Re: debootstrap InRelease file support
On Fri, Sep 16, 2016 at 13:55:53 -0400, Lennart Sorensen wrote:
> On Fri, Sep 16, 2016 at 06:59:44PM +0200, Julien Cristau wrote:
> > On Fri, Sep 2, 2016 at 20:35:12 +0200, Julien Cristau wrote:
> >
> > > On Mon, Aug 15, 2016 at 12:12:02 +0200, Ansgar Burchardt wrote:
> > >
> > > > If you restore support for `InRelease` and want to use `gpgv`, please
> > > > split `InRelease` into two files, i.e. `Release` and `Release.gpg`, and
> > > > verify that the signature actually covers all of `Release`.
> > > >
> > > Here's an attempt at doing that. Only lightly tested.
> > >
> > Ansgar pointed out on IRC that so far nothing in debootstrap requires
> > awk on the host. I haven't found a way to kill the last newline with
> > sed in a quick attempt, and I don't know how big of a deal requiring awk
> > would be, so help welcome.
>
> How about instead of the awk bit using:
>
> sed '1,/^$/d;/^-----BEGIN PGP SIGNATURE-----$/,$d' < "$inreldest" > "$reldest"
>
> At least that works for the InRelease in debian sid since it has a blank
> line at the end of the PGP header before the Release file data.
>
My problem is getting something that I can feed to gpgv to verify the
signature, I don't think your command provides that.
Cheers,
Julien
Reply to: