From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6683827867816558592 X-Received: by 2002:ac2:482e:: with SMTP id 14mr21436244lft.1.1556268085619; Fri, 26 Apr 2019 01:41:25 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:9c54:: with SMTP id t20ls633464ljj.9.gmail; Fri, 26 Apr 2019 01:41:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqzYRX8NqX5/35ShxVJOj28bzcLHP3njKgYe6VIS0hjzcEKJ2sRZElZ8ukjF1Nh9dbHu2oyl X-Received: by 2002:a2e:9655:: with SMTP id z21mr23898630ljh.60.1556268085111; Fri, 26 Apr 2019 01:41:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556268085; cv=none; d=google.com; s=arc-20160816; b=IA01826SFu0P0PD1qIUBMz1hs9BLP9F+yYnxrj391YMzhKXE+o+wMS2zFNFtZgzpNg Z17nJ6DTGnv40BTlWnJ4GKnbWpgeMEXodLcnSqYzWT6aXOpxGaRaHjxRq8LWETA6qtTt FpQbN2brQQL05s33jYneo0j1lwxC9lIJT8DBX5cprWPXRhT0fJRIPP45PU73JpMceUSP fs7fnb/9PWn4wb1nm3jd3/wxeHCaene9zmxNVn64r1J5l3fsJltM+moxiF67eRjhsXHZ jpgEmT3K2ya2xiInOL6+73NvyI3RbDV254ooQBvHdxtr6GfTondudl+LEx4BabT7Ubk1 DZyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:cc:organization:from:references:to :subject; bh=zsRhPrpcmJYe7+/UjhkwTp/6HdAPXiK6z5kcIl0OCy4=; b=0zVg0zyRQBzoP2O/VLxOPK1g89DhMyH5BAlOCA6s59aRZD5vPUotszSO89B7m6p5j6 UcQiqVxIYpyeWli65RJdNYBKPTHEiorIeELk7Ek0PjkUIwFGBJqlZ71wOtzs5O7gUCOn mI895m1lRFQ9PrNhEgXdW8l/6RUPj2vtHvnKt37oSr8/FlQ6z86AfjS8EoA0XSOqRY10 dYKmS0KjKIjQubTfFnwHHo+7SGTf9R7HZENzXmaW03fPHKvi/8uxX/joRdAOMXc3NlpY WQNwBhcuvW3YvAk9t7vFEcaTyv55uFqKeyOtH4grf3keBrpomXmB+f76nxTfhs5LUk0N qD0g== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id q189si236841ljq.3.2019.04.26.01.41.24 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 26 Apr 2019 01:41:24 -0700 (PDT) Received-SPF: pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de Received: from [192.168.50.180] (nat-ppp-217.71.235.199-satnet-spb.ru [217.71.235.199] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id x3Q8fLwG013847 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 26 Apr 2019 10:41:21 +0200 Subject: Re: [PATCH v4 1/9] isar-bootstrap-host: disable DISTRO_APT_KEYS usage To: Claudius Heine , claudius.heine.ext@siemens.com, Andreas Reichel References: <20190425134450.13443-1-claudius.heine.ext@siemens.com> <20190425134450.13443-2-claudius.heine.ext@siemens.com> <155626421155.10914.2537647574220599237@ardipi> From: "Maxim Yu. Osipov" Organization: ilbers GmbH Cc: isar-users@googlegroups.com Message-ID: <89e6b417-265c-b1a6-b151-0938fed5d462@ilbers.de> Date: Fri, 26 Apr 2019 11:41:16 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <155626421155.10914.2537647574220599237@ardipi> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 8OUX5PD4DtRV Hi Claudius, Andreas, @Andreas Your input is very welcome at this topic as you were busy with all this APT keys stuff. On 4/26/19 9:36 AM, Claudius Heine wrote: > Hi Maxim, > > Quoting Maxim Yu. Osipov (2019-04-25 20:20:59) >> On 4/25/19 3:44 PM, claudius.heine.ext@siemens.com wrote: >>> From: Claudius Heine >>> >>> isar-bootstrap-host only supports bootstrapping Debian root file >>> systems. Therefore deactivate any DISTRO_APT_KEYS from other >>> distributions. >>> >>> Signed-off-by: Claudius Heine >>> --- >>> meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>> index 08b068f..3e96281 100644 >>> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>> @@ -12,6 +12,8 @@ DEPLOY_ISAR_BOOTSTRAP = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}" >>> ISAR_BOOTSTRAP_LOCK = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}.lock" >>> >>> require isar-bootstrap.inc >>> +# We only build debian host buildchroot environments >>> +DISTRO_APT_KEYS = "" >> >> From the first glance this modification limits functionality. >> It looks like a hack and I would suggest to avoid this modification. > > Well it is a fix and that limited functionality was already present but > just implicit, hidden behind some bug and the cleanup just made it > appear. Could you please point to this hidden, implicit place where mentioned bug persists? I've looked under meta/recipes-core/isar-bootstrap/ It seems that keyring stuff is quite symmetrical (in terms of host/target): isar/meta/recipes-core/isar-bootstrap$ grep -ri keyring * isar-bootstrap-host.bb:do_generate_keyring[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}" isar-bootstrap-host.bb:addtask bootstrap before do_build after do_generate_keyring isar-bootstrap.inc:APTKEYRING = "${WORKDIR}/apt-keyring.gpg" isar-bootstrap.inc:DEBOOTSTRAP_KEYRING = "" isar-bootstrap.inc: d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}") isar-bootstrap.inc: d.setVar("DEBOOTSTRAP_KEYRING", "--keyring ${APTKEYRING}") isar-bootstrap.inc:do_generate_keyring[dirs] = "${DL_DIR}" isar-bootstrap.inc:do_generate_keyring[vardeps] += "DISTRO_APT_KEYS" isar-bootstrap.inc:do_generate_keyring() { isar-bootstrap.inc: gpg --no-default-keyring --keyring "${APTKEYRING}" \ isar-bootstrap.inc:addtask generate_keyring before do_build after do_unpack isar-bootstrap.inc: ${DEBOOTSTRAP_KEYRING} \ isar-bootstrap.inc: ${DEBOOTSTRAP_KEYRING} \ isar-bootstrap-target.bb:do_generate_keyring[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}" isar-bootstrap-target.bb:addtask bootstrap before do_build after do_generate_keyring isar/meta/recipes-core/isar-bootstrap$ And bootstrapping itself (function isar_bootsrap in isar-bootstrap.inc) differs only by passing extra '--arch' to target DISTRO_ARCH. Nothing regarding if [ ${IS_HOST} ]; then ${DEBOOTSTRAP} $debootstrap_args \ ${@get_distro_components_argument(d, True)} \ ${DEBOOTSTRAP_KEYRING} \ "${@get_distro_suite(d, True)}" \ "${ROOTFSDIR}" \ "${@get_distro_source(d, True)}" else "${DEBOOTSTRAP}" $debootstrap_args \ --arch="${DISTRO_ARCH}" \ ${@get_distro_components_argument(d, False)} \ ${DEBOOTSTRAP_KEYRING} \ "${@get_distro_suite(d, False)}" \ "${ROOTFSDIR}" \ "${@get_distro_source(d, False)}" fi > >> Some time ago I thought about introduction of HOST_DISTRO_APT_KEYS to >> avoid confusion between target and host apt keys. > > Good idea. But that would be a new feature/improvement. Yes. But your series is also improvement, isn't? I need more arguments for introduction of this limitation. Maxim. > Also thanks for looking at the code! > > Claudius > >> >> >> Maxim. >> >> >> >>> inherit isar-bootstrap-helper >>> >>> do_generate_keyring[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}" >>> >> >> >> -- >> Maxim Osipov >> ilbers GmbH >> Maria-Merian-Str. 8 >> 85521 Ottobrunn >> Germany >> +49 (151) 6517 6917 >> mosipov@ilbers.de >> http://ilbers.de/ >> Commercial register Munich, HRB 214197 >> General Manager: Baurzhan Ismagulov >> >> -- >> You received this message because you are subscribed to the Google Groups "isar-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. >> To post to this group, send email to isar-users@googlegroups.com. >> To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/ccc13295-982c-7b25-cfc2-e079033689c0%40ilbers.de. >> For more options, visit https://groups.google.com/d/optout. > > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de > > PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153 > Keyserver: hkp://pool.sks-keyservers.net > -- Maxim Osipov ilbers GmbH Maria-Merian-Str. 8 85521 Ottobrunn Germany +49 (151) 6517 6917 mosipov@ilbers.de http://ilbers.de/ Commercial register Munich, HRB 214197 General Manager: Baurzhan Ismagulov