From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6683827867816558592 X-Received: by 2002:a50:87b5:: with SMTP id a50mr34336708eda.118.1557833547304; Tue, 14 May 2019 04:32:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:c50:: with SMTP id t16ls3877288ejf.15.gmail; Tue, 14 May 2019 04:32:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqyNxegoILBUwJG9f/uvtxoDZslMgmXA7YX4+DhoLcbatcaTlnTm0AttM6uIA4hnUPea7Qlq X-Received: by 2002:a17:906:3397:: with SMTP id v23mr26466392eja.250.1557833546851; Tue, 14 May 2019 04:32:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557833546; cv=none; d=google.com; s=arc-20160816; b=PT7CtEWSz9YGVAWIR2GO/gjwx3f+6LYvg46iVqETP3a8YS5Q2aiiEm3zZvX9oBHG5X tFWu0BNVuVHFY/rNLstdgJGNctL0ULqAMwHBRu6oIT1KGqWEucx6/02Qm/oZSHEfXirQ 7picEJgR3q31Jtc+1jE8IQ23vDV0Nz/KTK76+nExuUGTHXps/ESNhC7V1GmidM22rqi+ YetqDbi1R2dPIpI/Mn/S1eLYYK1u1GPsVopjgpuMmWh2Gs+uXfDPpr30nCohdFrFlQmi sPCr3BLUMMZtaRpCtuv1K7VGubBE8ft5KlLdozMU9iNDsob9wOx5BKy6g4IzVZ6/2hAL R2kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject; bh=Pjgm9b3EAZL4WKYa7RlOVsmb0L7Twdoeis6f/or6z+8=; b=CSWgg28QMZiLeqFEVugxShMuck4R5oB0R8kNtYgVePDPOwWmrWHYPRmw/doGTgoorK FgDTTedKRX8PvwlKqaQe5XZUYxIREYu1z+5RsNiIelUYMfwKtXyVKSW6D1Bt393xnV7V FvuwexZY344/WKBliRdtTkjMD3FDAI8BoLBvUpysGiP+LhIOcCFWXg4NypicEhS2wc+X X00QVBXcq/PgVKeK5L+E38P50Ku1/Mu2j6lIjSjaW9k/zNspAcel07BXgKG069+TP0PQ F4r5sZ87J/EEWwD0dKWyjkes4VHiEiAhhOYHN0INC58IyeoQtQ6vc3q6xCXvKDsC0kak 3l0g== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id w5si4799067edw.1.2019.05.14.04.32.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 May 2019 04:32:26 -0700 (PDT) Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x4EBWP2K008832 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 May 2019 13:32:25 +0200 Received: from [139.25.69.232] (linux-ses-ext02.ppmd.siemens.net [139.25.69.232]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x4EBWOm6017891; Tue, 14 May 2019 13:32:24 +0200 Subject: Re: [PATCH v4 1/9] isar-bootstrap-host: disable DISTRO_APT_KEYS usage To: Jan Kiszka , Claudius Heine , "Maxim Yu. Osipov" , isar-users@googlegroups.com References: <20190425134450.13443-1-claudius.heine.ext@siemens.com> <20190425134450.13443-2-claudius.heine.ext@siemens.com> <155626421155.10914.2537647574220599237@ardipi> From: Claudius Heine Message-ID: <2a7d8373-b2a7-5530-98bc-c0c0e6986ed8@siemens.com> Date: Tue, 14 May 2019 13:32:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-TUID: EnoNb4ahQX1r Hi Jan, On 26/04/2019 13.50, Jan Kiszka wrote: > On 26.04.19 13:31, [ext] Jan Kiszka wrote: >> On 26.04.19 09:36, Claudius Heine wrote: >>> Hi Maxim, >>> >>> Quoting Maxim Yu. Osipov (2019-04-25 20:20:59) >>>> On 4/25/19 3:44 PM, claudius.heine.ext@siemens.com wrote: >>>>> From: Claudius Heine >>>>> >>>>> isar-bootstrap-host only supports bootstrapping Debian root file >>>>> systems. Therefore deactivate any DISTRO_APT_KEYS from other >>>>> distributions. >>>>> >>>>> Signed-off-by: Claudius Heine >>>>> --- >>>>>    meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb | 2 ++ >>>>>    1 file changed, 2 insertions(+) >>>>> >>>>> diff --git >>>>> a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>> b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>> index 08b068f..3e96281 100644 >>>>> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>> @@ -12,6 +12,8 @@ DEPLOY_ISAR_BOOTSTRAP = >>>>> "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}" >>>>>    ISAR_BOOTSTRAP_LOCK = >>>>> "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}.lock" >>>>>    require isar-bootstrap.inc >>>>> +# We only build debian host buildchroot environments >>>>> +DISTRO_APT_KEYS = "" >>>> >>>>   From the first glance this modification limits functionality. >>>> It looks like a hack and I would suggest to avoid this modification. >>> >>> Well it is a fix and that limited functionality was already present but >>> just implicit, hidden behind some bug and the cleanup just made it >>> appear. >>> >>>> Some time ago I thought about introduction of HOST_DISTRO_APT_KEYS to >>>> avoid confusion between target and host apt keys. >>> >>> Good idea. But that would be a new feature/improvement. >>> >> >> If that is just about adding and documenting another variable, let's >> not discuss about when and who because just doing that will already be >> faster, even if it's a "drive-by" improvement /wrt this patchset. >> > > OTOH, I don't get the problem yet from just reading the commit message: > Wasn't DISTRO_APT_KEYS designed to be a superset of all needed keys? DISTRO_APT_KEYS is only used for distros that aren't Debian, because debootstrap uses the keys of the host distro (Debian) per default. THIRD_PARTY_APT_KEYS is for the keys of other third party repositories that are not used to bootstrap from. We currently only support raspbian as a non-debian distribution and before this patchset only 'debian-stretch' as buildchroot-host. After this patchset we support all Debian versions we currently support for the target for the buildchroot-host as well. Since raspbian does not supply packages that can be used for a buildchroot-host environment, it makes sense to just use the Debian host keys for bootstrapping the buildchroot-host rootfs in general. If at one point we want to support other non-debian apt/dpkg based distributions like ubuntu, that can be used for the target as well as the host root file system, then it makes sense to allow specifying additional keys for the buildchroot-host as well. Until that time however this fix is enough to go forward. regards, Claudius > We > are appending raspbian to it when using that distro. So, we are at least > missing the reasoning here why that model didn't work and cannot be made > working for the host/target case. And then we can refer to that when > introducing split key sets. > > Thanks, > Jan > > -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de