From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH 1/1] fix: include ca-certificates in mmdebstrap if needed
Date: Tue, 26 Nov 2024 15:12:10 +0100 [thread overview]
Message-ID: <20241126141210.2004080-1-felix.moessbauer@siemens.com> (raw)
In case we have apt URLs with https, we also need the ca-certificates
package. While that is not needed in mmdebstrap itself (as it uses the
host packages), it will be needed in the later rootfs install tasks like
sbuild-chroot and image install. Otherwise these tasks will fail due to
certificate errors.
For now, I copied over the logic from the old isar-bootstrap file, but
we might want to unify this. Also, I did not copy the gnupg part as I'm
unsure if that is needed.
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
I'm wondering how that was not noticed earlier. It literally breaks
ALL Ubuntu builds against snapshot mirrors.
Best regards,
Felix Moessbauer
Siemens AG
.../isar-mmdebstrap/isar-mmdebstrap.inc | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
index 1043f2d1..c8ea53ab 100644
--- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
+++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
@@ -12,6 +12,8 @@ inherit deb-dl-dir
FILESEXTRAPATHS:append = ":${LAYERDIR_core}/recipes-core/isar-bootstrap/files"
DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales,apt,usrmerge"
+DISTRO_BOOTSTRAP_BASE_PACKAGES:append:https-support = ",ca-certificates"
+
BOOTSTRAP_TMPDIR = "${WORKDIR}/tempdir"
# Fix for /var/lib/apt/available while maybe-jessie-or-older hook do not work
@@ -24,6 +26,17 @@ MMHOOKS:debian-buster ?= "${DPKG_HOOKS}"
DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg"
+def get_distro_have_https_source(d):
+ return any(source[2].startswith("https://") for source in generate_distro_sources(d))
+
+def get_distro_needs_https_support(d):
+ if get_distro_have_https_source(d):
+ return "https-support"
+ else:
+ return ""
+
+OVERRIDES:append = ":${@get_distro_needs_https_support(d)}"
+
do_generate_keyrings[cleandirs] = "${WORKDIR}/trusted.gpg.d"
do_generate_keyrings[dirs] = "${DEBDIR}"
do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS THIRD_PARTY_APT_KEYS"
--
2.39.5
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20241126141210.2004080-1-felix.moessbauer%40siemens.com.
next reply other threads:[~2024-11-26 14:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 14:12 'Felix Moessbauer' via isar-users [this message]
2024-11-27 7:15 ` Anton Mikanovich
2024-12-02 9:24 ` Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241126141210.2004080-1-felix.moessbauer@siemens.com \
--to=isar-users@googlegroups.com \
--cc=felix.moessbauer@siemens.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox