From patchwork Wed Apr 21 01:18:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1468523 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=surgut.co.uk header.i=@surgut.co.uk header.a=rsa-sha256 header.s=google header.b=JYdxLoxB; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FQ2k56Qdpz9tlB; Wed, 21 Apr 2021 11:18:20 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lZ1VN-0007tY-Vi; Wed, 21 Apr 2021 01:18:13 +0000 Received: from mail-wm1-f50.google.com ([209.85.128.50]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lZ1VJ-0007tI-Qb for kernel-team@lists.ubuntu.com; Wed, 21 Apr 2021 01:18:09 +0000 Received: by mail-wm1-f50.google.com with SMTP id k128so21214899wmk.4 for ; Tue, 20 Apr 2021 18:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=surgut.co.uk; s=google; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=pHLIJtp8C7wSGF57ZD/N0Ja33QbhHi70XCTMmKFqjBY=; b=JYdxLoxBMnrYoin6swULJEcbgsrJMIfKFFWrH4AO3l09Hu5WWW+RBjQ0kCHpccmkmA Ev4u41+i4w9bT6QAoulngKS86Nug+d6fvqTIprq+HVbacvkGjU56llxKC65fZCuA0FvS LqmLc2v0RARXYRYzc5eBeGpDdzXOU68vHLFvk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=pHLIJtp8C7wSGF57ZD/N0Ja33QbhHi70XCTMmKFqjBY=; b=m6vx2sz20lxTsf5UruViwSHg4rGN8CYsNv3oKlAA8m0A43VIfAsyTd/ZONOhTD5ZDe VMa4LkzftT49Pow8pPy2ZnhrhEirheTUM705kU8F+i1TYo5JJDwc3YiFGPNHPD8qVbdc KcUOzJfX7Ol/HpveXoE0v4sAnWSBt6YcPpq7r6MefshJ0e8rgvii+8PLOHvs8Ai1uTCx gl2bi8LCMpKIThr3wsAr2Ii/BiwyyXn9soEfiFburLdAEL+FmAJCKD3SYnoYt7iZzjKz 3V6niBZyq1h/tinvCsFlbhazm7C3RjR/r0LXcLIgstcGc6jUa9e4U9qyRdalecGgISjP RBLQ== X-Gm-Message-State: AOAM531dK+SmCPKXSdU2P54UHx+Uh3eBDlkQdQpHwMeL8YOiAvIFFb0J QB2CK2Ra9xTMhVmSR5DXgWTBF06iVIX25g== X-Google-Smtp-Source: ABdhPJxx47+nkxvTD/mhdhm8Y5TDS9JYnMnCiwin0GX/amq+bMrGTsFNWRRB1bGjDtqhqjqEAgwpQQ== X-Received: by 2002:a05:600c:20c:: with SMTP id 12mr6870930wmi.138.1618967888978; Tue, 20 Apr 2021 18:18:08 -0700 (PDT) Received: from localhost ([2a01:4b00:85fd:d700:db1c:3919:79a0:4be4]) by smtp.gmail.com with ESMTPSA id b22sm485586wmj.39.2021.04.20.18.18.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Apr 2021 18:18:08 -0700 (PDT) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [PATCH][linux-snap][xenial][master] Copy host trusted.gpg keyring into the chroot Date: Wed, 21 Apr 2021 02:18:06 +0100 Message-Id: <20210421011806.614966-1-xnox@ubuntu.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: apw@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Launchpad xenial snap builds now have ubuntu-esm repositories enabled. And now apt-get -y update started to produce error since the GPG keys of the sources.list from the host, are not available in the chroot. Fix this by copying the host trusted.gpg keyring into the chroot. Signed-off-by: Dimitri John Ledkov Acked-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza --- This patch is for lp:~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial -b master This patch is needed for the upcomming xenial ESM kernel snap builds, and enables building public ESM kernel snaps using kernels from ~ubuntu-esm/esm-infra-security in launchpad. https://code.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux-snap/+git/xenial/+ref/master This change & fix has been tested at https://launchpad.net/~xnox/+snap/xnox-pc-esm Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 453c027..6f64547 100644 --- a/Makefile +++ b/Makefile @@ -82,6 +82,7 @@ prepare-chroot: # already added there. This does not matter as long as adding the # key will not require installing some additional package. cp /etc/apt/sources.list chroot/etc/apt/sources.list + cp /etc/apt/trusted.gpg chroot/etc/apt/trusted.gpg.d/host-trusted.gpg echo "deb http://ppa.launchpad.net/snappy-dev/image/ubuntu $(RELEASE) main" >> chroot/etc/apt/sources.list # install all updates