From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6669723628337102848 X-Received: by 2002:a1c:a98f:: with SMTP id s137mr2237237wme.14.1555334081376; Mon, 15 Apr 2019 06:14:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:7e86:: with SMTP id z128ls945332wmc.4.canary-gmail; Mon, 15 Apr 2019 06:14:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqxBXHiLWZSe7irnpWK4s2OY/SZh1tG0Tsh0DZ21SbsYOqh2G0DpBDQImZav8Y0bi5DdC7G3 X-Received: by 2002:a1c:a98f:: with SMTP id s137mr2237230wme.14.1555334080958; Mon, 15 Apr 2019 06:14:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555334080; cv=none; d=google.com; s=arc-20160816; b=ifdCktcskjdC2D9IUa4liyjiKBdmroq9Ign9CzNuFkvhpjadASVTddU8I7txSl7pWI XzlltRPpx797Ze2HfeIC7msL5u1fkCnqG/S7FUnJg9ZrEPtfD6wlXvIFQvm7S7hF8l0i dYdIj9x5wNS2mw+l1Q34ZQotEV9gdwsNuVoQWPdZXIjM21qRjpWByKrXx8DZX/b/xcD6 YH59hR12kAw7kUlNsgSAoXNGyiSZC1bCl+IIGLIeBJLf/B1EVJXrmTE57BBGg8QsDNy5 UMRf1eM52gmm8h3PknKKP7jMkQ5LylqSHSsk/RCZJwGoyJieuOYttsjPEz4dPlI9e6tv FByQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:content-description :mime-version:references:message-id:subject:cc:to:from:date; bh=BV2OSxlJl92pBGP49k+whE3wJHSZ1wS9TMqRazKfDgE=; b=0EDP987Y7/IQ4FZ1C32zFLErtsr4y4yQgc3T5MWpbY87ou+KHFXOrFxTWYOWiBuplR IDp4/U+qS2UXd3ehZ11+t4x0rENkFoGx0rfD1eaMKSuPOf6/L9XwtWaTPENwMRzwV3Ew QoGSEiMBG1xX1JPrrH4GIq5syaTvja8oSBu2gX4J8G9koe8C6sgiVUg9uzfTptzZN7KE 2do3Fz1LAVwT0aqDCNV0gNojhKTNLetkjxbxr1dVQMSjDELIJc9bzuvdEKpqQ/7l5Wgb xymNsu0uNVOj5iSe1JhLFwDLFjCMdJ/x1wKA5bXTCMf7VbY38gGfL7GwpX335K46M8dJ 2bVA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id t137si570217wmt.0.2019.04.15.06.14.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Apr 2019 06:14:40 -0700 (PDT) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id x3FDEdrq030633 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 15 Apr 2019 15:14:39 +0200 Received: from iiotirae (golem.ppmd.siemens.net [139.25.69.122]) by mail1.sbs.de (8.15.2/8.15.2) with SMTP id x3FDEdbX029004; Mon, 15 Apr 2019 15:14:39 +0200 Date: Mon, 15 Apr 2019 15:14:39 +0200 From: Andreas Reichel To: Henning Schild Cc: "Maxim Yu. Osipov" , isar-users@googlegroups.com Subject: Re: [PATCH v8 0/7] Fix usage of additional apt keys and repos Message-ID: <20190415131439.GA4888@iiotirae> References: <20190321151526.12001-1-andreas.reichel.ext@siemens.com> <20190325101939.GA11173@iiotirae> <20190325112835.GA4930@iiotirae> <20190412145228.333bc3f5@md1za8fc.ad001.siemens.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Description: message Content-Disposition: inline In-Reply-To: <20190412145228.333bc3f5@md1za8fc.ad001.siemens.net> User-Agent: Mutt/1.11.4 (2019-03-13) X-TUID: MMhwHBJ70dip On Fri, Apr 12, 2019 at 02:52:28PM +0200, Henning Schild wrote: > Am Mon, 25 Mar 2019 12:39:01 +0100 > schrieb "Maxim Yu. Osipov" : > > > On 3/25/19 12:28 PM, Andreas Reichel wrote: > > > On Mon, Mar 25, 2019 at 11:35:33AM +0100, Maxim Yu. Osipov wrote: > > >> On 3/25/19 11:19 AM, Andreas Reichel wrote: > > >>>> Not working yet: > > >>>> qemuarm64-stretch with BASE_REPO_KEY and do_cache_base_repo > > >>>> > > >>>> | gpgme gave error GPGME:54: Unusable secret key > > >>>> > > >>>> I have created a keypair inside the build container and exported > > >>>> the public key to a file "blabla.key". Then I set > > >>>> > > >>>> BASE_REPO_KEY = "file:///build/blabla.key" > > >>>> > > >>>> Any idea? > > >>>> > > >>> There was actually no problem anymore. The KEY had to be in the > > >>> gpg key ring which was expected by the normal user > > >>> in /tmp/tmpb6et85_1/.gnupg, not /home/builder/.gnupg. After > > >>> readding the secrect key for the normal build user, it worked. > > >>> > > >>> I have just triggered a CI build on ilbers-ci. After that is > > >>> green, you can apply my patchset. > > >> > > >> Just FYI: > > >> > > >> I test patchsets independently before applying them into the tree. > > >> > > >> Meanwhile I encourage people to use CI build before sending > > >> patchset to the mailing list (if this is not RFC) to avoid > > >> unnecessary patchsets iterations. > > >> > > >> > > >> The automated CI test procedure consists actually from the two > > >> steps: > > >> > > >> 1) "fast" CI build/smoke test (by passing the key '-f' to > > >> corresponding ci_build.sh and vm_smoke_test scripts) - it tests > > >> cross compilation for three supported stretch QEMU targets and one > > >> de0-nano-soc target. > > >> > > >> 2) "standard" CI build - it tests native build for the almost full > > >> set of QEMU targets. > > >> > > >> > > >> If the new feature is added to the ISAR it's always desirable to > > >> add corresponding test case into the CI. > > >> > > > In this case it means we/I should add a test case where the docker > > > upstream repo is added and an image with docker is built. > > > > I hope that your feature is generic enough to add some simpler (not > > docker) third party repo for testing purposes. > > On the repo level they probably all are equally "simple". However, i > would not trust the docker one to work repeatedly and stable for all > suites/arches. I know it provides broken init scripts, that suggest they > do not do much more than "works for me" testing. > > This could be a better example: > https://wiki.x2go.org/doku.php/wiki:repositories:debian > This seems to be a worst-case example :), since the keys are not provided via URL but via package/key server, where the key-server protocol is blocked from Siemens intranet. So this has nothing to do with any apt key URI, but provides a completely new case to be tested and is out of scope for my patch set. Andreas > Henning > > > Regards, > > Maxim. > > > > > > > Let's say it is a generalization of an existing feature :) > > > > > > Regards, > > > Andreas > > >> > > >> Regards, > > >> Maxim. > > >> > > >> > > >> > > >>> Regards > > >>> Andreas > > >>> > > >>>> Signed-off-by: Andreas Reichel > > >>>> > > >>>> Andreas Reichel (7): > > >>>> Revert "isar-bootstrap: Allow to set local keys in > > >>>> DISTRO_APT_KEYS" Remove duplicate code from apt-keyring > > >>>> generation Fix fetched key location in apt-keyring generator > > >>>> Use apt-key to generate keyrings > > >>>> If we use a custom keyring debootstrap may fall to https > > >>>> raspbian-jessie: Use DISTRO_BOOTSTRAP_KEYS > > >>>> docs: Update user_manual.md > > >>>> > > >>>> doc/user_manual.md | 7 +- > > >>>> meta-isar/conf/distro/raspbian-jessie.conf | 2 +- > > >>>> .../conf/multiconfig/qemuamd64-buster.conf | 1 - > > >>>> .../conf/multiconfig/qemuamd64-jessie.conf | 1 - > > >>>> meta/conf/bitbake.conf | 1 + > > >>>> .../isar-bootstrap/isar-bootstrap-host.bb | 4 +- > > >>>> .../isar-bootstrap/isar-bootstrap-target.bb | 4 +- > > >>>> .../isar-bootstrap/isar-bootstrap.inc | 95 > > >>>> +++++++++++++------ 8 files changed, 79 insertions(+), 36 > > >>>> deletions(-) > > >>>> > > >>>> -- > > >>>> 2.21.0 > > >>>> > > >>> > > >> > > >> > > >> -- > > >> Maxim Osipov > > >> ilbers GmbH > > >> Maria-Merian-Str. 8 > > >> 85521 Ottobrunn > > >> Germany > > >> +49 (151) 6517 6917 > > >> mosipov@ilbers.de > > >> http://ilbers.de/ > > >> Commercial register Munich, HRB 214197 > > >> General Manager: Baurzhan Ismagulov > > > > > > > > -- Andreas Reichel Dipl.-Phys. (Univ.) Software Consultant Andreas.Reichel@tngtech.com, +49-174-3180074 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082