From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6669723628337102848 X-Received: by 2002:a19:381c:: with SMTP id f28mr1881043lfa.132.1556797075413; Thu, 02 May 2019 04:37:55 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:96ce:: with SMTP id d14ls188508ljj.5.gmail; Thu, 02 May 2019 04:37:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqwGdDFcmLkJgaps6eWBpNvFJa1yh9q+nc8sFuPwf9WHSMvq3mTriQZHesxeDXubIPWyMSpg X-Received: by 2002:a2e:99d2:: with SMTP id l18mr1594991ljj.27.1556797074830; Thu, 02 May 2019 04:37:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556797074; cv=none; d=google.com; s=arc-20160816; b=U8fcmxsGjQQH17gSw0OG0xC6pdlOhyBZHyyTMNET7VuYBTZO/ak2jWPFJBD1BlFz8G 1Ui3tsMqh+eXtyWyCsexJbOHAedx3JidwBQNQgZhD1FUiejZuzgefEOgCnounMtUzQVp cVbKoLHh29NuHDZeei096oyIGfpXyZgjhVWQSJjjF1BSDHd6sKVu6zZ2IAFIC06p8R+S xT/qOe4dKe8sQ66NFsloHsPModKsH+jZLF2DJpQ8AMsLEw/57PDqmApsubF04ParD20f v16lVYN7ZBO5i7VTCOaJsiQVGGgYx/OO1iL+7aJWmRZTl1v1zwKmqdRH7GFIO+avcN2E 8wrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=BKDouDfUBcm9X4JfJNdvngNt1aZipLXuAu4In+0mJkI=; b=wGk58f2lbE1mOWQ0ZA/jnnZIGiVjyuUmN/AC9RvPkCOXBBJNfQ8UElHBajXNqxhb8Y K4UI6A0J3EbfACbgbHIJO1SyNV+BEJEdd6aOgJ0d9TlbcJ/sWT+nCQIKvoQLcHTcjWTo F3oNtj40CwuZAAPKsjEWZUQP3MrguObsy+4T1op2ksTtGDXtEnCzUMHmGkaAm7YvFQgx sFgQUQcMkyuGWT5+7USE26iXod5+MPTIOorooaFn1RReJMFIAYKJ4r+XNmtEQ8KtIxG7 2bPSJG0GJ+4PRMBrocwenjkcL7WIpsUf8JHlM6MqKwnEwfphYd/aHv+fONndCnNvA7xu ZGmg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id h68si797878lfh.3.2019.05.02.04.37.54 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 May 2019 04:37:54 -0700 (PDT) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x42BbsaP019242 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 2 May 2019 13:37:54 +0200 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.122]) by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id x42BbrOS027767; Thu, 2 May 2019 13:37:54 +0200 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v10 3/6] If we use a custom keyring debootstrap may fall to https Date: Thu, 2 May 2019 13:37:41 +0200 Message-Id: <20190502113744.31753-4-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190502113744.31753-1-andreas.reichel.ext@siemens.com> References: <20190502113744.31753-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: fcmziQSLhZ2k From: Andreas Reichel See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 So if we have something in the distro bootstrap keyring, append https-support to OVERRIDES. Furthermore, the conditional append for https-support was missing in qemuamd64-stretch.conf, thus, remove this from all the distros and put it into the isar-bootstrap.inc. Furthermore, packages are comma-, not space-separated. Signed-off-by: Andreas Reichel --- meta-isar/conf/multiconfig/qemuamd64-buster.conf | 1 - meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf index 63df75c..da90993 100644 --- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf +++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf @@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35" QEMU_CPU ?= "" QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates" diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 835ad52..c6c3cde 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -27,6 +27,7 @@ THIRD_PARTY_APT_KEYFILES = "" DEPLOY_ISAR_BOOTSTRAP ?= "" DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2" +DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates" DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }" @@ -161,6 +162,13 @@ def get_distro_have_https_source(d, is_host=False): return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host)) def get_distro_needs_https_support(d, is_host=False): + distro_bootstrap_keys = d.getVar("DISTRO_BOOTSTRAP_KEYS", False) + if distro_bootstrap_keys and distro_bootstrap_keys != "": + # debootstrap falls back to https if there is no + # 'reliable' keyring, whatever that means, but it happened + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 + return "https-support" + if get_distro_have_https_source(d, is_host): return "https-support" else: -- 2.21.0