From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6880878174534631424 X-Received: by 2002:a1c:4b19:: with SMTP id y25mr4007132wma.44.1611144940076; Wed, 20 Jan 2021 04:15:40 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:4482:: with SMTP id r124ls1663279wma.1.canary-gmail; Wed, 20 Jan 2021 04:15:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJwfvgvj2f/eb/kqoz2VMDDT3oRChgYjhij/GidAnv1gnrfy0LlxmPLE8lKACe2SlPCe4Sl4 X-Received: by 2002:a1c:1d09:: with SMTP id d9mr4053548wmd.125.1611144939262; Wed, 20 Jan 2021 04:15:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611144939; cv=none; d=google.com; s=arc-20160816; b=FMHGwiH4HKt4oE60xAnwI2EiqtXEMSdzwJOlKr0uqJExSuO6u9ftXyRJcY0rZwVaRT Y6STWceePVCILWPYSLdgmwvqIthtg0CN74Y1Ql80XHoM6nyNc9b5OciV6/bwMneXxlIO HGeRhANJEb9hdFIQ7301s3fiLDTG8MANeDHCwXXuyLovnqZkgQASZ44pk0lHd8jna/F9 n0FSeIQn3l1IVsBpSZTRudsjG+KLp1ZfO5/F2pqOZH7f+dz3Fm5zfVuq7F9gnTeSmDDf 3Wvit0CiwZPhRpnAFJJ1njDx2QGaCbAz4/Q7dUjUt42wlymKfvuYFGxPlbhkIp6rUGk/ f07A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=NUOpwzSY9/yo7SM+MiK0waGKQXRG4MncSDm798BD0nU=; b=CAyUOR53+A1rhxxFkj2UQRl88L9TvnkiPGk5N4dgP89lj1l0iHcZnfpzqCFdvmsbv6 RGyQrxVuKE2F7ZB4J0Jy4KxD9Ha26galbGYPXc4xie+QWlpMEoM0zXUXO1rQRbE6qtb+ j1j4aH9BGhAS4rQEPYNOaPbrMc/Tzc109+U6JR8sA+o3t2JmCPGzW6EQPfexjTIflp47 mxdYegnchhjWmt+Zd867qPATqdtjEsse9hTq9/bYQvoO9Ox6YOpxyii3Jhtiv2/p0uiR wOKNDoMYzRp7Rnj0NU1kNjJCM/dfMqi8f3PNfAQj43YfTwXQ6DldJhsOPhBhyq2J4qxV /5cw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id u24si129809wmm.1.2021.01.20.04.15.39 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Jan 2021 04:15:39 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 10KCFcsT026032 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Jan 2021 13:15:38 +0100 Received: from md1za8fc.ad001.siemens.net ([139.22.120.228]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 10KCFcGS032234; Wed, 20 Jan 2021 13:15:38 +0100 Date: Wed, 20 Jan 2021 13:15:37 +0100 From: Henning Schild To: Baurzhan Ismagulov Cc: "[ext] Jan Kiszka" , Anton Mikanovich , , Yuri Adamov Subject: Re: [PATCH v2] isar-bootstrap: Run gpg-agent before starting apt-key Message-ID: <20210120131537.4d99672a@md1za8fc.ad001.siemens.net> In-Reply-To: <20210120113530.GY22444@yssyq.m.ilbers.de> References: <20210119112001.11651-1-amikan@ilbers.de> <978d7c98-5698-273f-cd27-525529d4b3ea@siemens.com> <7afeb621-53eb-ddfe-b94a-15935127528a@ilbers.de> <03dd4a4a-0d31-ebbe-30da-516445e12c6e@siemens.com> <20210120120457.5fb65262@md1za8fc.ad001.siemens.net> <20210120113530.GY22444@yssyq.m.ilbers.de> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: g8KoE0sZiw24 Am Wed, 20 Jan 2021 12:35:30 +0100 schrieb Baurzhan Ismagulov : > On Wed, Jan 20, 2021 at 12:04:57PM +0100, Henning Schild wrote: > > It seems like a functional change. We did use the native agent > > before and now never use it. > > This is a good point. Yes, we've focused on the CI and not on the > interactive build. What do you mean by "native", is it the agent > running on my host as my desktop user? If that is required, it would > add some more complexity... I was talking about an agent potentially already running on that host under the user calling isar. (so i guess root) > > But i guess the native agent is potentially still used i.e. when > > building packages. > > This is also a good point. We need agent management, among other > reasons, for clean unmounting of the filesystems. If the agent is > started elsewhere, we should handle that, too. We used to > dpkg-buildpackage -uc -us -- we'll have check that after this patch. I would actually assume that all the sudo and chroot stuff would automatically avoid accidental agent reuse from root on the host. But i am not sure about it. It could also be that the patch should just kill a potential agent in the chroot with the command i suggested. But as longs as its not understood where that problematic agent is really coming from, i would refrain from proposing patches that are not fully understood either. Henning > > With kind regards, > Baurzhan.