From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH 0/2] Restore bootstrapping of raspios on trixie host
Date: Fri, 6 Mar 2026 17:02:53 +0100 [thread overview]
Message-ID: <20260306160255.1017503-1-felix.moessbauer@siemens.com> (raw)
When bootstrapping from a trixie host, mmdebstrap uses the host apt for the
first part of the bootstrapping. In Debian trixie, the default apt gpgv
backend is sqv, which blocks SHA1 signed keys from 01.02.2026 on [1] (this
is configured in /usr/share/apt/default-sequoia.config). As a workaround,
we provide variables to instruct mmdebstrap to not check the expiry date,
which internally switches the gpgv backend to gpg which also does not have
a check for the SHA1 deprecation. Unfortunately it is not possible to
instruct apt / sqv to just disable the SHA1 check (except by replacing the
whole config file) [2].
This fixes [3], unblocks the TestCross CI and is release critical.
[1] https://wiki.debian.org/Teams/Apt/Sha1Removal
[2] https://bugs-devel.debian.org/cgi-bin/bugreport.cgi?bug=1092747
[3] https://groups.google.com/g/isar-users/c/D5NaB_TdioY
Best regards,
Felix Moessbauer
Siemens AG
Felix Moessbauer (2):
add variables to inject config into mmdebstrap
work around bootstrapping issue of raspios due to SHA1 key removal
RECIPE-API-CHANGELOG.md | 10 ++++++++++
meta-isar/conf/distro/raspios-bookworm.conf | 2 ++
meta-isar/conf/distro/raspios-bullseye.conf | 2 ++
.../isar-mmdebstrap/isar-mmdebstrap-target.bb | 1 +
meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc | 7 +++++++
5 files changed, 22 insertions(+)
--
2.53.0
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260306160255.1017503-1-felix.moessbauer%40siemens.com.
next reply other threads:[~2026-03-06 16:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-06 16:02 'Felix Moessbauer' via isar-users [this message]
2026-03-06 16:02 ` [PATCH 1/2] add variables to inject config into mmdebstrap 'Felix Moessbauer' via isar-users
2026-03-06 16:02 ` [PATCH 2/2] work around bootstrapping issue of raspios due to SHA1 key removal 'Felix Moessbauer' via isar-users
2026-03-10 10:36 ` [PATCH 0/2] Restore bootstrapping of raspios on trixie host Anton Mikanovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260306160255.1017503-1-felix.moessbauer@siemens.com \
--to=isar-users@googlegroups.com \
--cc=felix.moessbauer@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox