search

ilbers / isar

Integration System for Automated Root filesystem generation
Other
177 stars 72 forks source link

gpg-agent failed when using custom apt repository #96

Closed kakapapa closed 11 months ago

kakapapa commented 1 year ago

I tried to use my own apt repository created from bookworm repository, but it was failed to run gpg-agent.

| I: Base system installed successfully.
| '/home/build/work/build/tmp/work/emlinux-bookworm-arm64/isar-bootstrap-host/1.0-r0/apt-preferences' -> '/home/build/work/build/tmp/work/emlinux-bookworm-arm64/isar-bootstrap-host/1.0-r0/rootfs/etc/apt/preferences.d/bootstrap'
| '/home/build/work/build/tmp/work/emlinux-bookworm-arm64/isar-bootstrap-host/1.0-r0/apt-sources' -> '/home/build/work/build/tmp/work/emlinux-bookworm-arm64/isar-bootstrap-host/1.0-r0/rootfs/etc/apt/sources.list.d/bootstrap.list'
| '/home/build/work/build/tmp/work/emlinux-bookworm-arm64/isar-bootstrap-host/1.0-r0/apt-sources-init' -> '/home/build/work/build/tmp/work/emlinux-bookworm-arm64/isar-bootstrap-host/1.0-r0/rootfs/etc/apt/sources-list'
| Created temporary directory /tmp/gpghomeODiANHPwxD for gpg-agent
| chroot: failed to run command ‘/usr/bin/gpg-agent’: No such file or directory

To solve the problem, I had to install gnupg & gpg-agent packages like following;

--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc
@@ -23,7 +23,7 @@ APTSRCS_INIT = "${WORKDIR}/apt-sources-init"
 DISTRO_BOOTSTRAP_KEYFILES = ""
 THIRD_PARTY_APT_KEYFILES = ""
 DEPLOY_ISAR_BOOTSTRAP ?= ""
-DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales"
+DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales,gnupg,gpg-agent"
 DISTRO_BOOTSTRAP_BASE_PACKAGES:append:gnupg = ",gnupg"
 DISTRO_BOOTSTRAP_BASE_PACKAGES:append:https-support = ",ca-certificates"
 DISTRO_VARS_PREFIX ?= "${@'HOST_' if d.getVar('BOOTSTRAP_FOR_HOST') == '1' else ''}"
amikan commented 1 year ago

Hello, gpg-agent is started during the bootstrap only if THIRD_PARTY_APT_KEYS or DISTRO_BOOTSTRAP_KEYS are set and exist. This will set gnupg override that should already install gnupg package by: DISTRO_BOOTSTRAP_BASE_PACKAGES:append:gnupg = ",gnupg" And gnupg depends on gpg-agent, so no double include needed.

Did you sign your custom repo? Does any of THIRD_PARTY_APT_KEYS or DISTRO_BOOTSTRAP_KEYS variables set?

kakapapa commented 1 year ago

Hi @amikan

Did you sign your custom repo? Does any of THIRD_PARTY_APT_KEYS or DISTRO_BOOTSTRAP_KEYS variables set?

Yes. I made a apt repository with some of deb packages from bookworm repository and I signed the repository. Also I set DISTRO_BOOTSTRAP_KEYS variable.

amikan commented 1 year ago

Setting DISTRO_BOOTSTRAP_KEYS should be enough to have gnupg (and gpg-agent) installed. What Isar revision are you using (next/master/other)? Can you provide some minimal steps to reproduce (with sample conf files), so we can reproduce the issue?

BTW we have test_repro_signed test case in our CI (testsuite/citest.py) which used signed repo and proofed to work. You can try to look into differences between settings there.

kakapapa commented 1 year ago

@amikan Thank you for your reply and found it was my fault. sorry to bother you. The error was caused by using DISTRO_BOOTSTRAP_KEYFILES not DISTRO_BOOTSTRAP_KEYS.

ismagulb commented 11 months ago

Thanks @kakapapa for your feedback.