[feature request] allow untusted repos
I have a signed repo with Debian derivative, but its key is not added to my host Debian Buster (and I do not want to add it), so mmdebstrap fails even if I add
[trusted=yes] to my bootstrap sources list...
May be, it would be worth connecting
FIND_APT_WARNINGSwith some command-line argument? As for now, it is hardcoded
No, not wontfix. But fixing this requires fixing apt first. I'm in talks with the apt maintainers about this. The problem is known as Debian bugs #778357, #776152, #696335 and #745735. Disabling
FIND_APT_WARNINGSwould be wrong because then you'd miss other meaningful warnings, so that does not make sense.
While I understand your point about quirks and quite share it long term, it would be nice to have some workarounds short term..
Even apt has a 'kill switch' aka
To continue type in the phrase 'Yes, do as I say!';)
But for now you leave me with nothing but a fork. Which is definitely not good for us both (long term)
Also, it would not itch that much if we'd talk about Debian only.. But there are some distros with enormously slower (and out of sync with upstream) release cycles. Which means, that your efforts working out a good solution with apt maintainers will propagate to those distros drastically slower..
Don't get me wrong - I highly appreciate your work and respect your decisions, but at the same time I'm just trying to avoid forking...
No worries, I never took your comments as insulting or disrespectful.
I agree that forking anything is painful.
The problem with your analogy is, that in the case where you have to type
Yes, do as I say!, you are told what exactly you are agreeing to. If it were possible to disable
FIND_APT_WARNINGS, then it would mean to agree to everything without knowing what it actually is and that is a problem.
If you could say "I'm fine with these gpg warnings, so just go ahead" then we would not have this problem. But apt right now does not seem to have a way to express this. I'm in talk with the apt developers about this issue so maybe a good solution can be found.
Btw, another workaround for your specific problem would be to just put the key of the repository you try to download into your local apt keyring. Then apt could validate the repository and you would not need to fork antything.
FIND_APT_WARNINGScurrently a default or an opt-in? Can't find it in the man page.
I wrote a wrapper to handle
apt-get updateunreliable exit codes.
apt-get upstream bugs:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745735 apt: Provide meaningful exit codes for gpg failures
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152 provide meaningful exit codes for network failures
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778357 audit 'apt-get update' exit codes
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696335 exit-code 0 when apt-get update fails
I'm in talk with the apt developers about this issue so maybe a good solution can be found.
That might be super helpful. Any update?Edited
FIND_APT_WARNINGSis just an internal local variable in the
setupfunction. So you'd have to patch mmdebstrap to change it.
I wrote down some examples of why the current output is problematic here: https://wiki.debian.org/Teams/Apt/Specs/UpdateExitStatus
But I don't have any more spare time to work on this. Maybe join #debian-apt on OFTC and restart the discussion?