* package_manager: support for signed DEB package feeds
@ 2022-04-11 20:42 Ferry Toth
0 siblings, 0 replies; 6+ messages in thread
From: Ferry Toth @ 2022-04-11 20:42 UTC (permalink / raw)
To: openembedded-core; +Cc: Richard Purdie, Xavier Berger, Alexander Kanavin
[PATCH v3 1/1] apt: add apt selftest to test signed package feeds
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
(in master) enabled signed deb package feeds.
This patch adds a runtime test for apt derived from the test_testimage_dnf test. When called from
`oe-selftest -r runtime_test.TestImage.test_testimage_apt` it creates a signed deb package feed,
runs a qemu image to install the key and performs some package management. To be able to install
the key the gnupg package is added to the testimage.
Changes in V3:
- Changed to original behavior when called from `bitbake core-image-sato -c testimage` and no
signed feed was created (Richard Purdie)
Changes in V2:
- Added runtime test for signed deb package feeds (Richard Purdie)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: package_manager: support for signed DEB package feeds
2022-04-19 13:21 ` Richard Purdie
@ 2022-04-19 19:39 ` Ferry Toth
0 siblings, 0 replies; 6+ messages in thread
From: Ferry Toth @ 2022-04-19 19:39 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Alexandre Belloni
Hi,
Op 19-04-2022 om 15:21 schreef Richard Purdie:
> On Wed, 2022-04-13 at 22:37 +0200, Ferry Toth wrote:
>> [PATCH v4 1/2] apt: add apt selftest to test signed package feeds
>> [PATCH v4 2/2] package_manager: fix missing dependency on gnupg when
>>
>> Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
>> Currently when building images this requirement is worked around by using [allow-insecure=yes] and
>> equivalently when performing selftest.
>>
>> Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
>> (already in master) enable signed deb package feeds. When called from
>> `oe-selftest -r runtime_test.TestImage.test_testimage_apt` this patch adds a runtime test for apt
>> derived from the test_testimage_dnf test. It creates a signed deb package feed, runs a qemu
>> image to install the key and performs some package management. To be able to install the key
>> the gnupg package is added to the testimage.
>>
>> Changes in V4:
>> - Add fix to make gnupg-native a dependency else hosttools is used and
>> `oe-selftest -r runtime_test.TestImage.test_testimage_apt` fails on Ubuntu 16.04 used
>> on the autobuilder (Alexandre Belloni)
>>
>> Changes in V3:
>> - When called from `bitbake core-image-sato -c testimage` package feed is unsigned. Auto-detect
>> this case and behave as before (Richard Purdie)
>>
>> Changes in V2:
>> - Added runtime test for signed deb package feeds (Richard Purdie)
>
> This has now merged, thanks for working through the details with this! The test
> should allow the functionality to stay working and is extremely useful/helpful.
I watched it go through the CI bots and I must say I'm impressed with
the process. Thanks for guiding me through this and merging.
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: package_manager: support for signed DEB package feeds
2022-04-13 20:37 Ferry Toth
@ 2022-04-19 13:21 ` Richard Purdie
2022-04-19 19:39 ` Ferry Toth
0 siblings, 1 reply; 6+ messages in thread
From: Richard Purdie @ 2022-04-19 13:21 UTC (permalink / raw)
To: Ferry Toth, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Alexandre Belloni
On Wed, 2022-04-13 at 22:37 +0200, Ferry Toth wrote:
> [PATCH v4 1/2] apt: add apt selftest to test signed package feeds
> [PATCH v4 2/2] package_manager: fix missing dependency on gnupg when
>
> Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
> Currently when building images this requirement is worked around by using [allow-insecure=yes] and
> equivalently when performing selftest.
>
> Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
> (already in master) enable signed deb package feeds. When called from
> `oe-selftest -r runtime_test.TestImage.test_testimage_apt` this patch adds a runtime test for apt
> derived from the test_testimage_dnf test. It creates a signed deb package feed, runs a qemu
> image to install the key and performs some package management. To be able to install the key
> the gnupg package is added to the testimage.
>
> Changes in V4:
> - Add fix to make gnupg-native a dependency else hosttools is used and
> `oe-selftest -r runtime_test.TestImage.test_testimage_apt` fails on Ubuntu 16.04 used
> on the autobuilder (Alexandre Belloni)
>
> Changes in V3:
> - When called from `bitbake core-image-sato -c testimage` package feed is unsigned. Auto-detect
> this case and behave as before (Richard Purdie)
>
> Changes in V2:
> - Added runtime test for signed deb package feeds (Richard Purdie)
This has now merged, thanks for working through the details with this! The test
should allow the functionality to stay working and is extremely useful/helpful.
Cheers,
Richard
^ permalink raw reply [flat|nested] 6+ messages in thread
* package_manager: support for signed DEB package feeds
@ 2022-04-13 20:37 Ferry Toth
2022-04-19 13:21 ` Richard Purdie
0 siblings, 1 reply; 6+ messages in thread
From: Ferry Toth @ 2022-04-13 20:37 UTC (permalink / raw)
To: openembedded-core, Richard Purdie
Cc: Xavier Berger, Alexander Kanavin, Alexandre Belloni
[PATCH v4 1/2] apt: add apt selftest to test signed package feeds
[PATCH v4 2/2] package_manager: fix missing dependency on gnupg when
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
(already in master) enable signed deb package feeds. When called from
`oe-selftest -r runtime_test.TestImage.test_testimage_apt` this patch adds a runtime test for apt
derived from the test_testimage_dnf test. It creates a signed deb package feed, runs a qemu
image to install the key and performs some package management. To be able to install the key
the gnupg package is added to the testimage.
Changes in V4:
- Add fix to make gnupg-native a dependency else hosttools is used and
`oe-selftest -r runtime_test.TestImage.test_testimage_apt` fails on Ubuntu 16.04 used
on the autobuilder (Alexandre Belloni)
Changes in V3:
- When called from `bitbake core-image-sato -c testimage` package feed is unsigned. Auto-detect
this case and behave as before (Richard Purdie)
Changes in V2:
- Added runtime test for signed deb package feeds (Richard Purdie)
^ permalink raw reply [flat|nested] 6+ messages in thread
* package_manager: support for signed DEB package feeds
@ 2022-04-11 20:50 Ferry Toth
0 siblings, 0 replies; 6+ messages in thread
From: Ferry Toth @ 2022-04-11 20:50 UTC (permalink / raw)
To: openembedded-core
Cc: Richard Purdie, Xavier Berger, Alexander Kanavin, Alexandre Belloni
[PATCH v3 1/1] apt: add apt selftest to test signed package feeds
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
(already in master) enable signed deb package feeds. When called from
`oe-selftest -r runtime_test.TestImage.test_testimage_apt` this patch adds a runtime test for apt
derived from the test_testimage_dnf test. It creates a signed deb package feed, runs a qemu
image to install the key and performs some package management. To be able to install the key
the gnupg package is added to the testimage.
Changes in V3:
- When called from `bitbake core-image-sato -c testimage` package feed is unsigned. Auto-detect
this case and behave as before (Richard Purdie)
Changes in V2:
- Added runtime test for signed deb package feeds (Richard Purdie)
^ permalink raw reply [flat|nested] 6+ messages in thread
* package_manager: support for signed DEB package feeds
@ 2022-04-03 19:50 Ferry Toth
0 siblings, 0 replies; 6+ messages in thread
From: Ferry Toth @ 2022-04-03 19:50 UTC (permalink / raw)
To: openembedded-core; +Cc: Richard Purdie, Xavier Berger, Alexander Kanavin
[PATCH v2 0/3] package_manager: support for signed DEB package feeds
[PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function
[PATCH v2 2/3] package_manager: sign DEB package feeds
[PATCH v2 3/3] apt: add apt selftest to test signed package feeds
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
enable signed deb package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
management. To be able to install the key the gnupg package is added to the testimage.
These patches makes deb a first class citizen as ipk and rpm.
Patches have been in use in meta-intel-edison since Gatesgarth,
see https://edison-fw.github.io/meta-intel-edison/5.0-Creating-a-deb-repository.html
Changes in V2:
- Added runtime test for signed deb package feeds (Richard Purdie)
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-04-19 19:39 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-11 20:42 package_manager: support for signed DEB package feeds Ferry Toth
-- strict thread matches above, loose matches on Subject: below --
2022-04-13 20:37 Ferry Toth
2022-04-19 13:21 ` Richard Purdie
2022-04-19 19:39 ` Ferry Toth
2022-04-11 20:50 Ferry Toth
2022-04-03 19:50 Ferry Toth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.