From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6669723628337102848 X-Received: by 2002:adf:face:: with SMTP id a14mr3206647wrs.320.1553181447298; Thu, 21 Mar 2019 08:17:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:9609:: with SMTP id y9ls875226wmd.0.gmail; Thu, 21 Mar 2019 08:17:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqzWG/+KGtwmLYL7bWMEKxxNx9twbCmsy/mc41aSNtVFcrxuBhulQ47UwuPMUD8kgjGlsfGB X-Received: by 2002:a1c:387:: with SMTP id 129mr3034209wmd.45.1553181446821; Thu, 21 Mar 2019 08:17:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553181446; cv=none; d=google.com; s=arc-20160816; b=es/cwWygq53mESy3O46TghaElCmk7Slu62V/6p3hB8BQ9NNlILNB3aCubHHw8E/Lth IkameYp2sP9Pank98UloojoCW8SVAUlWqzvh1xSqE/Ac3i22CTgllSUzt2u6T+vo7sXn hx5ijJHPVpOIFQxypEO851hECQeYtSFdG6vTLx+VAfZRf3PGklsdpRJ2UsQiuFHvn1K0 PgKg7Es1QsMY3zZje9grBWSbCe9LsHZ+LdTt/Ds1EQ/06VuYDdMOyxrc5KRNlCb7s0Gw 3OZU+pVuLtCInzfzIgdj+Zkr8qNAiGCeL+1K7gMWL4HdSc16OZ7ZPepzEQLXlTHF3Pt+ S4kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=T+bDEZul8KUyN/VxVNDjzHbKPRTVukzXQgO8leM7IN8=; b=J2BSaQJrzUzf2joQFhvfV/qubz5jCGxRTNhkhX3vMAzMHx0vSsK0utEc1EcHH8y2io GNr5kdJYYmMsPt9G9PfJAdg/YpsMpfF7vtxp0NwWu9sntMeF3BKruaa25FMtWZW2WWR0 ZlhYRuyvYtU7SEeXmLj0Wn1VSE6hESx9gs+zZbC2wl90aPKRNuf7kXIt9OaC1x9hZbkd E48ILmPpdUqwO8TTO/FS1Ca4B5U9VXUrk2bJt/XGrJ1nslTLPH6ETukzZj3HlPwZKgfJ Fe67qJD42wVfgZFujzWbKKTHgJiwTq4M8ohENQcJfnYMoHM8VFeSbB5SxiiHUU2QzlAo Eikw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id f74si256607wme.2.2019.03.21.08.17.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Mar 2019 08:17:26 -0700 (PDT) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x2LFHQXl015348 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 21 Mar 2019 16:17:26 +0100 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.17]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id x2LFHQM3013389; Thu, 21 Mar 2019 16:17:26 +0100 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v8 0/7] Fix usage of additional apt keys and repos Date: Thu, 21 Mar 2019 16:15:19 +0100 Message-Id: <20190321151526.12001-1-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: EfDbhPt3Qihb From: Andreas Reichel Diff to v7: Complete rework :) After a hard discussion things turned out to be cleaner and less error prone. Thank you, Claudius! * No keys added to host at all * Keys needed for bootstrapping go to a separated keyring in the workdir * Third party apt keys are added to /etc/apt/trusted.gpg.d/third_party.gpg only in the generated rootfs * The following variables are renamed/created: Old name New name - DISTRO_BOOTSTRAP_KEYRING DISTRO_APT_KEYS DISTRO_BOOTSTRAP_KEYS - DISTRO_BOOTSTRAP_KEYFILES ISARKEYRING THIRD_PARTY_APT_KEYRING - THIRD_PARTY_APT_KEYS APTKEYFILES THIRD_PARTY_APT_KEYFILES Tested building without error: qemuarm64-stretch qemuarm64-stretch with 3rd party docker repo raspbian-jessie Not working yet: qemuarm64-stretch with BASE_REPO_KEY and do_cache_base_repo | gpgme gave error GPGME:54: Unusable secret key I have created a keypair inside the build container and exported the public key to a file "blabla.key". Then I set BASE_REPO_KEY = "file:///build/blabla.key" Any idea? Signed-off-by: Andreas Reichel Andreas Reichel (7): Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Remove duplicate code from apt-keyring generation Fix fetched key location in apt-keyring generator Use apt-key to generate keyrings If we use a custom keyring debootstrap may fall to https raspbian-jessie: Use DISTRO_BOOTSTRAP_KEYS docs: Update user_manual.md doc/user_manual.md | 7 +- meta-isar/conf/distro/raspbian-jessie.conf | 2 +- .../conf/multiconfig/qemuamd64-buster.conf | 1 - .../conf/multiconfig/qemuamd64-jessie.conf | 1 - meta/conf/bitbake.conf | 1 + .../isar-bootstrap/isar-bootstrap-host.bb | 4 +- .../isar-bootstrap/isar-bootstrap-target.bb | 4 +- .../isar-bootstrap/isar-bootstrap.inc | 95 +++++++++++++------ 8 files changed, 79 insertions(+), 36 deletions(-) -- 2.21.0