4 changed files with 36 additions and 44 deletions
--- a/coverage.txt
+++ b/coverage.txt
@ -358,7 +358,3 @@ Needs-QEMU: true
 Test: jessie-or-older
 Needs-QEMU: true
 Variants: essential apt minbase
 Test: apt-patterns
 Test: apt-patterns-custom
--- a/57
+++ b/57
@ -2374,7 +2374,18 @@ sub run_download() {
            info "nothing to download -- skipping...";
            return ([], \@cached_debs);
        }
-        my @apt_argv = ('install', @{ $options->{include} });
+        my @apt_argv = ('install');
        for my $incl (@{ $options->{include} }) {
            for my $pkg (split /[,\s]+/, $incl) {
                # strip leading and trailing whitespace
                $pkg =~ s/^\s+|\s+$//g;
                # skip if the remainder is an empty string
                if ($pkg eq '') {
                    next;
                }
                push @apt_argv, $pkg;
            }
        }
        @dl_debs = run_apt_download_progress({
                APT_ARGV => [@apt_argv],
@ -2902,9 +2913,20 @@ sub run_essential() {
 sub run_install() {
    my $options = shift;
-    my @pkgs_to_install = (@{ $options->{include} });
+    my %pkgs_to_install;
    for my $incl (@{ $options->{include} }) {
        for my $pkg (split /[,\s]+/, $incl) {
            # strip leading and trailing whitespace
            $pkg =~ s/^\s+|\s+$//g;
            # skip if the remainder is an empty string
            if ($pkg eq '') {
                next;
            }
            $pkgs_to_install{$pkg} = ();
        }
    }
    if ($options->{variant} eq 'buildd') {
-        push @pkgs_to_install, 'build-essential';
+        $pkgs_to_install{'build-essential'} = ();
    }
    if (any { $_ eq $options->{variant} }
        ('required', 'important', 'standard', 'buildd')) {
@ -2921,8 +2943,7 @@ sub run_install() {
            $priority = '?and(?or(~prequired,~pimportant,~pstandard),'
              . '?not(?essential))';
        }
-        push @pkgs_to_install,
+        $pkgs_to_install{
          (
            "?narrow("
              . (
                length($options->{suite})
@ -2934,8 +2955,9 @@ sub run_install() {
              )
              . "?architecture($options->{nativearch}),"
              . "$priority)"
-          );
+        } = ();
    }
    my @pkgs_to_install = keys %pkgs_to_install;
    if ($options->{mode} eq 'chrootless') {
        if (scalar @pkgs_to_install > 0) {
@ -5112,16 +5134,12 @@ sub main() {
                }
            }
            my $compstr = join " ", @components;
-            # From the suite name we can maybe infer which key we need. If we
+            # if the currently selected apt keyrings do not contain the
-            # can infer this information, then we need to check whether the
+            # necessary key material for the chosen suite, then attempt adding
-            # currently running apt actually trusts this key or not. If it
+            # a signed-by option
            # doesn't, then we need to add a signed-by line to the sources.list
            # entry.
            my $signedby        = '';
            my %suite_by_vendor = get_suite_by_vendor();
-            if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) {
+            {
                info "skipping check/signed-by as requested";
            } else {
                my $keyring
                  = get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
                if (!defined $keyring) {
@ -5238,9 +5256,9 @@ sub main() {
                        }
                    }
                    close $fh;
                    if ($? != 0) {
                        warning "gpg failed -- cannot infer signed-by value";
                }
                if ($? != 0) {
                    error "gpg failed";
                }
            }
            if (scalar @ARGV > 0) {
@ -6947,8 +6965,6 @@ Upon startup, several checks are carried out, like:
 =item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>
 =item * whether adding a C<signed-by> to C<apt/sources.list> is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by>
 =back
 =item B<setup>
@ -6988,10 +7004,7 @@ variant uses the fact that libapt treats the C<apt> packages as implicitly
 essential to download only all C<Essential:yes> packages plus apt using
 C<apt-get dist-upgrade>. In the remaining variants, all Packages files
 downloaded by the B<update> step are inspected to find the C<Essential:yes>
-package set as well as all packages of the required priority. If I<SUITE> is a
+package set as well as all packages of the required priority.
 non-empty string, then only packages from the archive with suite or codename
 matching I<SUITE> will be considered for selection of C<Essential:yes>
 packages.
 =item B<mount>
--- a/tests/apt-patterns
+++ b/tests/apt-patterns
@ -1,8 +0,0 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
 trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM
 {{ CMD }} --mode={{ MODE }} --variant=essential \
 	--include '?or(?exact-name(dummy-does-not-exist),?exact-name(apt))' \
 	{{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | grep -v ./var/lib/apt/extended_states | diff -u tar1.txt -
--- a/tests/apt-patterns-custom
+++ b/tests/apt-patterns-custom
@ -1,9 +0,0 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
 trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM
 {{ CMD }} --mode={{ MODE }} --variant=custom \
 	--include '?narrow(?archive(^{{ DIST }}$),?essential)' \
 	--include apt \
 	{{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -