Package: debian-cd
Severity: normal
Tags: patch
Control: block 879642 by -1
With recent changes to apt requiring signed repositories, simple-cdd is
unable to build an image, as it dynamically generates an unsigned apt
repository.
A patch below adds an option to apt to allow insecure repositories when
ARCHIVE_UNSIGNED=1. An alternate approach would be to add [trusted=yes]
on each of the sources.list entries.
I'm fairly sure this won't impact other parts of the build process, but
not 100% sure.
live well,
vagrant
commit 9bbd627c7ff5abe006a3596d5d8a2cd8e24758ba
Author: Vagrant Cascadian <vagrant@debian.org>
Date: Sun Apr 22 13:28:14 2018 -0700
Add boolean variable ARCHIVE_UNSIGNED, which configures apt to allow
insecure repositories.
In general, use of this option should be avoided, but is useful when
using a custom dynamically generated local repository, where a signed
repository wouldn't necessarily add much in the way of security.
diff --git a/tools/apt-selection b/tools/apt-selection
index 209e0c5..274e546 100755
--- a/tools/apt-selection
+++ b/tools/apt-selection
@@ -44,6 +44,10 @@ options=" -q -o Dir::State::status=$APTTMP/$THIS_PKGSET/status \
-o APT::Architectures::=$ARCH \
-o Acquire::Languages=none"
+if [ "$ARCHIVE_UNSIGNED"x = "1"x ]; then
+ options="$options -o Acquire::AllowInsecureRepositories=true"
+fi
+
sections=main
if [ "${NONFREE:-0}" != "0" ] || [ "${EXTRANONFREE:-0}" != "0" ] || [ "${FORCE_FIRMWARE:-0}" != "0" ]; then
sections="$sections non-free"
Attachment:
signature.asc
Description: PGP signature