add --skip=check/signed-by

mmdebstrap

@@ -5112,12 +5112,16 @@ sub main() {
                 }
             }
             my $compstr = join " ", @components;
-            # if the currently selected apt keyrings do not contain the
+            # From the suite name we can maybe infer which key we need. If we
-            # necessary key material for the chosen suite, then attempt adding
+            # can infer this information, then we need to check whether the
-            # a signed-by option
+            # currently running apt actually trusts this key or not. If it
+            # doesn't, then we need to add a signed-by line to the sources.list
+            # entry.
             my $signedby        = '';
             my %suite_by_vendor = get_suite_by_vendor();
-            {
+            if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) {
+                info "skipping check/signed-by as requested";
+            } else {
                 my $keyring
                   = get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
                 if (!defined $keyring) {
@@ -5234,9 +5238,9 @@ sub main() {
                         }
                     }
                     close $fh;
-                }
+                    if ($? != 0) {
-                if ($? != 0) {
+                        warning "gpg failed -- cannot infer signed-by value";
-                    error "gpg failed";
+                    }
                 }
             }
             if (scalar @ARGV > 0) {
@@ -6943,6 +6947,8 @@ Upon startup, several checks are carried out, like:
 
 =item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>
 
+=item * whether adding a C<signed-by> to C<apt/sources.list> is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by>
+
 =back
 
 =item B<setup>