From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6880878174534631424 X-Received: by 2002:adf:e348:: with SMTP id n8mr3996488wrj.148.1611055212234; Tue, 19 Jan 2021 03:20:12 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:e608:: with SMTP id p8ls12645627wrm.2.gmail; Tue, 19 Jan 2021 03:20:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJykCYb6jyOWmuEwb2LFkF8Hzr1olCJRzExGqi4RPQIM8e9YxXq49nMOsufIf7ussGb1z6DI X-Received: by 2002:a5d:4d03:: with SMTP id z3mr3851596wrt.280.1611055211270; Tue, 19 Jan 2021 03:20:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611055211; cv=none; d=google.com; s=arc-20160816; b=Q+MTrWJHcqUVCqPtPDw9lYPY7jefFRjM1K8GMlUJBV+vw6ShpJs5xga6u1DUDZJn63 qS4koC0dsISNX+6K659UjQDm6tSiKeJgSk8cv1PRpPFE4KI45q4LesksSYJ+zBOYEbXh 1x4te67BoRT1o9Q31TicvCmS1NnE9GXUFlX//9whI1KSbmCoaS7dGQ8USKLaU+eXLhmZ HEK6w48f62mBa+sLTFmhuoPpS5Dsp0FPi16PUJT6+cQ0PNN+Vo4mFreQZJCFZ3ztAIxP olpmZj0XNRzbohw3db+wihEu+CzGeWEgXB4wQPj7Muff1xPst74fuRcZShDYOCBV8U+p LfpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=li+96ruyzoOEgpeY2qIxEo+tvUqGoinoviYlfmnyVDY=; b=yC/zNoRQuSYmrq+0Z8njo/1BtMGQpPPfXOaFZqNAunXgaZwgDakARXPXx4h5pXkE3Z ry6YYCih2DJteiRB7YyB16QdTKFjj9bQ+0YGw5sOO23P80jwfAW95d5ePyiBgcV5WfMf +MroEhBl/2W10JDVzQlNQjjF24LlOr8XZGfEvZhf0Omiml+1ESpZP+rz3ZFanGc/2dZC lF5NAWZyytzAs8qgHV8NGMfYXkBrS89CG+K3PRQ3DJye6hPkyuKPtrGKa1WngUT5fTx3 tkGoR4XdBUjklV+bGF5iNvB5TSdjHCupZyj9qhUHA7raxnTx0sF/6HjnUFwNjFtMIG8/ +sDw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 7si796417wrp.3.2021.01.19.03.20.11 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 19 Jan 2021 03:20:11 -0800 (PST) Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Received: from localhost.localdomain (mm-235-54-214-37.mgts.dynamic.pppoe.byfly.by [37.214.54.235] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 10JBKA1L014140 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Jan 2021 12:20:10 +0100 From: Anton Mikanovich To: isar-users@googlegroups.com Cc: Yuri Adamov , Anton Mikanovich Subject: [PATCH v2] isar-bootstrap: Run gpg-agent before starting apt-key Date: Tue, 19 Jan 2021 14:20:01 +0300 Message-Id: <20210119112001.11651-1-amikan@ilbers.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 6POu9g8CbDvp From: Yuri Adamov Building rpi-stretch natively (under qemu) sometimes fails with: gpg: can't connect to the agent: IPC connect call failed gpg starts gpg-agent and times out after 5 s. This value is hard-coded. Besides, leaving running gpg-agent processes is not clean and prevents unmounting of filesystems. This patch starts and stops the agent manually. gnupg now appended to package list unconditionally because gpg-agent is used in every isar_bootstrap run. Signed-off-by: Yuri Adamov Signed-off-by: Anton Mikanovich --- Changes since v1: - Removed unnecessary sleeping. - Removed -9 in kill. - Commented unconditionally gnupg package append. - Removed unused OVERRIDES_append and get_distro_needs_gpg_support(). --- .../isar-bootstrap/isar-bootstrap.inc | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 8f5f727..751980f 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -24,7 +24,7 @@ DISTRO_BOOTSTRAP_KEYFILES = "" THIRD_PARTY_APT_KEYFILES = "" DEPLOY_ISAR_BOOTSTRAP ?= "" DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg" +DISTRO_BOOTSTRAP_BASE_PACKAGES_append = ",gnupg" DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = "${@https_support(d)}" inherit deb-dl-dir @@ -175,16 +175,6 @@ def get_distro_needs_https_support(d, is_host=False): else: return "" -def get_distro_needs_gpg_support(d): - apt_keys = d.getVar("DISTRO_BOOTSTRAP_KEYS") or "" - apt_keys += " " + (d.getVar("THIRD_PARTY_APT_KEYS") or "") - apt_keys += " " + (d.getVar("BASE_REPO_KEY") or "") - if apt_keys != " ": - return "gnupg" - return "" - -OVERRIDES_append = ":${@get_distro_needs_gpg_support(d)}" - def get_distro_source(d, is_host): return get_distro_primary_source_entry(d, is_host)[0] @@ -309,14 +299,22 @@ isar_bootstrap() { mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d" install -v -m644 "${WORKDIR}/isar-apt.conf" \ "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf" + MY_GPGHOME=$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX) + echo "Created temporary directory ${MY_GPGHOME} for gpg-agent" + chroot "${ROOTFSDIR}" gpg-agent --homedir "${MY_GPGHOME}" --daemon find ${APT_KEYS_DIR}/ -type f | while read keyfile do kfn="$(basename $keyfile)" cp $keyfile "${ROOTFSDIR}/tmp/$kfn" chroot "${ROOTFSDIR}" /usr/bin/apt-key \ - --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn" + --keyring ${THIRD_PARTY_APT_KEYRING} \ + --homedir ${MY_GPGHOME} add "/tmp/$kfn" rm "${ROOTFSDIR}/tmp/$kfn" done + GPG_AGENT_PID=$(ps -aux | grep "gpg-agent.*${MY_GPGHOME}" | grep -v grep | awk '{print $2}') + echo "Killing gpg-agent with pid $GPG_AGENT_PID" + /bin/kill ${GPG_AGENT_PID} + chroot "${ROOTFSDIR}" /bin/rm -rf "${MY_GPGHOME}" if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \ -- 2.20.1