From patchwork Tue Nov 26 14:12:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 3963 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 26 Nov 2024 15:12:28 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f57.google.com (mail-qv1-f57.google.com [209.85.219.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 4AQECRsN007659 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 26 Nov 2024 15:12:28 +0100 Received: by mail-qv1-f57.google.com with SMTP id 6a1803df08f44-6d419e1e6e2sf92640996d6.1 for ; Tue, 26 Nov 2024 06:12:28 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1732630342; cv=pass; d=google.com; s=arc-20240605; b=iYwRCfHA32ZJN0SzCSNYh3O1fQYiG8LMG91pfaVxGPg4Prnvvvx6JC3gmXqH2g3N27 F9h0XL22nA4p1bpkJLkpjRPklFRXXipgWjEkByIi1UFFS5Hi38grVKIUAssIy5DUUydI KHd8jVcu8Y+aBsfU82LIlmTF7uzHqyC9/afvu0b8w7MSf3NRH1uNB9goUS6F7IiUOd3D jH6iOavvQ6plnbEMRtFSsdLxy2/KcnUsG1nXm8bYHWEknG3n3AJYX83PAH77caiSnQjt N6Rre3Qt3Pts44vBEDkS0IrK/6b/lG1UGU34HT1bavbD3uBvNpuF4vwOctWYXy7INHug GLcg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=PNDB7hIphjVYel+nCOJzyuCWOBuEFMKcX8ZhebVTk4k=; fh=ZR0KjmtfoSINhTXEsR4xNrfxutzeNgbhc1+qGVs30JA=; b=HkADRflztw+X4XoifWJADobEi5OhS3wbsZf8gbPsa9EwM0g450JDK9RFIHjHGMU9Ke Xqbk21duPmRoutToaopUXhFX8I1MkxFDSuzOtwxtH/bbStGaIlor1pAdbQcWclDPrzuB oVc5tUjgvgE0Sdsz15eZ7WFDkZ4UfzES1K0bmjWPFTf43ucA8rLZBN56kA/80I1/wNxB BtnV3uS74gwvKZ+UzS+FGFhSNVcGjo/CMCGCJ7Wc4MsFgxvT8V2fOPmRkd7Xrr2mMiyC EPbJWHalIN3H+K8d299+oi1+AnSO2KcMxAWd5EN3J6/fVSdbV3Zrw7zPFak2YTRNJ8kz AiNA==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=ltzfNEFT; spf=pass (google.com: domain of fm-1321639-2024112614121812c08bda14a73012c6-wuqqch@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1321639-2024112614121812c08bda14a73012c6-wUQQCH@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1732630342; x=1733235142; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=PNDB7hIphjVYel+nCOJzyuCWOBuEFMKcX8ZhebVTk4k=; b=xHQ9LcVvofSto+pZVQB9KoIG6hLMSHZehy1ZnNITk/F1nMfU30ycQ1se16mcAClq3W 6D8jpD9XZho7fvXGhUNhuNr8nckrHlg679nUbfbol3mAFvJEQf5orRWQg5wbYUUjM1aM ljIxC2LUo1+G+KDNYkPOQz8F6cEY6aKMLcQFqPPs+lyBHS5ALj0XlgrkmUdJCtRjwZ6O aGZBkkDxb2piU0IHaCt9Ix0b8pjMUT04k/7YwnhcDw3qvyhcTGpxl07hhU9x4l6ouAxH Z0YljKTKTafKl04b0vQ06st8ugBw3JnTw3/5fUe112GLy6QRTJOainy2yywCoFMsB4FE cP2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732630342; x=1733235142; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PNDB7hIphjVYel+nCOJzyuCWOBuEFMKcX8ZhebVTk4k=; b=E/3fhH/ajgs2zX6ft7NqoTgrWgja1BU0lNPjkBiDaBSKwiHs+BkB+/YyE/2is7vhGG IFmSgZnyyMr+shz1Db0b/UD2Hk+8VRSDQO46tf25C6mzB7aj2bHLas8ExzqMM0Yj5hlk qqg8RTuJh7EYXdUdKIGqVbwH4ou5mEKcKC5HD30NoHRJIRngcyb/S2kBWxKW1cdFJ/vs Ze8bvYflUXqzNjE1xL+MDkx3gLspkU1W/4m1aygoaVn1qnLDqiIFcEosBBAKaP7FP987 RFX6Kq9eU+bqB+BstVs6kshSGFhweX6A9KX7vQeSMTa7aunePAxp9tCj3yGxtVDbFNG+ 5LUQ== X-Forwarded-Encrypted: i=2; AJvYcCVi+f4egyAV4jZnVos+ofeMFSaiH6wnNJ9hv+Sn4MWB4+xeiXNuptwzxpe08hLf+9Ua56L3900=@isar-build.org X-Gm-Message-State: AOJu0Yx6C5Eygeu7wN0uEr0n1OtI7mZocynOltH9PjvxVUA5aW9NWzZl BD/B1V8rxJ++KFKWSNQY0Y5hhULgEKyQ14/IDMO3C8NQc5EXl6K9 X-Google-Smtp-Source: AGHT+IG2AyBW1PL1+DLkgIqWSg9SPJOzKrGFZhNATTufu2UblmRuAUqJ0eV3yjhgGXpGgenV0vXqdQ== X-Received: by 2002:a05:6214:19c6:b0:6d4:e46:b438 with SMTP id 6a1803df08f44-6d450eed1edmr289698266d6.23.1732630341659; Tue, 26 Nov 2024 06:12:21 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ad4:5d41:0:b0:6d3:fa96:8d4 with SMTP id 6a1803df08f44-6d4421c4b85ls33670086d6.0.-pod-prod-04-us; Tue, 26 Nov 2024 06:12:20 -0800 (PST) X-Received: by 2002:a05:6122:3710:b0:515:4fab:b1a3 with SMTP id 71dfb90a1353d-5154fabbc32mr1411509e0c.0.1732630339839; Tue, 26 Nov 2024 06:12:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1732630339; cv=none; d=google.com; s=arc-20240605; b=SwKNMMl5c1/inN0ZNTPunaG+BIQRZQk+UJ18syvhfDHLSPxpUlwfgUELOcnhGq5xAB P5LtjpczyGWlKaTPzQIZwimzO0Z35DoEaQFYX9AQYkCoQD5D4UwLJ9NUL+1EcrdTPfo4 V/f2fDIPNejMXSZQIlpuXsCXacbgHuJIVgpquZkx13i6aywOmL1F8fy24bAN+6h0ZhqG YLa+DtQLyKSgL7EzBz3Pf9w4u8GezSrtompxLDSxOBWgXk67bZ77CpQrU/jOMfrONxL1 3xv6d0kokDyaFUmsWFFgMtUAyxFKcG3mQLu658xzCnJ5CyelzDtChXjvrJnb+7srpmzq Bw3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=sat/HhmibWmheylhfmo7RGB4XRjK77RyJpF5kd7qqdc=; fh=2vPEtVRFZgJExMSCfX53nKBFsjiPYp/60rbGy5S5Mwo=; b=DkjK4bMZAl2DFQceJ3IIrvrjuXQPFOGjxDZgcTrWekh0V7Tch2Vbvaurxi080pwWTg UzKcX5LuvI1u0YlsLHeS/uPPlVZi1CY8r4m/ymxdkVwdrQ4UaUxj5YY2XMkcQf6mhrEe MRgpJLb6KLW6N/9J7YY1nU79VTU+WqSp/RY+oEP4xXJhDHgjKC7OZA2qM/1zB5c+2y9X yx7YPKUA/rOoI0eEMOFvvo/QK3k/4Q5DlBoKQG1idwYi3qAG5kX4V6MNEqDKI6Uq2Ct1 rAtM3e9kAfI3Uxw9r5ydFo6yHJj8MCQ0Z9pU62+Sgy8gQUavpIL5mrmru49V1ijbH/BT UHZg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=ltzfNEFT; spf=pass (google.com: domain of fm-1321639-2024112614121812c08bda14a73012c6-wuqqch@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1321639-2024112614121812c08bda14a73012c6-wUQQCH@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-51544525550si90529e0c.2.2024.11.26.06.12.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Nov 2024 06:12:19 -0800 (PST) Received-SPF: pass (google.com: domain of fm-1321639-2024112614121812c08bda14a73012c6-wuqqch@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 2024112614121812c08bda14a73012c6 for ; Tue, 26 Nov 2024 15:12:18 +0100 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, Felix Moessbauer Subject: [PATCH 1/1] fix: include ca-certificates in mmdebstrap if needed Date: Tue, 26 Nov 2024 15:12:10 +0100 Message-Id: <20241126141210.2004080-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1321639:519-21489:flowmailer X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=ltzfNEFT; spf=pass (google.com: domain of fm-1321639-2024112614121812c08bda14a73012c6-wuqqch@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1321639-2024112614121812c08bda14a73012c6-wUQQCH@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= In case we have apt URLs with https, we also need the ca-certificates package. While that is not needed in mmdebstrap itself (as it uses the host packages), it will be needed in the later rootfs install tasks like sbuild-chroot and image install. Otherwise these tasks will fail due to certificate errors. For now, I copied over the logic from the old isar-bootstrap file, but we might want to unify this. Also, I did not copy the gnupg part as I'm unsure if that is needed. Signed-off-by: Felix Moessbauer --- I'm wondering how that was not noticed earlier. It literally breaks ALL Ubuntu builds against snapshot mirrors. Best regards, Felix Moessbauer Siemens AG .../isar-mmdebstrap/isar-mmdebstrap.inc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc index 1043f2d1..c8ea53ab 100644 --- a/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc +++ b/meta/recipes-core/isar-mmdebstrap/isar-mmdebstrap.inc @@ -12,6 +12,8 @@ inherit deb-dl-dir FILESEXTRAPATHS:append = ":${LAYERDIR_core}/recipes-core/isar-bootstrap/files" DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales,apt,usrmerge" +DISTRO_BOOTSTRAP_BASE_PACKAGES:append:https-support = ",ca-certificates" + BOOTSTRAP_TMPDIR = "${WORKDIR}/tempdir" # Fix for /var/lib/apt/available while maybe-jessie-or-older hook do not work @@ -24,6 +26,17 @@ MMHOOKS:debian-buster ?= "${DPKG_HOOKS}" DISTRO_BOOTSTRAP_KEYRING = "${WORKDIR}/distro-keyring.gpg" +def get_distro_have_https_source(d): + return any(source[2].startswith("https://") for source in generate_distro_sources(d)) + +def get_distro_needs_https_support(d): + if get_distro_have_https_source(d): + return "https-support" + else: + return "" + +OVERRIDES:append = ":${@get_distro_needs_https_support(d)}" + do_generate_keyrings[cleandirs] = "${WORKDIR}/trusted.gpg.d" do_generate_keyrings[dirs] = "${DEBDIR}" do_generate_keyrings[vardeps] += "DISTRO_BOOTSTRAP_KEYS THIRD_PARTY_APT_KEYS"