From patchwork Thu Aug  1 03:01:22 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dimitri John Ledkov <xnox@ubuntu.com>
X-Patchwork-Id: 1140230
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=ubuntu.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=surgut.co.uk header.i=@surgut.co.uk
	header.b="ItWxwlx/"; dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 45zZnc1D7yz9sMr;
	Thu,  1 Aug 2019 13:01:38 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1ht1LO-0004nn-8E; Thu, 01 Aug 2019 03:01:30 +0000
Received: from mail-io1-f68.google.com ([209.85.166.68])
	by huckleberry.canonical.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <dimitri.ledkov@surgut.co.uk>) id 1ht1LL-0004nh-74
	for kernel-team@lists.ubuntu.com; Thu, 01 Aug 2019 03:01:27 +0000
Received: by mail-io1-f68.google.com with SMTP id q22so21251031iog.4
	for <kernel-team@lists.ubuntu.com>;
	Wed, 31 Jul 2019 20:01:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=surgut.co.uk;
	s=google;
	h=sender:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=QDJ+kGLsc1V/1OGoTQzrOpB+ve5U2n4SXnJQaZu+TKk=;
	b=ItWxwlx/6sldn6qLhRtX0xwtUPOVJdnpLE1bDlSCBY0uLLI8Mr7mkYRQX8dcUV+wal
	vZuSCvcn5tydsJ1xNlzNyvqmG24XibMlWcSCWBy1Y9r53mG6nsv8YEM5mF9fc6UIUbaJ
	rgpecSSKH7jVP086EvKVar1mGq8YgWmqndveM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:mime-version:content-transfer-encoding;
	bh=QDJ+kGLsc1V/1OGoTQzrOpB+ve5U2n4SXnJQaZu+TKk=;
	b=qCzIq6k4nDQRCbUeb91AGNmm/geS+NFbDCv4jFLGzPG7+EHe9sIaqKtAHDtQaGL+2f
	DXeXwTnlYkyqxG7SESmJbo0FVPY1V7A3bLO2GHtg47YKCf/VX82ruOjjXITlDOVZn/FL
	a1xQN2Tb7Sw6REz6cSzaGmfriESfUUJt/fQrtZgZuPp7hkIge8z7HoJWtRUV+iEy39bS
	4r+P5fM4uXBWvXw3jHOrzsV3lMjorE+bkYemuuzMd1uOLRm7RMKejcc/gWFf6+hIEpsS
	CnoMYPb9ahxm1YmDbErI31hyPRP0thmmE2a+pnU62YulDvvx7SYBnE2YjFwv2FEAHCzF
	wHCA==
X-Gm-Message-State: APjAAAWTWwZ+epyB06+my0CaG7WckqRZ+uUPpBHKOvxzWP3r//xTqfBk
	zsPrWJ7f5027F12uTZAWyYyrb+2v
X-Google-Smtp-Source: 
 APXvYqxn5MZeRdV9SaMI0vtK8Fm84vckv7DWdjTX1wk6Av85EgDQUc/rZXcMBAZa7UgP6UEdPiS5mQ==
X-Received: by 2002:a6b:6516:: with SMTP id z22mr78858272iob.7.1564628485503;
	Wed, 31 Jul 2019 20:01:25 -0700 (PDT)
Received: from localhost ([162.223.5.78]) by smtp.gmail.com with ESMTPSA id
	c81sm117700827iof.28.2019.07.31.20.01.24
	(version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
	Wed, 31 Jul 2019 20:01:24 -0700 (PDT)
From: Dimitri John Ledkov <xnox@ubuntu.com>
To: kernel-team@lists.ubuntu.com
Subject: [linux-snap][bionic][PATCH] trusted.gpg.d directly supports .asc
	keys without gnupg/agent/etc.
Date: Wed, 31 Jul 2019 23:01:22 -0400
Message-Id: <20190801030122.17271-1-xnox@ubuntu.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: Dimitri John Ledkov <xnox@ubuntu.com>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

As per apt-key manpage one can ship armored keys with .asc extension
since apt 1.4 (bionic and up). For prior releases, gpg1 exported
binary .gpg keys are supported. No need to install gnupg, run
gnupg-agent, or execute apt-key.

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
---
 Sample build with this change in place is shown at:
 https://launchpad.net/~xnox/+snap/pc-kernel-bionic/+build/633218

 Makefile | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index b2c5ea5..00d3b25 100644
--- a/Makefile
+++ b/Makefile
@@ -93,14 +93,7 @@ all:
 
 	# Enable ppa:snappy-dev/image inside of the chroot and add the PPA's
 	# public signing key to apt:
-	# - gnugpg is required by apt-key
-	# - gnugpg 2.x requires gpg-agent to be running
-	# - procfs must be bind-mounted for gpg-agent
-	# - running apt-key as a child process of gpg-agent --daemon stops the
-	#   agent shortly after apt-key executes
-	$(ENV) chroot chroot apt-get -y install gnupg
-	mkdir --mode=0600 chroot/tmp/gnupg-home
-	cat snappy-dev-image.asc | $(ENV) chroot chroot gpg-agent --homedir /tmp/gnupg-home --daemon apt-key add -
+	cp snappy-dev-image.asc chroot/etc/apt/trusted.gpg.d/
 	# Copy in the sources.list just before modifying it (on build envs this already
 	# seems to be present, otherwise those would not fail).
 	cp /etc/apt/sources.list chroot/etc/apt/sources.list