[buildd-tools-devel] Bug#760832: sbuild-createchroot does not honour --keyring=""

Johannes Schauer josch at debian.org
Thu Dec 24 00:05:29 UTC 2015 

Control: tag -1 + patch

Hi,

On Mon, 08 Sep 2014 03:05:00 -0700 Luke Faraone <lfaraone at debian.org> wrote:
> Package: sbuild
> Version: 0.64.1-1
> Severity: important

why the high severity?

> Passing --keyring="" does not actually prevent signature downloading/checking, despite sbuild-createchroot(8) indicating:
> > Set to an empty string to disable signature checking.
> 
> root at porterbox:~# sbuild-createchroot precise /var/lib/schroot/chroots/precise-amd64/ --keyring="" http://mirror.local/ubuntu
> mkdir /var/lib/schroot/chroots
> mkdir /var/lib/schroot/chroots/precise-amd64/
> I: SUITE: precise
> I: TARGET: /var/lib/schroot/chroots/precise-amd64
> I: MIRROR: http://repo/
> I: Running debootstrap --arch=amd64 --variant=buildd --verbose --include=fakeroot,build-essential --components=main --resolve-deps precise /var/lib/schroot/chroots/precise-amd64 http://mirror.local/ubuntu
> I: Retrieving Release
> I: Retrieving Release.gpg
> E: Failed getting release signature file http://mirror.local/dists/precise/Release.gpg
> E: Error running debootstrap at /usr/sbin/sbuild-createchroot line 200.

yup, somehow the documentation documented something that was never implemented.
The following patch should fix the issue:

diff --git a/bin/sbuild-createchroot b/bin/sbuild-createchroot
index 5ef7ad4..a99dae7 100755
--- a/bin/sbuild-createchroot
+++ b/bin/sbuild-createchroot
@@ -199,6 +199,7 @@ push @args, "--exclude=" . $conf->get('EXCLUDE') if $conf->get('EXCLUDE');
 push @args, "--components=" . $conf->get('COMPONENTS')
     if $conf->get('COMPONENTS');
 push @args, "--keyring=" . $conf->get('KEYRING') if $conf->get('KEYRING');
+push @args, "--no-check-gpg" if $conf->get('KEYRING') eq "";
 push @args, $conf->get('RESOLVE_DEPS') ?
     "--resolve-deps" : "--no-resolve-deps";
 push @args, "$suite", "$target", "$mirror";


cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20151224/725b9db4/attachment.sig>

More information about the Buildd-tools-devel mailing list