Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[experimental] package-management repository configuration #2911

Open
wants to merge 9 commits into
base: master
from

Conversation

@cjp256
Copy link
Member

cjp256 commented Feb 5, 2020

This adds a high-level key 'package-management', configured with
one property repositories for a generic approach to allowing additional
source repositories with a configurable/optional GPG key.

While I can't guarantee repositories will work for every scenario
for every possible OS, it appears that a common pattern is to require
a source URL and GPG key. With the provided structure to support
OS-specific configuration (e.g. package-management.apt), this schema
remains extendable to support OS-specific requirements.

Example:

package-management:

  repositories:

    # Option 1: PPA shortcut (automatically imports PPA key from LP):
    - source: "ppa:mozillateam/ppa

    # Option 2: Enable repository component with OS-installed keys:
    - source: "deb http://archive.canonical.com/ubuntu bionic partner"

    # Option 3: Use repository with GPG key fetched from keyserver:
    - source: "deb http://ppa.launchpad.net/mozillateam/ppa/ubuntu"
      gpg-key-server: keyserver.ubuntu.com
      gpg-public-key-id: 0ab215679c571d1c8325275b9bdb3d89ce49ec21

    # Option 4: Use repository with provided GPG key:
    - source: "deb http://ppa.launchpad.net/mozillateam/ppa/ubuntu"
      gpg-public-key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        <snipped>
        -----END PGP PUBLIC KEY BLOCK-----

    # EPEL example:
    - source: http://download.fedoraproject.org/pub/epel/testing/8/$basearch
      gpg-public-key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        <snipped>
        -----END PGP PUBLIC KEY BLOCK-----
@casperdcl

This comment has been minimized.

@casperdcl

This comment has been minimized.

Copy link

casperdcl commented Feb 14, 2020

ah there's an issue with subsequent runs:

$ snap refresh snapcraft --channel=edge/pr-2911
...
$ snapcraft
... # all works fine
$ snapcraft  # second run
Launching a VM.
snapd 2.43.2 from Canonical✓ refreshed
Issues while validating snapcraft.yaml: Additional properties are not allowed ('package-management' was unexpected)
Run the same command again with --debug to shell into the environment if you wish to introspect this failure.
$ snapcraft clean
$ snapcraft # works again
@cjp256

This comment has been minimized.

Copy link
Member Author

cjp256 commented Feb 18, 2020

@casperdcl Thank you for the report. I cannot seem to reproduce your specific error. Can you share your YAML? Is it still reproducible for you? It's almost like snapcraft in the VM doesn't match your host on that second run for some reason...

@casperdcl

This comment has been minimized.

Copy link

casperdcl commented Feb 21, 2020

Odd; can't reproduce anymore.

@cjp256

This comment has been minimized.

Copy link
Member Author

cjp256 commented Mar 6, 2020

Odd; can't reproduce anymore.

@casperdcl: FYI - there has been a bug reported which explains the behavior you saw previously. https://bugs.launchpad.net/snapcraft/+bug/1865834 We expect to fix it soon.

@cjp256 cjp256 force-pushed the package-management branch from b3580e5 to 7204213 Mar 11, 2020
@cjp256

This comment has been minimized.

Copy link
Member Author

cjp256 commented Mar 11, 2020

rebased to address conflicts

@cjp256

This comment has been minimized.

Copy link
Member Author

cjp256 commented Mar 12, 2020

Now requires #2970 to enable experimental flag

cjp256 added 8 commits Jan 15, 2020
This adds a high-level key 'package-management', configured with
one property `repositories` for a generic approach to allowing additional
source repositories with a configurable/optional GPG key.

While I can't guarantee `repositories` will work for every scenario
for every possible OS, it appears that a common pattern is to require
a source URL and GPG key.  With the provided structure to support
OS-specific configuration (e.g. `package-management.apt`), this schema
remains extendable to support OS-specific requirements.

Example:

```
package-management:

  repositories:

    # Option 1: PPA shortcut (automatically imports PPA key from LP):
    - source: "ppa:mozillateam/ppa

    # Option 2: Use repository with OS-installed keys:
    - source: "deb http://ppa.launchpad.net/mozillateam/ppa/ubuntu bionic main"

    # Option 3: Use repository with GPG key fetched from keyserver:
    - source: "deb http://ppa.launchpad.net/mozillateam/ppa/ubuntu bionic main"
      gpg-key-server: keyserver.ubuntu.com
      gpg-public-key-id: 0ab215679c571d1c8325275b9bdb3d89ce49ec21

    # Option 4: Use repository with provided GPG key:
    - source: "deb http://ppa.launchpad.net/mozillateam/ppa/ubuntu bionic main"
      gpg-public-key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        <snipped>
        -----END PGP PUBLIC KEY BLOCK-----

    # EPEL example:
    - source: http://download.fedoraproject.org/pub/epel/testing/8/$basearch
      gpg-public-key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        <snipped>
        -----END PGP PUBLIC KEY BLOCK-----
```

Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
apt-add-repository in 16.04 does not automatically update cache,
whereas 18.04's version does.  Call Repo.refresh_build_packages()
after install all repositories to ensure repository cache consistency.

Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
Toggles package-management functionality while it is experimental.

Signed-off-by: Chris Patterson <chris.patterson@canonical.com>
@cjp256 cjp256 force-pushed the package-management branch from 191e885 to 4dab857 Mar 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.