Message ID | 20210122170903.28134-1-amikan@ilbers.de |
---|---|
State | Accepted, archived |
Headers | show |
Series | [v3] isar-bootstrap: Run gpg-agent before starting apt-key | expand |
On 22.01.21 18:09, Anton Mikanovich wrote: > From: Yuri Adamov <yadamov@ilbers.de> > > Building rpi-stretch natively (under qemu) sometimes fails with: > > gpg: can't connect to the agent: IPC connect call failed > > gpg starts gpg-agent and times out after 5 s. This value is hard-coded. > > Besides, leaving running gpg-agent processes is not clean and prevents > unmounting of filesystems. > > This patch starts and stops the agent manually. > > Signed-off-by: Yuri Adamov <yadamov@ilbers.de> > Signed-off-by: Anton Mikanovich <amikan@ilbers.de> > --- > Changes since v2: > - Restored conditional gnupg include. > - Made gpg-agent run in gpg enabled builds only. > > Changes since v1: > - Removed unnecessary sleeping. > - Removed -9 in kill. > - Commented unconditionally gnupg package append. > - Removed unused OVERRIDES_append and get_distro_needs_gpg_support(). > --- > meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > index 8f5f727..0edefc5 100644 > --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > @@ -309,14 +309,25 @@ isar_bootstrap() { > mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d" > install -v -m644 "${WORKDIR}/isar-apt.conf" \ > "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf" > + if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" ]; then > + MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)" > + echo "Created temporary directory ${MY_GPGHOME} for gpg-agent" > + export GNUPGHOME="${MY_GPGHOME}" > + chroot "${ROOTFSDIR}" gpg-agent --daemon > + APT_KEY_APPEND="--homedir ${MY_GPGHOME}" > + fi > find ${APT_KEYS_DIR}/ -type f | while read keyfile > do > kfn="$(basename $keyfile)" > cp $keyfile "${ROOTFSDIR}/tmp/$kfn" > chroot "${ROOTFSDIR}" /usr/bin/apt-key \ > - --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn" > + --keyring ${THIRD_PARTY_APT_KEYRING} ${APT_KEY_APPEND} add "/tmp/$kfn" > rm "${ROOTFSDIR}/tmp/$kfn" > done > + if [ -d "${MY_GPGHOME}" ]; then > + echo "Killing gpg-agent for ${MY_GPGHOME}" > + chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf "${MY_GPGHOME}" > + fi > > if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then > install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \ > Thanks, looks good to me. Jan
25.01.2021 15:31, Jan Kiszka wrote: > > Thanks, looks good to me. > > Jan > Applied to next, thanks.
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 8f5f727..0edefc5 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -309,14 +309,25 @@ isar_bootstrap() { mkdir -p "${ROOTFSDIR}/etc/apt/apt.conf.d" install -v -m644 "${WORKDIR}/isar-apt.conf" \ "${ROOTFSDIR}/etc/apt/apt.conf.d/50isar.conf" + if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" ]; then + MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d /tmp/gpghomeXXXXXXXXXX)" + echo "Created temporary directory ${MY_GPGHOME} for gpg-agent" + export GNUPGHOME="${MY_GPGHOME}" + chroot "${ROOTFSDIR}" gpg-agent --daemon + APT_KEY_APPEND="--homedir ${MY_GPGHOME}" + fi find ${APT_KEYS_DIR}/ -type f | while read keyfile do kfn="$(basename $keyfile)" cp $keyfile "${ROOTFSDIR}/tmp/$kfn" chroot "${ROOTFSDIR}" /usr/bin/apt-key \ - --keyring ${THIRD_PARTY_APT_KEYRING} add "/tmp/$kfn" + --keyring ${THIRD_PARTY_APT_KEYRING} ${APT_KEY_APPEND} add "/tmp/$kfn" rm "${ROOTFSDIR}/tmp/$kfn" done + if [ -d "${MY_GPGHOME}" ]; then + echo "Killing gpg-agent for ${MY_GPGHOME}" + chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf "${MY_GPGHOME}" + fi if [ "${@get_distro_suite(d, True)}" = "stretch" ] && [ "${@get_host_release().split('.')[0]}" -lt "4" ]; then install -v -m644 "${WORKDIR}/isar-apt-fallback.conf" \