[buildd-tools-devel] Bug#801798: Bug#801798: Bug#801798: please support building package without generating a gpg key for sbuild

Johannes Schauer josch at debian.org
Fri Dec 25 11:09:08 UTC 2015 

Control: tag -1 + pending

Hi,

On Mon, 07 Dec 2015 21:49:41 +0100 Johannes Schauer <josch at debian.org> wrote:
> Quoting Johannes Schauer (2015-12-07 21:13:10)
> > It seems that apt has support for trusted=yes since 0.8.16~exp3, so since
> > wheezy.
> 
> keeping support for signing the internal repository is important for as long as
> we want to support squeeze. When running sbuild, then the apt *inside* the
> chroot has to support [trusted=yes]. Since today on stretch or unstable we want
> to be able to build packages in a squeeze chroot for old-old-stable, we must
> keep the functionality of signing the internal repo until we stop supporting
> squeeze.
> 
> So I suggest to add a command line flag like --trust-internal-repo which will
> make sbuild not require keys anymore and will set [trusted=yes] in apt's
> sources.list. Once we drop support for squeeze we can make that command line
> flag a no-op and never use keys for the internal repository by default.
> 
> Does this make sense?

I attached a patch which I currently have in my local git and will thus
probably become part of the next sbuild release.

It will only sign the dummy archive release file and let apt trust the sbuild
public key if sbuild-key.pub and sbuild-key.sec exist in
/var/lib/sbuild/apt-keys. Otherwise it just will do nothing instead.

Additionally, the sources.list entries for the internal dummy repository now
unconditionally carry the [trusted=yes] option which will be interpreted by apt
in wheezy and later but ignored by apt in squeeze.

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Set-trusted-yes-for-internal-dummy-repository-to-mak.patch
Type: text/x-diff
Size: 2995 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20151225/5ed24ac9/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20151225/5ed24ac9/attachment-0001.sig>

More information about the Buildd-tools-devel mailing list