From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6880878174534631424 X-Received: by 2002:a17:907:3d86:: with SMTP id he6mr2500272ejc.174.1611335356513; Fri, 22 Jan 2021 09:09:16 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:907:7641:: with SMTP id kj1ls3293177ejc.4.gmail; Fri, 22 Jan 2021 09:09:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJwz8IklqanqFVOIgGH64kDlMOybj8yYmRbcBTEkwQnQIuyu+fiurh9+Aofj+duTt6Nm7nJ7 X-Received: by 2002:a17:906:94ce:: with SMTP id d14mr3559943ejy.121.1611335355561; Fri, 22 Jan 2021 09:09:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611335355; cv=none; d=google.com; s=arc-20160816; b=W9xU5RV3mE7zaHTedzjP9fBCc8ZIjV65Yq3uiFvDStquQZEcZLTnL4m0XZDCPH0Yhb 9hqcgw1id4DgYzCGgVXo0tKli2fKQxfRFzuEOg3xJxsxIRFuu1doh/bDB3/GGsXtfSnS X6Qx6t81BWF0c9hL+lnkUcWaNrg/CSK5x24X9sge72CkuGsg6hNQ1n0qasuWJk35utVo fzoX5CHJ8qbaReRV5HS4Hx5eoAX5BttTLbK7JINKsWwKfeo2VMbHzfJRnT5/Jn+rmt1X 8yjD9n6JiPXbsfdCO7FwgUttd7RuX8Rh7OK9RGwZ5qZRipSQmIEybfGIsf4DCTezW1KR 37zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=y+RAgk4RnNHbH9xXp8F15GC2zHJETtkGKbhq1vNtLqE=; b=YJIsHqb0gyKeG3Odq0i4PQSY+J+F/bAPQI75CSG72eMwalfig+T4TRBAYztBxAfu74 ULHX26H8UQ7TAu8+C1F6u2KdTUc+hOW9GOLWPXfe/TF7QNCYKXupIMlQKV9oQFV4gsVw RNEGgXKw/OmFNNiAUGg0pxDIaTMhT9y/mFaiA1WecrAkuGEeqU/ApLQB47DC8i+0ZyR5 EldMMoNyR2Rr2qvSOTFcZTOne+s/kKI2EV4XU+Ohv1qaYYSlgKoJdKmG0k5tP7O3VBg/ NFtLGfDm+dhmiUvtbeICdlZnY1hWcIQUGpJSgVhg0BomflMLpewLlSgXvJR1IbzmNDr+ 7bDw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id f4si291037edr.2.2021.01.22.09.09.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 22 Jan 2021 09:09:15 -0800 (PST) Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Received: from localhost.localdomain (mm-114-76-121-178.mgts.dynamic.pppoe.byfly.by [178.121.76.114] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 10MH9EGs029435 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 22 Jan 2021 18:09:14 +0100 From: Anton Mikanovich To: isar-users@googlegroups.com Cc: Yuri Adamov , Anton Mikanovich Subject: [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key Date: Fri, 22 Jan 2021 20:09:03 +0300 Message-Id: <20210122170903.28134-1-amikan@ilbers.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: JEXAKnYf/mnS From: Yuri Adamov Building rpi-stretch natively (under qemu) sometimes fails with: gpg: can't connect to the agent: IPC connect call failed gpg starts gpg-agent and times out after 5 s. This value is hard-coded. Besides, leaving running gpg-agent processes is not clean and prevents unmounting of filesystems. This patch starts and stops the agent manually. Signed-off-by: Yuri Adamov Signed-off-by: Anton Mikanovich --- Changes since v2: - Restored conditional gnupg include. - Made gpg-agent run in gpg enabled builds only. Changes since v1: - Removed unnecessary sleeping. - Removed -9 in kill. - Commented unconditionally gnupg package append. - Removed unused OVERRIDES_append and get_distro_needs_gpg_support(). --- meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 8f5f727..0edefc5 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -309,14 +309,25 @@ isar_bootstrap() { mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d" install -v -m644 "${WORKDIR}/isar-apt.conf" \ "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf" + if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" ]; then + MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)" + echo "Created temporary directory ${MY_GPGHOME} for gpg-agent" + export GNUPGHOME="${MY_GPGHOME}" + chroot "${ROOTFSDIR}" gpg-agent --daemon + APT_KEY_APPEND="--homedir ${MY_GPGHOME}" + fi find ${APT_KEYS_DIR}/ -type f | while read keyfile do kfn="$(basename $keyfile)" cp $keyfile "${ROOTFSDIR}/tmp/$kfn" chroot "${ROOTFSDIR}" /usr/bin/apt-key \ - --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn" + --keyring ${THIRD_PARTY_APT_KEYRING} ${APT_KEY_APPEND} add "/tmp/$kfn" rm "${ROOTFSDIR}/tmp/$kfn" done + if [ -d "${MY_GPGHOME}" ]; then + echo "Killing gpg-agent for ${MY_GPGHOME}" + chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf "${MY_GPGHOME}" + fi if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \ -- 2.20.1