Re: [PATCH 1/1] fix: include ca-certificates in mmdebstrap if needed

[Uladzimir Bely <ubely@ilbers.de>]

On Tue, 2024-11-26 at 15:12 +0100, 'Felix Moessbauer' via isar-users
wrote:
> In case we have apt URLs with https, we also need the ca-certificates
> package. While that is not needed in mmdebstrap itself (as it uses
> the
> host packages), it will be needed in the later rootfs install tasks
> like
> sbuild-chroot and image install. Otherwise these tasks will fail due
> to
> certificate errors.
> 
> For now, I copied over the logic from the old isar-bootstrap file,
> but
> we might want to unify this. Also, I did not copy the gnupg part as
> I'm
> unsure if that is needed.
> 
> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
> I'm wondering how that was not noticed earlier. It literally breaks
> ALL Ubuntu builds against snapshot mirrors.
> 
> Best regards,
> Felix Moessbauer
> Siemens AG
> 
>  .../isar-mmdebstrap/isar-mmdebstrap.inc             | 13
> +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> index 1043f2d1..c8ea53ab 100644
> --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc
> @@ -12,6 +12,8 @@ inherit deb-dl-dir
>  FILESEXTRAPATHS:append = ":${LAYERDIR_core}/recipes-core/isar-
> bootstrap/files"
>  
>  DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales,apt,usrmerge"
> +DISTRO_BOOTSTRAP_BASE_PACKAGES:append:https-support = ",ca-
> certificates"
> +
>  BOOTSTRAP_TMPDIR = "${WORKDIR}/tempdir"
>  
>  # Fix for /var/lib/apt/available while maybe-jessie-or-older hook do
> not work
> @@ -24,6 +26,17 @@ MMHOOKS:debian-buster ?= "${DPKG_HOOKS}"
>  
>  DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg"
>  
> +def get_distro_have_https_source(d):
> +    return any(source[2].startswith("https://") for source in
> generate_distro_sources(d))
> +
> +def get_distro_needs_https_support(d):
> +    if get_distro_have_https_source(d):
> +        return "https-support"
> +    else:
> +        return ""
> +
> +OVERRIDES:append = ":${@get_distro_needs_https_support(d)}"
> +
>  do_generate_keyrings[cleandirs] = "${WORKDIR}/trusted.gpg.d"
>  do_generate_keyrings[dirs] = "${DEBDIR}"
>  do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS
> THIRD_PARTY_APT_KEYS"
> -- 
> 2.39.5
> 

Applied to next, thanks.

-- 
Best regards,
Uladzimir.

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/3def2a3205c5850f19af0e3e4d2596804b51836c.camel%40ilbers.de.