From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6654236089293733888
X-Received: by 2002:ac2:418d:: with SMTP id z13mr1432722lfh.13.1549636372880;
        Fri, 08 Feb 2019 06:32:52 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a2e:90ce:: with SMTP id o14-v6ls758604ljg.11.gmail; Fri, 08
 Feb 2019 06:32:52 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ib72F/gmWDoN21yGhXFwjwtCacfBIw11/LpyNxSbbaRZJkCtpiHT9ofLbb1nUdSqTPcMyxh
X-Received: by 2002:a2e:9757:: with SMTP id f23-v6mr1419784ljj.23.1549636372243;
        Fri, 08 Feb 2019 06:32:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549636372; cv=none;
        d=google.com; s=arc-20160816;
        b=z1DF4GIXVKhhnKV84ERe5J4eOhtGilKRKuMlz18sfPO2ssWoPc6wH8csSUY4rBNGU7
         dgL8Zm3MyQ3RZPtnREEGXIfiio82eY4TBqMc7Loolh8QJ9VXV6gAI55cPVqs8oc6rsTJ
         mQYSWFJKma0o+51IUS4hMOR2rJNv4bHrWvqz2JycYau5tjzCWduG1lc84rh6hSIFroxM
         7IISb3uPo1JWRWpq8oq2zDupE+aA2pRdVYR4bzLWh7ADUBYEEB6th4gBayfGBnsOG4GV
         ts9icCHI179x2L/0Mqf/snN1pgI1nQOqS3zHxs7HTTdn4cMl/WjGluJAOF0lSjz0x58v
         wwCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:organization:references:to:from:subject;
        bh=zYBNTFFBqqOI2SHY78IyIHSn9+6AMhtzARAEcMsJQeY=;
        b=NwRGxaBWXYYT98Vant+x/BEovs7lUQFsJhW2mFTyH6dBKAGlUqVVxXXlbdUAvaj1dm
         SUz6Etog3KS4b/+tf2ffedSfyVuH3ItZcuilZ36JvBG4P8mylrVl4IeGtGYFV1B8siCJ
         3AOztUX5zTsD/cobz9r8Dh+8AUGbWSxEQXT2rdmCgCS3OEPXKzuSn6zo8xLtvXtjluEk
         EJgJNToOVu57n5LFQPB9sc2R5notnOU6Sn5LmvQFdeQhEInnumrnYPaOs0nM9Cbz8/C3
         BqU/8CjalB8ruSC+8wZLNZjMEJG/xDEbknAHrkwMK0Ouk9ltVjrPziTtyuxdINcpTrTV
         bU4Q==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de
Return-Path: <mosipov@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id q10-v6si129233lji.4.2019.02.08.06.32.51
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Fri, 08 Feb 2019 06:32:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=mosipov@ilbers.de
Received: from [192.168.50.163] (d51A48A80.access.telenet.be [81.164.138.128])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id x18EWo9I026953
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Fri, 8 Feb 2019 15:32:50 +0100
Subject: Re: [PATCH 0/3] Signing local cache repo
From: "Maxim Yu. Osipov" <mosipov@ilbers.de>
To: isar-users@googlegroups.com
References: <20190204195420.7972-1-mosipov@ilbers.de>
Organization: ilbers GmbH
Message-ID: <fc7cb3dc-febf-1323-fa3d-64e350737958@ilbers.de>
Date: Fri, 8 Feb 2019 15:32:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <20190204195420.7972-1-mosipov@ilbers.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,URIBL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: UMAtx3ODJr7R

On 2/4/19 8:54 PM, Maxim Yu. Osipov wrote:
> Hello everybody,
> 
> By default the local caching repo is not gpg signed.
> This series adds the ability to sign it.
> 
> Prerequsite: we suppose that gpg is installed on your host system
> and a default key pair is generated.
> 
>   -  set `BASE_REPO_KEY` in `conf/local.conf` to `SRC_URI` of your public key,
> f.e. BASE_REPO_KEY = "file:///home/user/my_pub.key" and
> follow usual procedure of  creation of local apt repo caching:
> 
>   - bitbake -c cache_base_repo multiconfig:qemuamd64-stretch:isar-image-base
> 
>   - Set `ISAR_USE_CACHED_BASE_REPO` in `conf/local.conf`:
> 
> ```
> # Uncomment this to enable use of cached base repository
> #ISAR_USE_CACHED_BASE_REPO ?= "1"
> ```
>   - Remove build artifacts to use only local base-apt:
> 
> ```
> sudo rm -rf tmp
> 
> ```
>   - Trigger again generation of image (now using local caching repo):
> 
> ```
> bitbake multiconfig:qemuamd64-stretch:isar-image-base
> ```
> 
> Note: Depending on your gpg configuration you may be asked to provide a passphrase
> (if it is non empty).
> 
> Kind regards,
> Maxim.

Applied to the 'next' (v2 of patch #3  was applied)

Maxim.

> Maxim Yu. Osipov (3):
>    isar-bootstrap: Allow to set local keys in DISTRO_APT_KEYS
>    base-apt: Introduce BASE_REPO_KEY to sign local repo
>    doc/user_manual: Describe gpg signing of local repo
> 
>   doc/user_manual.md                                  | 10 ++++++----
>   meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 16 ++++++++++++++--
>   meta/recipes-devtools/base-apt/base-apt.bb          |  6 ++++++
>   3 files changed, 26 insertions(+), 6 deletions(-)
> 


-- 
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov