[Pbuilder-maint] Bug#317998: pbuilder should use apt authentication
Loïc Minier
lool+alioth at via.ecp.fr
Sat Oct 28 17:39:39 CEST 2006
Hi,
On Wed, Jul 13, 2005, Junichi Uekawa wrote:
> 1. gpg installed in base.tgz
And debian-archive-keyring. I personally workaround this with:
if [ "$DISTRIBUTION" != "sarge" ]; then
EXTRAPACKAGES="$EXTRAPACKAGES gnupg debian-archive-keyring"
fi
> 2. method of managing /etc/apt/trusted.gpg inside chroot.
> A. should it be copied from outside chroot?
> B. should it be maintained through complex commands with 'pbuilder update'
> C. should it be bound-mounted? (does apt support having multiple such files
> and merging the results?)
I think that for create, this is the job of the underlying creation
helper (i.e. c?debootstrap). Upgrades should update
/etc/apt/trusted.gpg in chroots as they should for regular system.
This is an etch goal and should simply work.
Concerning local sites, it is the same problem as having an
/etc/apt/preferences, or a longer sources.list, or an apt.conf etc., so
I would say that anyone is free to "pbuilder login" and change it, or
use hooks etc., but it is not what pbuilder should optimize for.
On Sun, Dec 04, 2005, Junichi Uekawa wrote:
> 1. allow unauthenticated per default for pbuilder create/update
> 2. allow installing gnupg package for authentication
> 3. optionally allow not using --allow-unauthenticated
> within pbuilder. Make this option configurable.
I'm not sure this is a good idea. It should work or we should fix it,
no?
On Sat, May 27, 2006, Junichi Uekawa wrote:
> Yes, that's an issue I'm most worried about.
> I was thinking of having some kind of
> deb-noauth http://XXXX/
> kind of apt-lines, in addition to normal deb lines, to signify that I
> don't want authentication because it's a local repos.
I think this is very close to the problem of cdroms, and there is an:
APT::Authentication::TrustCDROM
Perhaps it makes sense to have an
APT::Authentication::TrustLocalRepositories?
Bye,
--
Loïc Minier <lool at dooz.org>
More information about the Pbuilder-maint
mailing list