From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6741460933745311744 X-Received: by 2002:a1c:a74f:: with SMTP id q76mr16664613wme.16.1569832954897; Mon, 30 Sep 2019 01:42:34 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:dccc:: with SMTP id x12ls2760800wrm.3.gmail; Mon, 30 Sep 2019 01:42:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqzFHHmBqgY+yPo9F3jIQFQZAFmCsMmCXbwfYCOOsG70OR9cEqawRtuguAdk0OCLOLmF3F8p X-Received: by 2002:adf:e387:: with SMTP id e7mr1826004wrm.306.1569832954324; Mon, 30 Sep 2019 01:42:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569832954; cv=none; d=google.com; s=arc-20160816; b=rdSyWh4wYy9pw9SkBpCjXZS3K16iPaIvny1H6pLTHt4BA8ScXQSzyi2ZeVbDf41w2H vGL3da9ta7LOYWOx8wd/WXrXEzyB0IjmsG58VeqmgoKiTEAiqHm9AOTzQUZ9kTg4luzj yXCkjFvsP+uX9KCLi1PKU+4a2z83m9ia7gO8Y/9uQkfswJvPzgAyNx+QUBuw6TmBoYIw JFjMIHxpIEKpB+cuIil5uL9f3pF2sWfFm1b+cylzsxc3Z2fNNpyOnRUjgK4+HO1BwZKe PrFmRO1lQN9+wLBGai0qgiQVuvK4GSt/68ydrF0ZlSRPzUud3krfgy5L3y+ClpAh3TzU +FXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:date:from:dkim-signature; bh=U49UVeJSWRqONJv/EyI5Fq0u+D+TXaO1OCz82ZzdhDU=; b=AfBB0DT0JiGkpNmBQAK8CDh+nyy+FfHQVoanTcvsxyOaQ/ZNUV0Ejv7wVYCOFcJfmk o7rISG35jndy0IoTBisduz4vtbJsHfD3qwmvpJUwLmlCfvt8rDPFWse51Uq8ZdQniNp1 eWg74XmsrbJymmOpZFqsn6p22+52gy3vdyAFBNhV0yEgMKp2i8ZPQvthRvcVrV9N0g+P wWu1hkB4QO4kLnC4sQbNdng4ABnfYGT5JeKh0zWkWgtlYCDpvOy5aybWq5QlDXWyndal M/GMzCb1avfbs2izKSTdlwurSf7tbcbPcM0UGc3fDLUsSzmV1s8v4/wf/Pbh8Xdo/Oge ZfcA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="T6zVBo/6"; spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::443 as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com. [2a00:1450:4864:20::443]) by gmr-mx.google.com with ESMTPS id n16si685226wrs.4.2019.09.30.01.42.34 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Sep 2019 01:42:34 -0700 (PDT) Received-SPF: pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::443 as permitted sender) client-ip=2a00:1450:4864:20::443; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="T6zVBo/6"; spf=pass (google.com: domain of vijaikumar.kanagarajan@gmail.com designates 2a00:1450:4864:20::443 as permitted sender) smtp.mailfrom=vijaikumar.kanagarajan@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: by mail-wr1-x443.google.com with SMTP id i1so10231937wro.4 for ; Mon, 30 Sep 2019 01:42:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=U49UVeJSWRqONJv/EyI5Fq0u+D+TXaO1OCz82ZzdhDU=; b=T6zVBo/6oZui4bZdtwuq4CV6pD6VQC7nFBkuo0RmpjfZoNtynr/33cJaoVrWHLglbn Xg/coBag4pKgor8yBwTmy7w2TGPeqXRlT+D0UimCRWnjycj322g3J4Z5ocnr3Gn2k3/B 9Aifx++lFATswFbQ4i3uEKSo5ZYIM3lJ9KfJC7dLo4EiZrKNxsXM+6/Top1o4KjJ8NgJ /DGvT5P73B0DFn0QzA1uJJ2EUgaI+8szvJmXiFKM/F3GD1GmY4RQE5PwpsLepT44fR7P 6rMu/uF4XoiX9EQED791LM8D/2uvJgtCpAhU/yNwEKzgY0nYEq9/M7FqCRXPBFDIwiN1 V+IA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=U49UVeJSWRqONJv/EyI5Fq0u+D+TXaO1OCz82ZzdhDU=; b=fO1m6Da+KB0E6QH8u1ILrVbCfyfX8hfH0Fg26C1Yzb+NASdDN6fTxlQYuQxKiQpY7j S5OIOeOT7c/yYMZZFrjih3A0g1kIavhkz6MiTZAGjAPzxc0sljnSAiNPp/hi6Q/2oRS0 uqNv56xqQ5cXzj8rifk3xXR2yGnkdJi1L0XAEYfUrY+jxZuQtyD3W6rxlBHoNtTeH/E3 GGOZSuNc9nfi6S6jDCOEOCOVqxrZzOtuBA0jabNCzBtg2uvMPsKvZmGxQZl1CC6rJo3E YDZJ3Hugc9+gZ8itLv8OShIiSLQkzL67d2gYxS71Xl88fCzoANNhce4YKFjdsH4vVgW2 bXNA== X-Gm-Message-State: APjAAAWBW4M/EFYqBtooz6hchmOmx2giDDsTlbUKzDPHN9ESIZI2Ifme KvPsKezcMnZKrMWQyomMQsg= X-Received: by 2002:a5d:560a:: with SMTP id l10mr12591463wrv.387.1569832953839; Mon, 30 Sep 2019 01:42:33 -0700 (PDT) Return-Path: Received: from lightning (nat-sch.mentorg.com. [139.181.36.34]) by smtp.gmail.com with ESMTPSA id t4sm11730898wrm.13.2019.09.30.01.42.30 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Sep 2019 01:42:32 -0700 (PDT) From: Vijai Kumar K X-Google-Original-From: Vijai Kumar K Date: Mon, 30 Sep 2019 14:12:27 +0530 To: Jan Kiszka Cc: vijaikumar.kanagarajan@gmail.com, isar-users@googlegroups.com, henning.schild@siemens.com, claudius.heine.ext@siemens.com, Amy_Fong@mentor.com Subject: Re: [PATCH] base-apt: Use gpg keyid instead of yes Message-ID: <20190930084227.GC10223@lightning> References: <20190927211112.29379-1-Vijaikumar_Kangarajan@mentor.com> <49311e01-52f4-0ae8-ac95-a297e1343a20@siemens.