Re: [PATCH] export GNUGPHOME for reprepro

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: Vijai Kumar K <vijaikumar.kanagarajan@gmail.com>
To: Henning Schild <henning.schild@siemens.com>
Cc: vijaikumar.kanagarajan@gmail.com, isar-users@googlegroups.com,
	"Maxim Yu. Osipov" <mosipov@ilbers.de>
Subject: Re: [PATCH] export GNUGPHOME for reprepro
Date: Thu, 25 Jul 2019 14:29:03 +0530	[thread overview]
Message-ID: <20190725085903.GA3995@chikyu> (raw)
In-Reply-To: <20190725092543.3aa826cf@md1za8fc.ad001.siemens.net>

On Thu, Jul 25, 2019 at 09:25:43AM +0200, Henning Schild wrote:
> Hi Vijai Kumar,
> 
> this patch looks good on its own. But again the context is missing. A
> series that enables proper GPG signing would be more helpful than tiny
> steps that might not be going in the right direction.
> 
> That said you already did a lot of research on the topic and did send
> several good proposals and the full thing might be still far away. This
> one combined with the one from Maxim would make a step that is very
> likely going in the right direction. And could be merged if we are in a
> hurry to merge intermediate steps.
> 

Hi Henning,

Thank you for the feedback. Yes, I agree that it would be more helpful
to have the complete patchset. However, adding support for passphrase
protected keys might take some time and might involve some significant
changes to the code.

Hence I would like to break it into the below steps
1. Making GNUPGHOME available to reprepro
2. Providing mechansim to choose a key for signing
3. Handle password protected keys.

I am planning to address and propose patchsets for points 1 & 2, so that
atleast passwordless keys will have support for situations described
in my previous thread. Addressing these would inturn ease the CI &
docker use cases which we currently need now.

I will start work on password protected keys in parallel and start an
RFC for that.

Thanks,
Vijai Kumar K

> Henning
> 
> Am Thu, 25 Jul 2019 12:45:04 +0530
> schrieb <vijaikumar.kanagarajan@gmail.com>:
> 
> > From: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
> > 
> > reprepro doesnot know about GNUPGHOME. If you trigger package feed
> > creation in a machine that has GNUPGHOME set, reprepro would not
> > know that it should use the new location and might use the keys it
> > find in the default ~/.gnupg directory.
> > 
> > Make GNUPGHOME available for reprepro.
> > 
> > Signed-off-by: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
> > ---
> >  meta/classes/base-apt-helper.bbclass       | 4 ++++
> >  meta/classes/dpkg-base.bbclass             | 3 +++
> >  meta/recipes-devtools/base-apt/base-apt.bb | 3 +++
> >  meta/recipes-devtools/isar-apt/isar-apt.bb | 3 +++
> >  scripts/isar-buildenv-internal             | 3 +++
> >  5 files changed, 16 insertions(+)
> > 
> > diff --git a/meta/classes/base-apt-helper.bbclass
> > b/meta/classes/base-apt-helper.bbclass index ba768da..a8f2a41 100644
> > --- a/meta/classes/base-apt-helper.bbclass
> > +++ b/meta/classes/base-apt-helper.bbclass
> > @@ -30,6 +30,10 @@ populate_base_apt() {
> >              compare_pkg_md5sums "$package" "$isar_package" &&
> > continue fi
> >  
> > +        if [ ! -z ${GNUPGHOME} ]; then
> > +            export GNUPGHOME=${GNUPGHOME}
> > +        fi
> > +
> >          # Check if this package is already in base-apt
> >          isar_package=$(find ${REPO_BASE_DIR}/${BASE_DISTRO} -name
> > $base_name) if [ -n "$isar_package" ]; then
> > diff --git a/meta/classes/dpkg-base.bbclass
> > b/meta/classes/dpkg-base.bbclass index 3e6ba8c..da13f86 100644
> > --- a/meta/classes/dpkg-base.bbclass
> > +++ b/meta/classes/dpkg-base.bbclass
> > @@ -120,6 +120,9 @@ repo_clean() {
> >  
> >  # Install package to Isar-apt
> >  do_deploy_deb() {
> > +    if [ ! -z ${GNUPGHOME} ]; then
> > +        export GNUPGHOME=${GNUPGHOME}
> > +    fi
> >      repo_clean
> >      reprepro -b ${REPO_ISAR_DIR}/${DISTRO} \
> >               --dbdir ${REPO_ISAR_DB_DIR}/${DISTRO} \
> > diff --git a/meta/recipes-devtools/base-apt/base-apt.bb
> > b/meta/recipes-devtools/base-apt/base-apt.bb index 1c0b4c6..ca40b6c
> > 100644 --- a/meta/recipes-devtools/base-apt/base-apt.bb
> > +++ b/meta/recipes-devtools/base-apt/base-apt.bb
> > @@ -28,6 +28,9 @@ do_cache_config() {
> >      path_databases="${REPO_BASE_DB_DIR}/${BASE_DISTRO}"
> >  
> >      if [ ! -d "${path_databases}" ]; then
> > +        if [ ! -z ${GNUPGHOME} ]; then
> > +            export GNUPGHOME=${GNUPGHOME}
> > +        fi
> >          reprepro -b ${path_cache} \
> >                   --dbdir ${path_databases} \
> >                   export ${BASE_DISTRO_CODENAME}
> > diff --git a/meta/recipes-devtools/isar-apt/isar-apt.bb
> > b/meta/recipes-devtools/isar-apt/isar-apt.bb index a959691..8f517fe
> > 100644 --- a/meta/recipes-devtools/isar-apt/isar-apt.bb
> > +++ b/meta/recipes-devtools/isar-apt/isar-apt.bb
> > @@ -20,6 +20,9 @@ do_cache_config() {
> >      path_databases="${REPO_ISAR_DB_DIR}/${DISTRO}"
> >  
> >      if [ ! -d "${path_databases}" ]; then
> > +        if [ ! -z ${GNUPGHOME} ]; then
> > +            export GNUPGHOME=${GNUPGHOME}
> > +        fi
> >          reprepro -b ${path_cache} \
> >                   --dbdir ${path_databases} \
> >                   export ${DEBDISTRONAME}
> > diff --git a/scripts/isar-buildenv-internal
> > b/scripts/isar-buildenv-internal index 2476d90..7637d41 100755
> > --- a/scripts/isar-buildenv-internal
> > +++ b/scripts/isar-buildenv-internal
> > @@ -67,4 +67,7 @@ BBPATH="${BUILDDIR}"
> >  export BBPATH
> >  
> >  BB_ENV_EXTRAWHITE="BUILDDIR ISARROOT http_proxy https_proxy
> > ftp_proxy no_proxy" +if [ ! -z ${GNUPGHOME} ]; then
> > +	BB_ENV_EXTRAWHITE="${BB_ENV_EXTRAWHITE} GNUPGHOME"
> > +fi
> >  export BB_ENV_EXTRAWHITE
>

next prev parent reply	other threads:[~2019-07-25  8:59 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-25  7:15 vijaikumar.kanagarajan
2019-07-25  7:25 ` Henning Schild
2019-07-25  8:59   ` Vijai Kumar K [this message]
2019-07-25  7:35 ` Claudius Heine
2019-07-25  9:08   ` [PATCH v2] " vijaikumar.kanagarajan
2019-07-25  9:10     ` Jan Kiszka
2019-07-25  9:15       ` Vijai Kumar K
2019-08-01 11:12 ` [PATCH] " Henning Schild
2019-08-01 11:23   ` vijai kumar
2019-08-01 11:34     ` vijai kumar
2019-08-01 11:38       ` Henning Schild
2019-08-01 11:42         ` vijai kumar
2019-08-01 11:48         ` Baurzhan Ismagulov
2019-08-01 11:52           ` Henning Schild
2019-08-01 12:09             ` Baurzhan Ismagulov
2019-08-05 10:58         ` [PATCH v2] " vijaikumar.kanagarajan
2019-08-06  8:35           ` [PATCH v2] export GNUPGHOME " Baurzhan Ismagulov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190725085903.GA3995@chikyu \
    --to=vijaikumar.kanagarajan@gmail.com \
    --cc=henning.schild@siemens.com \
    --cc=isar-users@googlegroups.com \
    --cc=mosipov@ilbers.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox