forked from josch/mmdebstrap
add --skip=check/signed-by
This commit is contained in:
parent
42386c90c8
commit
327b75846f
1 changed files with 21 additions and 16 deletions
35
mmdebstrap
35
mmdebstrap
|
@ -5117,17 +5117,17 @@ sub main() {
|
|||
# a signed-by option
|
||||
my $signedby = '';
|
||||
my %suite_by_vendor = get_suite_by_vendor();
|
||||
{
|
||||
my $gpgproc = sub {
|
||||
my $keyring
|
||||
= get_keyring_by_suite($options->{suite}, \%suite_by_vendor);
|
||||
if (!defined $keyring) {
|
||||
last;
|
||||
return '';
|
||||
}
|
||||
|
||||
# we can only check if we need the signed-by entry if we u
|
||||
# automatically chosen keyring exists
|
||||
if (!defined $keyring || !-e $keyring) {
|
||||
last;
|
||||
return '';
|
||||
}
|
||||
|
||||
# we can only check key material if gpg is installed
|
||||
|
@ -5155,9 +5155,9 @@ sub main() {
|
|||
close $fh;
|
||||
}
|
||||
if ($? != 0 || !defined $ret || defined $message) {
|
||||
info "gpg --version failed: cannot determine the right"
|
||||
. " signed-by value";
|
||||
last;
|
||||
warning
|
||||
"gpg --version failed: cannot infer signed-by value";
|
||||
return '';
|
||||
}
|
||||
# initialize gpg trustdb with empty one
|
||||
{
|
||||
|
@ -5166,7 +5166,7 @@ sub main() {
|
|||
}
|
||||
if (!-d $options->{apttrustedparts}) {
|
||||
warning "$options->{apttrustedparts} doesn't exist";
|
||||
last;
|
||||
return '';
|
||||
}
|
||||
# find all the fingerprints of the keys apt currently
|
||||
# knows about
|
||||
|
@ -5188,8 +5188,7 @@ sub main() {
|
|||
}
|
||||
my @aptfingerprints = ();
|
||||
if (scalar @keyrings == 0) {
|
||||
$signedby = " [signed-by=\"$keyring\"]";
|
||||
last;
|
||||
return " [signed-by=\"$keyring\"]";
|
||||
}
|
||||
info "Finding correct signed-by value...";
|
||||
my $progress = 0.0;
|
||||
|
@ -5212,8 +5211,7 @@ sub main() {
|
|||
}
|
||||
print_progress("done");
|
||||
if (scalar @aptfingerprints == 0) {
|
||||
$signedby = " [signed-by=\"$keyring\"]";
|
||||
last;
|
||||
return " [signed-by=\"$keyring\"]";
|
||||
}
|
||||
# check if all fingerprints from the keyring that we guessed
|
||||
# are known by apt and only add signed-by option if that's not
|
||||
|
@ -5229,16 +5227,21 @@ sub main() {
|
|||
# if this fingerprint is not known by apt, then we need
|
||||
#to add the signed-by option
|
||||
if (none { $_ eq $1 } @aptfingerprints) {
|
||||
$signedby = " [signed-by=\"$keyring\"]";
|
||||
last;
|
||||
return " [signed-by=\"$keyring\"]";
|
||||
}
|
||||
}
|
||||
close $fh;
|
||||
}
|
||||
if ($? != 0) {
|
||||
error "gpg failed";
|
||||
warning "gpg failed -- cannot infer signed-by value";
|
||||
}
|
||||
}
|
||||
return '';
|
||||
};
|
||||
if (any { $_ eq 'check/signed-by' } @{ $options->{skip} }) {
|
||||
info "skipping check/signed-by as requested";
|
||||
} else {
|
||||
$signedby = $gpgproc->();
|
||||
}
|
||||
if (scalar @ARGV > 0) {
|
||||
for my $arg (@ARGV) {
|
||||
if ($arg eq '-') {
|
||||
|
@ -6943,6 +6946,8 @@ Upon startup, several checks are carried out, like:
|
|||
|
||||
=item * whether the output directory is empty. This check can be disabled using B<--skip=check/empty>
|
||||
|
||||
=item * whether adding a C<signed-by> to C<apt/sources.list> is necessary. This requires gpg and can be disabled using B<--skip=check/signed-by>
|
||||
|
||||
=back
|
||||
|
||||
=item B<setup>
|
||||
|
|
Loading…
Reference in a new issue