From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6717496001358200832
X-Received: by 2002:adf:ea87:: with SMTP id s7mr94780336wrm.24.1564045150342;
        Thu, 25 Jul 2019 01:59:10 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:5411:: with SMTP id i17ls17447370wmb.2.canary-gmail;
 Thu, 25 Jul 2019 01:59:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwtf6o+v8/4KBAwnfd7cIW9W7opb8RCiSDR+xAg9eAlD6MDdVl+xB/H1hzjpAXuhx9hdfPn
X-Received: by 2002:a05:600c:1008:: with SMTP id c8mr79302068wmc.133.1564045149729;
        Thu, 25 Jul 2019 01:59:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564045149; cv=none;
        d=google.com; s=arc-20160816;
        b=G/1t2Gq6Dlo3Kgrqt4uACJNzEhg7HXPwIy3a4GnsaC8DyM14cPEUtghheoaI3ieuY0
         o6MDgX4/rDdr/GA8nxmOik/qOdo82GhqOPVkCMvWbXyqzzKrMWtGUKznT56tI1H3BP+U
         DEhYL80BrC/hLjmY/COzHXbgGrzbFiKbaQb+oslYyZMLb3tmTMcALPn60CbpVSZmKmMq
         8toXJt7BiAVXyVmqLE7+9x4CQK6OcDsDheNiNjhZO51HpSdmYpFd2IpalZxbzbljnHmL
         aNDBecZx4ZAppf4AoDt7tRtQpizvItK760B7eOzOsHVVCoW1wPo7wvqlE88hZKfcGJIe
         fKoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:date:from:dkim-signature;
        bh=PkcpR3fvWBsxhWvnMo9UnUY5LgDAjhc+bxywOSHIPNI=;
        b=sINuoQRWCiIthqAKxkrgJWdSUciHbTznmzr8kEIyN70ve0LnIbGhxpKhmxRLLNtBSC
         SOuYheijMl/jaONFFLvUlHBbcllwn0108Zlz857rezfOH5vLIADUxDvxyv9M2fOjVST8
         zZC5ql4W+kYjGqp+yv7piHRKqPiFdsfTx3rQQeTFj+U2P/BaQtjtoOgVevT9Xlf7EkAs
         dWPfRnLjp09IP+sD2q8yIdPVQ+U9gGcv3cYHWsJkB/a994JEOyoQNnTfjLvcgh3nUHxv
         Z0yVb3CBp6iTf+i1ca6pCwrSuoGukCVG1zg4sFM/9sNi/84r/UGuEkdplu9+OchtE+e9
         dIQQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="Ob0VtZf/";
       spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::344 as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <vijaikumar.kanagarajan@gmail.com>
Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com. [2a00:1450:4864:20::344])
        by gmr-mx.google.com with ESMTPS id z24si1460011wml.0.2019.07.25.01.59.09
        for <isar-users@googlegroups.com>
        (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128);
        Thu, 25 Jul 2019 01:59:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::344 as permitted sender) client-ip=2a00:1450:4864:20::344;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="Ob0VtZf/";
       spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::344 as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: by mail-wm1-x344.google.com with SMTP id p74so44180278wme.4
        for <isar-users@googlegroups.com>; Thu, 25 Jul 2019 01:59:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:date:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=PkcpR3fvWBsxhWvnMo9UnUY5LgDAjhc+bxywOSHIPNI=;
        b=Ob0VtZf/DLfYOLbBbKwjj+/dQBato8QhUXzQ7MuIS6bL2bd+QQ2tyLj7oo1ERlvpAQ
         eJmHK7mnvcrjDjq6KTnMHFzQTJQzzfSTZO5eD+4pKA2DamVGSYV446WbV964UIuyqM45
         2DtzeUJnpb6TPs+cIIgW3YA0ueoQKOUsETJePAvIYtHve8iULgf7IrQzsrLIzpLBZGA9
         f4xjLXIecIqeAqN5+XF3vE3zfc7bPHEFg1QiKHeIDQ8dd3brcX8Rx/HxxfrIhRaohn9p
         Djid2MiDdlgMPdou6CEre84oHbn16ZiyEQf+t/k5nu89uPZO3B6SxdJqBCxSZoMcdUi3
         hLlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:date:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=PkcpR3fvWBsxhWvnMo9UnUY5LgDAjhc+bxywOSHIPNI=;
        b=KdQxg3df2prTrLtRpQP1DxFzJhlWTZ0y8w1FT2JKAIADnSuTKm05z1SPzWcecU3pgx
         hCpjQRRySBD9EGLQ2XY3yGcVJMVaSSsPMYfQ8YcC826Mc/pMAbNNwCzwvaAViMJdvfqI
         hLpUiTKfKJnYGi5jAdd/GdE63v9zO2bh95/AMo8Ck1Kz8rErYmDEDdN4T9yytlIHIghF
         lkmz3g4/FE1ASw0R/ehji9gjzr6SmOUKJXe8D0xOjIg4pq0uh5BI51o1+gob/CquwKPL
         gzEUgVdeYjdWoUCCFPj8YbI/lXvusZN5ktnfMJwx7+YoUhbPVAo1/zYQMljJjuBZXksB
         jUdw==
X-Gm-Message-State: APjAAAWw/hwMkWr/rI2OzEKn9v7LvWdQKEDwwwebVW48WIMhALNjZZhB
	oE92eqBF08H7bUCUeogHSLk=
X-Received: by 2002:a1c:a686:: with SMTP id p128mr15642789wme.130.1564045148878;
        Thu, 25 Jul 2019 01:59:08 -0700 (PDT)
Return-Path: <vijaikumar.kanagarajan@gmail.com>
Received: from chikyu (nat-sch.mentorg.com. [139.181.36.34])
        by smtp.gmail.com with ESMTPSA id p18sm49263179wrm.16.2019.07.25.01.59.06
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 25 Jul 2019 01:59:08 -0700 (PDT)
From: Vijai Kumar K <vijaikumar.kanagarajan@gmail.com>
X-Google-Original-From: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
Date: Thu, 25 Jul 2019 14:29:03 +0530
To: Henning Schild <henning.schild@siemens.com>
Cc: vijaikumar.kanagarajan@gmail.com, isar-users@googlegroups.com,
	"Maxim Yu. Osipov" <mosipov@ilbers.de>
Subject: Re: [PATCH] export GNUGPHOME for reprepro
Message-ID: <20190725085903.GA3995@chikyu>
References: <20190725071504.24037-1-Vijaikumar_Kangarajan@mentor.com>
 <20190725092543.3aa826cf@md1za8fc.ad001.siemens.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190725092543.3aa826cf@md1za8fc.ad001.siemens.net>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-TUID: jub+SBDQ00YB

On Thu, Jul 25, 2019 at 09:25:43AM +0200, Henning Schild wrote:
> Hi Vijai Kumar,
> 
> this patch looks good on its own. But again the context is missing. A
> series that enables proper GPG signing would be more helpful than tiny
> steps that might not be going in the right direction.
> 
> That said you already did a lot of research on the topic and did send
> several good proposals and the full thing might be still far away. This
> one combined with the one from Maxim would make a step that is very
> likely going in the right direction. And could be merged if we are in a
> hurry to merge intermediate steps.
> 

Hi Henning,

Thank you for the feedback. Yes, I agree that it would be more helpful
to have the complete patchset. However, adding support for passphrase
protected keys might take some time and might involve some significant
changes to the code.

Hence I would like to break it into the below steps
1. Making GNUPGHOME available to reprepro
2. Providing mechansim to choose a key for signing
3. Handle password protected keys.

I am planning to address and propose patchsets for points 1 & 2, so that
atleast passwordless keys will have support for situations described
in my previous thread. Addressing these would inturn ease the CI &
docker use cases which we currently need now.

I will start work on password protected keys in parallel and start an
RFC for that.

Thanks,
Vijai Kumar K

> Henning
> 
> Am Thu, 25 Jul 2019 12:45:04 +0530
> schrieb <vijaikumar.kanagarajan@gmail.com>:
> 
> > From: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
> > 
> > reprepro doesnot know about GNUPGHOME. If you trigger package feed
> > creation in a machine that has GNUPGHOME set, reprepro would not
> > know that it should use the new location and might use the keys it
> > find in the default ~/.gnupg directory.
> > 
> > Make GNUPGHOME available for reprepro.
> > 
> > Signed-off-by: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
> > ---
> >  meta/classes/base-apt-helper.bbclass       | 4 ++++
> >  meta/classes/dpkg-base.bbclass             | 3 +++
> >  meta/recipes-devtools/base-apt/base-apt.bb | 3 +++
> >  meta/recipes-devtools/isar-apt/isar-apt.bb | 3 +++
> >  scripts/isar-buildenv-internal             | 3 +++
> >  5 files changed, 16 insertions(+)
> > 
> > diff --git a/meta/classes/base-apt-helper.bbclass
> > b/meta/classes/base-apt-helper.bbclass index ba768da..a8f2a41 100644
> > --- a/meta/classes/base-apt-helper.bbclass
> > +++ b/meta/classes/base-apt-helper.bbclass
> > @@ -30,6 +30,10 @@ populate_base_apt() {
> >              compare_pkg_md5sums "$package" "$isar_package" &&
> > continue fi
> >  
> > +        if [ ! -z ${GNUPGHOME} ]; then
> > +            export GNUPGHOME=${GNUPGHOME}
> > +        fi
> > +
> >          # Check if this package is already in base-apt
> >          isar_package=$(find ${REPO_BASE_DIR}/${BASE_DISTRO} -name
> > $base_name) if [ -n "$isar_package" ]; then
> > diff --git a/meta/classes/dpkg-base.bbclass
> > b/meta/classes/dpkg-base.bbclass index 3e6ba8c..da13f86 100644
> > --- a/meta/classes/dpkg-base.bbclass
> > +++ b/meta/classes/dpkg-base.bbclass
> > @@ -120,6 +120,9 @@ repo_clean() {
> >  
> >  # Install package to Isar-apt
> >  do_deploy_deb() {
> > +    if [ ! -z ${GNUPGHOME} ]; then
> > +        export GNUPGHOME=${GNUPGHOME}
> > +    fi
> >      repo_clean
> >      reprepro -b ${REPO_ISAR_DIR}/${DISTRO} \
> >               --dbdir ${REPO_ISAR_DB_DIR}/${DISTRO} \
> > diff --git a/meta/recipes-devtools/base-apt/base-apt.bb
> > b/meta/recipes-devtools/base-apt/base-apt.bb index 1c0b4c6..ca40b6c
> > 100644 --- a/meta/recipes-devtools/base-apt/base-apt.bb
> > +++ b/meta/recipes-devtools/base-apt/base-apt.bb
> > @@ -28,6 +28,9 @@ do_cache_config() {
> >      path_databases="${REPO_BASE_DB_DIR}/${BASE_DISTRO}"
> >  
> >      if [ ! -d "${path_databases}" ]; then
> > +        if [ ! -z ${GNUPGHOME} ]; then
> > +            export GNUPGHOME=${GNUPGHOME}
> > +        fi
> >          reprepro -b ${path_cache} \
> >                   --dbdir ${path_databases} \
> >                   export ${BASE_DISTRO_CODENAME}
> > diff --git a/meta/recipes-devtools/isar-apt/isar-apt.bb
> > b/meta/recipes-devtools/isar-apt/isar-apt.bb index a959691..8f517fe
> > 100644 --- a/meta/recipes-devtools/isar-apt/isar-apt.bb
> > +++ b/meta/recipes-devtools/isar-apt/isar-apt.bb
> > @@ -20,6 +20,9 @@ do_cache_config() {
> >      path_databases="${REPO_ISAR_DB_DIR}/${DISTRO}"
> >  
> >      if [ ! -d "${path_databases}" ]; then
> > +        if [ ! -z ${GNUPGHOME} ]; then
> > +            export GNUPGHOME=${GNUPGHOME}
> > +        fi
> >          reprepro -b ${path_cache} \
> >                   --dbdir ${path_databases} \
> >                   export ${DEBDISTRONAME}
> > diff --git a/scripts/isar-buildenv-internal
> > b/scripts/isar-buildenv-internal index 2476d90..7637d41 100755
> > --- a/scripts/isar-buildenv-internal
> > +++ b/scripts/isar-buildenv-internal
> > @@ -67,4 +67,7 @@ BBPATH="${BUILDDIR}"
> >  export BBPATH
> >  
> >  BB_ENV_EXTRAWHITE="BUILDDIR ISARROOT http_proxy https_proxy
> > ftp_proxy no_proxy" +if [ ! -z ${GNUPGHOME} ]; then
> > +	BB_ENV_EXTRAWHITE="${BB_ENV_EXTRAWHITE} GNUPGHOME"
> > +fi
> >  export BB_ENV_EXTRAWHITE
>