[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?


On 21 August 2016 at 22:05, Johannes Schauer <josch@debian.org> wrote:
> Hi,
> Quoting Peter Samuelson (2016-08-21 11:45:35)
>> [Johannes Schauer]
>> > Old sbuild will not help you. The problem is mainly, that older
>> > chroots contain an apt installation that has no support for the
>> > [trusted=yes] option in sources.list.
>> So if someone really needs this, I guess a workaround would be to
>> backport apt 1.0 to squeeze...?
> you don't need apt 1.0 but "only" apt 0.8.16~exp3 or later. With that apt (or
> later) in your chroot, you will not need a public/private keypair to sign the
> internal dummy repository anymore.
> Though before you spend time on attempting to use this solution as a
> workaround, I would like to ask you to instead try to submit an sbuild patch
> which restores squeeze support by mangling the gpg keys in the right way. That
> would certainly help more users.

Surely old sbuild gpg key handing works correctly with gpg1.
(Try gpg1 first, if missing use gpg, assume it's classic gpg1)

With new enough apt, no gpg key handing is needed.

No support for gpg2 is needed, as any chroots with gpg2 by default
will also have new enough apt.

Thus we can have old gpg key handing, and users need to install gpg1
if they want to build for old distros; and it will be entirely ignored
by new enough distros.

Or am I missing something?

If I do miss something: Is it possible to upload sbuild without any
gpg handling for current distros, and upload sbuild-old new source
package snapshot with gpg1 handling for old distros?



Reply to: