[elbe-devel] [PATCH v3] rfs: add key for local and cdrom repository

Manuel Traut manut at linutronix.de
Fri Apr 5 16:02:41 CEST 2019 

newer apt versions (like in stretch) verify the signature of copy
repositories.

Error Updating rpcaptcache: W:GPG error: copy:/repo stretch InRelease: The
following signatures couldn't be verified because the public key is not
available: NO_PUBKEY DCE4316BFFF45EAD, E:The repository 'copy:/repo stretch
InRelease' is not signed.

Therefore add the key of the localrepo and cdrom while entering the chroot and
remove it on exit.

The keys are only added/removed if the cdrom is available or the localrepo
contains packages.

Signed-off-by: Manuel Traut <manut at linutronix.de>
---

changes since v2:
  * conditional copy/removal of key
  * also copy/remove keys of cdrom if available

 elbepack/rfs.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/elbepack/rfs.py b/elbepack/rfs.py
index cb72aba0..b55919a7 100644
--- a/elbepack/rfs.py
+++ b/elbepack/rfs.py
@@ -59,6 +59,10 @@ class BuildEnv (object):
         if self.xml.prj.has("mirror/cdrom"):
             cdrompath = self.rfs.fname("cdrom")
             self.log.do('umount "%s"' % cdrompath)
+            self.log.do("rm %s/etc/apt/trusted.gpg.d/elbe-cdrepo.gpg" %
+                        self.path)
+            self.log.do("rm %s/etc/apt/trusted.gpg.d/elbe-cdtargetrepo.gpg" %
+                        self.path)
 
     def cdrom_mount(self):
         if self.xml.has("project/mirror/cdrom"):
@@ -76,8 +80,25 @@ class BuildEnv (object):
             self.log.do('echo "deb-src copy:///repo %s main" >> '
                         '%s/etc/apt/sources.list.d/local.list' % (
                             self.xml.text("project/suite"), self.path))
+
         self.cdrom_mount()
         self.rfs.__enter__()
+
+        if self.xml.has("project/mirror/cdrom"):
+            self.log.chroot(self.rfs.path,
+                            'apt-key '
+                            '--keyring /etc/apt/trusted.gpg.d/elbe-cdrepo.gpg '
+                            'add /cdrom/repo.pub')
+            self.log.chroot(self.rfs.path,
+                            'apt-key '
+                            '--keyring /etc/apt/trusted.gpg.d/elbe-cdtargetrepo.gpg '
+                            'add /cdrom/targetrepo/repo.pub')
+
+        if os.path.exists(os.path.join(self.rfs.path, 'repo/pool')):
+            self.log.chroot(self.rfs.path,
+                            'apt-key '
+                            '--keyring /etc/apt/trusted.gpg.d/elbe-localrepo.gpg '
+                            'add /repo/repo.pub')
         return self
 
     def __exit__(self, typ, value, traceback):
@@ -86,6 +107,8 @@ class BuildEnv (object):
         if os.path.exists(self.path + '/repo'):
             self.log.do("mv %s/repo %s/../" % (self.path, self.path))
             self.log.do("rm %s/etc/apt/sources.list.d/local.list" % self.path)
+            self.log.do("rm %s/etc/apt/trusted.gpg.d/elbe-localrepo.gpg" %
+                        self.path)
 
     def debootstrap(self):
 
-- 
2.20.1

More information about the elbe-devel mailing list