From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 12 Dec 2024 08:12:54 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f59.google.com (mail-lf1-f59.google.com [209.85.167.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 4BC7CrtV002441 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 12 Dec 2024 08:12:53 +0100 Received: by mail-lf1-f59.google.com with SMTP id 2adb3069b0e04-53e38c853a0sf182886e87.0 for ; Wed, 11 Dec 2024 23:12:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733987568; cv=pass; d=google.com; s=arc-20240605; b=XFyvn+aCG1PL21bDJJ8WYJYUP+V8Y07Pr8/DjsM5VJS3a0Sd0cDy36ImUunDLKV/Co 4l5VQmc6DdSoCZdy3Q4o/F7Daf0m6XZCTGmdSRT9tPryyIC8STtzpNcgdvHyMN0XXu4n HYe2mLUoW/ohamdepZpa7KLcIrxgPadkJQsRdcmdwk3ga+8g8i0fWSAs/vZNa4LshOfl XD1u0wrpq7SogxbnxY0jdi6gErIyOC4kyGC3NpywvXrQbqA+Et0Ux1TUbTwapnZCMtWS dZXWW0iXIIErBmzMq5r+hxNdoRA/rzLRUyv5aaWLI3zFh6hb3ShDpjnCc2wCyKQXzJ4r wJ8g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:user-agent :content-transfer-encoding:autocrypt:references:in-reply-to:date:to :from:subject:message-id:sender:dkim-signature; bh=PKrclofe4Zi7zbdM/yfwforGUqubcKPyZ+35e4Tq/sw=; fh=hhFGVkBTOskjyNi6dEVU7KqLs9P3cVmRbQzjrpbNe80=; b=W1kOdRKN9VxD1jD6FApFxmUyLWD8hTnU1Tak3u5VOXj01onT2L+fVGuQUWvTVnTxVx 2/N4BiNjGNELVPD3xpEaXTwU7w1ioDzRYRBdiBkclrPahs+HSZRQ2iFFQdB9sWB6FJ47 mmXbO5nMjQQYhGxLOwBQVcCMY6d8WCdPEOO4n4Dm9aZbHH4/rpB9Ou/bBR2p64M7+ZNu JbcgXvu1cBgOPzkdVLUZIPjjCSDvEVR6Q5m0NbPtIpIXZGAkqv7Rr7Apjedu9g5WtmcB LS4Cqf1PYcFiCV7JgRyvejGhqu91plrKFxyleo6hWPmcSeTUxq0f1vNo4HhvBT2BLJJk 69vA==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1733987568; x=1734592368; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:user-agent:content-transfer-encoding :autocrypt:references:in-reply-to:date:to:from:subject:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=PKrclofe4Zi7zbdM/yfwforGUqubcKPyZ+35e4Tq/sw=; b=sp78TKj+iDwJA8mBAJoEP6SdcHa8j7Q9coFdxaq7wAf0a2y6n8kvA183Ta9ssgWHyT O335QhBKl+Iar1m6Cea9LsCZK9LhZ9sEgdh28ZBrt4QyhgwiYRJRPKzLhmGPPOZAlu1Z 0E6Ub+r9hgas3Q/PKVFSYUJCmJQpk+uewyYES/WoKlwhxbZ7HSb80xVtBCAMRZ1EaiR6 tzZSahpwIsFwOWfi/2IQYYdWAbY+g42wFQ10NT9a5OK4/abkTSDGMnSNu67VLTTfVCSG LbKzbwkcJKXHBztz0Gk21KeU0VyN0eserIv5+NIVqpwcgm/docLJ+lzb8isqHRXAGPbj M9nA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733987568; x=1734592368; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :user-agent:content-transfer-encoding:autocrypt:references :in-reply-to:date:to:from:subject:message-id:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=PKrclofe4Zi7zbdM/yfwforGUqubcKPyZ+35e4Tq/sw=; b=q/Wo1u/NPKxeBt2IckaYPh7zdojJoOm5RNACI+/ZjNyEfpz0Ay/wiIQYIMFVrRlFls q06KDbvpnKyxVw5nYpSOfgF2Z9Bdj8NDiclsh8nSE9r7JLmYHbe+vPzuyS80tx9mgsGL cpdpJ1JXakXZ34SdOClYYg3+sTPFbJYlKnGPgr/NA77W8XFJjqt21q4J0ZjqnhNneI+N CtebpsVHTqIjyoN96RiPz/IHn8NWBB7KsDZkfJHNhJfMPAvYqiAO3pUTYwgVBWBHryzk olzmm7qtIt/xkuzL+WCtK+t2JYQI/D9BP+bwoOyv12QGhH3tISBGUW/IX1KPkKWNNOMg 5JYQ== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVxY/IXWB2EbZ7pATJAhS5XANtAGst3WXiEn8a405waWCPBTbvsSdFZUXf2dZpTyPKywBV6@ilbers.de X-Gm-Message-State: AOJu0Yz1bCIR2izcOtiBrIPdTtELI9nvlQXIDNq2zD/u8byRHFVfOABk ojpA6+Gkdm3eVeSkLA/ysYQMeaD6owWKep8y+mYZ2jeA/w1bQNDB X-Google-Smtp-Source: AGHT+IFSua1/adLfne7EDDGc9ndHZnotv/k4Crj1AISksoiwodTh5ctQtpzS69BBeJMtnJn+YvXI5A== X-Received: by 2002:ac2:4c49:0:b0:540:2543:1b19 with SMTP id 2adb3069b0e04-54032d3539dmr93574e87.24.1733987566978; Wed, 11 Dec 2024 23:12:46 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a19:7019:0:b0:53e:399d:b4c9 with SMTP id 2adb3069b0e04-5402f7fd683ls21520e87.0.-pod-prod-02-eu; Wed, 11 Dec 2024 23:12:44 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUYOGLvyd1OBpXdt6pPP5yppQ0gbXVDKvvplBawOo/mwiIrCRwjosiQ5Om1rUW3kLpUPx342uFJj2M7@googlegroups.com X-Received: by 2002:a05:6512:ad2:b0:53e:df2b:df10 with SMTP id 2adb3069b0e04-54032c3a59emr86476e87.1.1733987564030; Wed, 11 Dec 2024 23:12:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1733987564; cv=none; d=google.com; s=arc-20240605; b=T1Aawn1++V6j6losTFnJQxX3oxzTL7oFDA0lsk+cRnh9uTbbL6HGWTLWI71t2C4ix6 KYdoX+nfH/ccEt8A4jlAiL5hHOOy6iLJz+tjMum1d3+fS3AkK30OCwSpigxxc1frmD+h VFAABXqBDHJHw9bmH2aCO0P8h8G/Bsow/8iieYipK9feZZIbFVC7v4NZ66dFBpEd2Rd2 HNb1K+Cb8sij4X/QpbcKppCDQX6+L3TceLAMpaMMLkaGaqapyENQcojXDxkgfIw767L7 Ae620tij7nd3snf/tihB23fCn+Fidi97lNPrK06qBP4Rwgr/2AdBjHmNSWIGm6PyEg5U +5dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id; bh=k2SkP4eNh805hserb6ZoFzfkdCWd3mK4ej15cHk3Vxo=; fh=ez+yYIN2+t1/A1KtVD1essDQ6+anTTnZTbSXjuK9WaU=; b=fTb85uKVZP8BCGIxNhLQ2cY5BcyQW7e+kFMsHJh9Q44JTqDEb+CnZa3z/12y21EAoN 4htSqCUyLONYXhOr1zg8xjTdLbx7Y5VGauJqE1UZ/5mk0xnoHXrMTSOGaHmwHl2+Gm/7 tq514RUHIPPD2kuIOgmZRcjyLVc9J/0R2FAQ18NpxBeReBy7suuSlZAlAeTkT9SmOh1H QVOSUkI4ru3PeGkDHDZzuus+xonsKhDAW0mKm49EWGx6ecm21FTp/bdgIyfgJTgGpV1q 38lQYdxENzqyvC268T6Ccf9VRFoG5mXDz1eUZrnqmDh4SptYJnSLopopb3ahh7RwYTXf tMFw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-54019d12d7csi175696e87.6.2024.12.11.23.12.43 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 11 Dec 2024 23:12:43 -0800 (PST) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [IPv6:::1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 4BC7CfcN002434 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Dec 2024 08:12:42 +0100 Message-ID: <4c26cf2664e442e44d8437dec49da6f46353a161.camel@ilbers.de> Subject: Re: [PATCH 1/1] snapshots: add option to use separate timestamp for security component From: Uladzimir Bely To: Felix Moessbauer , isar-users@googlegroups.com Date: Thu, 12 Dec 2024 10:12:41 +0300 In-Reply-To: <20241206131702.60476-1-felix.moessbauer@siemens.com> References: <20241206131702.60476-1-felix.moessbauer@siemens.com> Autocrypt: addr=ubely@ilbers.de; prefer-encrypt=mutual; keydata=mQENBGO2eUkBCACtT+T3OrPVSExBmqfgXT3lp9XcdxRzjYp26wezkgYjjBXaf36bxtaAf S471VoQtpar0RVeFfW7WDDdfX9ZclSj36zBQe+RVSJzoNoNQfjOXWuSHb5Z+cpAFtqBY4muxK4+ia IlLJd6CN3ejOsLHATtCeHHq8wi0z2T+KdLQO+wQRgo2hjj0Lp9pGTrKJry50HP/o7Vbdu14dOx2xq r8+wPc6SQbBIrcqaa4MqCQC00vQG7eXvo+k2MOw59FDdpMH0KR9mHgp3u/s4I+4YRBArukt9G9xz/ rsEFmxAIBC6N/a6Hzwg4puc91n7ABDsPg8Vp+X3MDraujN0dvR6OKVNtABEBAAG0IFVsYWR6aW1pc iBCZWx5IDx1YmVseUBpbGJlcnMuZGU+iQFOBBMBCAA4FiEEJqPNVhVGyk12Eh+PAUQYBM/2FkoFAm O2eUkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQAUQYBM/2FkprlAgAmuna8Hm9EyoEtTl DBGDg6Zm4ZLp5ffvZBE946h92jepDrteoxsJ7pSzJVC2HmDLa4iZUao7lLLbDsUj5x45/iLJcqBZK k3YnAxP2r6a+kI+1VVQY1pxdG1nlJAbdNzoojm/qmezNPSrqni61KVMQKsXBCWhIjSXDSM9CsBj21 a+9qaVqfxovJGTn9lgrZO+xzKQNMKZeOouJlscVuFj21P0ww3/YENiU/nMeTSuYypO76mDtAd08Jo nc3yuHa9MJGei5ixN3wT+IrGR2aL2hdw2M6NgH7sYbL2Zi4ugD6RXHJai1Bh2yvFSVqSQ+M6QOInT 4ud7wslm1XRB065dXtA== Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.54.2 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ubely@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: Uz+J9ZVGmicB On Fri, 2024-12-06 at 14:17 +0100, 'Felix Moessbauer' via isar-users wrote: > Before releasing a product all available security fixes should be > included. However, you might not want to get other proposed updates. > With the previous snapshot logic it was not possible to model this, > as a > single timestamp is used for all apt source-list entries. >=20 > We change that by adding a "security" flag to snapshot date > variables. > By that, dedicated control over the security distribution is > possible. >=20 > For now, we only add this logic for debian distributions (not > ubuntu), > as only there we have a dedicated security distribution. >=20 > Signed-off-by: Felix Moessbauer > --- > For details about the used terms (e.g. "security distribution") > please > refer to https://wiki.debian.org/SourcesList. >=20 > =C2=A0doc/user_manual.md=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | 2 ++ > =C2=A0meta/classes/bootstrap.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | 5 ++= ++- > =C2=A0meta/conf/distro/debian-common.conf | 5 ++++- > =C2=A03 files changed, 10 insertions(+), 2 deletions(-) >=20 > diff --git a/doc/user_manual.md b/doc/user_manual.md > index 1e505c66..fd4fe249 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -447,7 +447,9 @@ Some other variables include: > =C2=A0 - `ISAR_APT_DELAY_MAX` - Maximum time in seconds apt performs > retries. Optional > =C2=A0 - `DISTRO_APT_SNAPSHOT_PREMIRROR` - Similar to > `DISTRO_APT_PREMIRRORS` but for a snapshot, pre-defined for supported > distros. > =C2=A0 - `ISAR_APT_SNAPSHOT_TIMESTAMP` - Unix timestamp of the apt > snapshot. Automatically derived from `SOURCE_DATE_EPOCH` if not > overwritten. (Consider `ISAR_APT_SNAPSHOT_DATE` for a more user > friendly format) > + - `ISAR_APT_SNAPSHOT_TIMESTAMP[security]` - Unix timestamp of the > security distribution. Optional. > =C2=A0 - `ISAR_APT_SNAPSHOT_DATE` - Timestamp in upstream format (e.g. > `20240702T082400Z`) of the apt snapshot. Overrides > `ISAR_APT_SNAPSHOT_TIMESTAMP` if set. Otherwise, will be > automatically derived from `ISAR_APT_SNAPSHOT_TIMESTAMP` > + - `ISAR_APT_SNAPSHOT_DATE[security]` - Timestamp in upstream format > of the security distribution. Optional. > =C2=A0 - `THIRD_PARTY_APT_KEYS` - List of gpg key URIs used to verify apt > repos for apt installation after bootstrapping. > =C2=A0 - `FILESEXTRAPATHS` - The default directories BitBake uses when it > processes recipes are initially defined by the FILESPATH variable. > You can extend FILESPATH variable by using FILESEXTRAPATHS. > =C2=A0 - `FILESOVERRIDES` - A subset of OVERRIDES used by the build syste= m > for creating FILESPATH. The FILESOVERRIDES variable uses overrides to > automatically extend the FILESPATH variable. > diff --git a/meta/classes/bootstrap.bbclass > b/meta/classes/bootstrap.bbclass > index f5b92808..c0644acb 100644 > --- a/meta/classes/bootstrap.bbclass > +++ b/meta/classes/bootstrap.bbclass > @@ -28,6 +28,7 @@ BOOTSTRAP_DISTRO =3D "${@d.getVar('HOST_DISTRO' if > bb.utils.to_boolean(d.getVar('B > =C2=A0BOOTSTRAP_BASE_DISTRO =3D "${@d.getVar('HOST_BASE_DISTRO' if > bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else > 'BASE_DISTRO')}" > =C2=A0BOOTSTRAP_DISTRO_ARCH =3D "${@d.getVar('HOST_ARCH' if > bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else > 'DISTRO_ARCH')}" > =C2=A0ISAR_APT_SNAPSHOT_DATE ?=3D "${@ get_isar_apt_snapshot_date(d)}" > +ISAR_APT_SNAPSHOT_DATE[security] ?=3D "${@ > get_isar_apt_snapshot_date(d, 'security')}" > =C2=A0 > =C2=A0python () { > =C2=A0=C2=A0=C2=A0=C2=A0 distro_bootstrap_keys =3D (d.getVar("DISTRO_BOOT= STRAP_KEYS") or > "").split() > @@ -101,9 +102,11 @@ def > parse_aptsources_list_line(source_list_line): > =C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0 return [type, options, source, suite, components= ] > =C2=A0 > -def get_isar_apt_snapshot_date(d): > +def get_isar_apt_snapshot_date(d, dist=3DNone): > =C2=A0=C2=A0=C2=A0=C2=A0 import time > =C2=A0=C2=A0=C2=A0=C2=A0 source_date_epoch =3D d.getVar('ISAR_APT_SNAPSHO= T_TIMESTAMP') > +=C2=A0=C2=A0=C2=A0 if dist: > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 source_date_epoch =3D > d.getVarFlag('ISAR_APT_SNAPSHOT_TIMESTAMP', dist) or > source_date_epoch > =C2=A0=C2=A0=C2=A0=C2=A0 return time.strftime('%Y%m%dT%H%M%SZ', > time.gmtime(int(source_date_epoch))) > =C2=A0 > =C2=A0def get_apt_source_mirror(d, aptsources_entry_list): > diff --git a/meta/conf/distro/debian-common.conf > b/meta/conf/distro/debian-common.conf > index 92a15404..b5d8aa9a 100644 > --- a/meta/conf/distro/debian-common.conf > +++ b/meta/conf/distro/debian-common.conf > @@ -40,4 +40,7 @@ COMPAT_DISTRO_ARCH:amd64 =3D "i386" > =C2=A0COMPAT_DISTRO_ARCH:arm64 =3D "armhf" > =C2=A0 > =C2=A0# snapshot mirror for reproducible builds > -DISTRO_APT_SNAPSHOT_PREMIRROR ??=3D "deb.debian.org/(.*) > snapshot.debian.org/archive/\1/${ISAR_APT_SNAPSHOT_DATE}\n" > +DISTRO_APT_SNAPSHOT_PREMIRROR ??=3D " \ > +=C2=A0=C2=A0=C2=A0 deb.debian.org/(debian-security)/? > snapshot.debian.org/archive/\1/${@d.getVarFlag('ISAR_APT_SNAPSHOT_DAT > E', 'security')}\n \ > +=C2=A0=C2=A0=C2=A0 deb.debian.org/(.*)/? > snapshot.debian.org/archive/\1/${ISAR_APT_SNAPSHOT_DATE}\n \ > +" > --=20 > 2.39.5 >=20 Applied to next, thanks. --=20 Best regards, Uladzimir. --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= 4c26cf2664e442e44d8437dec49da6f46353a161.camel%40ilbers.de.