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49311e01-52f4-0ae8-ac95-a297e1343a20@siemens.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-TUID: J62toi/yEMSG On Mon, Sep 30, 2019 at 08:17:00AM +0200, Jan Kiszka wrote: > On 27.09.19 23:11, vijaikumar.kanagarajan@gmail.com wrote: > > From: Vijai Kumar K > > > > When using "SignWith: yes", reprepro uses the default gpg key > > of the system to sign the repo. The default gpg key might be > > different from what is specified in BASE_REPO_KEY, resulting > > in using a wrong key for signing. > > > > Derive and use the keyid from the keyfile supplied instead of > > a generic yes option. > > > > Suggested-by: Amy Fong > > Signed-off-by: Vijai Kumar K > > --- > > meta/recipes-devtools/base-apt/base-apt.bb | 22 +++++++++++++++++++--- > > 1 file changed, 19 insertions(+), 3 deletions(-) > > > > diff --git a/meta/recipes-devtools/base-apt/base-apt.bb b/meta/recipes-devtools/base-apt/base-apt.bb > > index 74189f1..c74be86 100644 > > --- a/meta/recipes-devtools/base-apt/base-apt.bb > > +++ b/meta/recipes-devtools/base-apt/base-apt.bb > > @@ -4,6 +4,7 @@ > > SRC_URI = "file://distributions.in" > > BASE_REPO_KEY ?= "" > > +KEYFILES ?= "" > > CACHE_CONF_DIR = "${REPO_BASE_DIR}/${BASE_DISTRO}/conf" > > do_cache_config[dirs] = "${CACHE_CONF_DIR}" > > @@ -12,13 +13,18 @@ do_cache_config[lockfiles] = "${REPO_BASE_DIR}/isar.lock" > > # Generate reprepro config for current distro if it doesn't exist. Once it's > > # generated, this task should do nothing. > > -do_cache_config() { > > +repo_config() { > > if [ ! -e "${CACHE_CONF_DIR}/distributions" ]; then > > sed -e "s#{CODENAME}#"${BASE_DISTRO_CODENAME}"#g" \ > > ${WORKDIR}/distributions.in > ${CACHE_CONF_DIR}/distributions > > - if [ "${BASE_REPO_KEY}" ] ; then > > + if [ -n "${KEYFILES}" ]; then > > + option="" > > + for key in ${KEYFILES}; do > > + keyid=$(cat ${key} | gpg --keyid-format 0xlong --with-colons - 2>/dev/null |grep "^pub:" |awk -F':' '{print $5;}') > > I hope this parsing is stable... Having used it for quite sometime I dont see an issue. It would be better if we error out if the key is not present in the system. Will add it in v2. > > > + option="${option}${keyid} " > > + done > > # To generate Release.gpg > > - echo "SignWith: yes" >> ${CACHE_CONF_DIR}/distributions > > + echo "SignWith: ${option}" >> ${CACHE_CONF_DIR}/distributions > > fi > > fi > > @@ -35,4 +41,14 @@ do_cache_config() { > > fi > > } > > +python do_cache_config() { > > + for key in d.getVar('BASE_REPO_KEY').split(): > > + d.appendVar("SRC_URI", " %s" % key) > > + fetcher = bb.fetch2.Fetch([key], d) > > I wonder if that magically addresses the case that changing key file content > should also trigger rebuilds. Similar to > https://github.com/ilbers/isar/issues/60. Not sure about that. May be some testing would reveal it. > > > + filename = fetcher.localpath(key) > > + d.appendVar("KEYFILES", " %s" % filename) > > + > > + bb.build.exec_func('repo_config', d) > > +} > > + > > addtask cache_config after do_build > > > > Looks good - if the keyid extraction if actually robust. > Thanks, Vijai Kumar K > Jan > > -- > Siemens AG, Corporate Technology, CT RDA IOT SES-DE > Corporate Competence Center Embedded Linux