
    --cc=isar-users@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox