<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks for your review Thomas.<br>
I'll keep pursuing the key issue until success...<br>
<br>
On 10/19/2015 08:53 AM, Thomas Lange wrote:<br>
</div>
<blockquote
cite="mid:22052.59314.957244.589139@suenner.informatik.uni-Koeln.de"
type="cite">
Mmm, it should be working as I understand apt-key. You can put the
key
in a file into /etc/fai/apt/keys/*.asc then this will be loaded
via
apt-key add when building the nfsroot.</blockquote>
I now see the spot in task_repository where *.asc is loaded by
apt-key. It escaped my notice earlier when I loaded
.../apt/trusted.gpg.d/fai.gpg directly from web access using wget.<br>
<br>
May I suggest an addition to the process? On line 1021 is "...|
$ROOTCMD apt-key add -" (see the excerpt copied below). Please
consider moving the added key keyring from .../apt/trusted.gpg to
.../apt/trusted.gpg.d/$keyfile.asc.gpg or something like that. Add
the --keyring parameter making the statement something like:<br>
"...|
$ROOTCMD apt-key --keyring .../apt/trusted.gpg.d/$keyfile.asc.gpg
add -"<br>
<br>
Lines 1017 thru 1023 of subroutines showing a part of
task_repository follow:<br>
# add apt keys for all classes<br>
for keyfile in ${classes:-}; do<br>
[ ! -f $FAI/package_config/$keyfile.asc ] &&
continue<br>
echo -n "Loading APT key from $keyfile.asc "<br>
cat $FAI/package_config/$keyfile.asc | $ROOTCMD apt-key add
-<br>
unset keys["$keyfile.asc"]<br>
done<br>
<br>
"why" I suggest it does relate to only my standard practice of using
the "something.d/..." directory for my local adjustment to the
/etc/... database if the feature is designed into the configuration
by the author. In the case of apt, I do prefer leaving /trusted.gpg
and /sources.list files alone when adding things. For special
repos, I do like to install both .../apt/sources.list.d/name.list
and .../apt/trusted.gpg.d/name.gpg from the web. BUT again -- it
is only me / not many.<br>
<br>
On a similar subject: I have become fairly happy using a proxy
instead of a local mirror for FAI work. My selection is
apt-cacher-NG. To configure apt for the proxy requires something
like .../apt/apt.conf.d/02proxy (similar to your
.../apt/apt.conf.d/10fai). If you agree with me, a new variable
containing the IP:PORT might be enough to allow task_repository to
create 02proxy file. It fits at the end where mount_mirror is found
-- a three-way option [mirror--proxy--nothing]?<br>
Quite frankly this is beyond my ability to program when considering
the impact on all the other options of FAI that I do not use.<br>
<br>
<blockquote
cite="mid:22052.59314.957244.589139@suenner.informatik.uni-Koeln.de"
type="cite"> I will also add code into
fai-make-nfsroot, that adds the official key of the fai-project
repository into the nfsroot by default.
</blockquote>
I do hope you mean to add both source and key? If not, then I would
argue that your presentation on the wiki download page is very
adequate to to the task of adding the project repo as a optional
source. It would be <u>perfect</u> if the "deb ..." was directed
to a .d/fai.list file and apt-key included the --keyring to the
.d/fai.gpg file...:-) (humor) AND I believe I could modify the
wiki page to get the idea published if you want.<br>
<br>
I noticed something else in task_repository for 02fai file. The
subroutine does create 02fai, but does not delete it when the file
is present and the "if [...]" test fails. Does the "-f" or "-k"
option work OK without the "else delete" clause in task_repository?
I have not tested. I do know a fresh install works OK.<br>
<br>
Thanks again for your review this morning!<br>
Skip<br>
</body>
</html>