add --skip=check/signed-by
This commit is contained in:
parent
42386c90c8
commit
327b75846f
1 changed files with 21 additions and 16 deletions
37
mmdebstrap
37
mmdebstrap
|
@ -5117,17 +5117,17 @@ sub main() {
|
||||||
# a signed-by option
|
# a signed-by option
|
||||||
my $signedby = '';
|
my $signedby = '';
|
||||||
my %suite_by_vendor = get_suite_by_vendor();
|
my %suite_by_vendor = get_suite_by_vendor();
|
||||||
{
|
my $gpgproc = sub {
|
||||||
my $keyring
|
my $keyring
|
||||||
= get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
|
= get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
|
||||||
if (!defined $keyring) {
|
if (!defined $keyring) {
|
||||||
last;
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
# we can only check if we need the signed-by entry if we u
|
# we can only check if we need the signed-by entry if we u
|
||||||
# automatically chosen keyring exists
|
# automatically chosen keyring exists
|
||||||
if (!defined $keyring || !-e $keyring) {
|
if (!defined $keyring || !-e $keyring) {
|
||||||
last;
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
# we can only check key material if gpg is installed
|
# we can only check key material if gpg is installed
|
||||||
|
@ -5155,9 +5155,9 @@ sub main() {
|
||||||
close $fh;
|
close $fh;
|
||||||
}
|
}
|
||||||
if ($? != 0 || !defined $ret || defined $message) {
|
if ($? != 0 || !defined $ret || defined $message) {
|
||||||
info "gpg --version failed: cannot determine the right"
|
warning
|
||||||
. " signed-by value";
|
"gpg --version failed: cannot infer signed-by value";
|
||||||
last;
|
return '';
|
||||||
}
|
}
|
||||||
# initialize gpg trustdb with empty one
|
# initialize gpg trustdb with empty one
|
||||||
{
|
{
|
||||||
|
@ -5166,7 +5166,7 @@ sub main() {
|
||||||
}
|
}
|
||||||
if (!-d $options->{apttrustedparts}) {
|
if (!-d $options->{apttrustedparts}) {
|
||||||
warning "$options->{apttrustedparts} doesn't exist";
|
warning "$options->{apttrustedparts} doesn't exist";
|
||||||
last;
|
return '';
|
||||||
}
|
}
|
||||||
# find all the fingerprints of the keys apt currently
|
# find all the fingerprints of the keys apt currently
|
||||||
# knows about
|
# knows about
|
||||||
|
@ -5188,8 +5188,7 @@ sub main() {
|
||||||
}
|
}
|
||||||
my @aptfingerprints = ();
|
my @aptfingerprints = ();
|
||||||
if (scalar @keyrings == 0) {
|
if (scalar @keyrings == 0) {
|
||||||
$signedby = " [signed-by=\"$keyring\"]";
|
return " [signed-by=\"$keyring\"]";
|
||||||
last;
|
|
||||||
}
|
}
|
||||||
info "Finding correct signed-by value...";
|
info "Finding correct signed-by value...";
|
||||||
my $progress = 0.0;
|
my $progress = 0.0;
|
||||||
|
@ -5212,8 +5211,7 @@ sub main() {
|
||||||
}
|
}
|
||||||
print_progress("done");
|
print_progress("done");
|
||||||
if (scalar @aptfingerprints == 0) {
|
if (scalar @aptfingerprints == 0) {
|
||||||
$signedby = " [signed-by=\"$keyring\"]";
|
return " [signed-by=\"$keyring\"]";
|
||||||
last;
|
|
||||||
}
|
}
|
||||||
# check if all fingerprints from the keyring that we guessed
|
# check if all fingerprints from the keyring that we guessed
|
||||||
# are known by apt and only add signed-by option if that's not
|
# are known by apt and only add signed-by option if that's not
|
||||||
|
@ -5229,15 +5227,20 @@ sub main() {
|
||||||
# if this fingerprint is not known by apt, then we need
|
# if this fingerprint is not known by apt, then we need
|
||||||
#to add the signed-by option
|
#to add the signed-by option
|
||||||
if (none { $_ eq $1 } @aptfingerprints) {
|
if (none { $_ eq $1 } @aptfingerprints) {
|
||||||
$signedby = " [signed-by=\"$keyring\"]";
|
return " [signed-by=\"$keyring\"]";
|
||||||
last;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
close $fh;
|
close $fh;
|
||||||
|
if ($? != 0) {
|
||||||
|
warning "gpg failed -- cannot infer signed-by value";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if ($? != 0) {
|
return '';
|
||||||
error "gpg failed";
|
};
|
||||||
}
|
if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) {
|
||||||
|
info "skipping check/signed-by as requested";
|
||||||
|
} else {
|
||||||
|
$signedby = $gpgproc->();
|
||||||
}
|
}
|
||||||
if (scalar @ARGV > 0) {
|
if (scalar @ARGV > 0) {
|
||||||
for my $arg (@ARGV) {
|
for my $arg (@ARGV) {
|
||||||
|
@ -6943,6 +6946,8 @@ Upon startup, several checks are carried out, like:
|
||||||
|
|
||||||
=item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>
|
=item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>
|
||||||
|
|
||||||
|
=item * whether adding a C<signed-by> to C<apt/sources.list> is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by>
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=item B<setup>
|
=item B<setup>
|
||||||
|
|
Loading…
Reference in a new issue