diff mbox series

[linux-snap,xenial,master] Copy host trusted.gpg keyring into the chroot

Message ID 20210421011806.614966-1-xnox@ubuntu.com
State New
Headers show
Series [linux-snap,xenial,master] Copy host trusted.gpg keyring into the chroot | expand

Commit Message

Dimitri John Ledkov April 21, 2021, 1:18 a.m. UTC
Launchpad xenial snap builds now have ubuntu-esm repositories
enabled. And now apt-get -y update started to produce error since the
GPG keys of the sources.list from the host, are not available in the
chroot. Fix this by copying the host trusted.gpg keyring into the
chroot.

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
---

 This patch is for
 lp:~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial -b master

 This patch is needed for the upcomming xenial ESM kernel snap builds,
 and enables building public ESM kernel snaps using kernels from
 ~ubuntu-esm/esm-infra-security in launchpad.

 https://code.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial/+ref/master

 This change & fix has been tested at
 https://launchpad.net/~xnox/+snap/xnox-pc-esm
 
 Makefile | 1 +
 1 file changed, 1 insertion(+)

Comments

Stefan Bader April 21, 2021, 7:32 a.m. UTC | #1
On 21.04.21 03:18, Dimitri John Ledkov wrote:
> Launchpad xenial snap builds now have ubuntu-esm repositories
> enabled. And now apt-get -y update started to produce error since the
> GPG keys of the sources.list from the host, are not available in the
> chroot. Fix this by copying the host trusted.gpg keyring into the
> chroot.
> 
> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
> ---
> 
>   This patch is for
>   lp:~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial -b master
> 
>   This patch is needed for the upcomming xenial ESM kernel snap builds,
>   and enables building public ESM kernel snaps using kernels from
>   ~ubuntu-esm/esm-infra-security in launchpad.
> 
>   https://code.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial/+ref/master
> 
>   This change & fix has been tested at
>   https://launchpad.net/~xnox/+snap/xnox-pc-esm
>   
>   Makefile | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/Makefile b/Makefile
> index 453c027..6f64547 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -82,6 +82,7 @@ prepare-chroot:
>   	# already added there. This does not matter as long as adding the
>   	# key will not require installing some additional package.
>   	cp /etc/apt/sources.list chroot/etc/apt/sources.list
> +	cp /etc/apt/trusted.gpg chroot/etc/apt/trusted.gpg.d/host-trusted.gpg
>   	echo "deb http://ppa.launchpad.net/snappy-dev/image/ubuntu $(RELEASE) main" >> chroot/etc/apt/sources.list
>   
>   	# install all updates
>
Kleber Souza April 21, 2021, 8:38 a.m. UTC | #2
On 21.04.21 03:18, Dimitri John Ledkov wrote:
> Launchpad xenial snap builds now have ubuntu-esm repositories
> enabled. And now apt-get -y update started to produce error since the
> GPG keys of the sources.list from the host, are not available in the
> chroot. Fix this by copying the host trusted.gpg keyring into the
> chroot.
> 
> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

Thanks

> ---
> 
>   This patch is for
>   lp:~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial -b master
> 
>   This patch is needed for the upcomming xenial ESM kernel snap builds,
>   and enables building public ESM kernel snaps using kernels from
>   ~ubuntu-esm/esm-infra-security in launchpad.
> 
>   https://code.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial/+ref/master
> 
>   This change & fix has been tested at
>   https://launchpad.net/~xnox/+snap/xnox-pc-esm
>   
>   Makefile | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/Makefile b/Makefile
> index 453c027..6f64547 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -82,6 +82,7 @@ prepare-chroot:
>   	# already added there. This does not matter as long as adding the
>   	# key will not require installing some additional package.
>   	cp /etc/apt/sources.list chroot/etc/apt/sources.list
> +	cp /etc/apt/trusted.gpg chroot/etc/apt/trusted.gpg.d/host-trusted.gpg
>   	echo "deb http://ppa.launchpad.net/snappy-dev/image/ubuntu $(RELEASE) main" >> chroot/etc/apt/sources.list
>   
>   	# install all updates
>
Stefan Bader April 23, 2021, 10:23 a.m. UTC | #3
On 21.04.21 03:18, Dimitri John Ledkov wrote:
> Launchpad xenial snap builds now have ubuntu-esm repositories
> enabled. And now apt-get -y update started to produce error since the
> GPG keys of the sources.list from the host, are not available in the
> chroot. Fix this by copying the host trusted.gpg keyring into the
> chroot.
> 
> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
> ---

Applied to xenial:linux-snap/master. Thanks.

-Stefan

> 
>   This patch is for
>   lp:~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial -b master
> 
>   This patch is needed for the upcomming xenial ESM kernel snap builds,
>   and enables building public ESM kernel snaps using kernels from
>   ~ubuntu-esm/esm-infra-security in launchpad.
> 
>   https://code.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial/+ref/master
> 
>   This change & fix has been tested at
>   https://launchpad.net/~xnox/+snap/xnox-pc-esm
>   
>   Makefile | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/Makefile b/Makefile
> index 453c027..6f64547 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -82,6 +82,7 @@ prepare-chroot:
>   	# already added there. This does not matter as long as adding the
>   	# key will not require installing some additional package.
>   	cp /etc/apt/sources.list chroot/etc/apt/sources.list
> +	cp /etc/apt/trusted.gpg chroot/etc/apt/trusted.gpg.d/host-trusted.gpg
>   	echo "deb http://ppa.launchpad.net/snappy-dev/image/ubuntu $(RELEASE) main" >> chroot/etc/apt/sources.list
>   
>   	# install all updates
>
diff mbox series

Patch

diff --git a/Makefile b/Makefile
index 453c027..6f64547 100644
--- a/Makefile
+++ b/Makefile
@@ -82,6 +82,7 @@  prepare-chroot:
 	# already added there. This does not matter as long as adding the
 	# key will not require installing some additional package.
 	cp /etc/apt/sources.list chroot/etc/apt/sources.list
+	cp /etc/apt/trusted.gpg chroot/etc/apt/trusted.gpg.d/host-trusted.gpg
 	echo "deb http://ppa.launchpad.net/snappy-dev/image/ubuntu $(RELEASE) main" >> chroot/etc/apt/sources.list
 
 	# install all updates