Frans Pop wrote: > Would it be worth creating an alias for it (as it is very long in its raw form)? I don't want to make it too easy to use this. > Should this be really be kept by default for the target system? If so, > that should be documented very clearly. Probably best to remove it at the end. Updated patch: Index: manual/en/appendix/preseed.xml =================================================================== --- manual/en/appendix/preseed.xml (revision 45117) +++ manual/en/appendix/preseed.xml (working copy) @@ -1048,6 +1048,11 @@ # apt will complain about the unauthenticated repository and so the # sources.list line will be left commented out #d-i apt-setup/local0/key string http://local.server/key + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +#d-i debian-installer/allow_unauthenticated string true </screen></informalexample> </sect2> Index: manual/en/boot-installer/parameters.xml =================================================================== --- manual/en/boot-installer/parameters.xml (revision 45117) +++ manual/en/boot-installer/parameters.xml (working copy) @@ -362,6 +362,17 @@ </para></listitem> </varlistentry> +<varlistentry> +<term>debian-installer/allow_unauthenticated</term> +<listitem><para> + +By default the installer requires that repositories be authenticated +using a known gpg key. Set to <userinput>true</userinput> to +disable that authentication. Warning: Insecure, not recommended. + +</para></listitem> +</varlistentry> + <varlistentry arch="alpha;m68k;mips;mipsel"> <term>ramdisk_size</term> <listitem><para> Index: packages/rootskel/debian/changelog =================================================================== --- packages/rootskel/debian/changelog (revision 45117) +++ packages/rootskel/debian/changelog (working copy) @@ -1,3 +1,11 @@ +rootskel (1.50) UNRELEASED; urgency=low + + * Add new debian-installer/allow_unauthenticated template, will be used by + choose-mirror and base-installer to allow forcing installation even if + the mirror doesn't auth. + + -- Joey Hess <joeyh@debian.org> Thu, 15 Feb 2007 13:51:22 -0500 + rootskel (1.49) unstable; urgency=low * Support blacklisting of modules from the boot prompt using the syntax Index: packages/rootskel/debian/templates-arch =================================================================== --- packages/rootskel/debian/templates-arch (revision 45117) +++ packages/rootskel/debian/templates-arch (working copy) @@ -22,3 +22,8 @@ Type: string Description: for internal use; can be preseeded Theme to use for the (newt or gtk) frontend + +Template: debian-installer/allow_unauthenticated +Type: boolean +Default: false +Description: for internal use; can be preseeded Index: packages/net-retriever/debian/changelog =================================================================== --- packages/net-retriever/debian/changelog (revision 45117) +++ packages/net-retriever/debian/changelog (working copy) @@ -1,3 +1,10 @@ +net-retriever (1.14) UNRELEASED; urgency=low + + * If debian-installer/allow_unauthenticated is true, only log a warning + if authentication fails. + + -- Joey Hess <joeyh@debian.org> Thu, 15 Feb 2007 14:04:02 -0500 + net-retriever (1.13) unstable; urgency=low [ Updated translations ] Index: packages/net-retriever/net-retriever =================================================================== --- packages/net-retriever/net-retriever (revision 45117) +++ packages/net-retriever/net-retriever (working copy) @@ -105,7 +105,7 @@ Release="/tmp/net-retriever-$$-Release" fetch "dists/$codename/Release" "$Release" || exit $? # If gpgv and a keyring are installed, authentication is - # mandatory. + # mandatory by default. if type gpgv >/dev/null && [ -f "$keyring" ]; then if ! fetch "dists/$codename/Release.gpg" "$Release.gpg"; then error "dists/$codename/Release is unsigned." @@ -114,7 +114,11 @@ gpgv --status-fd 1 --keyring "$keyring" \ --ignore-time-conflict \ "$Release.gpg" "$Release" | read_gpg_status; then - error "Bad signature on $Release." + if db_get debian-installer/allow_unauthenticated && [ "$RET" = true ]; then + log "Ignoring bad signature on $Release." + else + error "Bad signature on $Release." + fi fi fi Index: packages/base-installer/debian/postinst =================================================================== --- packages/base-installer/debian/postinst (revision 45117) +++ packages/base-installer/debian/postinst (working copy) @@ -173,7 +173,9 @@ exclude="--exclude=${EXCLUDES}" fi if type gpgv >/dev/null && [ -f "$KEYRING" ]; then - keyring="--keyring=${KEYRING}" + if ! db_get debian-installer/allow_unauthenticated || [ "$RET" != true ]; then + keyring="--keyring=${KEYRING}" + fi fi test -d $ETCDIR || mkdir -p $ETCDIR @@ -259,6 +261,14 @@ cat > /target/etc/apt/apt.conf.d/00IgnoreTimeConflict << EOT Acquire::gpgv::Options { "--ignore-time-conflict"; }; EOT + + if db_get debian-installer/allow_unauthenticated && [ "$RET" = true ]; then + # This file will be left in place until the end of the install. + cat > /target/etc/apt/apt.conf.d/00AllowUnauthenticated << EOT +APT::Get::AllowUnauthenticated "true"; +EOT + fi + # let apt inside the chroot see the cdrom if [ "$PROTOCOL" = file ] ; then if [ -n "$DIRECTORY" ]; then Index: packages/base-installer/debian/changelog =================================================================== --- packages/base-installer/debian/changelog (revision 45167) +++ packages/base-installer/debian/changelog (working copy) @@ -5,8 +5,11 @@ [ Joey Hess ] * Add support for armel. + * If debian-installer/allow_unauthenticated exists and is true, write a + /etc/apt/apt.conf.d/00AllowUnauthenticated file making apt allow + unauthenticated mirrors. - -- Joey Hess <joeyh@debian.org> Wed, 14 Feb 2007 16:28:10 -0500 + -- Joey Hess <joeyh@debian.org> Thu, 15 Feb 2007 13:58:34 -0500 base-installer (1.72) unstable; urgency=low Index: packages/base-installer/finish-install =================================================================== --- packages/base-installer/finish-install (revision 45117) +++ packages/base-installer/finish-install (working copy) @@ -2,4 +2,5 @@ set -e rm -f /target/etc/apt/apt.conf.d/00NoMountCDROM \ - /target/etc/apt/apt.conf.d/00IgnoreTimeConflict + /target/etc/apt/apt.conf.d/00IgnoreTimeConflict \ + /target/etc/apt/apt.conf.d/00AllowUnauthenticated -- see shy jo
Attachment:
signature.asc
Description: Digital signature