From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6880878174534631424 X-Received: by 2002:a50:ec82:: with SMTP id e2mr269842edr.312.1611577919961; Mon, 25 Jan 2021 04:31:59 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6402:520e:: with SMTP id s14ls16214021edd.3.gmail; Mon, 25 Jan 2021 04:31:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJxjNyKNmMfCN8FdTviKFJ1xkaPVxtBbI3J9HxFQRYsYqMBZWAWrH3t8LICq2mnDqgMq+XDn X-Received: by 2002:aa7:c34f:: with SMTP id j15mr284684edr.120.1611577918979; Mon, 25 Jan 2021 04:31:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611577918; cv=none; d=google.com; s=arc-20160816; b=bYXw64URL0QhlJsyDdIcGLFFDSffe6S2xBhAFzljfu1Fpg8+qv3ovoq5b3qWv5f1QR LwhThx2UMRLOrEsPmvMB7DUIAu0TRh7HqlOZxPvWoZZeHbvPvehIxR8F7jDSp21W8HKP xeM9nIyxCEk35jOkIDlXkkSEqYwq2/HZJO1X+bcFIR+Bc0fn7qf5xvfHkRLv4dmi59jH XtldByeb1u+y87ZhecL82qhCtQbTnkys1zIsyWx1XutGKwCfS+xkF5cKsn8kTOBOEsS4 RtN8pYBdmODwUQ5SgEpn/K0xjSuaQiHtsAowV2+QhG1s1O4iaRYCm6BTSGW7LwqyF+0r Cz5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=tXEwS+ojW9aWWNa5auzll4qlIkadDpdbyWwzgibQgZA=; b=tEGe1nztMNQ/KpHYsbl6gdoL8HIFmEWtHXn8x857/hWlk5R/TN5vqiPDgRrhYR45KM pCsSnCj436jae+GTUHDnBRvseOQnDA2MPxQnnqFm59S3/H5Ci+DzOxQSDP9kVBjweWIi HgYa2UC25QkUx+E1eIdVCckFuJbRrEWojncm8WIzpsJy7Zsf8sFJcO7jsPt2ONFb2cYH mKX6M+3UPre+nmnLPipBGa0VyGBRBpMxwe+I5Ck7otBz1hbz7fmvsWGCCx6GL2x0IO8y 3IXaOSLu1g655ohZUQsXbEL9Wm4imJuyj85YnUNyVvXlO20Kt9UtiLoV9NZypuC0hocZ Kg1A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id k22si70245eds.0.2021.01.25.04.31.58 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Jan 2021 04:31:58 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 10PCVwwO011476 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 25 Jan 2021 13:31:58 +0100 Received: from [139.22.43.13] ([139.22.43.13]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 10PCVv67006854; Mon, 25 Jan 2021 13:31:58 +0100 Subject: Re: [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key To: Anton Mikanovich , isar-users@googlegroups.com Cc: Yuri Adamov References: <20210122170903.28134-1-amikan@ilbers.de> From: Jan Kiszka Message-ID: Date: Mon, 25 Jan 2021 13:31:57 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <20210122170903.28134-1-amikan@ilbers.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: 4qZh53y3luAN On 22.01.21 18:09, Anton Mikanovich wrote: > From: Yuri Adamov > > Building rpi-stretch natively (under qemu) sometimes fails with: > > gpg: can't connect to the agent: IPC connect call failed > > gpg starts gpg-agent and times out after 5 s. This value is hard-coded. > > Besides, leaving running gpg-agent processes is not clean and prevents > unmounting of filesystems. > > This patch starts and stops the agent manually. > > Signed-off-by: Yuri Adamov > Signed-off-by: Anton Mikanovich > --- > Changes since v2: > - Restored conditional gnupg include. > - Made gpg-agent run in gpg enabled builds only. > > Changes since v1: > - Removed unnecessary sleeping. > - Removed -9 in kill. > - Commented unconditionally gnupg package append. > - Removed unused OVERRIDES_append and get_distro_needs_gpg_support(). > --- > meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > index 8f5f727..0edefc5 100644 > --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > @@ -309,14 +309,25 @@ isar_bootstrap() { > mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d" > install -v -m644 "${WORKDIR}/isar-apt.conf" \ > "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf" > + if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" ]; then > + MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)" > + echo "Created temporary directory ${MY_GPGHOME} for gpg-agent" > + export GNUPGHOME="${MY_GPGHOME}" > + chroot "${ROOTFSDIR}" gpg-agent --daemon > + APT_KEY_APPEND="--homedir ${MY_GPGHOME}" > + fi > find ${APT_KEYS_DIR}/ -type f | while read keyfile > do > kfn="$(basename $keyfile)" > cp $keyfile "${ROOTFSDIR}/tmp/$kfn" > chroot "${ROOTFSDIR}" /usr/bin/apt-key \ > - --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn" > + --keyring ${THIRD_PARTY_APT_KEYRING} ${APT_KEY_APPEND} add "/tmp/$kfn" > rm "${ROOTFSDIR}/tmp/$kfn" > done > + if [ -d "${MY_GPGHOME}" ]; then > + echo "Killing gpg-agent for ${MY_GPGHOME}" > + chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf "${MY_GPGHOME}" > + fi > > if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then > install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \ > Thanks, looks good to me. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux