[Pbuilder-maint] Bug#317998: pbuilder should use apt authentication

[Loïc Minier]

        Hi,

On Wed, Jul 13, 2005, Junichi Uekawa wrote:
> 1. gpg installed in base.tgz

 And debian-archive-keyring.  I personally workaround this with:
    if [ "$DISTRIBUTION" != "sarge" ]; then
        EXTRAPACKAGES="$EXTRAPACKAGES gnupg debian-archive-keyring"
    fi

> 2. method of managing /etc/apt/trusted.gpg inside chroot.
>   A. should it be copied from outside chroot?
>   B. should it be maintained through complex commands with 'pbuilder update'
>   C. should it be bound-mounted? (does apt support having multiple such files
>      and merging the results?)

 I think that for create, this is the job of the underlying creation
 helper (i.e. c?debootstrap).  Upgrades should update
 /etc/apt/trusted.gpg in chroots as they should for regular system.
 This is an etch goal and should simply work.

 Concerning local sites, it is the same problem as having an
 /etc/apt/preferences, or a longer sources.list, or an apt.conf etc., so
 I would say that anyone is free to "pbuilder login" and change it, or
 use hooks etc., but it is not what pbuilder should optimize for.

On Sun, Dec 04, 2005, Junichi Uekawa wrote:
> 1. allow unauthenticated per default for pbuilder create/update
> 2. allow installing gnupg package for authentication
> 3. optionally allow not using --allow-unauthenticated 
>   within pbuilder. Make this option configurable.

 I'm not sure this is a good idea.  It should work or we should fix it,
 no?

On Sat, May 27, 2006, Junichi Uekawa wrote:
> Yes, that's an issue I'm most worried about. 
> I was thinking of having some kind of 
> 	deb-noauth http://XXXX/ 
> kind of apt-lines, in addition to normal deb lines, to signify that I
> don't want authentication because it's a local repos.

 I think this is very close to the problem of cdroms, and there is an:
    APT::Authentication::TrustCDROM

 Perhaps it makes sense to have an
 APT::Authentication::TrustLocalRepositories?

   Bye,
-- 
Loïc Minier <lool at dooz.org>