From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6740510031426355200 X-Received: by 2002:a1c:658b:: with SMTP id z133mr6897502wmb.130.1569406473710; Wed, 25 Sep 2019 03:14:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a7b:c0d9:: with SMTP id s25ls1040830wmh.4.gmail; Wed, 25 Sep 2019 03:14:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqwE5PejAxfKCsM0KFEkAFfXPymgA5q2+nyCbHO5CRuvcEh+gpFokcf3cFTMGICfzlyWi25g X-Received: by 2002:a7b:c764:: with SMTP id x4mr6858950wmk.138.1569406473249; Wed, 25 Sep 2019 03:14:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569406473; cv=none; d=google.com; s=arc-20160816; b=qGFTyJtlHDOuPFDwSyyTsINo0mIDhPHPFOzHXGlWqbKalfpay76sP0phEaCRnb5sGI xD8+qiY5psw8xB67PWf4G+bxALHMYWtEDvB3hz/wtOr+uKuqlgmd73mN0SuSrDOsmtdr aes+tO/B0NJ1oMkdaj+XCJ24oJVY6yaB8/7n57AjDN/4Q04hGUtI7GE344xgpDvBIhzC ztWV9VpkjI3Y8AQxPWr3qXJOPkvtLSkcEm3Gkhqjoii2XaUT9fwMaTfbJ/I9IF6QImoT plXlBEQptbrAdn0CDpOVyq9kzvXQ66GWdCsVZOjXKa8b4St8CWWY3tYiFbgZOZhSc+T8 vFQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:mime-version:user-agent:date:message-id:openpgp:from :references:cc:to:subject; bh=6EC/uWdl2VyEPSu6gWQE2nR3xtueWAvA6Z5CN+6EeQY=; b=h9zRdohgJPjkHQt+DTCzgboRWcf1OEMGxpQqn2fUKmOZ2JdVLNfdqtljJk5p8x6O0Y cwhFENPbj6MlwykkBQ8dqAOolJ6TcL1WgbVcxZHtoLVuTDs8ZwXr98lanLSFnkodG3kD hAinFWrokSYDW0kSM1U0H6Fny8y1Dgl+iQSaBWJR/GLbx7eJC4yY5IADvGur6JaXcHNr y8ZzKXOZBIB5VDkk3l6T0d/ZTovX5YnfwMnVQVqOHSLFaUru2mSCxWaOg8v5BEOaD4iW dH9hpsJTKujxHr4oPAX9B+3wuGYNl/dFh8mL8rqA2G0DWinOmS1xIqU0TY7c9DSFrnQ3 mmVw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of ch@denx.de) smtp.mailfrom=ch@denx.de Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net. [2001:a60:0:28:0:1:25:1]) by gmr-mx.google.com with ESMTPS id j4si293238wro.5.2019.09.25.03.14.33 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Sep 2019 03:14:33 -0700 (PDT) Received-SPF: neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of ch@denx.de) client-ip=2001:a60:0:28:0:1:25:1; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of ch@denx.de) smtp.mailfrom=ch@denx.de Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 46dYnh6xvpz1rVw0; Wed, 25 Sep 2019 12:14:32 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 46dYnh6PDvz1qqkL; Wed, 25 Sep 2019 12:14:32 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id lYLZ4bxC6M3u; Wed, 25 Sep 2019 12:14:31 +0200 (CEST) X-Auth-Info: unAkTp/PMgY37er77pWvutj8z5WjS8dxaIifGqjka8Y= Received: from deneb.denx.de (p578adb1c.dip0.t-ipconnect.de [87.138.219.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Wed, 25 Sep 2019 12:14:31 +0200 (CEST) Subject: Re: Discussion: Base-apt features To: Vijai Kumar K , isar-users@googlegroups.com Cc: henning.schild@siemens.com, claudius.heine.ext@siemens.com, jan.kiszka@siemens.com, ibr@radix50.net References: <20190925074122.GA12490@lightning> From: Claudius Heine Openpgp: id=6FF2E59F00C6BC2831D864C11173CB199808B153; url=http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x1173CB199808B153 Message-ID: Date: Wed, 25 Sep 2019 12:14:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: <20190925074122.GA12490@lightning> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XFvkkWAwK37EAhYXg5lhmDSLIBrS0gPvR" X-TUID: 8BnneHtMQ/SX This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XFvkkWAwK37EAhYXg5lhmDSLIBrS0gPvR Content-Type: multipart/mixed; boundary="GhKWMvRCRjlyrN6Cgj2i6QcV6PYu9KK8b"; protected-headers="v1" From: Claudius Heine To: Vijai Kumar K , isar-users@googlegroups.com Cc: henning.schild@siemens.com, claudius.heine.ext@siemens.com, jan.kiszka@siemens.com, ibr@radix50.net Message-ID: Subject: Re: Discussion: Base-apt features References: <20190925074122.GA12490@lightning> In-Reply-To: <20190925074122.GA12490@lightning> --GhKWMvRCRjlyrN6Cgj2i6QcV6PYu9KK8b Content-Type: text/plain; charset=utf-8 Content-Language: en-MW Content-Transfer-Encoding: quoted-printable Hi Vijai, On 25/09/2019 09.41, Vijai Kumar K wrote: > Hi All, >=20 > Starting this thread to discuss the base-apt features and limitations. >=20 > Here I am listing down some of the issues/features and possibly the > need for them. >=20 >=20 > 1. Support for adding source packages. >=20 > Currently we have support only for binaries. The corresponding source > files could also be added.=20 Yes. That would be required (AFAIK, but INAL) if the base-apt should be used to distribute packages to the end-user as per GPL. >=20 >=20 > 2. Support for using password protected keys. >=20 > It is a good practice to have the gpg key protected to have an addition= al > level of security. Right now ISAR does not have provisions to use passw= ord > protected keys. There are two use-cases for base-apt AFAIK: Use it to distribute a repository to the end user and for reproducible/offline build. I agree that for the former having a password protected key for signing the repo would be good. For the latter use-case though that might get cumbersome. Maybe we should split this use-case and have something different for reproducible/offline build? Also 'base-apt' is a bad name... >=20 >=20 > 3. Support for specifying the signing key. >=20 > Right now, the signing mechanism uses the default gpg key of the system= =2E > This is problematic in many ways. Especially for CI. In the current > implementation, eventhough we specify the key, we are not really using = it. Right, that needs to be fixed. >=20 >=20 > 4. Support for adding packages only to base-apt. >=20 > Sometimes, we might need a package to be present in base-apt but not in= > the target yet. Things like dev & dbg packages. It would be good if we > have something like BASE_APT_INSTALL which contains the list which woul= d > be populated only in base-apt. If the base-apt should be used for distributing packages to the end-user, it might also be useful to exclude certain packages. >=20 >=20 > 5. Refactoring code to consolidate reprepro calls. >=20 > Right now, reprepro calls are spread across the build system. Its depen= dencies > are spread across too(Handling envs like GNUPGHOME, distributions file = etc). > My first thought is to have a seperate module implemented to handle the= se > calls. Yes, that would be a good refactoring idea. regards, Claudius --=20 DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: ch@denx.de PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153 Keyserver: hkp://pool.sks-keyservers.net --GhKWMvRCRjlyrN6Cgj2i6QcV6PYu9KK8b-- --XFvkkWAwK37EAhYXg5lhmDSLIBrS0gPvR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEb/LlnwDGvCgx2GTBEXPLGZgIsVMFAl2LPfwACgkQEXPLGZgI sVPTYRAAniFcB6nK/0IeLAp+KwdDGDPiKYmO2cijsfr4OtMwTLq2BEqg1Wrk7x0A yRzK6m5ll3KmGJ04TY0rvBeUDDXmkem7/RQlFclHAxQjbRP6SzcM/hbiAs5hAyAs 30l4p1wmQXcILABBI57Xs4UQ7wm9Dsue6Xs5ddDg2c9tq2NUgloaRUC5qTPUhdB7 NCjumIV9kCvxS3Ux1H6vT61lCZ8WIJ27TlICm2/1u6QP14flLusoQaSpCssy9LSf 7ItS7V0HksFezcYZUnIOvaKXOqk8hzPEQ1G/bnIk4IZtxQadUPVzPgKn/loWFC3x TGnLJOwqQAlX3fuij2SP/IRWNv7v+qQFeoQLmLY8Srg9tYqMCM3y8zxuKJIhpbUP FTrP0xAGDRAHXqBohLaALMo8gDWJiD9u0S8UjdCWp9Hlag8ilMk4/QeByC8KeYU0 +T5fpn1CLfKHy8C85K81BSJgXEWgzqr/mo3iITNeAeVz0rD/e/Op6MzIDlff85tS AezhL5r6mKAd+YdvPn0aBQRSsH8tM4J/LxWycqhlY2s01ZGcmk9aTsjgJsrsOAku 6xFVVMdX+73UnMLKUhDb2t+h4zE4LYjftMgXy1lO6V4Xb6/eZ5iyI2vO0c2SJndP tPr6WiBl3Yy9beyROlqeS4pJfixi918xvxvmGR9O6N31uMK2mRg= =QWa9 -----END PGP SIGNATURE----- --XFvkkWAwK37EAhYXg5lhmDSLIBrS0gPvR--