From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6683827867816558592 X-Received: by 2002:a17:906:3fca:: with SMTP id k10mr16895357ejj.126.1556639203433; Tue, 30 Apr 2019 08:46:43 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a50:8871:: with SMTP id c46ls1632747edc.15.gmail; Tue, 30 Apr 2019 08:46:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqyAxsZtltjmrL9/ZtuYwmBpU/h77vgqR0bc/BraRNtFUdTbPnXgE2Dc9ZWKmYa0zfnVDL4D X-Received: by 2002:a50:aeb6:: with SMTP id e51mr43201179edd.76.1556639202981; Tue, 30 Apr 2019 08:46:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556639202; cv=none; d=google.com; s=arc-20160816; b=Laa3o0asZB8xmrKQRV8YevMikzeLYH2h7FR/JXaLCfsin6Cz5Gq5MmEJ8uEw9VMNnn /ZjMyXxbN8q+3DqV7RGmfPsFmibwjLoVJbyA4LwQinny/mzQO0QLHw/bA2pTnttkPeiV YjICOkNdU65AyXnuiXzVaEx1tU/4O/fx06U9Tk01Y3Bcb8Nm/3utqAPm8KGjxT0XVqIt dmeaEW6B9ASM9UHTJECw+N3Us7KFz/jd4VFm+tYJAELE9zw8S/Hrfyk9+BzPEyiZ3fLk sGu+ov+kH7kGkE32b44s8VGtAqUZVbY0nFr8R5S/73ucnaCSyOtpORxxpY/Hy3VIxp/v hLng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:organization:from:references:cc:to :subject; bh=9r1HRTMChj5jh+D8+UTswa6BDEMo9E/3Hbz4hYFWj/E=; b=qcP6FyQB1C+kVoK7pVW26TLI7gmPtyu2gd9MtppkH6QV9k68J8oqm5S3a2wBU3EfUV xw1qoufkZySfVpBK7SQoQDLwKzBHOLMiXHmhLBXjGUHv8grZ7F6eWGp0wyzs4XPHOiZa u1eIqVCjOtyG6AX3THEWRvuc104WqNq0C4rGF+XCRMNJz9R6E484TtjQ3cEbpS6PQazW DOTmZS5NDPMS9W4bN08pdJb7YfsQSbF8vD6EB9juxgTBjhlcnX0gpDHQ7e8kZOeIahPJ UM4Uu5++DQK2Xmpp94NDTJgf5vrjZ99i2t2kSREMT5uOphI7Xw3fMvyAxYnWHW5fvIIJ 8Lxw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id r4si1667648edh.5.2019.04.30.08.46.42 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 30 Apr 2019 08:46:42 -0700 (PDT) Received-SPF: pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de Received: from [192.168.50.180] (nat-ppp-217.71.235.199-satnet-spb.ru [217.71.235.199] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id x3UFkcsm002404 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 30 Apr 2019 17:46:38 +0200 Subject: Re: [PATCH v4 1/9] isar-bootstrap-host: disable DISTRO_APT_KEYS usage To: Andreas Reichel Cc: Claudius Heine , claudius.heine.ext@siemens.com, isar-users@googlegroups.com, jan.kiszka@siemens.com References: <20190425134450.13443-1-claudius.heine.ext@siemens.com> <20190425134450.13443-2-claudius.heine.ext@siemens.com> <155626421155.10914.2537647574220599237@ardipi> <89e6b417-265c-b1a6-b151-0938fed5d462@ilbers.de> <20190430093405.GA14335@iiotirae> <70eae983-d513-9ed9-5c54-cc6218a9af3f@ilbers.de> <20190430152246.GA13521@iiotirae> From: "Maxim Yu. Osipov" Organization: ilbers GmbH Message-ID: Date: Tue, 30 Apr 2019 18:46:33 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190430152246.GA13521@iiotirae> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: LYo+ew4pNrF+ On 4/30/19 6:22 PM, Andreas Reichel wrote: > On Tue, Apr 30, 2019 at 04:30:46PM +0300, Maxim Yu. Osipov wrote: >> On 4/30/19 12:34 PM, Andreas Reichel wrote: >>> On Fri, Apr 26, 2019 at 11:41:16AM +0300, Maxim Yu. Osipov wrote: >>>> Hi Claudius, Andreas, >>>> >>>> @Andreas >>>> Your input is very welcome at this topic as you were busy with all this APT >>>> keys stuff. >>>> >>> >>> Thank you. Well in my eyes, Claudius delivers important changes to Isar >>> which improve code quality and the build steps as a whole. Also as I >>> know him, he is never ever interested in any personal "affairs" whatsoever, >>> which I also learnt from his reviews on my code. He has a sharp mind and >>> always tries to get out the best of the code up to his knowledge and >>> techniques. Furthermore, if he may sometimes sound direct or even >>> annoying to some - this is merely a personal question of how one focuses >>> on mails. I also did not understand everything he criticized on my code >>> in the beginning - but after I understood him, it was always great >>> improvement. So, Maxim, I beg that you do not take anything personal on >>> any mail, regarding any words or writing style but just focus on the >>> code as I always try - which always helps to go on further with the >>> project and to improve it. That's my input. >>> >>> Andreas >> >> I would prefer to focus on technical aspects of the modification under >> review. Are you OK with this modification? >> > I am OK with these. > > However I want MY patch series (version 9) merged before this one, > because it is now very well reviewed and weeks old. > And please don't argue with failed CI now. Investigating, understanding > and fixing CI is a different topic and out of my scope. I'll not merge your v9 series - more than one week ago I pointed you to the problematic test case which is easily reproducible (see forwarded email below): So I expect your feedback/next version of series fixing mentioned problem. -------- Forwarded Message -------- Subject: Re: [PATCH v9 0/5] Fix usage of additional apt keys and repos Date: Mon, 22 Apr 2019 14:22:24 +0200 From: Maxim Yu. Osipov Organization: ilbers GmbH To: Andreas J. Reichel , isar-users@googlegroups.com Hi Andreas, I've tested your series (with the docker use-case example you described in last patch in series). It works as described in the default case - without local apt caching enabled. I've tested it with with signed local apt caching feature enabled. The first stage - creation of local repo passed OK - bitbake -c cache_base_repo multiconfig:qemuarm64-stretch:isar-image-base But on the second stage the build failed (see log below). I've double checked 'signed local apt caching feature' works fine in the current 'next'. My local.conf is attached for convenience. Regards, Maxim. > > Regards, > Andreas > >> Regards, >> Maxim. >> >>>> On 4/26/19 9:36 AM, Claudius Heine wrote: >>>>> Hi Maxim, >>>>> >>>>> Quoting Maxim Yu. Osipov (2019-04-25 20:20:59) >>>>>> On 4/25/19 3:44 PM, claudius.heine.ext@siemens.com wrote: >>>>>>> From: Claudius Heine >>>>>>> >>>>>>> isar-bootstrap-host only supports bootstrapping Debian root file >>>>>>> systems. Therefore deactivate any DISTRO_APT_KEYS from other >>>>>>> distributions. >>>>>>> >>>>>>> Signed-off-by: Claudius Heine >>>>>>> --- >>>>>>> meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb | 2 ++ >>>>>>> 1 file changed, 2 insertions(+) >>>>>>> >>>>>>> diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>>>> index 08b068f..3e96281 100644 >>>>>>> --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>>>> +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap-host.bb >>>>>>> @@ -12,6 +12,8 @@ DEPLOY_ISAR_BOOTSTRAP = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}" >>>>>>> ISAR_BOOTSTRAP_LOCK = "${DEPLOY_DIR_BOOTSTRAP}/${HOST_DISTRO}-${HOST_ARCH}.lock" >>>>>>> require isar-bootstrap.inc >>>>>>> +# We only build debian host buildchroot environments >>>>>>> +DISTRO_APT_KEYS = "" >>>>>> >>>>>> From the first glance this modification limits functionality. >>>>>> It looks like a hack and I would suggest to avoid this modification. >>>>> >>>>> Well it is a fix and that limited functionality was already present but >>>>> just implicit, hidden behind some bug and the cleanup just made it >>>>> appear. >>>> >>>> >>>> Could you please point to this hidden, implicit place where mentioned bug >>>> persists? >>>> >>>> I've looked under meta/recipes-core/isar-bootstrap/ >>>> >>>> It seems that keyring stuff is quite symmetrical (in terms of host/target): >>>> >>>> isar/meta/recipes-core/isar-bootstrap$ grep -ri keyring * >>>> isar-bootstrap-host.bb:do_generate_keyring[stamp-extra-info] = >>>> "${DISTRO}-${DISTRO_ARCH}" >>>> isar-bootstrap-host.bb:addtask bootstrap before do_build after >>>> do_generate_keyring >>>> isar-bootstrap.inc:APTKEYRING = "${WORKDIR}/apt-keyring.gpg" >>>> isar-bootstrap.inc:DEBOOTSTRAP_KEYRING = "" >>>> isar-bootstrap.inc: d.setVar("DEBOOTSTRAP_KEYRING", "--keyring >>>> ${APTKEYRING}") >>>> isar-bootstrap.inc: d.setVar("DEBOOTSTRAP_KEYRING", "--keyring >>>> ${APTKEYRING}") >>>> isar-bootstrap.inc:do_generate_keyring[dirs] = "${DL_DIR}" >>>> isar-bootstrap.inc:do_generate_keyring[vardeps] += "DISTRO_APT_KEYS" >>>> isar-bootstrap.inc:do_generate_keyring() { >>>> isar-bootstrap.inc: gpg --no-default-keyring --keyring >>>> "${APTKEYRING}" \ >>>> isar-bootstrap.inc:addtask generate_keyring before do_build after do_unpack >>>> isar-bootstrap.inc: ${DEBOOTSTRAP_KEYRING} \ >>>> isar-bootstrap.inc: ${DEBOOTSTRAP_KEYRING} \ >>>> isar-bootstrap-target.bb:do_generate_keyring[stamp-extra-info] = >>>> "${DISTRO}-${DISTRO_ARCH}" >>>> isar-bootstrap-target.bb:addtask bootstrap before do_build after >>>> do_generate_keyring >>>> isar/meta/recipes-core/isar-bootstrap$ >>>> >>>> >>>> And bootstrapping itself (function isar_bootsrap in isar-bootstrap.inc) >>>> differs only by passing extra '--arch' to target DISTRO_ARCH. Nothing >>>> regarding >>>> >>>> if [ ${IS_HOST} ]; then >>>> ${DEBOOTSTRAP} $debootstrap_args \ >>>> ${@get_distro_components_argument(d, True)} \ >>>> ${DEBOOTSTRAP_KEYRING} \ >>>> "${@get_distro_suite(d, True)}" \ >>>> "${ROOTFSDIR}" \ >>>> "${@get_distro_source(d, True)}" >>>> >>>> else >>>> "${DEBOOTSTRAP}" $debootstrap_args \ >>>> --arch="${DISTRO_ARCH}" \ >>>> ${@get_distro_components_argument(d, >>>> False)} \ >>>> ${DEBOOTSTRAP_KEYRING} \ >>>> "${@get_distro_suite(d, False)}" \ >>>> "${ROOTFSDIR}" \ >>>> "${@get_distro_source(d, False)}" >>>> fi >>>> >>>> >>>> >>>> >>>>> >>>>>> Some time ago I thought about introduction of HOST_DISTRO_APT_KEYS to >>>>>> avoid confusion between target and host apt keys. >>>>> >>>>> Good idea. But that would be a new feature/improvement. >>>> >>>> Yes. But your series is also improvement, isn't? >>>> >>>> I need more arguments for introduction of this limitation. >>>> >>>> Maxim. >>>> >>>>> Also thanks for looking at the code! >>>>> >>>>> Claudius >>>>> >>>>>> >>>>>> >>>>>> Maxim. >>>>>> >>>>>> >>>>>> >>>>>>> inherit isar-bootstrap-helper >>>>>>> do_generate_keyring[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}" >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Maxim Osipov >>>>>> ilbers GmbH >>>>>> Maria-Merian-Str. 8 >>>>>> 85521 Ottobrunn >>>>>> Germany >>>>>> +49 (151) 6517 6917 >>>>>> mosipov@ilbers.de >>>>>> http://ilbers.de/ >>>>>> Commercial register Munich, HRB 214197 >>>>>> General Manager: Baurzhan Ismagulov >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google Groups "isar-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. >>>>>> To post to this group, send email to isar-users@googlegroups.com. >>>>>> To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/ccc13295-982c-7b25-cfc2-e079033689c0%40ilbers.de. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> -- >>>>> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk >>>>> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany >>>>> Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de >>>>> >>>>> PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153 >>>>> Keyserver: hkp://pool.sks-keyservers.net >>>>> >>>> >>>> >>>> -- >>>> Maxim Osipov >>>> ilbers GmbH >>>> Maria-Merian-Str. 8 >>>> 85521 Ottobrunn >>>> Germany >>>> +49 (151) 6517 6917 >>>> mosipov@ilbers.de >>>> http://ilbers.de/ >>>> Commercial register Munich, HRB 214197 >>>> General Manager: Baurzhan Ismagulov >>> >> >> >> -- >> Maxim Osipov >> ilbers GmbH >> Maria-Merian-Str. 8 >> 85521 Ottobrunn >> Germany >> +49 (151) 6517 6917 >> mosipov@ilbers.de >> http://ilbers.de/ >> Commercial register Munich, HRB 214197 >> General Manager: Baurzhan Ismagulov > -- Maxim Osipov ilbers GmbH Maria-Merian-Str. 8 85521 Ottobrunn Germany +49 (151) 6517 6917 mosipov@ilbers.de http://ilbers.de/ Commercial register Munich, HRB 214197 General Manager: Baurzhan Ismagulov