From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6658246660386193408
X-Received: by 2002:a50:addd:: with SMTP id b29mr283666edd.11.1550662036795;
        Wed, 20 Feb 2019 03:27:16 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a50:9e41:: with SMTP id z59ls5235586ede.8.gmail; Wed, 20 Feb
 2019 03:27:16 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZcFRAgH1k+NVKW7fvAFBP9SgF1WeUR0fJ/047ZQ2WQxGX3e4YJwh4+bDy4D+7wVYWOUWSw
X-Received: by 2002:a50:915d:: with SMTP id f29mr4301032eda.12.1550662036269;
        Wed, 20 Feb 2019 03:27:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550662036; cv=none;
        d=google.com; s=arc-20160816;
        b=cEn8qC8a2A2ce8XjbgGGDnroLie7siqGgq5RftxmhAryX6q0wg8iwezn+KBseFSp/K
         wACVyrkKwi/pkCYfLftd+ualmHNk7sU3YjmuxdJ9S14TFZfZOrcTfHJXQJYUH+2ZnBXd
         uTtjzKeMfFmIbugy+Qxhizlab8Ld/8Tc/Pe7D4yNFosRkuIbBnsEujNFlI3qk/82pfXF
         3Ju3PHRtrnpXa2yf5u75iapzW9SaLR4IlCpNVJRym+FHK2ml1mElXF9CndaISc5bBN19
         cljczpbNLl3E8QMZ2I5NfiggnwN/spNnSD2HHBVxvE6m8qvaBdJzK/Yqqf1ebrnobcOv
         ALOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject;
        bh=AMbemAlCd8WlclGFgcixOQlU8nZ7UHQM2SfYClc74EI=;
        b=BDyTHB+t30TpOMa6LhXqKvM1mne1taBpqIqD0UDgvqfS3NDTByAM45J3Dd588xmuD/
         uvGl2subyyYDFvOansczTBHpVn2jYkV2qO5DW52y3Qdu4W+0qYRNuDy9fWaqPUJ0tWij
         +T2ef4d/fUPXGH3eoG8Xe15aHehwD85QqT/IWuDRsQ/q/3+f96OaNJovh6P6HWLg8ex6
         O4RTQ3eliNXuhSECq//Vn+6SMTHLEmaLqtMhxh4+gLofySZyReKSaZ89l1su/7tZI3Ok
         /OJB6Yxg1eactuy4hEaAvsCEHZkFR5cLohvelZ3RbrB7Np1Rq+LB4wfj8Wow0QpHkxcO
         nGXw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
        by gmr-mx.google.com with ESMTPS id a12si945167edn.5.2019.02.20.03.27.16
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 20 Feb 2019 03:27:16 -0800 (PST)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x1KBRFkY016000
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 20 Feb 2019 12:27:15 +0100
Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged))
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x1KBRFWk029877;
	Wed, 20 Feb 2019 12:27:15 +0100
Subject: Re: [PATCH 0/1] Fix remote key fetching apt keyring
To: "[ext] Andreas J. Reichel" <andreas.reichel.ext@siemens.com>,
        isar-users@googlegroups.com, Baurzhan Ismagulov <ibr@ilbers.de>,
        Maksim Osipov <mosipov@ilbers.de>
References: <20190219162942.6bfb794b@md1za8fc.ad001.siemens.net>
 <20190220112133.23122-1-andreas.reichel.ext@siemens.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <d4e7676d-33cc-0366-05d9-2582371c9eb6@siemens.com>
Date: Wed, 20 Feb 2019 12:27:15 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <20190220112133.23122-1-andreas.reichel.ext@siemens.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: p8FsH8Lvykez

On 20.02.19 12:21, [ext] Andreas J. Reichel wrote:
> From: Andreas Reichel <andreas.reichel.ext@siemens.com>
> 
> Since my last mail was not answered, but this is an important topic,
> here is a patch that shows what the problem is.
> 
> If we fetch the user apt key from remote, we need the basename,
> if we fetch it locally we need the absolute path...
> 
> While this might not be the best way to fix this, it works as good
> as the rest of this code...
> 
> At least it fixes Isar again up to adding the key to the keyring.
> 
> But this still does not fix the next problem with the docker-ce key:
> 
> | I: Running command: debootstrap --arch arm64 --foreign --verbose --variant=minbase --include=locales --components=main,contrib,non-free --keyring /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg stretch /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/rootfs http://ftp.debian.org/debian
> | I: Retrieving InRelease
> | I: Retrieving Release
> | I: Retrieving Release.gpg
> | I: Checking Release signature
> | E: Release signed by unknown key (key id EF0F382A1A7B6500)
> 
> So something additionally must be done. Since I am not an expert on
> debian keyring/debootstrap and dpkg signing I will try to find a
> solution but maybe somebody has a good idea already?
> 

Baurzhan, Maxim, any idea?

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux