Bug#851774: fixed in apt-setup 1:0.151
On Fri, Jul 12, 2019 at 09:07:45AM +0000, Cyril Brulebois wrote:
> apt-setup (1:0.151) unstable; urgency=medium
> .
> [ Moritz Mühlenhoff ]
> * When preseeding a local repository via apt-setup/localX/repository,
> the repository key for Secure Apt needs to be configured with
> apt-setup/localX/key. This key used to be set up with apt-key, but
> its use is deprecated and apt's former dependency on gnupg has been
> demoted to a Suggests, rendering apt-key non-functional in d-i.
> Apply a patch by Lars Kollstedt (thanks!) which adds the repository
> key(s) to /etc/apt/trusted.gpg.d, following the approach used by
> pbuilder (Closes: #851774, #928931):
> - .asc suffix if the key file seems to be armoured ASCII (i.e. it
> contains a “-----BEGIN PGP PUBLIC KEY BLOCK-----” line);
> - .gpg suffix otherwise. Please note that only “GPG key public ring”
> are supported by APT, newer “keybox database” format isn't at the
> moment.
Hi Cyril,
as discussed on #debian-boot last week: I've tested a Buster installation with
"d-i mirror/udeb/suite string unstable" and our previous
"d-i base-installer/includes string gnupg" workaround dropped which uses
the https://apt.wikimedia.org repository and that worked fine.
I've also submitted a patch to installation-guide to enhance the docs so that
the constraints for the Secure Apt key file are explicitly mentioned (#932284)
Cheers,
Moritz
Reply to: