[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#896638: debian-cd: Unable to build CD image with unsigned repository

Package: debian-cd
Severity: normal
Tags: patch
Control: block 879642 by -1

With recent changes to apt requiring signed repositories, simple-cdd is
unable to build an image, as it dynamically generates an unsigned apt

A patch below adds an option to apt to allow insecure repositories when
ARCHIVE_UNSIGNED=1. An alternate approach would be to add [trusted=yes]
on each of the sources.list entries.

I'm fairly sure this won't impact other parts of the build process, but
not 100% sure.

live well,

commit 9bbd627c7ff5abe006a3596d5d8a2cd8e24758ba
Author: Vagrant Cascadian <vagrant@debian.org>
Date:   Sun Apr 22 13:28:14 2018 -0700

    Add boolean variable ARCHIVE_UNSIGNED, which configures apt to allow
    insecure repositories.
    In general, use of this option should be avoided, but is useful when
    using a custom dynamically generated local repository, where a signed
    repository wouldn't necessarily add much in the way of security.

diff --git a/tools/apt-selection b/tools/apt-selection
index 209e0c5..274e546 100755
--- a/tools/apt-selection
+++ b/tools/apt-selection
@@ -44,6 +44,10 @@ options=" -q -o Dir::State::status=$APTTMP/$THIS_PKGSET/status \
 		  -o APT::Architectures::=$ARCH \
 		  -o Acquire::Languages=none"
+if [ "$ARCHIVE_UNSIGNED"x = "1"x ]; then
+    options="$options -o Acquire::AllowInsecureRepositories=true"
 if [ "${NONFREE:-0}" != "0" ] || [ "${EXTRANONFREE:-0}" != "0" ] || [ "${FORCE_FIRMWARE:-0}" != "0" ]; then
 	sections="$sections non-free"

Attachment: signature.asc
Description: PGP signature

Reply to: