On Fri, Jul 25, 2008 at 09:49:00AM +1000, Brian May wrote:
>> Am I the only one that feels very, very uncomfortable about this?
> Yes. Errr... I mean... No! It also makes me uncomfortable too. If there
> is some good reason, I don't know what it is. Even if the network path
> was completely trusted, I can't think why signature checking should be
> disabled.
This is mentioned in the thread that Raphael Geisser points to in the
other message: basically, the buildds skip signature checking because
they also need to get packages from incoming, which are not in a signed
repository. I'm following up to this in a reply to Raphael, though.
> Anyway, I am lazy ;-). How did you reconfigure sbuild to enable
> signature checking?
It seems that you can't, in my version of sbuild, unless you patch the
code. The code responsible for disabling signature checking is in
/usr/share/perl5/Sbuild/Chroot.pm and it does not seem to allow any sort
of customisation:
sub _setup_options (\$\$) {
[...]
if (defined($info) &&
defined($info->{'Location'}) && -d $info->{'Location'}) {
[...]
my $aptconf = "/var/lib/sbuild/apt.conf";
[...]
# Always write out apt.conf, because it may become outdated.
if (my $F = new File::Temp( TEMPLATE => "$aptconf.XXXXXX",
DIR => $self->get('Location'),
UNLINK => 0) ) {
print $F "APT::Get::AllowUnauthenticated true;\n";
print $F "APT::Install-Recommends false;\n";
if (! rename $F->filename, $chroot_aptconf) {
die "Can't rename $F->filename to $chroot_aptconf: $!\n";
}
}
} else {
die $self->get('Chroot ID') . " chroot does not exist\n";
}
}
> (On the topic of schroot and sbuild, I found this references useful; it
> is getting dated now but some parts are still relevant:
> <http://www.pseudorandom.co.uk/2007/sbuild/>
> if only it mentioned what this "apt-get-update" program/script is)
You can actually ignore that if you run something like this before you
start doing your builds of the day:
schroot -c sid-source -- sh -c "apt-get update; apt-get dist-upgrade; apt-get autoclean; apt-get clean"
Ciao,
Enrico
--
GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enrico@debian.org>
Attachment:
signature.asc
Description: Digital signature