diff --git a/mmdebstrap b/mmdebstrap index 9e5dea7..54eefaf 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -5117,17 +5117,17 @@ sub main() { # a signed-by option my $signedby = ''; my %suite_by_vendor = get_suite_by_vendor(); - { + my $gpgproc = sub { my $keyring = get_keyring_by_suite($options->{suite}, \%suite_by_vendor); if (!defined $keyring) { - last; + return ''; } # we can only check if we need the signed-by entry if we u # automatically chosen keyring exists if (!defined $keyring || !-e $keyring) { - last; + return ''; } # we can only check key material if gpg is installed @@ -5155,9 +5155,9 @@ sub main() { close $fh; } if ($? != 0 || !defined $ret || defined $message) { - info "gpg --version failed: cannot determine the right" - . " signed-by value"; - last; + warning + "gpg --version failed: cannot infer signed-by value"; + return ''; } # initialize gpg trustdb with empty one { @@ -5166,7 +5166,7 @@ sub main() { } if (!-d $options->{apttrustedparts}) { warning "$options->{apttrustedparts} doesn't exist"; - last; + return ''; } # find all the fingerprints of the keys apt currently # knows about @@ -5188,8 +5188,7 @@ sub main() { } my @aptfingerprints = (); if (scalar @keyrings == 0) { - $signedby = " [signed-by=\"$keyring\"]"; - last; + return " [signed-by=\"$keyring\"]"; } info "Finding correct signed-by value..."; my $progress = 0.0; @@ -5212,8 +5211,7 @@ sub main() { } print_progress("done"); if (scalar @aptfingerprints == 0) { - $signedby = " [signed-by=\"$keyring\"]"; - last; + return " [signed-by=\"$keyring\"]"; } # check if all fingerprints from the keyring that we guessed # are known by apt and only add signed-by option if that's not @@ -5229,15 +5227,20 @@ sub main() { # if this fingerprint is not known by apt, then we need #to add the signed-by option if (none { $_ eq $1 } @aptfingerprints) { - $signedby = " [signed-by=\"$keyring\"]"; - last; + return " [signed-by=\"$keyring\"]"; } } close $fh; + if ($? != 0) { + warning "gpg failed -- cannot infer signed-by value"; + } } - if ($? != 0) { - error "gpg failed"; - } + return ''; + }; + if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) { + info "skipping check/signed-by as requested"; + } else { + $signedby = $gpgproc->(); } if (scalar @ARGV > 0) { for my $arg (@ARGV) { @@ -6943,6 +6946,8 @@ Upon startup, several checks are carried out, like: =item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty> +=item * whether adding a C to C is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by> + =back =item B