From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6740510031426355200
X-Received: by 2002:a2e:9450:: with SMTP id o16mr5088718ljh.178.1569399164778;
        Wed, 25 Sep 2019 01:12:44 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:9d9a:: with SMTP id c26ls674984ljj.9.gmail; Wed, 25 Sep
 2019 01:12:44 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxvPijZBKRspCYCHt5T8JrnXb7aQpU3tr77ZvEAWXdPaF4BWboClNJUFvKiSSX9OKt2vpBK
X-Received: by 2002:a2e:3e07:: with SMTP id l7mr5048282lja.180.1569399164263;
        Wed, 25 Sep 2019 01:12:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569399164; cv=none;
        d=google.com; s=arc-20160816;
        b=qRA6Xwu40E8MR+hG151KztlG26zgrc5MPM5EckVAmSTxOxrNcka9dshoVxbg9/f+qi
         vBrEyUdJ+cf0DyxniCAyxkiadcCxv2rLQB321bLca0C+Zl6UFJ6AYRtUSYCdWXeSYQQh
         UYMcTbeOtFi7SkxeRGwDyQJ4ZOAAUiRN8tEdR7oesWVMFUuhdkAJ4YlpekYNYUIUtuXt
         PihROQp+cTws70XJKOLCPxl34PNWuyYa7pIvWWLt5fqSgJxlswCX02dqQSpPpEVUpt98
         WgmBLzIHGxUdO1/iL0uC6Wj01J6FVDpdXfFx2ALQtq6mxhLZrY9UYvwUFZUMUa1ul8AQ
         gX+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :mail-followup-to:message-id:subject:to:from:date;
        bh=ihmaBzfyjUJDc4k7ei4UV1E0feipmuzzfnMlgimmDo8=;
        b=cTPx8l7pgsaYacHkyMDob16NFutiANh6nM2ZO2J2zeV57dOal+yA2taSL2m31G3b8T
         M0RRqZeMjHa7p4/AgjpuDLl6H9Wzhhumqg2pZpoMveXETHK/y1eEg1JzQwo7wPF1HOZ6
         th9jW1V4aRBzTWT8KL/CM0U+zLRqLjH7XDWHcoKO7keZL1bouMbGfXB7xXtU0Gk/edWp
         NaWCjJquOEY4fJS+Jw7FGIjNaxqNd2q8Ko6ha8fAw+Q4eQiyIGZIkmHGs98tID6W8/hA
         lcmGBP5lwoqIdP6LF5moQ3N8PWVK1lJpsox1U16V8SuDoUrZhKiWOkpgu3jMHPxqM5BL
         xldw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=neutral (google.com: 85.214.156.166 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) smtp.mailfrom=ibr@radix50.net
Return-Path: <ibr@radix50.net>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id u24si276305lfg.2.2019.09.25.01.12.43
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 25 Sep 2019 01:12:43 -0700 (PDT)
Received-SPF: neutral (google.com: 85.214.156.166 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=neutral (google.com: 85.214.156.166 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) smtp.mailfrom=ibr@radix50.net
Received: from yssyq.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id x8P8CfIO015033
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Wed, 25 Sep 2019 10:12:42 +0200
Date: Wed, 25 Sep 2019 10:12:41 +0200
From: Baurzhan Ismagulov <ibr@radix50.net>
To: isar-users@googlegroups.com
Subject: Re: Discussion: Base-apt features
Message-ID: <20190925081241.bmcblmlsax6xb4i4@yssyq.m.ilbers.de>
Mail-Followup-To: isar-users@googlegroups.com
References: <20190925074122.GA12490@lightning>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190925074122.GA12490@lightning>
User-Agent: NeoMutt/20180716
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: Epd5hALSdmS4

Hello Vijai Kumar,

thanks for summarizing.

On Wed, Sep 25, 2019 at 01:11:22PM +0530, Vijai Kumar K wrote:
> 1. Support for adding source packages.
> 2. Support for using password protected keys.

Yes, I think those are necessary use cases.


> 3. Support for specifying the signing key.
> 
> Right now, the signing mechanism uses the default gpg key of the system.
> This is problematic in many ways. Especially for CI. In the current
> implementation, eventhough we specify the key, we are not really using it.

This is what I'm currently wondering. What do we need to cover signed base-apt?
Is the following enough?

1. debootstrap succeeds.
2. apt-get update in the rootfs succeeds.

IIUC, (1) should be covered as of next 006a6ed "u-boot-custom: Add control for
u-boot-tools package build". (2) seems to be covered in ibr/next fb61019
"scripts: Enable gnupg in ci_build.sh" (subject to rebasing). This has to be
verified, though (feedback welcome). If proven correct, would we be "really
using it"?


> 4. Support for adding packages only to base-apt.
> 
> Sometimes, we might need a package to be present in base-apt but not in
> the target yet. Things like dev & dbg packages. It would be good if we
> have something like BASE_APT_INSTALL which contains the list which would
> be populated only in base-apt.

Sounds useful, also for stuff like strace, optional gcc libs, etc.
Additionally, we may want to download all binary packages of the source
packages we need (for the requested arches and distros only). That would cover
dev and dbg.


> 5. Refactoring code to consolidate reprepro calls.

I'd suggest to evaluate other tools and libs like python-apt and / or aptly.
After looking at Acquire::By-Hash use cases in more detail, I've seen that we
do need it. According to Jan, it isn't supported by reprepro. I think in the
long term, we'll have to use python-apt and touch bitbake to get everything
right.


With kind regards,
Baurzhan.