[pbuilder] 02/02: modules: Copy keyrings to /etc/apt/trusted.gpg.d instead of using apt-key
James Clarke
jrtc27-guest at moszumanska.debian.org
Thu Sep 8 22:58:43 UTC 2016
This is an automated email from the git hooks/post-receive script.
jrtc27-guest pushed a commit to branch master
in repository pbuilder.
commit de914ad814fe51179ef35993c5336b9355e84ccf
Author: James Clarke <jrtc27 at jrtc27.com>
Date: Thu Sep 8 23:58:06 2016 +0100
modules: Copy keyrings to /etc/apt/trusted.gpg.d instead of using apt-key
We can no longer rely on being able to use apt-key in a minimal chroot,
because gnupg has been demoted to a Recommends in apt. Instead, the
keyrings can be copied directly into /etc/apt/trusted.gpg.d.
---
pbuilder-modules | 12 ++++++++++--
pbuilder.8 | 9 +++++++++
pbuilderrc.5 | 9 +++++++++
3 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/pbuilder-modules b/pbuilder-modules
index 63335c7..a9f1ffa 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -794,9 +794,17 @@ function conditional_cp_a() {
function add_additional_aptkeyrings() {
# To support package verification inside the repository we may have to import
# additional keys.
+ local filename
+ local dest
for KEY in "${APTKEYRINGS[@]}"; do
- log.i "adding apt key file ${KEY}."
- $CHROOTEXEC apt-key add - < "${KEY}" > /dev/null
+ filename="$(basename "${KEY}")"
+ if [ "${filename:(-4):4}" != ".gpg" ]; then
+ log.e "apt key file does not end in .gpg"
+ exit 1
+ fi
+ dest="${BUILDPLACE}/etc/apt/trusted.gpg.d/${filename}"
+ log.i "copying apt key file ${KEY} to ${dest}"
+ cp -n "${KEY}" "${dest}"
done
}
diff --git a/pbuilder.8 b/pbuilder.8
index 6e0bc71..af69123 100644
--- a/pbuilder.8
+++ b/pbuilder.8
@@ -510,6 +510,15 @@ debootstrap (use
debian-archive-keyring package inside the chroot is used. Can be specified
multiple times.
+Keyrings are copied into
+.I "/etc/apt/trusted.gpg.d"
+in the chroot, which has been used by debian-archive-keyring since 2011.10.21
+in wheezy. For older chroots, use a
+.B G
+hook to run
+.B "apt\-key"
+manually.
+
.TP
.BI "\-\-save\-after\-login "
.TP
diff --git a/pbuilderrc.5 b/pbuilderrc.5
index 9fee459..236e635 100644
--- a/pbuilderrc.5
+++ b/pbuilderrc.5
@@ -226,6 +226,15 @@ debootstrap (use
.B "$DEBOOTSTRAPOPTS"
). Use this to add (local) signed repositories. By default the
debian-archive-keyring package inside the chroot is used.
+
+Keyrings are copied into
+.I "/etc/apt/trusted.gpg.d"
+in the chroot, which has been used by debian-archive-keyring since 2011.10.21
+in wheezy. For older chroots, use a
+.B G
+hook to run
+.B "apt\-key"
+manually.
.TP
.BI "DEBOOTSTRAP=" "debootstrap"
Use this option to switch the implementation of
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pbuilder/pbuilder.git
More information about the Pbuilder-maint
mailing list