From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7219175689105178624 X-Received: by 2002:a63:1710:0:b0:50a:c176:385b with SMTP id x16-20020a631710000000b0050ac176385bmr172120pgl.0.1680845322457; Thu, 06 Apr 2023 22:28:42 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:902:ea02:b0:19f:3460:3f0 with SMTP id s2-20020a170902ea0200b0019f346003f0ls21459855plg.5.-pod-prod-gmail; Thu, 06 Apr 2023 22:28:41 -0700 (PDT) X-Google-Smtp-Source: AKy350ZfMLU0zl32g1ZlBaVf3aWMk9WryA+kqQvwJrdWIGqMXL32dvojDmTmO8125/PcuILVpiwD X-Received: by 2002:a17:902:f552:b0:1a1:924d:19f6 with SMTP id h18-20020a170902f55200b001a1924d19f6mr1353824plf.66.1680845321437; Thu, 06 Apr 2023 22:28:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680845321; cv=none; d=google.com; s=arc-20160816; b=Dpa8Zl0GpzFb9Rr270hpaTEIzVHGlwAtK2OmFLM2t2fPHbPPFpF8DRG/nlAGcSfdjC MU4Y8/ReXIrLgU/PgXKugW9Te+Ire1MPjCop8oOnhH5dm3BVn7lRlx80ShsCZV6avXb3 u6wjgyOvb3eaEcrNwxZ36OhWwYV9CAJZdVGB0ZS1voyPIjB1KT3js5CXRQ+GrgU6ineJ NNb6cp7ocXeqldWIZB+jfbgW3aLT98vfEx5jrdRfZX2bYxTb6ZW2jWP+Hsggz/qV9qbv WevBaefX+Hktd7M6DxRtaxLZQuIHFDvkbNJZSegm7aEvs4ASr9v1sFShoZ9ysSt6+L2R hQIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from; bh=8D65gbhnOAPOFhAioaTBOmHI8kjKyM4dPllTLOI2YF8=; b=t8C90vEQsxNxvTtdVLg6Av0JkSuy5XD+4ATuc7cX/NKUSwjpJ0Sf77zwN7Dd4Vh+EF VEElG2l3WAXvrx1w3BUiiZnT9+kztOcwzrQA+D/0q6vZuTsvK3FzlaHXVyoGQiZfWSdM zYwYubUZvakEh5fUW1UBqZSk26HBIHvWn/R4jhTYerRGEf+MQEgrP0qkPhCKEDuyGI5I +maPTKrskkOLvStl+KGVXuu5zDK0V7vGryNG7BUHdIebWm+bDW1RNnqPMJNW7o26FFM7 pT4vx45lA61jAKCSaor6u4NVQP23zvN/ATAmm5ZRjt8d1BFb4EAdhyGCP9ZnutaZiH3u nJAg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 34-20020a631762000000b0051322a48c32si186914pgx.1.2023.04.06.22.28.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 06 Apr 2023 22:28:41 -0700 (PDT) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from baighyz.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 3375ScqN022884 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 7 Apr 2023 07:28:38 +0200 From: Uladzimir Bely To: isar-users@googlegroups.com Subject: [PATCH] meta-isar: Add local ubuntu-focal public key Date: Fri, 7 Apr 2023 07:28:38 +0200 Message-Id: <20230407052838.24924-1-ubely@ilbers.de> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: b3p3MeNBfmKY When debootstrapping Ubuntu in signed mode we need a local key taken from official Ubuntu repository, similar to RaspiOS. This makes debootstrapping more strict and additionally allows to use other debootstrapping utilities (like mmdebstrap). Signed-off-by: Uladzimir Bely --- Debootstrap log before the patch: ``` I: Running command: debootstrap --verbose --variant=minbase --include=locales --arch=amd64 --components=main,restricted,universe,multiverse focal /build/tmp/work/ubuntu-focal-amd64/isar-bootstrap-target/1.0-r0/rootfs http://archive.ubuntu.com/ubuntu /usr/share/debootstrap/scripts/gutsy W: Cannot check Release signature; keyring file not available /usr/share/keyrings/ubuntu-archive-keyring.gpg I: Retrieving InRelease I: Retrieving Packages ``` Debootstrap log after the patch: ``` I: Running command: debootstrap --verbose --variant=minbase --include=locales,gnupg --keyring=/build/tmp/work/ubuntu-focal-amd64/isar-bootstrap-target/1.0-r0/distro-keyring.gpg --arch=amd64 --components=main,restricted,universe,multiverse focal /build/tmp/work/ubuntu-focal-amd64/isar-bootstrap-target/1.0-r0/rootfs http://archive.ubuntu.com/ubuntu /usr/share/debootstrap/scripts/gutsy I: Retrieving InRelease I: Checking Release signature I: Valid Release signature (key id F6ECB3762474EDA9D21B7022871920D1991BC93C) I: Retrieving Packages ``` meta-isar/conf/distro/ubuntu-focal.conf | 5 +++ meta-isar/conf/distro/ubuntu.public.key | 53 +++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 meta-isar/conf/distro/ubuntu.public.key diff --git a/meta-isar/conf/distro/ubuntu-focal.conf b/meta-isar/conf/distro/ubuntu-focal.conf index 6292501a..0cb6958d 100644 --- a/meta-isar/conf/distro/ubuntu-focal.conf +++ b/meta-isar/conf/distro/ubuntu-focal.conf @@ -13,6 +13,11 @@ HOST_BASE_DISTRO = "${BASE_DISTRO}" DISTRO_APT_SOURCES:arm64 ?= "conf/distro/${BASE_DISTRO}-${BASE_DISTRO_CODENAME}-ports.list" HOST_DISTRO_APT_SOURCES:arm64 ?= "conf/distro/${HOST_DISTRO}.list conf/distro/${HOST_DISTRO}-ports.list" +BOOTSTRAP_KEY = "file://${LAYERDIR_isar}/conf/distro/ubuntu.public.key;sha256sum=36a38199a4bf4eae1e7f574891f7dfcb79b91b87a33a499383265e1224b5e989" +DISTRO_BOOTSTRAP_KEYS += "${BOOTSTRAP_KEY}" +HOST_DISTRO_BOOTSTRAP_KEYS += "${BOOTSTRAP_KEY}" + + # that is what debootstrap_1.0.118ubuntu1 does anyways DISTRO_DEBOOTSTRAP_SCRIPT = "/usr/share/debootstrap/scripts/gutsy" diff --git a/meta-isar/conf/distro/ubuntu.public.key b/meta-isar/conf/distro/ubuntu.public.key new file mode 100644 index 00000000..994f9f19 --- /dev/null +++ b/meta-isar/conf/distro/ubuntu.public.key @@ -0,0 +1,53 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFufwdoBEADv/Gxytx/LcSXYuM0MwKojbBye81s0G1nEx+lz6VAUpIUZnbkq +dXBHC+dwrGS/CeeLuAjPRLU8AoxE/jjvZVp8xFGEWHYdklqXGZ/gJfP5d3fIUBtZ +HZEJl8B8m9pMHf/AQQdsC+YzizSG5t5Mhnotw044LXtdEEkx2t6Jz0OGrh+5Ioxq +X7pZiq6Cv19BohaUioKMdp7ES6RYfN7ol6HSLFlrMXtVfh/ijpN9j3ZhVGVeRC8k +KHQsJ5PkIbmvxBiUh7SJmfZUx0IQhNMaDHXfdZAGNtnhzzNReb1FqNLSVkrS/Pns +AQzMhG1BDm2VOSF64jebKXffFqM5LXRQTeqTLsjUbbrqR6s/GCO8UF7jfUj6I7ta +LygmsHO/JD4jpKRC0gbpUBfaiJyLvuepx3kWoqL3sN0LhlMI80+fA7GTvoOx4tpq +VlzlE6TajYu+jfW3QpOFS5ewEMdL26hzxsZg/geZvTbArcP+OsJKRmhv4kNo6Ayd +yHQ/3ZV/f3X9mT3/SPLbJaumkgp3Yzd6t5PeBu+ZQk/mN5WNNuaihNEV7llb1Zhv +Y0Fxu9BVd/BNl0rzuxp3rIinB2TX2SCg7wE5xXkwXuQ/2eTDE0v0HlGntkuZjGow +DZkxHZQSxZVOzdZCRVaX/WEFLpKa2AQpw5RJrQ4oZ/OfifXyJzP27o03wQARAQAB +tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTgpIDxm +dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwEKACIFAlufwdoCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheAAAoJEIcZINGZG8k8LHMQAKS2cnxz/5WaoCOWArf5g6UH +beOCgc5DBm0hCuFDZWWv427aGei3CPuLw0DGLCXZdyc5dqE8mvjMlOmmAKKlj1uG +g3TYCbQWjWPeMnBPZbkFgkZoXJ7/6CB7bWRht1sHzpt1LTZ+SYDwOwJ68QRp7DRa +Zl9Y6QiUbeuhq2DUcTofVbBxbhrckN4ZteLvm+/nG9m/ciopc66LwRdkxqfJ32Cy +q+1TS5VaIJDG7DWziG+Kbu6qCDM4QNlg3LH7p14CrRxAbc4lvohRgsV4eQqsIcdF +kuVY5HPPj2K8TqpY6STe8Gh0aprG1RV8ZKay3KSMpnyV1fAKn4fM9byiLzQAovC0 +LZ9MMMsrAS/45AvC3IEKSShjLFn1X1dRCiO6/7jmZEoZtAp53hkf8SMBsi78hVNr +BumZwfIdBA1v22+LY4xQK8q4XCoRcA9G+pvzU9YVW7cRnDZZGl0uwOw7z9PkQBF5 +KFKjWDz4fCk+K6+YtGpovGKekGBb8I7EA6UpvPgqA/QdI0t1IBP0N06RQcs1fUaA +QEtz6DGy5zkRhR4pGSZn+dFET7PdAjEK84y7BdY4t+U1jcSIvBj0F2B7LwRL7xGp +SpIKi/ekAXLs117bvFHaCvmUYN7JVp1GMmVFxhIdx6CFm3fxG8QjNb5tere/YqK+ +uOgcXny1UlwtCUzlrSaPmQINBE+tgXgBEADfiL1KNFHT4H4Dw0OR9LemR8ebsFl+ +b9E44IpGhgWYDufj0gaM/UJ1Ti3bHfRT39VVZ6cv1P4mQy0bnAKFbYz/wo+GhzjB +Wtn6dThYv7n+KL8bptSCXgg1a6en8dCCIA/pwtS2Ut/g4Eu6Z467dvYNlMgCqvg+ +prKIrXf5ibio48j3AFvd1dDJl2cHfyuON35/83vXKXz0FPohQ7N7kPfI+qrlGBYG +WFzC/QEGje360Q2Yo+rfMoyDEXmPsoZVqf7EE8gjfnXiRqmz/Bg5YQb5bgnGbLGi +HWtjS+ACIdLUq/h+jlSp57jw8oQktMh2xVMX4utDM0UENeZnPllVJSlR0b+ZmZz7 +paeSar8Yxn4wsNlL7GZbpW5A/WmcmWfuMYoPhBo5Fq1V2/siKNU3UKuf1KH+X0p1 +oZ4oOcZ2bS0Zh3YEG8IQce9Bferq4QMKsekcG9IKS6WBIU7BwaElI2ILD0gSwu8K +zvNSEeIJhYSsBIEzrWxIBXoN2AC9PCqqXkWlI5Xr/86RWllB3CsoPwEfO8CLJW2L +lXTen/Fkq4wT+apdhHeiWiSsq/J5OEff0rKHBQ3fK7fyVuVNrJFb2CopaBLyCxTu +pvxs162jjUNopt0c7OqNBoPoUoVFAxUSpeEwAw6xrM5vROyLMSeh/YnTuRy8WviR +apZCYo6naTCY5wARAQABtEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmlu +ZyBLZXkgKDIwMTIpIDxmdHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwECACIFAk+t +gXgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDtP5qzAsh8yXX4QAJHU +dK6eYMyJcrFP3yKXtUYQMpaHRM/floqZtOFhlmcLVMgBNOr0eLvBU0JcZyZpHMvZ +ciTDBMWX8ItCYVjRejf0K0lPvHHRGaE7t6JHVUCeznNbDMnOPYVwlVJdZLOa6PmE +5WXVXpk8uTA8vm6RO2rS23vE7U0pQlV+1GVXMWH4ZLjaQs/Tm7wdvRxeqTbtfOEe +HGLjmsoh0erHfzMV4wA/9Zq86WzuJS1HxXR6OYDC3/aQX7CxYT1MQxEw/PObnHtk +l3PRMWdTW7fSQtulEXzpr2/JCev6Mfc8Uy0aD3jng9byVk9GpdNFEjGgaUqjqyZo +svwAZ4/dmRjmMEibXeNUGC8HeWC3WOVV8L/DiA+miJlwPvwPiA1ZuKBI5A8VF0rN +HW7QVsG8kQ+PDHgRdsmhpzSRgykN1PgK6UxScKX8LqNKCtKpuEPApka7FQ1u4BoZ +KjjpBhY1R4TpfFkMIe7qW8XfqoaP99pED3xXch2zFRNHitNJr+yQJH4z/o+2UvnT +A2niUTHlFSCBoU1MvSq1N2J3qU6oR2cOYJ4ZxqWyCoeQR1x8aPnLlcn4le6HU7To +cYbHaImcIt7qnG4Ni0OWP4giEhjOpgxtrWgl36mdufvriwya+EHXzn36EvQ9O+bm +3fyarsnhPe01rlsRxqBiK1JOw/g4GnpX8iLGEX1V +=kRV1 +-----END PGP PUBLIC KEY BLOCK----- -- 2.20.1