[PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[stevenrwalter]

subversion 1.9 uses gpg to encrypt authentication details that are
stored in ~/.subversion.  This means that GPG_AGENT_INFO needs to be
available when svn is run by do_fetch, or else svn will not be able to
authenticate to the remote server.  Treat GPG_AGENT_INFO like
SSH_AUTH_SOCK, including it in the fetch environment and BB_ENV_EXTRAWHITE
---
 bitbake/lib/bb/fetch2/__init__.py | 1 +
 meta/conf/bitbake.conf            | 2 +-
 scripts/oe-buildenv-internal      | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index 5b9483a..d6dc4a5 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -830,6 +830,7 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None):
                   'GIT_SSL_CAINFO',
                   'GIT_SMART_HTTP',
                   'SSH_AUTH_SOCK', 'SSH_AGENT_PID',
+                  'GPG_AGENT_INFO',
                   'SOCKS5_USER', 'SOCKS5_PASSWD',
                   'DBUS_SESSION_BUS_ADDRESS',
                   'P4CONFIG']
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index c6490eb..b241237 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -871,7 +871,7 @@ BB_HASHCONFIG_WHITELIST ?= "${BB_HASHBASE_WHITELIST} DATE TIME SSH_AGENT_PID \
     PARALLEL_MAKE BB_NUMBER_THREADS BB_ORIGENV BB_INVALIDCONF BBINCLUDED \
     GIT_PROXY_COMMAND ALL_PROXY all_proxy NO_PROXY no_proxy FTP_PROXY ftp_proxy \
     HTTP_PROXY http_proxy HTTPS_PROXY https_proxy SOCKS5_USER SOCKS5_PASSWD \
-    BB_SETSCENE_ENFORCE BB_CMDLINE BB_SERVER_TIMEOUT"
+    BB_SETSCENE_ENFORCE BB_CMDLINE BB_SERVER_TIMEOUT GPG_AGENT_INFO"
 BB_SIGNATURE_EXCLUDE_FLAGS ?= "doc deps depends \
     lockfiles type vardepsexclude vardeps vardepvalue vardepvalueexclude \
     file-checksums python func task export unexport noexec nostamp dirs cleandirs \
diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
index 6773872..99a2ee1 100755
--- a/scripts/oe-buildenv-internal
+++ b/scripts/oe-buildenv-internal
@@ -133,7 +133,8 @@ BB_ENV_EXTRAWHITE_OE="MACHINE DISTRO TCMODE TCLIBC HTTP_PROXY http_proxy \
 HTTPS_PROXY https_proxy FTP_PROXY ftp_proxy FTPS_PROXY ftps_proxy ALL_PROXY \
 all_proxy NO_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY \
 SDKMACHINE BB_NUMBER_THREADS BB_NO_NETWORK PARALLEL_MAKE GIT_PROXY_COMMAND \
-SOCKS5_PASSWD SOCKS5_USER SCREENDIR STAMPS_DIR BBPATH_EXTRA BB_SETSCENE_ENFORCE"
+SOCKS5_PASSWD SOCKS5_USER SCREENDIR STAMPS_DIR BBPATH_EXTRA BB_SETSCENE_ENFORCE \
+GPG_AGENT_INFO"
 
 BB_ENV_EXTRAWHITE="$(echo $BB_ENV_EXTRAWHITE $BB_ENV_EXTRAWHITE_OE | tr ' ' '\n' | LC_ALL=C sort --unique | tr '\n' ' ')"
 
-- 
2.7.4

Re: [poky] [PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[Ross Burton]

On 14/01/2020 19:07, Steven Walter wrote:
> subversion 1.9 uses gpg to encrypt authentication details that are
> stored in ~/.subversion.  This means that GPG_AGENT_INFO needs to be
> available when svn is run by do_fetch, or else svn will not be able to
> authenticate to the remote server.  Treat GPG_AGENT_INFO like
> SSH_AUTH_SOCK, including it in the fetch environment and BB_ENV_EXTRAWHITE
> ---
>   bitbake/lib/bb/fetch2/__init__.py | 1 +
>   meta/conf/bitbake.conf            | 2 +-
>   scripts/oe-buildenv-internal      | 3 ++-

Poky is a constructed repository, the bitbake change needs to go the the 
bitbake list and the meta/ and scripts/ changes the openembedded-core list.

Ross

Re: [poky] [PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[Steven Walter]

[-- Attachment #1: Type: text/plain, Size: 1087 bytes --]

That seems... byzantine.  I don't see any repos matching that description
on git.yoctoproject.org; can you point me in the right direction so I can
generate proper git patches against those repositories?

On Tue, Jan 14, 2020 at 4:30 PM Ross Burton <ross.burton@intel.com> wrote:

> On 14/01/2020 19:07, Steven Walter wrote:
> > subversion 1.9 uses gpg to encrypt authentication details that are
> > stored in ~/.subversion.  This means that GPG_AGENT_INFO needs to be
> > available when svn is run by do_fetch, or else svn will not be able to
> > authenticate to the remote server.  Treat GPG_AGENT_INFO like
> > SSH_AUTH_SOCK, including it in the fetch environment and
> BB_ENV_EXTRAWHITE
> > ---
> >   bitbake/lib/bb/fetch2/__init__.py | 1 +
> >   meta/conf/bitbake.conf            | 2 +-
> >   scripts/oe-buildenv-internal      | 3 ++-
>
> Poky is a constructed repository, the bitbake change needs to go the the
> bitbake list and the meta/ and scripts/ changes the openembedded-core list.
>
> Ross
>
> 
>


-- 
-Steven Walter <stevenrwalter@gmail.com>

[-- Attachment #2: Type: text/html, Size: 1649 bytes --]

Re: [poky] [PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[Richard Purdie]

On Tue, 2020-01-14 at 16:43 -0500, Steven Walter wrote:
> That seems... byzantine.  I don't see any repos matching that
> description on git.yoctoproject.org; can you point me in the right
> direction so I can generate proper git patches against those
> repositories?

https://git.openembedded.org/bitbake/
https://git.openembedded.org/openembedded-core/

It should be mentioned in the README. I appreciate this is all a little
suboptimal, there is a plan to change things but that isn't
straightforward, there are limited resources and other bigger fires
right now :/.

