From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6729733794987769856
X-Received: by 2002:a5d:434a:: with SMTP id u10mr2194656wrr.245.1566889529940;
        Tue, 27 Aug 2019 00:05:29 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a7b:c411:: with SMTP id k17ls7116687wmi.1.gmail; Tue, 27 Aug
 2019 00:05:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw++1OmQ39QABKKny8XRkgHLMzr7Hv01orlbhr5OiXxX2lueE9bGftgvp7wBucJe7NU/iX9
X-Received: by 2002:a1c:cb01:: with SMTP id b1mr26897166wmg.69.1566889529248;
        Tue, 27 Aug 2019 00:05:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566889529; cv=none;
        d=google.com; s=arc-20160816;
        b=h/DVaqsZHeR994HieOxFwrK/nkNTGUFnXjjnF03yI9qOukJaHtJmrRvxwjU0Fldlpy
         Oe0dqZ9Z96bGAESlDmsjfeo3v8QDOrFID6ZkSgDr3jdGxOASkHYUKzryG3fSArA0bi0w
         tlYESmpPDAQTMzVHWPOmrHt/UULzbTulTcYba/Ds7m0uIRtu9FCoP4TsPp8JdoqVbvzL
         xrnJJTe5Nr8nHvl7TQ7o/Qo7FEZLDOuBD0Bxdl3go3aLnpOQxKTZCrdVVnPAv+BedkuF
         1w+i2RvURYKcpKXymvJwCiHvr/LXUXlOSTnero6E26cnA6RpyUZQYjRqtKk2SmNuYWK1
         OfWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject;
        bh=hPLM3wC0sBPWvDVXmubXXx582wNTZ+W4FPY1SfrLMVQ=;
        b=WhMc7SCNkiSG3fuaAjfOrZz2STDI/So+r4u3R/XoHP5iuConSODt6mozOuzodhAdO3
         /2imItwJkNAGmJCEamjgDhd9HFcOOJvUzfmW6RPtnXReyVHJkARfgT/ye7U65qOeUKoC
         Kp/JiykmqprGvWcsuCiVaCweOV+iS+DCDrnKbBawE9PBHCvHUnkAYNCce0NRMmMcRa6H
         p/lrNdxVDYPOm7DDD8+Pc0eXjI6Wl5v0ULWeCvbPjUE2nCVEOYt9LFymruj/fLH8IvCI
         ealQUS6Ko7yLOOqZxLBU7XA+ZMgzy4U35LGCyIgI8X7Bs/YfwA/rfuZ9rgQvoRN/civz
         Vb9w==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id r189si87963wme.4.2019.08.27.00.05.29
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 27 Aug 2019 00:05:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x7R75Spq005325
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 27 Aug 2019 09:05:28 +0200
Received: from [167.87.43.166] ([167.87.43.166])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x7R75Sht028658;
	Tue, 27 Aug 2019 09:05:28 +0200
Subject: Re: [PATCH v2 1/2] ci_build: Add signing cached repo test
To: "Maxim Yu. Osipov" <mosipov@isar-build.org>, isar-users@googlegroups.com
References: <20190827064338.29404-1-mosipov@isar-build.org>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <e7db9c00-7054-502f-7ac1-e7b1e4ee8e96@siemens.com>
Date: Tue, 27 Aug 2019 09:05:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190827064338.29404-1-mosipov@isar-build.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: kmunE6YrH0pZ

On 27.08.19 08:43, Maxim Yu. Osipov wrote:
> From: "Maxim Yu. Osipov" <mosipov@isag-build.org>
> 
> Signed-off-by: Maxim Yu. Osipov <mosipov@isag-build.org>
> ---
>   scripts/ci_build.sh              | 31 ++++++++++++++-------
>   testsuite/base-apt/test_priv.key | 58 ++++++++++++++++++++++++++++++++++++++++
>   testsuite/base-apt/test_pub.key  | 30 +++++++++++++++++++++
>   3 files changed, 110 insertions(+), 9 deletions(-)
>   create mode 100644 testsuite/base-apt/test_priv.key
>   create mode 100644 testsuite/base-apt/test_pub.key
> 
> diff --git a/scripts/ci_build.sh b/scripts/ci_build.sh
> index f4a8b06..06b20ab 100755
> --- a/scripts/ci_build.sh
> +++ b/scripts/ci_build.sh
> @@ -50,7 +50,6 @@ REPRO_TARGETS_SET="\
>               multiconfig:qemuamd64-stretch:isar-image-base \
>               multiconfig:qemuarm-buster:isar-image-base"
>   
> -
>   show_help() {
>       echo "This script builds the default Isar images."
>       echo
> @@ -58,14 +57,14 @@ show_help() {
>       echo "    $0 [params]"
>       echo
>       echo "Parameters:"
> -    echo "    -b, --build BUILD_DIR set path to build directory. If not set,"
> -    echo "                          the build will be started in current path."
> -    echo "    -c, --cross           enable cross-compilation."
> -    echo "    -d, --debug           enable debug bitbake output."
> -    echo "    -f, --fast            cross build reduced set of configurations."
> -    echo "    -q, --quiet           suppress verbose bitbake output."
> -    echo "    -r, --repro           enable use of cached base repository."
> -    echo "    --help                display this message and exit."
> +    echo "    -b, --build BUILD_DIR    set path to build directory. If not set,"
> +    echo "                             the build will be started in current path."
> +    echo "    -c, --cross              enable cross-compilation."
> +    echo "    -d, --debug              enable debug bitbake output."
> +    echo "    -f, --fast               cross build reduced set of configurations."
> +    echo "    -q, --quiet              suppress verbose bitbake output."
> +    echo "    -r, --repro [-s, --sign] enable use of cached base repository with optional signing."
> +    echo "    --help                   display this message and exit."
>       echo
>       echo "Exit status:"
>       echo " 0  if OK,"
> @@ -103,6 +102,9 @@ do
>           ;;
>       -r|--repro)
>           REPRO_BUILD="1"
> +        case "$2" in
> +        -s|--sign) SIGN_REPO='1'; shift ;;
> +        esac
>           ;;
>       *)
>           echo "error: invalid parameter '$key', please try '--help' to get list of supported parameters"
> @@ -113,6 +115,7 @@ do
>       shift
>   done
>   
> +

Stray newline change.

>   # Setup build folder for the current build
>   if [ ! -d "$BUILD_DIR" ]; then
>           mkdir -p "$BUILD_DIR"
> @@ -124,6 +127,13 @@ if [ -n "$CROSS_BUILD" ]; then
>   fi
>   
>   if [ -n "$REPRO_BUILD" ]; then
> +    if [ -n "$SIGN_REPO" ]; then
> +        ISAR_TESTSUITE_GPG_PUB_KEY_FILE="$ISARROOT/testsuite/base-apt/test_pub.key"
> +        ISAR_TESTSUITE_GPG_PRIV_KEY_FILE="$ISARROOT/testsuite/base-apt/test_priv.key"
> +        export GNUPGHOME=$(mktemp -d)
> +        gpg --import $ISAR_TESTSUITE_GPG_PUB_KEY_FILE $ISAR_TESTSUITE_GPG_PRIV_KEY_FILE
> +        echo BASE_REPO_KEY=\"file://$ISAR_TESTSUITE_GPG_PUB_KEY_FILE\" >> conf/local.conf
> +    fi
>       # Enable use of cached base repository
>       bitbake $BB_ARGS -c cache_base_repo $REPRO_TARGETS_SET
>       while [ -e bitbake.sock ]; do sleep 1; done
> @@ -134,6 +144,9 @@ if [ -n "$REPRO_BUILD" ]; then
>       # Cleanup and disable use of cached base repository
>       sudo rm -rf tmp
>       sed -i -e 's/ISAR_USE_CACHED_BASE_REPO ?= "1"/#ISAR_USE_CACHED_BASE_REPO ?= "1"/g' conf/local.conf
> +    if [ -n "$SIGN_REPO" ]; then
> +        sed -i -e 's/BASE_REPO_KEY/#BASE_REPO_KEY/g' conf/local.conf
> +    fi

If you match on /^BASE_REPO_KEY/, you can make this unconditional.

>   fi
>   
>   sed -i -e 's/#IMAGE_INSTALL += "isar-disable-apt-cache"/IMAGE_INSTALL += "isar-disable-apt-cache"/g' conf/local.conf
> diff --git a/testsuite/base-apt/test_priv.key b/testsuite/base-apt/test_priv.key
> new file mode 100644
> index 0000000..fd3b735
> --- /dev/null
> +++ b/testsuite/base-apt/test_priv.key
> @@ -0,0 +1,58 @@
> +-----BEGIN PGP PRIVATE KEY BLOCK-----
> +
> +lQOYBF07NAMBCAC4JSMwDUaUbkz0a/g7991xIUf40d55iZheylspfHuhmFVMlTTW
> +BDv1KOTffopA5TgCTHoHwFilogymPSoeUGwk1DOQmdy1vLXMB76TZFZhvWgZxHFL
> +OPn3ktFH/YuJ4c2a5q/sqwGr2ivsMR161AufecuyZjuymkN224B1qanaevqE3f7X
> +mQ6ceSS3GCVNgZTcPplhbZEgsNIc94HgTLWEB3xTBx4N7uJfZG6sLduzUTm8Qs0j
> +t1ijRB21HSFOTo309G5QnVdlBP7G92jj7I7JrQqoauVTlaJhZoAbYUjDdr0qkIFa
> +PYsTIvbNeLCEIOJTkIi9Res94AOe2kThIL9zABEBAAEAB/45PsZNGltuKkn/FA+T
> +6O6szClZJzkPtGArW6HyaDHw3u/pglruC1vuT1uzRN3K5dc/E7I99aQ5PYLMLSiK
> +SvsLifJLyiEsWDF175RlsqQN93lExWZo+ZnvxnML+7ykzQ8DUCKxosm+uHC+GNiu
> +xfulBJJ378MwNzew2/T33xogAmL6sWEgtyhNPzny7ezMwFyiE4QyTyov+BZTbN2o
> +Gj3ds/NBgs650p5CAkauhNX8TCqq7ouRQmmQa281Mb8gBb5vSuwqGlHEjOpdgrWu
> +y7xXlwbwnGJQ8YyegIHycr33aFBI4PQq/oGf2SzVTMsGNM6xcPtIOKhW1AgCkZIh
> +GtmBBADPWPMJhZBO3fo6TXR+5PXqu8F6Qjk6Ur3hg00Ql32dgwKj7IjfOi0As0hB
> +d1Fn16zzHkkaYD5b0FsOO64Cst/mkN0/o5soTI9N4kq91AgMABDaRoXpuUCy9P3q
> +ReC/WVDcdQTCWfUnYOPj9AHioPje0NWwL2Wa9MZQFtvEx3vQgQQA41p0kEgFtT2e
> +dWCJiU+lMuONHr9DdiWlNPly8LwtzjCH4i07aeZH1vI5aE9mH+t43O9e+Zcvsjgh
> +ahZzfpv5ZQbTexXZAK/lGkebVPbbcXmFMBEITHNP0gN+HECWfU/1UQwUlQPBQQSL
> +rQud92Jmv1jKdJ6WwV4WDZeRX8rfVfMD/RMmLgqd7VOsB2y9PWToTMcnbqQzGARE
> +wtqL5NV+wv+d7fVM3E04g/7AXXIt2vCN1weoe9KEd9ps/kmqAt/dVi3zioLgBcQ3
> +begyZMGKECT4HYkXP4OahaPLm70jzKIf/SabsSX0l93w0g5Rdn7LIkydrs5ubjha
> +Xl5vxeB2GxEbR4W0J0lTQVIgdGVzdHN1aXRlIDxkZXZudWxsQGlzYXItYnVpbGQu
> +b3JnPokBVAQTAQgAPhYhBNKDcKXylQBbbe7hQeBFQDWDfznIBQJdOzQDAhsDBQkD
> +wmcABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEOBFQDWDfznIJp8H/j1lsnI/
> +mojhV6d302mBhn57Zyi2IlI59soFy6X7dZeVpr7evQSNiXZlctDT1K+JHzN0ZxJl
> +4lnHZceg6kfCijZNWYiLCyvGkx9j5/P37ZOb4ekr4/3UGPgY5i8RQ3sFrxO8Uv3A
> +42YJbBQFVo7v/u13eGTdII7wzQmJT+kPtTDsTk5EKZ2GuD4UqbjtH44BtjEpEDua
> +PAcyWeXR3Xdpn5wBVFXix5ntcxwxOxR9ikJP9QThof3rW8mWKKHRgLr53bV/+Usv
> +V5FRcGpuA0t4dH9Bj+DvdqFYUS9Xxxnu0pggnc2Ak/EoThpEW6Hmj0xZ9Qw1509u
> +31f/+ATeyBzZfAWdA5gEXTs0AwEIAMOSRpGeJqjoJllFxrvecevhNE274ERPTRtO
> +YhGQ7o9ikpF2b/9R0Aew5sO7w+F744ORGyPibMF8rZm5Ot3FSrkoq/N7hxG45OpE
> +NOqbYgSdh+qrxp8J5LRD0TnMbV2wjEJNEb5MtFjh/MoolvNI+0ScE4YS7drI9Pii
> +NpdiDDvdYRd/LDZaIGLXuHyOAOUtLePsQHrVBQi9CNXcxyu61QR4RuEVKfMuxjxk
> +lkKJKOSPwn2YJAEGdO941fmAAxCC4N/RwvX38whBHWWiW5qaco9tnnBHJSJDXoup
> +Vkmxhib9BFf4nlCia3v1o2K8QPYxwUMn4auvWav0tfMB3dx1BaEAEQEAAQAH+QGB
> +2AOG2iNHP09E9lLFC1Bt/WJF+uTXTi+/5q5L1UmwB7fajlDWDlxNYn+c9OgldVl7
> +uSibteYksg2FcrYMZkRhwO6jOpMKLRoHqYmYeEAgtmKDiNFC0AsxCS3TEWz9WK9g
> +H2Q9szwc+3WvGa63BHy3zcgkzw8tYAMUhqubkefaMKeIVtP08L00H7Vtv5AWtU3W
> +VBUVkHT1KQauhqrZNKi3CaQ+3wuXJXbyM+Ml/h6sthzHIWYpPveeSgHcSKRXo1ir
> +JgfPrSUN0ZcodHxKBASNsg9SYEp3LeCxq9lmxXuwbc4UgLxLRSdLn61QSruOR8kq
> +HSh0w/qF9hysiy6sDNkEAMYTeqFaqcR0odZeGPsKHBd44fJPCoP1BRpxfXK9h+Bd
> +pRaBBe21uoUDvcDGBymcVraOdSDY2GibN4wouRnQT49bqjx2EX+wAs/X6/TKa4fI
> +gudKsTNYP8nHhH9AJHm8eD1tm1i3fb8e6ymyNUKhdMF1oxKU8fmBCKsQDfY/Q/L9
> +BAD8w0mw1MhfMDU0IY5oA/wku2H110CU3p60glv3hYrtmIh//VL4hXnNZLMnyBc0
> +ILy4fSbCo1hzXNmuPhxsm7D/CE1nGEBU7M7LDJXRRlEn0YZx19n8zZPA2tGxdOhg
> +uC9fzSLlQM1W0NzMs4xKw0yhFZRuNQJOLC7zpbBP2GBYdQQAul6Q3dG7XnY7e/Ct
> +VMSxZ6tSBCXI5IKD+3h5THE+6BoeAUWe3fLOIadOuZA24gjFy9lGgUVWbLi7uG7s
> +cXugswz4vrzogGV1gn+4Bm3V//ckJrRkW7LWxY/h2f7hqegq12EXHBy4fzYdmkqz
> +RMOinPILoizk8JDFEqZhvXV7uZ9Cw4kBPAQYAQgAJhYhBNKDcKXylQBbbe7hQeBF
> +QDWDfznIBQJdOzQDAhsMBQkDwmcAAAoJEOBFQDWDfznIKHsH/RaJIDzUuHFTewwA
> +vKfdgduCU5Nhvz9/GXF9oZGvPUOK8/khudQ0nKWKKMsyc3dEelzsoioDbOXDeND0
> +oLGVeHPGVPYRUpfCbvs1t0wu9nIdIEu7FwItUYS0iYZdgxJ3FzTuip5dhBBbq2jl
> +OK1YX7o3/SfgT3qZgH37+jcZ7xbKUmrXxjVducdD0QxBhGyj3cZ9F8K7kJT5R0QV
> +z2ZUaFNMwu5qOqbMJs0cwy7h/NbOlk0bAJgUFRdYlfnuHAbGkfeu49kjEPTiiYYD
> +2zoZV1zOcjVd9cwIGKi4S225jD4dihzRfLkChE84e8Dfp4aMqJHEc+RaTBCKyxA4
> +5aiaZcY=
> +=oJ8J
> +-----END PGP PRIVATE KEY BLOCK-----
> diff --git a/testsuite/base-apt/test_pub.key b/testsuite/base-apt/test_pub.key
> new file mode 100644
> index 0000000..20735e4
> --- /dev/null
> +++ b/testsuite/base-apt/test_pub.key
> @@ -0,0 +1,30 @@
> +-----BEGIN PGP PUBLIC KEY BLOCK-----
> +
> +mQENBF07NAMBCAC4JSMwDUaUbkz0a/g7991xIUf40d55iZheylspfHuhmFVMlTTW
> +BDv1KOTffopA5TgCTHoHwFilogymPSoeUGwk1DOQmdy1vLXMB76TZFZhvWgZxHFL
> +OPn3ktFH/YuJ4c2a5q/sqwGr2ivsMR161AufecuyZjuymkN224B1qanaevqE3f7X
> +mQ6ceSS3GCVNgZTcPplhbZEgsNIc94HgTLWEB3xTBx4N7uJfZG6sLduzUTm8Qs0j
> +t1ijRB21HSFOTo309G5QnVdlBP7G92jj7I7JrQqoauVTlaJhZoAbYUjDdr0qkIFa
> +PYsTIvbNeLCEIOJTkIi9Res94AOe2kThIL9zABEBAAG0J0lTQVIgdGVzdHN1aXRl
> +IDxkZXZudWxsQGlzYXItYnVpbGQub3JnPokBVAQTAQgAPhYhBNKDcKXylQBbbe7h
> +QeBFQDWDfznIBQJdOzQDAhsDBQkDwmcABQsJCAcCBhUICQoLAgQWAgMBAh4BAheA
> +AAoJEOBFQDWDfznIJp8H/j1lsnI/mojhV6d302mBhn57Zyi2IlI59soFy6X7dZeV
> +pr7evQSNiXZlctDT1K+JHzN0ZxJl4lnHZceg6kfCijZNWYiLCyvGkx9j5/P37ZOb
> +4ekr4/3UGPgY5i8RQ3sFrxO8Uv3A42YJbBQFVo7v/u13eGTdII7wzQmJT+kPtTDs
> +Tk5EKZ2GuD4UqbjtH44BtjEpEDuaPAcyWeXR3Xdpn5wBVFXix5ntcxwxOxR9ikJP
> +9QThof3rW8mWKKHRgLr53bV/+UsvV5FRcGpuA0t4dH9Bj+DvdqFYUS9Xxxnu0pgg
> +nc2Ak/EoThpEW6Hmj0xZ9Qw1509u31f/+ATeyBzZfAW5AQ0EXTs0AwEIAMOSRpGe
> +JqjoJllFxrvecevhNE274ERPTRtOYhGQ7o9ikpF2b/9R0Aew5sO7w+F744ORGyPi
> +bMF8rZm5Ot3FSrkoq/N7hxG45OpENOqbYgSdh+qrxp8J5LRD0TnMbV2wjEJNEb5M
> +tFjh/MoolvNI+0ScE4YS7drI9PiiNpdiDDvdYRd/LDZaIGLXuHyOAOUtLePsQHrV
> +BQi9CNXcxyu61QR4RuEVKfMuxjxklkKJKOSPwn2YJAEGdO941fmAAxCC4N/RwvX3
> +8whBHWWiW5qaco9tnnBHJSJDXoupVkmxhib9BFf4nlCia3v1o2K8QPYxwUMn4auv
> +Wav0tfMB3dx1BaEAEQEAAYkBPAQYAQgAJhYhBNKDcKXylQBbbe7hQeBFQDWDfznI
> +BQJdOzQDAhsMBQkDwmcAAAoJEOBFQDWDfznIKHsH/RaJIDzUuHFTewwAvKfdgduC
> +U5Nhvz9/GXF9oZGvPUOK8/khudQ0nKWKKMsyc3dEelzsoioDbOXDeND0oLGVeHPG
> +VPYRUpfCbvs1t0wu9nIdIEu7FwItUYS0iYZdgxJ3FzTuip5dhBBbq2jlOK1YX7o3
> +/SfgT3qZgH37+jcZ7xbKUmrXxjVducdD0QxBhGyj3cZ9F8K7kJT5R0QVz2ZUaFNM
> +wu5qOqbMJs0cwy7h/NbOlk0bAJgUFRdYlfnuHAbGkfeu49kjEPTiiYYD2zoZV1zO
> +cjVd9cwIGKi4S225jD4dihzRfLkChE84e8Dfp4aMqJHEc+RaTBCKyxA45aiaZcY=
> +=kwGf
> +-----END PGP PUBLIC KEY BLOCK-----
> 

BTW, do we consider -r -s as being part of a fast CI run? Then both should 
likely be added to .gitlab-ci.yml.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux