On Thu, Feb 06, 2020 at 03:28:28PM +0100, Johannes Schauer wrote: > "I have a keyring I know that I want to use (like > /usr/share/keyrings/ubuntu-archive-keyring.gpg) -- is the key material from > that keyring fully included in the keys trusted by apt?" That is a question though you should ideally ask apt instead of trying to peak inside its trusted keyrings and figure it out by yourself. Who knows what might change in the keyring setup in the future. [0] So if you can outline an interface I guess we can add it to apt-key to decouple mmdebstrap from this (I didn't mention your bootstrap specifically as I thought you were one of the lucky ones by delegate all these problems to apt). That said, I wonder why you are trying to answer that at all. Just place the keyring in apts trusted store for the bootstrap and remove it afterwards. Duplicated keys are no problem and the chroot hopefully ends up with the keyring package(s) it needs? (Anyway, different topic) Best regards David Kalnischkies [0] If I ever get back to https://salsa.debian.org/apt-team/apt/merge_requests/33 the answer to which keyring is in the trusted set becomes a lot harder and/or undefined without additional knowledge. It is sorta-blocked by me realizing I would have to interact more with gpg(v) for this…
Attachment:
signature.asc
Description: PGP signature