On 7/15/21 4:24 PM, Mark Hatle wrote:
> We have the desire to add a 3rd party repository to our standard images
> generated by OE image generation. We do this by adding a recipe
> (my-external-repo.bb) that creates a package that adds a repository
> configuration file to ${sysconfdir}/yum.repos.d/my_external.repo.
>
> If the package is added to the INSTALL_IMAGE, then when it processes the
> IMAGE_FEATURES the system will fail with SSL errors trying to access the new
> third party repository.
>
> What I believe is happening is that the system (first pass) installs all of
> the
> main packages, including this repository configuration. It then starts a
> second
> pass to install -dev, -src or other components. This second pass fails with
> the
> SSL errors (like DNF can't access the SSL certification(s) it needs.) But
> even
> if the SSL issue wasn't really a problem, it does point out that DNF is trying
> to access the network and could install something from this third party
> repository, which I don't think is desired.
>
> An alternative could be to add the third party repository via the ROOTFS POST
> install actions, but this has the problem that we won't be able to update the
> repository if something changes (via a package).
>
> I'm thinking this MIGHT be a bug in the current implementation, that if
> someone
> injects a config file it can cause the system to use alternative repositories.
> So should we be checking the directory between passes and sanitizing it?
>
> Looking for suggestions...
>
> Thanks!
> --Mark
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153896):
https://lists.openembedded.org/g/openembedded-core/message/153896
Mute This Topic: https://lists.openembedded.org/mt/84235991/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
