add --skip=check/signed-by

2023-01-16 12:18:14 +01:00 · 2023-01-16 12:18:14 +01:00 · 0d5e05572f
commit 0d5e05572f
parent f27ed490d6
1 changed files with 13 additions and 7 deletions
--- a/20
+++ b/20
@ -5112,12 +5112,16 @@ sub main() {
                }
            }
            my $compstr = join " ", @components;
-            # if the currently selected apt keyrings do not contain the
-            # necessary key material for the chosen suite, then attempt adding
-            # a signed-by option
+            # From the suite name we can maybe infer which key we need. If we
+            # can infer this information, then we need to check whether the
+            # currently running apt actually trusts this key or not. If it
+            # doesn't, then we need to add a signed-by line to the sources.list
+            # entry.
            my $signedby        = '';
            my %suite_by_vendor = get_suite_by_vendor();
-            {
+            if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) {
+                info "skipping check/signed-by as requested";
+            } else {
                my $keyring
                  = get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
                if (!defined $keyring) {
@ -5234,9 +5238,9 @@ sub main() {
                        }
                    }
                    close $fh;
-                }
-                if ($? != 0) {
-                    error "gpg failed";
+                    if ($? != 0) {
+                        warning "gpg failed -- cannot infer signed-by value";
+                    }
                }
            }
            if (scalar @ARGV > 0) {
@ -6943,6 +6947,8 @@ Upon startup, several checks are carried out, like:

 =item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>

+=item * whether adding a C<signed-by> to C<apt/sources.list> is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by>
+
 =back

 =item B<setup>