From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6740510031426355200 X-Received: by 2002:a7b:c247:: with SMTP id b7mr6383913wmj.121.1569402158222; Wed, 25 Sep 2019 02:02:38 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:c143:: with SMTP id r64ls1283886wmf.0.canary-gmail; Wed, 25 Sep 2019 02:02:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqxTKYzGhq7BWQOnBVv93+V4KuKt69WPBH8clGRYluUWSSgyCu4/CzNpRiPaDz7cSDs/wJEo X-Received: by 2002:a1c:6a06:: with SMTP id f6mr6649207wmc.113.1569402157588; Wed, 25 Sep 2019 02:02:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569402157; cv=none; d=google.com; s=arc-20160816; b=xY/yOhyvq16Bpfb7wj9oXZzr2yW6qeHcdxZrhjy3oyOjQzN29M+j1WNTj9J1C5tsQp qLeIledrZb64XkTske2q0prrTbg1+g2qUJSrAJrjS2timKdEV5rRlAzwPXGKmKndMOUS XC9K+5irzWZqF5EBNcOVAGm8itywy+pQZWP0q5S40vi28jVKirJSaOw8uwAw8ENbxpVN wesPithWW+1dWPzrCJx296OrzNqt1bg/OB9gNEr5Z9ONO/R92rPTic7mZj06zv6kn/Za zlcnKoIWPVPxVQOdTySttKv2Xa65bIQvOVK879fKZxzSU5ZAjO7kpml2zcrHkmAAsBZs 08zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:to:date:from:dkim-signature; bh=fMuFmtT0ydxGlyLwBll/s6UaYVU9wghSE3uQFPzOU0g=; b=OFmTzIaQUiIVN7lvwXBfXGqoMdjuDueRSeeBhsidID4VgJmq0llQKR9FpvMwMKbpp5 z/reWFYaFpGncFe97a1WeVRyIDTjWZzmuQhsRZ+MC8gutI62QAebx1pz25H+uJdXIRO6 FgyvAmH16yBLeI8imjByVrOJurdOj1XJphdFicu1Ky09x/QD3cqmFUtj5yuoCsVXrAye y/SaOkCZsCBHoq7F9Lg2d5wIFoau+lLJW7gbgOKVT7BbfFrJ7yek0eOziJEQ3lnifTwa MvlW6aABjJdRn08rBsiqvtas2XjH33XkQBhmUY5zTGKOypMmSdEx1X8ClAZdceRIbDj5 1SLA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=axBsZrmA; spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::435 as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com. [2a00:1450:4864:20::435]) by gmr-mx.google.com with ESMTPS id r3si356648eds.2.2019.09.25.02.02.37 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 25 Sep 2019 02:02:37 -0700 (PDT) Received-SPF: pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::435 as permitted sender) client-ip=2a00:1450:4864:20::435; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=axBsZrmA; spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::435 as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: by mail-wr1-x435.google.com with SMTP id l3so5672146wru.7 for ; Wed, 25 Sep 2019 02:02:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=fMuFmtT0ydxGlyLwBll/s6UaYVU9wghSE3uQFPzOU0g=; b=axBsZrmAIQnp46bJDgi/mfpsyvOclTRFWJ9jwgTUxKnIJq9/Qg6FD/+VBRMgk/g8TN nDjEGSfpiMg+ab5Mw60CjH6oN0osIG+vA9ylkOvuMBqj0lU8LSgWe8jilX04D1RKdyo5 NqFZKg3xt+HhnaDVh+N1fNrQH6z/pOIezvasUnACDxVJ3P9E4P9kyJQPGl2WtO9lBXRv c18Dl25MYZToIQynIvjC402r+kSBt4XO76JVzddPwpvkX+GfQ8xF30kGwsJvHFZto8cQ X09JTk/3qKpjzO0FvgPfBrKIRc2isnzKNLUH8SW7U2BJCx4JVZkVOAxIre2AvXGXtZSA PJSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=fMuFmtT0ydxGlyLwBll/s6UaYVU9wghSE3uQFPzOU0g=; b=k43+dG2n73YPc5t7Dubd0roTN+LBOpDLXhyHUMaciEzAJmtA2VeyhyQWKok8xHOF4c Q+wFUF1kFTXQZSkVBjGvQ9Q10J2+cMCQ6d59JYt9HFXYdH826bPSJRftYQM92K6SOhuO AojEJYzIq8sXeEmVsH226crRZSDJXSXhlhshJ3yFUIGLiXc+ygiLwisHxTW1MetqJ/ft YK30ySBBf4BBBNsQWK+aa3dz/FJn24U6zWsm7MRv1zeh2rpQqE/mNinqA0zaTesyYRFE mmBy72pNH/9bZh4iu5JumtHxkfkn9s2p2FV+cRdD0+Wj71W2DY0M6/UeWJ6MI/23Abki AI0Q== X-Gm-Message-State: APjAAAUki/xtMQ+JlADacEpTH7vKeagiBbGXxW7G05vkvSFtuasJHcKO sLiEyj+KiGh1bp3jDl2gZ5u+yAjy2zY= X-Received: by 2002:adf:e78a:: with SMTP id n10mr3202817wrm.67.1569402156904; Wed, 25 Sep 2019 02:02:36 -0700 (PDT) Return-Path: Received: from lightning (nat-sch.mentorg.com. [139.181.36.34]) by smtp.gmail.com with ESMTPSA id f143sm6885584wme.40.2019.09.25.02.02.35 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 25 Sep 2019 02:02:36 -0700 (PDT) From: Vijai Kumar K X-Google-Original-From: Vijai Kumar K Date: Wed, 25 Sep 2019 14:32:32 +0530 To: isar-users@googlegroups.com Subject: Re: Discussion: Base-apt features Message-ID: <20190925090232.GB12490@lightning> References: <20190925074122.GA12490@lightning> <20190925081241.bmcblmlsax6xb4i4@yssyq.m.ilbers.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190925081241.bmcblmlsax6xb4i4@yssyq.m.ilbers.de> User-Agent: Mutt/1.9.4 (2018-02-28) X-TUID: davJzgwx0D1T On Wed, Sep 25, 2019 at 10:12:41AM +0200, Baurzhan Ismagulov wrote: > Hello Vijai Kumar, > > thanks for summarizing. > > On Wed, Sep 25, 2019 at 01:11:22PM +0530, Vijai Kumar K wrote: > > 1. Support for adding source packages. > > 2. Support for using password protected keys. > > Yes, I think those are necessary use cases. > > > > 3. Support for specifying the signing key. > > > > Right now, the signing mechanism uses the default gpg key of the system. > > This is problematic in many ways. Especially for CI. In the current > > implementation, eventhough we specify the key, we are not really using it. > > This is what I'm currently wondering. What do we need to cover signed base-apt? > Is the following enough? > > 1. debootstrap succeeds. > 2. apt-get update in the rootfs succeeds. > > IIUC, (1) should be covered as of next 006a6ed "u-boot-custom: Add control for > u-boot-tools package build". (2) seems to be covered in ibr/next fb61019 > "scripts: Enable gnupg in ci_build.sh" (subject to rebasing). This has to be > verified, though (feedback welcome). If proven correct, would we be "really > using it"? > The problem lies here. https://github.com/ilbers/isar/blob/006a6ed75286710957b309aa571613d1935e4663/meta/recipes-devtools/base-apt/base-apt.bb#L21 By using "SignWith: yes", we are asking reprepro to use the default key of the system. BTW, there is a possibility that the key we specified using BASE_REPO_KEY might not be the default key of the system. This was the case in my local jenkins build. I have multiple gpg keys, and have configured one of them to be the default key. If I exercise repo signing in my system, then the repo would always be signed with my default key and not with the key I gave in BASE_REPO_KEY. Below is the link to the mailing list discussion. https://groups.google.com/d/msg/isar-users/CAVHJCuFxRo/WzbRjKdYBwAJ > > > 4. Support for adding packages only to base-apt. > > > > Sometimes, we might need a package to be present in base-apt but not in > > the target yet. Things like dev & dbg packages. It would be good if we > > have something like BASE_APT_INSTALL which contains the list which would > > be populated only in base-apt. > > Sounds useful, also for stuff like strace, optional gcc libs, etc. > Additionally, we may want to download all binary packages of the source > packages we need (for the requested arches and distros only). That would cover > dev and dbg. > > > > 5. Refactoring code to consolidate reprepro calls. > > I'd suggest to evaluate other tools and libs like python-apt and / or aptly. > After looking at Acquire::By-Hash use cases in more detail, I've seen that we > do need it. According to Jan, it isn't supported by reprepro. I think in the > long term, we'll have to use python-apt and touch bitbake to get everything > right. > Thanks for the info. I have been wondering regarding the need to move out of reprepo. This gives some fair amount of detail. Let me also have a look at the other tools. > > With kind regards, > Baurzhan. > > -- > You received this message because you are subscribed to the Google Groups "isar-users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/20190925081241.bmcblmlsax6xb4i4%40yssyq.m.ilbers.de.