From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6740510031426355200
X-Received: by 2002:a1c:5444:: with SMTP id p4mr6028691wmi.69.1569397289874;
        Wed, 25 Sep 2019 00:41:29 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:adf:8bce:: with SMTP id w14ls1752839wra.11.gmail; Wed, 25
 Sep 2019 00:41:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzo6G1ebIWPzqlAobYsU/cg9sWYIjvoezzsf9Rq4Ob+LCGrHsYUOhJmmzhBxqvud01epznO
X-Received: by 2002:a05:6000:82:: with SMTP id m2mr7837477wrx.241.1569397289235;
        Wed, 25 Sep 2019 00:41:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569397289; cv=none;
        d=google.com; s=arc-20160816;
        b=wq1uCKxacmBvZNF9eEPr/l7nBJRwt+sU4qpGUatQ2xHeFCYJA96Om7TcDr4YyvXw3y
         sYQRdlLg03P/ejd1FiPq5g9xsdJ0qnqnU7ZPxnQwjZF5cxADaIn1bcMod+BAo3/iXB0V
         zHe8kHbS1Rdf63uZ+AyoFAN4Pxq8pYvRhEzOFEmuT99O8ip9a1KdvUEtIcbvEGP46zcv
         eUTW2RKBjEFUzog5gF8h6xPqfAnUFINnCuS9Y+8WQ2zQbQJjsfZYF3vjHTz2J8mYbyqX
         g0bKUmf3j3k6wzW1QQGyBHmPUFj1Qm1afr6/nAzJIksG9+NgW8cMCI8cxZpU5Vg1MBeA
         cKcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:content-disposition:mime-version:message-id:subject:cc
         :to:date:from:dkim-signature;
        bh=YvYfR2euVSvCy1TU84ZiSH3jZ7K1SF6l/HwSUfHNguk=;
        b=A5opvCs54A20ceMV4jQM9zQZHnD64FgVjx4bfzFg9dy+vdq2Tcq5x5p8vi3F7IID8C
         V5fxl4ByIcPeoEaaARqWo3t09EHckJ9c+SJbQVCihq8vQ4Mhp6gJsXH783fwc/bgdqaQ
         0pwPb8k9YPnaSWMHK+/Dcss6oLJT1ftBriAUbBLDqMRbeJcZe6CQ1SCE6PIXRK3dIjRm
         b1UgT1Pwv2fEOBe2c4Zx5726zXaU8Zvfs1F+BavgM8kqOH0PqV+8yEycc8GC+L/+9MLu
         W4Tdu2L9xVH66O1nlpf9KFeKaBje8OllmPARXXwjUUomXXQBn4blB04PC6nf7X910ji0
         OkGw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BIy891jg;
       spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::32a as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <vijaikumar.kanagarajan@gmail.com>
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com. [2a00:1450:4864:20::32a])
        by gmr-mx.google.com with ESMTPS id r3si342670eds.2.2019.09.25.00.41.29
        for <isar-users@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 25 Sep 2019 00:41:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::32a as permitted sender) client-ip=2a00:1450:4864:20::32a;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BIy891jg;
       spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::32a as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: by mail-wm1-x32a.google.com with SMTP id f22so3364522wmc.2
        for <isar-users@googlegroups.com>; Wed, 25 Sep 2019 00:41:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:date:to:cc:subject:message-id:mime-version:content-disposition
         :user-agent;
        bh=YvYfR2euVSvCy1TU84ZiSH3jZ7K1SF6l/HwSUfHNguk=;
        b=BIy891jgjkfh6stAAwKBZZ8WxQ5ckcSTBzHpg7PVaYTlB/gZtm/gXqBagx68UPFLgF
         TiIbEyxQYeS17h214w924SFjEdTvvsy9tG1Xpu/LEozbmzHH2578qzTJcwjUZWFYXSS3
         bEAR+5X36atfQ+oDvZi/FGGN6K/W2Eqrv9e7elyVTD+1x/m/7Q9u8KCl1LnCkAaJXkyh
         LTDonBjRqkCav9yo6k078FZIoOWw3vM+WlP3LHr8bnAMsn3wNn8Ji9ZJTqSiVTGMaT7N
         mTogkXiz6/NaMXE7SKhU2mnsVvIjV8C4HR82ABqOGvtc+ABER475iaSaQrnVvHBTATK0
         aAcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:date:to:cc:subject:message-id:mime-version
         :content-disposition:user-agent;
        bh=YvYfR2euVSvCy1TU84ZiSH3jZ7K1SF6l/HwSUfHNguk=;
        b=NIR8/rSW//TprxSLRFKJlb4DaQdA0f+9IJvdFf8AXM+RewsmMrZlZnBhbMSlr1Vse8
         24FbeUwBeS9tIn3ZhecSViAoJiNG5UnbRryiB/jbuIGp/7sEEn+PjB03aOxweuTgG7un
         vqdXQMmL0JphVv/q5xipqGkvZfsJiZN/8foRyR04zpmUwPnDE214AUcce1c/skuUHzQz
         OGzOT5JY2SKC3aohrfQO0AG/66IFpviCge9REpvXJUCkZ/cqNpw2Uy40MhIapxCWEfk5
         OQufoel6k/4DDfx5GCXKE5P9b0hYIc5HnouBQ6TXpv56LlGP4L3iy71RQc4QnPK+ZK+7
         0HFg==
X-Gm-Message-State: APjAAAXPy4eetJRN6l4ynS7VULqMbo1iMZtljlIGP5utUuh2OA4RpXb3
	evUSu9qKr8RrYHznVvC7gzzzg3VEIAo=
X-Received: by 2002:a1c:7c10:: with SMTP id x16mr5699712wmc.175.1569397288653;
        Wed, 25 Sep 2019 00:41:28 -0700 (PDT)
Return-Path: <vijaikumar.kanagarajan@gmail.com>
Received: from lightning (nat-sch.mentorg.com. [139.181.36.34])
        by smtp.gmail.com with ESMTPSA id g185sm4776081wme.10.2019.09.25.00.41.26
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 25 Sep 2019 00:41:28 -0700 (PDT)
From: Vijai Kumar K <vijaikumar.kanagarajan@gmail.com>
X-Google-Original-From: Vijai Kumar K <Vijaikumar_Kanagarajan@mentor.com>
Date: Wed, 25 Sep 2019 13:11:22 +0530
To: isar-users@googlegroups.com
Cc: henning.schild@siemens.com, claudius.heine.ext@siemens.com,
	jan.kiszka@siemens.com, ibr@radix50.net
Subject: Discussion: Base-apt features
Message-ID: <20190925074122.GA12490@lightning>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-TUID: U1QtCucYFjX3

Hi All,

Starting this thread to discuss the base-apt features and limitations.

Here I am listing down some of the issues/features and possibly the
need for them.


1. Support for adding source packages.

Currently we have support only for binaries. The corresponding source
files could also be added. 


2. Support for using password protected keys.

It is a good practice to have the gpg key protected to have an additional
level of security. Right now ISAR does not have provisions to use password
protected keys.


3. Support for specifying the signing key.

Right now, the signing mechanism uses the default gpg key of the system.
This is problematic in many ways. Especially for CI. In the current
implementation, eventhough we specify the key, we are not really using it.


4. Support for adding packages only to base-apt.

Sometimes, we might need a package to be present in base-apt but not in
the target yet. Things like dev & dbg packages. It would be good if we
have something like BASE_APT_INSTALL which contains the list which would
be populated only in base-apt.


5. Refactoring code to consolidate reprepro calls.

Right now, reprepro calls are spread across the build system. Its dependencies
are spread across too(Handling envs like GNUPGHOME, distributions file etc).
My first thought is to have a seperate module implemented to handle these
calls.

Like how https://github.com/openembedded/openembedded-core/blob/master/meta/lib/oe/gpg_sign.py
is used for all signing purpose.

Please add more if you have some features/limitations which needs to be addressed.

Thanks,
Vijai Kumar K