[PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

* [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key
@ 2021-01-22 17:09 Anton Mikanovich
  2021-01-25 12:31 ` Jan Kiszka
  0 siblings, 1 reply; 3+ messages in thread
From: Anton Mikanovich @ 2021-01-22 17:09 UTC (permalink / raw)
  To: isar-users; +Cc: Yuri Adamov, Anton Mikanovich

From: Yuri Adamov <yadamov@ilbers.de>

Building rpi-stretch natively (under qemu) sometimes fails with:

gpg: can't connect to the agent: IPC connect call failed

gpg starts gpg-agent and times out after 5 s. This value is hard-coded.

Besides, leaving running gpg-agent processes is not clean and prevents
unmounting of filesystems.

This patch starts and stops the agent manually.

Signed-off-by: Yuri Adamov <yadamov@ilbers.de>
Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
---
Changes since v2:
- Restored conditional gnupg include.
- Made gpg-agent run in gpg enabled builds only.

Changes since v1:
- Removed unnecessary sleeping.
- Removed -9 in kill.
- Commented unconditionally gnupg package append.
- Removed unused OVERRIDES_append and get_distro_needs_gpg_support().
---
 meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
index 8f5f727..0edefc5 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -309,14 +309,25 @@ isar_bootstrap() {
             mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d"
             install -v -m644 "${WORKDIR}/isar-apt.conf" \
                              "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf"
+            if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" ]; then
+                MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)"
+                echo "Created temporary directory ${MY_GPGHOME} for gpg-agent"
+                export GNUPGHOME="${MY_GPGHOME}"
+                chroot "${ROOTFSDIR}" gpg-agent --daemon
+                APT_KEY_APPEND="--homedir ${MY_GPGHOME}"
+            fi
             find ${APT_KEYS_DIR}/ -type f | while read keyfile
             do
                 kfn="$(basename $keyfile)"
                 cp $keyfile "${ROOTFSDIR}/tmp/$kfn"
                 chroot "${ROOTFSDIR}" /usr/bin/apt-key \
-                   --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn"
+                    --keyring ${THIRD_PARTY_APT_KEYRING} ${APT_KEY_APPEND} add "/tmp/$kfn"
                 rm "${ROOTFSDIR}/tmp/$kfn"
             done
+            if [ -d "${MY_GPGHOME}" ]; then
+                echo "Killing gpg-agent for ${MY_GPGHOME}"
+                chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf "${MY_GPGHOME}"
+            fi
 
             if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then
                 install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \
-- 
2.20.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key
  2021-01-22 17:09 [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key Anton Mikanovich
@ 2021-01-25 12:31 ` Jan Kiszka
  2021-02-05 14:59   ` Anton Mikanovich
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Kiszka @ 2021-01-25 12:31 UTC (permalink / raw)
  To: Anton Mikanovich, isar-users; +Cc: Yuri Adamov

On 22.01.21 18:09, Anton Mikanovich wrote:
> From: Yuri Adamov <yadamov@ilbers.de>
> 
> Building rpi-stretch natively (under qemu) sometimes fails with:
> 
> gpg: can't connect to the agent: IPC connect call failed
> 
> gpg starts gpg-agent and times out after 5 s. This value is hard-coded.
> 
> Besides, leaving running gpg-agent processes is not clean and prevents
> unmounting of filesystems.
> 
> This patch starts and stops the agent manually.
> 
> Signed-off-by: Yuri Adamov <yadamov@ilbers.de>
> Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
> ---
> Changes since v2:
> - Restored conditional gnupg include.
> - Made gpg-agent run in gpg enabled builds only.
> 
> Changes since v1:
> - Removed unnecessary sleeping.
> - Removed -9 in kill.
> - Commented unconditionally gnupg package append.
> - Removed unused OVERRIDES_append and get_distro_needs_gpg_support().
> ---
>  meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> index 8f5f727..0edefc5 100644
> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
> @@ -309,14 +309,25 @@ isar_bootstrap() {
>              mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d"
>              install -v -m644 "${WORKDIR}/isar-apt.conf" \
>                               "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf"
> +            if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" ]; then
> +                MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)"
> +                echo "Created temporary directory ${MY_GPGHOME} for gpg-agent"
> +                export GNUPGHOME="${MY_GPGHOME}"
> +                chroot "${ROOTFSDIR}" gpg-agent --daemon
> +                APT_KEY_APPEND="--homedir ${MY_GPGHOME}"
> +            fi
>              find ${APT_KEYS_DIR}/ -type f | while read keyfile
>              do
>                  kfn="$(basename $keyfile)"
>                  cp $keyfile "${ROOTFSDIR}/tmp/$kfn"
>                  chroot "${ROOTFSDIR}" /usr/bin/apt-key \
> -                   --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn"
> +                    --keyring ${THIRD_PARTY_APT_KEYRING} ${APT_KEY_APPEND} add "/tmp/$kfn"
>                  rm "${ROOTFSDIR}/tmp/$kfn"
>              done
> +            if [ -d "${MY_GPGHOME}" ]; then
> +                echo "Killing gpg-agent for ${MY_GPGHOME}"
> +                chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf "${MY_GPGHOME}"
> +            fi
>  
>              if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then
>                  install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \
> 

Thanks, looks good to me.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key
  2021-01-25 12:31 ` Jan Kiszka
@ 2021-02-05 14:59   ` Anton Mikanovich
  0 siblings, 0 replies; 3+ messages in thread
From: Anton Mikanovich @ 2021-02-05 14:59 UTC (permalink / raw)
  To: Jan Kiszka, isar-users; +Cc: Yuri Adamov

25.01.2021 15:31, Jan Kiszka wrote:
>
> Thanks, looks good to me.
>
> Jan
>
Applied to next, thanks.

-- 
Anton Mikanovich
Promwad Ltd.
External service provider of ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn, Germany
+49 (89) 122 67 24-0
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-02-05 14:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-22 17:09 [PATCH v3] isar-bootstrap: Run gpg-agent before starting apt-key Anton Mikanovich
2021-01-25 12:31 ` Jan Kiszka
2021-02-05 14:59   ` Anton Mikanovich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox