Re: [PATCH v4 1/9] isar-bootstrap-host: disable DISTRO_APT_KEYS usage

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: "Maxim Yu. Osipov" <mosipov@ilbers.de>
To: Claudius Heine <ch@denx.de>,
	claudius.heine.ext@siemens.com,
	Andreas Reichel <andreas.reichel.ext@siemens.com>
Cc: isar-users@googlegroups.com
Subject: Re: [PATCH v4 1/9] isar-bootstrap-host: disable DISTRO_APT_KEYS usage
Date: Fri, 26 Apr 2019 11:41:16 +0300	[thread overview]
Message-ID: <89e6b417-265c-b1a6-b151-0938fed5d462@ilbers.de> (raw)
In-Reply-To: <155626421155.10914.2537647574220599237@ardipi>

Hi Claudius, Andreas,

@Andreas
Your input is very welcome at this topic as you were busy with all this 
APT keys stuff.

On 4/26/19 9:36 AM, Claudius Heine wrote:
> Hi Maxim,
> 
> Quoting Maxim Yu. Osipov (2019-04-25 20:20:59)
>> On 4/25/19 3:44 PM, claudius.heine.ext@siemens.com wrote:
>>> From: Claudius Heine <ch@denx.de>
>>>
>>> isar-bootstrap-host only supports bootstrapping Debian root file
>>> systems. Therefore deactivate any DISTRO_APT_KEYS from other
>>> distributions.
>>>
>>> Signed-off-by: Claudius Heine <ch@denx.de>
>>> ---
>>>    meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb | 2 ++
>>>    1 file changed, 2 insertions(+)
>>>
>>> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb
>>> index 08b068f..3e96281 100644
>>> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb
>>> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb
>>> @@ -12,6 +12,8 @@ DEPLOY_ISAR_BOOTSTRAP = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}"
>>>    ISAR_BOOTSTRAP_LOCK = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}.lock"
>>>    
>>>    require isar-bootstrap.inc
>>> +# We only build debian host buildchroot environments
>>> +DISTRO_APT_KEYS = ""
>>
>>   From the first glance this modification limits functionality.
>> It looks like a hack and I would suggest to avoid this modification.
> 
> Well it is a fix and that limited functionality was already present but
> just implicit, hidden behind some bug and the cleanup just made it
> appear.


Could you please point to this hidden, implicit place where mentioned 
bug persists?

I've looked under meta/recipes-core/isar-bootstrap/

It seems that keyring stuff is quite symmetrical (in terms of host/target):

isar/meta/recipes-core/isar-bootstrap$ grep -ri keyring *
isar-bootstrap-host.bb:do_generate_keyring[stamp-extra-info] = 
"${DISTRO}-${DISTRO_ARCH}"
isar-bootstrap-host.bb:addtask bootstrap before do_build after 
do_generate_keyring
isar-bootstrap.inc:APTKEYRING = "${WORKDIR}/apt-keyring.gpg"
isar-bootstrap.inc:DEBOOTSTRAP_KEYRING = ""
isar-bootstrap.inc:        d.setVar("DEBOOTSTRAP_KEYRING", "--keyring 
${APTKEYRING}")
isar-bootstrap.inc:            d.setVar("DEBOOTSTRAP_KEYRING", 
"--keyring ${APTKEYRING}")
isar-bootstrap.inc:do_generate_keyring[dirs] = "${DL_DIR}"
isar-bootstrap.inc:do_generate_keyring[vardeps] += "DISTRO_APT_KEYS"
isar-bootstrap.inc:do_generate_keyring() {
isar-bootstrap.inc:           gpg --no-default-keyring --keyring 
"${APTKEYRING}" \
isar-bootstrap.inc:addtask generate_keyring before do_build after do_unpack
isar-bootstrap.inc:                               ${DEBOOTSTRAP_KEYRING} \
isar-bootstrap.inc: 
${DEBOOTSTRAP_KEYRING} \
isar-bootstrap-target.bb:do_generate_keyring[stamp-extra-info] = 
"${DISTRO}-${DISTRO_ARCH}"
isar-bootstrap-target.bb:addtask bootstrap before do_build after 
do_generate_keyring
isar/meta/recipes-core/isar-bootstrap$


And bootstrapping itself (function isar_bootsrap in isar-bootstrap.inc) 
differs only by passing extra '--arch' to target DISTRO_ARCH. Nothing 
regarding

             if [ ${IS_HOST} ]; then
                 ${DEBOOTSTRAP} $debootstrap_args \
                                ${@get_distro_components_argument(d, 
True)} \
                                ${DEBOOTSTRAP_KEYRING} \
                                "${@get_distro_suite(d, True)}" \
                                "${ROOTFSDIR}" \
                                "${@get_distro_source(d, True)}"

             else
                  "${DEBOOTSTRAP}" $debootstrap_args \
                                   --arch="${DISTRO_ARCH}" \
                                   ${@get_distro_components_argument(d, 
False)} \
                                   ${DEBOOTSTRAP_KEYRING} \
                                   "${@get_distro_suite(d, False)}" \
                                   "${ROOTFSDIR}" \
                                   "${@get_distro_source(d, False)}"
             fi




> 
>> Some time ago I thought about introduction of HOST_DISTRO_APT_KEYS to
>> avoid confusion between target and host apt keys.
> 
> Good idea. But that would be a new feature/improvement.

Yes. But your series is also improvement, isn't?

I need more arguments for introduction of this limitation.

Maxim.

> Also thanks for looking at the code!
> 
> Claudius
> 
>>
>>
>> Maxim.
>>
>>
>>
>>>    inherit isar-bootstrap-helper
>>>    
>>>    do_generate_keyring[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
>>>
>>
>>
>> -- 
>> Maxim Osipov
>> ilbers GmbH
>> Maria-Merian-Str. 8
>> 85521 Ottobrunn
>> Germany
>> +49 (151) 6517 6917
>> mosipov@ilbers.de
>> http://ilbers.de/
>> Commercial register Munich, HRB 214197
>> General Manager: Baurzhan Ismagulov
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups "isar-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
>> To post to this group, send email to isar-users@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/ccc13295-982c-7b25-cfc2-e079033689c0%40ilbers.de.
>> For more options, visit https://groups.google.com/d/optout.
> 
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de
> 
>             PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153
>                               Keyserver: hkp://pool.sks-keyservers.net
> 


-- 
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov

next prev parent reply	other threads:[~2019-04-26  8:41 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-25 13:44 [PATCH v4 0/9] Cleanup rootfs creation claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 1/9] isar-bootstrap-host: disable DISTRO_APT_KEYS usage claudius.heine.ext
2019-04-25 18:20   ` Maxim Yu. Osipov
2019-04-26  7:36     ` Claudius Heine
2019-04-26  8:41       ` Maxim Yu. Osipov [this message]
2019-04-26 10:39         ` Claudius Heine
2019-04-26 10:45           ` Claudius Heine
2019-04-26 11:22             ` Maxim Yu. Osipov
2019-04-26 11:47               ` Jan Kiszka
2019-04-30  9:34         ` Andreas Reichel
2019-04-30 13:30           ` Maxim Yu. Osipov
2019-04-30 15:22             ` Andreas Reichel
2019-04-30 15:30               ` Jan Kiszka
2019-04-30 15:46               ` Maxim Yu. Osipov
2019-05-02 12:14                 ` Andreas Reichel
2019-04-26 11:31       ` Jan Kiszka
2019-04-26 11:50         ` Jan Kiszka
2019-05-14  9:22           ` Fwd: " Maxim Yu. Osipov
2019-05-14 11:32           ` Claudius Heine
2019-05-14 11:35             ` Claudius Heine
2019-04-25 13:44 ` [PATCH v4 2/9] isar-bootstrap-helper: move 'HOST_ARCH' and 'HOST_DISTRO' to base.bbclass claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 3/9] move 'HOST_DISTRO_APT_SOURCES' from bootstrap-helper to isar-bootstrap claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 4/9] buildchroot.bbclass: only cross build if HOST_ARCH != DISTRO_ARCH claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 5/9] isar-bootstrap/buildchroot/sdkchroot: refactor PF and WORKDIR claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 6/9] bitbake.conf: remove unneeded and differently used variables claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 7/9] image.bbclass: make IMAGE_ROOTFS overwritable claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 8/9] bitbake.conf: set default QEMU_ARCH variables claudius.heine.ext
2019-04-25 13:44 ` [PATCH v4 9/9] buildchroot/configscript: make creation of builder uid/gid idempotent claudius.heine.ext

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=89e6b417-265c-b1a6-b151-0938fed5d462@ilbers.de \
    --to=mosipov@ilbers.de \
    --cc=andreas.reichel.ext@siemens.com \
    --cc=ch@denx.de \
    --cc=claudius.heine.ext@siemens.com \
    --cc=isar-users@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox