From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6880878174534631424
X-Received: by 2002:adf:9e47:: with SMTP id v7mr4209751wre.185.1611060900710;
        Tue, 19 Jan 2021 04:55:00 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:adf:a54b:: with SMTP id j11ls2758163wrb.3.gmail; Tue, 19 Jan
 2021 04:54:59 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyO0JaZp8RX5a8HemwwYQ65g8SeCUb3ISIKSZaCCpPehPWwXldcwlC/JlSQkpOEturu1JF5
X-Received: by 2002:adf:e80d:: with SMTP id o13mr4283957wrm.293.1611060899794;
        Tue, 19 Jan 2021 04:54:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1611060899; cv=none;
        d=google.com; s=arc-20160816;
        b=cUA0mAcH03wiACDlCDCQeW4MqznBneAdGJ6FwJEWdDUvwiMTBIM72KiUxGXzSUiY89
         9yJ7pYgcFFK2uFXZcEdH9ZeceYoXQd2+hus/+zn32zoIKC5/anj1/lch8HOLUB9grpRG
         XMtORKe0jibT6CtYM+rs9Qvn3SSmfmbLEkSA0em9UF7KWE0DhC0/hGcNd5voP1yx/Miv
         vHjAx3nz/5Rc/ruztq9sReJnQ9qYnaLKZxmHE95PYSTwiPOnPbV8DXVTxSL/biUsQBnp
         9x3jQ+fNbnuTbUjJBe+zVM6+T6DJsu5jHHZ2XsvD9+E9q4FzwLCAPmbTxnXMWKuuakdL
         eGMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:cc:to:subject;
        bh=3ouw1uMjbFmVPW4yhOlL1bCd+k89DhcfsYQDP62xY1A=;
        b=QYw0zqHWJSrVmRLAF9q6VmvW89upTwZuZ1pRA9A1t+XBLfPY54+k3HUFttk/KOAm0Y
         tMCJOYwmT6h/dLMdA2tU85BeSJmb2gRjGYCkO1YPkvH7Ebs6SlYoCc2ShxjqqYktfS/0
         t0rjJ4f874rFsXs6IJ7sfYUZ8RPoGj+ifaObs+xjDkQuIIyiO4EHybkEmamtxwTbtVCZ
         PK4MdP8F0DbsKykyllRcwlBleeQmEx/b+u2EouoYjbl2Xbo6Omg6Gy+vID8BkU7JHQKd
         HcMl7Fn3jcbHcDCFRNf+0+koiISjaCmhUrxQeIYaeWzoU/x6f3yfWoBuL7yqKFJXjyfh
         nh9Q==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40])
        by gmr-mx.google.com with ESMTPS id t16si201516wmi.3.2021.01.19.04.54.59
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 19 Jan 2021 04:54:59 -0800 (PST)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 10JCsxlL028013
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 19 Jan 2021 13:54:59 +0100
Received: from [167.87.30.207] ([167.87.30.207])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 10JCswDY013504;
	Tue, 19 Jan 2021 13:54:58 +0100
Subject: Re: [PATCH v2] isar-bootstrap: Run gpg-agent before starting apt-key
To: Anton Mikanovich <amikan@ilbers.de>, isar-users@googlegroups.com
Cc: Yuri Adamov <yadamov@ilbers.de>
References: <20210119112001.11651-1-amikan@ilbers.de>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <978d7c98-5698-273f-cd27-525529d4b3ea@siemens.com>
Date: Tue, 19 Jan 2021 13:54:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <20210119112001.11651-1-amikan@ilbers.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: rjgn+kmlw9AC

On 19.01.21 12:20, Anton Mikanovich wrote:
> From: Yuri Adamov <yadamov@ilbers.de>
> 
> Building rpi-stretch natively (under qemu) sometimes fails with:
> 
> gpg: can't connect to the agent: IPC connect call failed
> 
> gpg starts gpg-agent and times out after 5 s. This value is hard-coded.
> 
> Besides, leaving running gpg-agent processes is not clean and prevents
> unmounting of filesystems.
> 
> This patch starts and stops the agent manually.
> 
> gnupg now appended to package list unconditionally because gpg-agent is
> used in every isar_bootstrap run.

Looks good - except that I do not get why makingthis unconditionally.
That looks still like a lazy approach to me. Or do I miss some technical
need for that (which is not documented here)?

Jan

> 
> Signed-off-by: Yuri Adamov <yadamov@ilbers.de>
> Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
> ---
> Changes since v1:
> - Removed unnecessary sleeping.
> - Removed -9 in kill.
> - Commented unconditionally gnupg package append.
> - Removed unused OVERRIDES_append and get_distro_needs_gpg_support().
> ---
>  .../isar-bootstrap/isar-bootstrap.inc         | 22 +++++++++----------
>  1 file changed, 10 insertions(+), 12 deletions(-)
> 
> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> index 8f5f727..751980f 100644
> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> @@ -24,7 +24,7 @@ DISTRO_BOOTSTRAP_KEYFILES = ""
>  THIRD_PARTY_APT_KEYFILES = ""
>  DEPLOY_ISAR_BOOTSTRAP ?= ""
>  DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
> -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg"
> +DISTRO_BOOTSTRAP_BASE_PACKAGES_append = ",gnupg"
>  DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = "${@https_support(d)}"
>  
>  inherit deb-dl-dir
> @@ -175,16 +175,6 @@ def get_distro_needs_https_support(d, is_host=False):
>      else:
>          return ""
>  
> -def get_distro_needs_gpg_support(d):
> -    apt_keys = d.getVar("DISTRO_BOOTSTRAP_KEYS") or ""
> -    apt_keys += " " + (d.getVar("THIRD_PARTY_APT_KEYS") or "")
> -    apt_keys += " " + (d.getVar("BASE_REPO_KEY") or "")
> -    if apt_keys != " ":
> -        return "gnupg"
> -    return ""
> -
> -OVERRIDES_append = ":${@get_distro_needs_gpg_support(d)}"
> -
>  def get_distro_source(d, is_host):
>      return get_distro_primary_source_entry(d, is_host)[0]
>  
> @@ -309,14 +299,22 @@ isar_bootstrap() {
>              mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d"
>              install -v -m644 "${WORKDIR}/isar-apt.conf" \
>                               "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf"
> +            MY_GPGHOME=$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)
> +            echo "Created temporary directory ${MY_GPGHOME} for gpg-agent"
> +            chroot "${ROOTFSDIR}" gpg-agent --homedir "${MY_GPGHOME}" --daemon
>              find ${APT_KEYS_DIR}/ -type f | while read keyfile
>              do
>                  kfn="$(basename $keyfile)"
>                  cp $keyfile "${ROOTFSDIR}/tmp/$kfn"
>                  chroot "${ROOTFSDIR}" /usr/bin/apt-key \
> -                   --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn"
> +                    --keyring ${THIRD_PARTY_APT_KEYRING} \
> +                    --homedir ${MY_GPGHOME} add "/tmp/$kfn"
>                  rm "${ROOTFSDIR}/tmp/$kfn"
>              done
> +            GPG_AGENT_PID=$(ps -aux | grep "gpg-agent.*${MY_GPGHOME}" | grep -v grep | awk  '{print $2}')
> +            echo "Killing gpg-agent with pid $GPG_AGENT_PID"
> +            /bin/kill ${GPG_AGENT_PID}
> +            chroot "${ROOTFSDIR}" /bin/rm -rf "${MY_GPGHOME}"
>  
>              if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then
>                  install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \
> 


-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux