From: Henning Schild <henning.schild@siemens.com>
To: Andreas Reichel <andreas.reichel.ext@siemens.com>
Cc: "Maxim Yu. Osipov" <mosipov@ilbers.de>, <isar-users@googlegroups.com>
Subject: Re: [PATCH v8 0/7] Fix usage of additional apt keys and repos
Date: Tue, 9 Jul 2019 13:04:30 +0200 [thread overview]
Message-ID: <20190709130430.5e752b23@md1za8fc.ad001.siemens.net> (raw)
In-Reply-To: <20190415131439.GA4888@iiotirae>
Am Mon, 15 Apr 2019 15:14:39 +0200
schrieb Andreas Reichel <andreas.reichel.ext@siemens.com>:
> On Fri, Apr 12, 2019 at 02:52:28PM +0200, Henning Schild wrote:
> > Am Mon, 25 Mar 2019 12:39:01 +0100
> > schrieb "Maxim Yu. Osipov" <mosipov@ilbers.de>:
> >
> > > On 3/25/19 12:28 PM, Andreas Reichel wrote:
> > > > On Mon, Mar 25, 2019 at 11:35:33AM +0100, Maxim Yu. Osipov
> > > > wrote:
> > > >> On 3/25/19 11:19 AM, Andreas Reichel wrote:
> > > >>>> Not working yet:
> > > >>>> qemuarm64-stretch with BASE_REPO_KEY and
> > > >>>> do_cache_base_repo
> > > >>>>
> > > >>>> | gpgme gave error GPGME:54: Unusable secret key
> > > >>>>
> > > >>>> I have created a keypair inside the build container and
> > > >>>> exported the public key to a file "blabla.key". Then I set
> > > >>>>
> > > >>>> BASE_REPO_KEY = "file:///build/blabla.key"
> > > >>>>
> > > >>>> Any idea?
> > > >>>>
> > > >>> There was actually no problem anymore. The KEY had to be in
> > > >>> the gpg key ring which was expected by the normal user
> > > >>> in /tmp/tmpb6et85_1/.gnupg, not /home/builder/.gnupg. After
> > > >>> readding the secrect key for the normal build user, it worked.
> > > >>>
> > > >>> I have just triggered a CI build on ilbers-ci. After that is
> > > >>> green, you can apply my patchset.
> > > >>
> > > >> Just FYI:
> > > >>
> > > >> I test patchsets independently before applying them into the
> > > >> tree.
> > > >>
> > > >> Meanwhile I encourage people to use CI build before sending
> > > >> patchset to the mailing list (if this is not RFC) to avoid
> > > >> unnecessary patchsets iterations.
> > > >>
> > > >>
> > > >> The automated CI test procedure consists actually from the two
> > > >> steps:
> > > >>
> > > >> 1) "fast" CI build/smoke test (by passing the key '-f' to
> > > >> corresponding ci_build.sh and vm_smoke_test scripts) - it tests
> > > >> cross compilation for three supported stretch QEMU targets and
> > > >> one de0-nano-soc target.
> > > >>
> > > >> 2) "standard" CI build - it tests native build for the almost
> > > >> full set of QEMU targets.
> > > >>
> > > >>
> > > >> If the new feature is added to the ISAR it's always desirable
> > > >> to add corresponding test case into the CI.
> > > >>
> > > > In this case it means we/I should add a test case where the
> > > > docker upstream repo is added and an image with docker is
> > > > built.
> > >
> > > I hope that your feature is generic enough to add some simpler
> > > (not docker) third party repo for testing purposes.
> >
> > On the repo level they probably all are equally "simple". However, i
> > would not trust the docker one to work repeatedly and stable for all
> > suites/arches. I know it provides broken init scripts, that suggest
> > they do not do much more than "works for me" testing.
> >
> > This could be a better example:
> > https://wiki.x2go.org/doku.php/wiki:repositories:debian
> >
>
> This seems to be a worst-case example :), since the keys are not
> provided via URL but via package/key server, where the key-server
> protocol is blocked from Siemens intranet. So this has nothing to do
> with any apt key URI, but provides a completely new case to be tested
> and is out of scope for my patch set.
Well another mechanism for this one, meaning that this one was not a
good candidate. But meaning that docker should have gone upstream for
CI tests!
Henning
> Andreas
>
> > Henning
> >
> > > Regards,
> > > Maxim.
> > >
> > >
> > > > Let's say it is a generalization of an existing feature :)
> > > >
> > > > Regards,
> > > > Andreas
> > > >>
> > > >> Regards,
> > > >> Maxim.
> > > >>
> > > >>
> > > >>
> > > >>> Regards
> > > >>> Andreas
> > > >>>
> > > >>>> Signed-off-by: Andreas Reichel
> > > >>>> <andreas.reichel.ext@siemens.com>
> > > >>>>
> > > >>>> Andreas Reichel (7):
> > > >>>> Revert "isar-bootstrap: Allow to set local keys in
> > > >>>> DISTRO_APT_KEYS" Remove duplicate code from apt-keyring
> > > >>>> generation Fix fetched key location in apt-keyring generator
> > > >>>> Use apt-key to generate keyrings
> > > >>>> If we use a custom keyring debootstrap may fall to https
> > > >>>> raspbian-jessie: Use DISTRO_BOOTSTRAP_KEYS
> > > >>>> docs: Update user_manual.md
> > > >>>>
> > > >>>> doc/user_manual.md | 7 +-
> > > >>>> meta-isar/conf/distro/raspbian-jessie.conf | 2 +-
> > > >>>> .../conf/multiconfig/qemuamd64-buster.conf | 1 -
> > > >>>> .../conf/multiconfig/qemuamd64-jessie.conf | 1 -
> > > >>>> meta/conf/bitbake.conf | 1 +
> > > >>>> .../isar-bootstrap/isar-bootstrap-host.bb | 4 +-
> > > >>>> .../isar-bootstrap/isar-bootstrap-target.bb | 4 +-
> > > >>>> .../isar-bootstrap/isar-bootstrap.inc | 95
> > > >>>> +++++++++++++------ 8 files changed, 79 insertions(+), 36
> > > >>>> deletions(-)
> > > >>>>
> > > >>>> --
> > > >>>> 2.21.0
> > > >>>>
> > > >>>
> > > >>
> > > >>
> > > >> --
> > > >> Maxim Osipov
> > > >> ilbers GmbH
> > > >> Maria-Merian-Str. 8
> > > >> 85521 Ottobrunn
> > > >> Germany
> > > >> +49 (151) 6517 6917
> > > >> mosipov@ilbers.de
> > > >> http://ilbers.de/
> > > >> Commercial register Munich, HRB 214197
> > > >> General Manager: Baurzhan Ismagulov
> > > >
> > >
> > >
> >
>
prev parent reply other threads:[~2019-07-09 11:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-21 15:15 Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 1/7] Revert "isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS" Andreas J. Reichel
2019-03-25 11:20 ` Maxim Yu. Osipov
2019-04-15 11:11 ` Andreas Reichel
2019-04-16 4:54 ` Maxim Yu. Osipov
2019-04-16 8:12 ` Henning Schild
2019-04-22 13:56 ` Maxim Yu. Osipov
2019-03-21 15:15 ` [PATCH v8 2/7] Remove duplicate code from apt-keyring generation Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 3/7] Fix fetched key location in apt-keyring generator Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 4/7] Use apt-key to generate keyrings Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 5/7] If we use a custom keyring debootstrap may fall to https Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 6/7] raspbian-jessie: Use DISTRO_BOOTSTRAP_KEYS Andreas J. Reichel
2019-03-21 15:15 ` [PATCH v8 7/7] docs: Update user_manual.md Andreas J. Reichel
2019-03-25 10:19 ` [PATCH v8 0/7] Fix usage of additional apt keys and repos Andreas Reichel
2019-03-25 10:35 ` Maxim Yu. Osipov
2019-03-25 11:28 ` Andreas Reichel
2019-03-25 11:39 ` Maxim Yu. Osipov
2019-04-12 12:52 ` Henning Schild
2019-04-15 13:14 ` Andreas Reichel
2019-07-09 11:04 ` Henning Schild [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190709130430.5e752b23@md1za8fc.ad001.siemens.net \
--to=henning.schild@siemens.com \
--cc=andreas.reichel.ext@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=mosipov@ilbers.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox