From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6658246660386193408
X-Received: by 2002:a7b:c18d:: with SMTP id y13mr679155wmi.2.1550663890896;
        Wed, 20 Feb 2019 03:58:10 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:f603:: with SMTP id w3ls785156wmc.13.gmail; Wed, 20 Feb
 2019 03:58:10 -0800 (PST)
X-Google-Smtp-Source: AHgI3IZ20zAoU7H/lxQ7aOca9LXqPfC8iauqIXF9F0VpzX/Yc2q6wWdp4Aseu9obQHfKCHtbRuYt
X-Received: by 2002:a1c:9c93:: with SMTP id f141mr600128wme.10.1550663890489;
        Wed, 20 Feb 2019 03:58:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550663890; cv=none;
        d=google.com; s=arc-20160816;
        b=ObgORVXzJ1DvVkfNCaNSS2HV1ahSPOHh2e0jdrEtkWqNcdS05TsvexUBXAiZJVXMOU
         hnLjJiFFst1nuLuu8GWlMF1CRATlNlohHJlQQIo13wjg2YPJWCd62BCR+9t65kkMbjIh
         Rb97mWeqOREOG4ud/MQiKh0pI2kVOKypAiK3Abbzl94fQp2xlHaSSNX3Av8OAZN3bCJo
         A/oZBYbynfUd9kdWt8zNMw9QFe24WVSk9Lkve4UDOx3syHehkFt2+Nj7XhVk8gfUwTEQ
         ARowZ7WF3YwhRQrx3gj+p1sbVp0TrVFNi34fgCe7JsCgBpuNZn2EWPxmeXEUpJOSVx2e
         DVxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:organization:from:references:to:subject;
        bh=xzTwm3EF40XBIuEElt5SVcmunCbN7DFTE3yt/l1R20A=;
        b=ptyXBZ8FzffD8bWWmC/iWydTmdlIDN+FQB0aFKZYDe9D3C4jVOfP4PI4+66H5UMW9D
         1rjUuvll/aUgPgbL1ztNswUxBn7OoU5Sv7qAMT7eQ9uPrYyZa4lOXdGo3DSplMmH8vmW
         fMdm02MBD+6XlLa89p/YM2yKx+FcXrN5RdSyjA6pDqq/o3+mOFx1k59qeylMjqO10g2g
         KlOsCu6ZVpT6UKhCQJwdepj701K2+wKev3rIMhKZijt8y9Uxp+XVS9rvF95aEe6XciOm
         RYMBDYJxSyhaazpnDaXgKmczuNSRYzwdxUmcYB4PVUIAfLLnsKLda5PuswLo1/JVmW9R
         VrXw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de
Return-Path: <mosipov@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id q192si46438wme.3.2019.02.20.03.58.10
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 20 Feb 2019 03:58:10 -0800 (PST)
Received-SPF: pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de
Received: from [192.168.0.18] ([46.39.55.92])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id x1KBw8EO023520
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 20 Feb 2019 12:58:09 +0100
Subject: Re: [PATCH 0/1] Fix remote key fetching apt keyring
To: Jan Kiszka <jan.kiszka@siemens.com>,
        "[ext] Andreas J. Reichel" <andreas.reichel.ext@siemens.com>,
        isar-users@googlegroups.com, Baurzhan Ismagulov <ibr@ilbers.de>
References: <20190219162942.6bfb794b@md1za8fc.ad001.siemens.net>
 <20190220112133.23122-1-andreas.reichel.ext@siemens.com>
 <d4e7676d-33cc-0366-05d9-2582371c9eb6@siemens.com>
From: "Maxim Yu. Osipov" <mosipov@ilbers.de>
Organization: ilbers GmbH
Message-ID: <eaa8a78b-123f-89a7-2bef-7b411c686d1b@ilbers.de>
Date: Wed, 20 Feb 2019 12:58:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <d4e7676d-33cc-0366-05d9-2582371c9eb6@siemens.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: 0nYHTJUL2FzX

On 2/20/19 12:27 PM, Jan Kiszka wrote:
> On 20.02.19 12:21, [ext] Andreas J. Reichel wrote:
>> From: Andreas Reichel <andreas.reichel.ext@siemens.com>
>>
>> Since my last mail was not answered, but this is an important topic,
>> here is a patch that shows what the problem is.
>>
>> If we fetch the user apt key from remote, we need the basename,
>> if we fetch it locally we need the absolute path...
>>
>> While this might not be the best way to fix this, it works as good
>> as the rest of this code...
>>
>> At least it fixes Isar again up to adding the key to the keyring.
>>
>> But this still does not fix the next problem with the docker-ce key:
>>
>> | I: Running command: debootstrap --arch arm64 --foreign --verbose 
>> --variant=minbase --include=locales --components=main,contrib,non-free 
>> --keyring 
>> /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg 
>> stretch 
>> /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/rootfs http://ftp.debian.org/debian 
>>
>> | I: Retrieving InRelease
>> | I: Retrieving Release
>> | I: Retrieving Release.gpg
>> | I: Checking Release signature
>> | E: Release signed by unknown key (key id EF0F382A1A7B6500)
>>
>> So something additionally must be done. Since I am not an expert on
>> debian keyring/debootstrap and dpkg signing I will try to find a
>> solution but maybe somebody has a good idea already?
>>
> 
> Baurzhan, Maxim, any idea?

Strange...I thought that commit af983a13 fixes the reported problem
When testing my patch signing base-apt I've tried both - remote keys 
(used by Raspberry Pi target) and local key.

@Andreas
I was really busy these days - I'll look on your problem ASAP.

Thanks,
Maxim.

> Jan
> 


-- 
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov