search

rock-core / autoproj

Rock (Robot Construction Kit) package-oriented build system
http://rock-robotics.org/rock-and-syskit/workspace
23 stars 22 forks source link

fix: only requires an 'id' for keyservers definitions #384

Closed caioaamaral closed 1 year ago

caioaamaral commented 2 years ago

For "url" definitions, we don't need an id key, e.g:

- type: key
  url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
- type: repo
  repo: "deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
g-arjones commented 2 years ago

If you remove the id autoproj will keep downloading the keyfile every time you update. The id is required so autoproj can check whether the key was already added.

caioaamaral commented 2 years ago

can we use the "url" itself for this check? Or make autoproj generate a random id for such case?

g-arjones commented 2 years ago

Currently, we check if the key with the given id already exists in the keychain, so using a randomly generated fingerprint doesn't make sense (since it will obviously not be in the keychain).

If you really mind having to add the key fingerprint to the .repos file I guess you could cache the keyfile somewhere in the workspace and compare its md5 hash with the remote file but that means you will still have to hit the remote server every time (which may be undesirable) and you'll have to handle update --only-local. I really don't think the effort is worth it but you're welcome to try.

@doudou Thoughts?

caioaamaral commented 2 years ago

Currently, we check if the key with the given id already exists in the keychain, so using a randomly generated fingerprint doesn't make sense (since it will obviously not be in the keychain).

What if I just set the id, internally in autoproj, with the same value stored at the url? I believe it would still be a unique id, compatible with the keychain checking.

I'm ok with manually setting a key directly on the yml, but wouldn't that be fragile somehow? For example, a user could set the same id for two different keys (unless there is an internal check for that already)

g-arjones commented 2 years ago

What if I just set the id, internally in autoproj, with the same value stored at the URL?

I don't understand what you are suggesting. What do you mean by the value stored at the URL?

For example, a user could set the same id for two different keys

I don't think we should worry about that because there's nothing we can do. The user can still do that when getting the key from a keyserver. If two entries have the same fingerprint then the keys are the same and the current behavior is appropriate in my opinion (only add one of them).

caioaamaral commented 2 years ago

I don't understand what you are suggesting. What do you mean by the value stored at the URL?

the equivalent to: 

                - type: key
                  url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
                  id: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
                - type: repo
                  repo: "deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"

but I believe I'm overthinking it, setting it directly on the yaml seems to be enough for my use case

g-arjones commented 2 years ago

And what are you going to use that for?