[pbuilder] 02/02: modules: Copy keyrings to /etc/apt/trusted.gpg.d instead of using apt-key

James Clarke jrtc27-guest at moszumanska.debian.org
Thu Sep 8 22:58:43 UTC 2016


This is an automated email from the git hooks/post-receive script.

jrtc27-guest pushed a commit to branch master
in repository pbuilder.

commit de914ad814fe51179ef35993c5336b9355e84ccf
Author: James Clarke <jrtc27 at jrtc27.com>
Date:   Thu Sep 8 23:58:06 2016 +0100

    modules: Copy keyrings to /etc/apt/trusted.gpg.d instead of using apt-key
    
    We can no longer rely on being able to use apt-key in a minimal chroot,
    because gnupg has been demoted to a Recommends in apt. Instead, the
    keyrings can be copied directly into /etc/apt/trusted.gpg.d.
---
 pbuilder-modules | 12 ++++++++++--
 pbuilder.8       |  9 +++++++++
 pbuilderrc.5     |  9 +++++++++
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/pbuilder-modules b/pbuilder-modules
index 63335c7..a9f1ffa 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -794,9 +794,17 @@ function conditional_cp_a() {
 function add_additional_aptkeyrings() {
 # To support package verification inside the repository we may have to import
 # additional keys.
+    local filename
+    local dest
     for KEY in "${APTKEYRINGS[@]}"; do
-        log.i "adding apt key file ${KEY}."
-        $CHROOTEXEC apt-key add - < "${KEY}" > /dev/null
+        filename="$(basename "${KEY}")"
+        if [ "${filename:(-4):4}" != ".gpg" ]; then
+            log.e "apt key file does not end in .gpg"
+            exit 1
+        fi
+        dest="${BUILDPLACE}/etc/apt/trusted.gpg.d/${filename}"
+        log.i "copying apt key file ${KEY} to ${dest}"
+        cp -n "${KEY}" "${dest}"
     done
 }
 
diff --git a/pbuilder.8 b/pbuilder.8
index 6e0bc71..af69123 100644
--- a/pbuilder.8
+++ b/pbuilder.8
@@ -510,6 +510,15 @@ debootstrap (use
 debian-archive-keyring package inside the chroot is used. Can be specified
 multiple times.
 
+Keyrings are copied into
+.I "/etc/apt/trusted.gpg.d"
+in the chroot, which has been used by debian-archive-keyring since 2011.10.21
+in wheezy. For older chroots, use a
+.B G
+hook to run
+.B "apt\-key"
+manually.
+
 .TP
 .BI "\-\-save\-after\-login "
 .TP
diff --git a/pbuilderrc.5 b/pbuilderrc.5
index 9fee459..236e635 100644
--- a/pbuilderrc.5
+++ b/pbuilderrc.5
@@ -226,6 +226,15 @@ debootstrap (use
 .B "$DEBOOTSTRAPOPTS"
 ). Use this to add (local) signed repositories. By default the
 debian-archive-keyring package inside the chroot is used.
+
+Keyrings are copied into
+.I "/etc/apt/trusted.gpg.d"
+in the chroot, which has been used by debian-archive-keyring since 2011.10.21
+in wheezy. For older chroots, use a
+.B G
+hook to run
+.B "apt\-key"
+manually.
 .TP
 .BI "DEBOOTSTRAP=" "debootstrap"
 Use this option to switch the implementation of

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pbuilder/pbuilder.git



More information about the Pbuilder-maint mailing list