|
|
|
@ -4800,7 +4800,8 @@ sub main() {
|
|
|
|
|
}
|
|
|
|
|
exec 'fakechroot', 'fakeroot', @prefix, $PROGRAM_NAME, @ARGVORIG;
|
|
|
|
|
} else {
|
|
|
|
|
error "unable to pick chroot mode automatically";
|
|
|
|
|
error( "unable to pick chroot mode automatically (use --mode for "
|
|
|
|
|
. "manual selection)");
|
|
|
|
|
}
|
|
|
|
|
info "automatically chosen mode: $options->{mode}";
|
|
|
|
|
} elsif ($options->{mode} eq 'root') {
|
|
|
|
@ -5172,12 +5173,14 @@ sub main() {
|
|
|
|
|
my $keyring
|
|
|
|
|
= get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
|
|
|
|
|
if (!defined $keyring) {
|
|
|
|
|
debug "get_keyring_by_suite() cannot find keyring";
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# we can only check if we need the signed-by entry if we u
|
|
|
|
|
# automatically chosen keyring exists
|
|
|
|
|
if (!defined $keyring || !-e $keyring) {
|
|
|
|
|
debug "found keyring does not exist";
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -5222,7 +5225,7 @@ sub main() {
|
|
|
|
|
# find all the fingerprints of the keys apt currently
|
|
|
|
|
# knows about
|
|
|
|
|
my @keyrings = ();
|
|
|
|
|
opendir my $dh, "$options->{apttrustedparts}"
|
|
|
|
|
opendir my $dh, $options->{apttrustedparts}
|
|
|
|
|
or error "cannot read $options->{apttrustedparts}";
|
|
|
|
|
while (my $filename = readdir $dh) {
|
|
|
|
|
if ($filename !~ /\.(asc|gpg)$/) {
|
|
|
|
@ -5231,7 +5234,7 @@ sub main() {
|
|
|
|
|
$filename = "$options->{apttrustedparts}/$filename";
|
|
|
|
|
# skip empty keyrings
|
|
|
|
|
-s "$filename" || next;
|
|
|
|
|
push @keyrings, "$filename";
|
|
|
|
|
push @keyrings, $filename;
|
|
|
|
|
}
|
|
|
|
|
closedir $dh;
|
|
|
|
|
if (-s $options->{apttrusted}) {
|
|
|
|
@ -5239,6 +5242,7 @@ sub main() {
|
|
|
|
|
}
|
|
|
|
|
my @aptfingerprints = ();
|
|
|
|
|
if (scalar @keyrings == 0) {
|
|
|
|
|
debug "no keyring is trusted by apt";
|
|
|
|
|
return " [signed-by=\"$keyring\"]";
|
|
|
|
|
}
|
|
|
|
|
info "finding correct signed-by value...";
|
|
|
|
@ -5262,6 +5266,7 @@ sub main() {
|
|
|
|
|
}
|
|
|
|
|
print_progress("done");
|
|
|
|
|
if (scalar @aptfingerprints == 0) {
|
|
|
|
|
debug "no fingerprints found";
|
|
|
|
|
return " [signed-by=\"$keyring\"]";
|
|
|
|
|
}
|
|
|
|
|
# check if all fingerprints from the keyring that we guessed
|
|
|
|
@ -5278,6 +5283,7 @@ sub main() {
|
|
|
|
|
# if this fingerprint is not known by apt, then we need
|
|
|
|
|
#to add the signed-by option
|
|
|
|
|
if (none { $_ eq $1 } @aptfingerprints) {
|
|
|
|
|
debug "fingerprint $1 is not trusted by apt";
|
|
|
|
|
return " [signed-by=\"$keyring\"]";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|