Cheers,

Richard

Re: [poky] [PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[Denys Dmytriyenko]

On Tue, Jan 14, 2020 at 04:43:12PM -0500, Steven Walter wrote:
> That seems... byzantine.  I don't see any repos matching that description
> on git.yoctoproject.org; can you point me in the right direction so I can
> generate proper git patches against those repositories?

Those are OpenEmbedded repos, which Yocto Project builds on top of:
https://git.openembedded.org/
https://git.openembedded.org/bitbake/
https://git.openembedded.org/openembedded-core/

Why is it "byzantine". Poky is just one of many OpenEmbedded distros. And 
Linux distros do incorporate thousands of different Open Source components - 
you don't expect Debian, RHEL or Ubuntu to implement own kernel, own shell 
interpretor, own C compiler, etc. Moreover, Yocto Project implements layered 
architecture and layers can come from different places...

Denys


> On Tue, Jan 14, 2020 at 4:30 PM Ross Burton <ross.burton@intel.com> wrote:
> 
> > On 14/01/2020 19:07, Steven Walter wrote:
> > > subversion 1.9 uses gpg to encrypt authentication details that are
> > > stored in ~/.subversion.  This means that GPG_AGENT_INFO needs to be
> > > available when svn is run by do_fetch, or else svn will not be able to
> > > authenticate to the remote server.  Treat GPG_AGENT_INFO like
> > > SSH_AUTH_SOCK, including it in the fetch environment and
> > BB_ENV_EXTRAWHITE
> > > ---
> > >   bitbake/lib/bb/fetch2/__init__.py | 1 +
> > >   meta/conf/bitbake.conf            | 2 +-
> > >   scripts/oe-buildenv-internal      | 3 ++-
> >
> > Poky is a constructed repository, the bitbake change needs to go the the
> > bitbake list and the meta/ and scripts/ changes the openembedded-core list.
> >
> > Ross
> >
> > 
> >
> 
> 
> -- 
> -Steven Walter <stevenrwalter@gmail.com>

> 

Re: [poky] [PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[Alexander Kanavin]

[-- Attachment #1: Type: text/plain, Size: 1461 bytes --]

Yocto has a complicated history, and this reflects in the repo structure.

You don’t need to set up the original repos; generating the patches against poky is fine. You just need to split up your patch and send the parts to the right mailing lists.

Alex

> On 14 Jan 2020, at 22.43, Steven Walter <stevenrwalter@gmail.com> wrote:
> 
> That seems... byzantine.  I don't see any repos matching that description on git.yoctoproject.org; can you point me in the right direction so I can generate proper git patches against those repositories?
> 
>> On Tue, Jan 14, 2020 at 4:30 PM Ross Burton <ross.burton@intel.com> wrote:
>> On 14/01/2020 19:07, Steven Walter wrote:
>> > subversion 1.9 uses gpg to encrypt authentication details that are
>> > stored in ~/.subversion.  This means that GPG_AGENT_INFO needs to be
>> > available when svn is run by do_fetch, or else svn will not be able to
>> > authenticate to the remote server.  Treat GPG_AGENT_INFO like
>> > SSH_AUTH_SOCK, including it in the fetch environment and BB_ENV_EXTRAWHITE
>> > ---
>> >   bitbake/lib/bb/fetch2/__init__.py | 1 +
>> >   meta/conf/bitbake.conf            | 2 +-
>> >   scripts/oe-buildenv-internal      | 3 ++-
>> 
>> Poky is a constructed repository, the bitbake change needs to go the the 
>> bitbake list and the meta/ and scripts/ changes the openembedded-core list.
>> 
>> Ross
>> 
>> 
> 
> 
> -- 
> -Steven Walter <stevenrwalter@gmail.com>
> 

[-- Attachment #2: Type: text/html, Size: 2456 bytes --]

Re: [poky] [PATCH] Allow original $GPG_AGENT_INFO into do_fetch

[Steven Walter]

[-- Attachment #1: Type: text/plain, Size: 849 bytes --]

Thanks, Richard.  I'll re-generate the patches as suggested

On Tue, Jan 14, 2020 at 5:00 PM Richard Purdie <
richard.purdie@linuxfoundation.org> wrote:

> On Tue, 2020-01-14 at 16:43 -0500, Steven Walter wrote:
> > That seems... byzantine.  I don't see any repos matching that
> > description on git.yoctoproject.org; can you point me in the right
> > direction so I can generate proper git patches against those
> > repositories?
>
> https://git.openembedded.org/bitbake/
> https://git.openembedded.org/openembedded-core/
>
> It should be mentioned in the README. I appreciate this is all a little
> suboptimal, there is a plan to change things but that isn't
> straightforward, there are limited resources and other bigger fires
> right now :/.
>
> Cheers,
>
> Richard
>
>

-- 
-Steven Walter <stevenrwalter@gmail.com>

[-- Attachment #2: Type: text/html, Size: 1622 bytes --]