From 0d5e05572f4a6286135bbbe47b72a4aa0cfa62b9 Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Mon, 16 Jan 2023 12:18:14 +0100 Subject: [PATCH] add --skip=check/signed-by --- mmdebstrap | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/mmdebstrap b/mmdebstrap index 7d6c3dd..b2dfc09 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -5112,12 +5112,16 @@ sub main() { } } my $compstr = join " ", @components; - # if the currently selected apt keyrings do not contain the - # necessary key material for the chosen suite, then attempt adding - # a signed-by option + # From the suite name we can maybe infer which key we need. If we + # can infer this information, then we need to check whether the + # currently running apt actually trusts this key or not. If it + # doesn't, then we need to add a signed-by line to the sources.list + # entry. my $signedby = ''; my %suite_by_vendor = get_suite_by_vendor(); - { + if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) { + info "skipping check/signed-by as requested"; + } else { my $keyring = get_keyring_by_suite($options->{suite}, \%suite_by_vendor); if (!defined $keyring) { @@ -5234,9 +5238,9 @@ sub main() { } } close $fh; - } - if ($? != 0) { - error "gpg failed"; + if ($? != 0) { + warning "gpg failed -- cannot infer signed-by value"; + } } } if (scalar @ARGV > 0) { @@ -6943,6 +6947,8 @@ Upon startup, several checks are carried out, like: =item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty> +=item * whether adding a C to C is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by> + =back =item B