Re: pdebuild-cross fixes in wook-shed branch

To: debian-embedded@lists.debian.org
Subject: Re: pdebuild-cross fixes in wook-shed branch
From: Neil Williams <codehelp@debian.org>
Date: Sat, 2 Oct 2010 14:42:49 +0100
Message-id: <[🔎] 20101002144249.6c736859.codehelp@debian.org>
In-reply-to: <[🔎] 20101001011527.GY32311@dream.aleph1.co.uk>
References: <20100914012812.GX1447@dream.aleph1.co.uk> <20100925133431.4fb130dd.codehelp@debian.org> <20100927140014.GB32311@dream.aleph1.co.uk> <20100928084311.68fbd2b3.codehelp@debian.org> <[🔎] 20101001011527.GY32311@dream.aleph1.co.uk>

On Fri, 1 Oct 2010 02:15:27 +0100
Wookey <wookey@wookware.org> wrote:

> +++ Neil Williams [2010-09-28 08:43 +0100]:
> > ... except that we'd be better using a config file approach as
> > outlined in the other message.
> 
> I've now done this. I'll check it in as soon as it's tested OK.

I've merged some xapt changes into emdebian-crush trunk/ but I decided
to change some of the implementation:

0: use /etc/xapt.d/ 
1: switch from Config::Auto (which has lots of YAML dependencies) to
Config::IniFiles (which has none).
2: Modify the config parser to match.
3: Bring the config handler into line with dpkg-vendor - the default is
whatever is defined by:
	lc(`dpkg-vendor --query vendor`);

Options have been declared in wookshed &usageversion() which are
not implemented - build-dep. I've not merged that.

You may want to adopt the directory structure from trunk to make it
easier to compare changes. (xapt stuff in the xapt directory)

> > > Until we work out (or someone tells us) how to do authenticated
> > > downloads into a chroot we have to use --force-yes or neither
> > > multistrap nor pdebuild-cross actually work at all. I realise
> > > this is pretty shoddy but it seemed a lot better than nothing.
> 
> Steve L was nearly as rude as you about this, and worked out what was
> needed to use the keys in the 'host' apt config, which is clearly why
> it used to work with earlier apt versions.
> 
> diff -Nru multistrap-2.1.6ubuntu2/multistrap
> multistrap-2.1.6ubuntu3/multistrap
> --- multistrap-2.1.6ubuntu2/multistrap	2010-09-02
> 23:23:46.000000000+0000 +++ multistrap-2.1.6ubuntu3/multistrap
> 2010-09-30 18:56:51.000000000+0000 @@ -279,6 +279,8 @@
>  
>  $config_str = '';
>  $config_str .= " -o Apt::Architecture=$arch";
> +$config_str .= " -o Dir::Etc::TrustedParts=/etc/apt/trusted.gpg.d";
> +$config_str .= " -o Dir::Etc::Trusted=/etc/apt/trusted.gpg";
>  $config_str .= " -o Apt::Get::AllowUnauthenticated=true"
>    		if (defined $noauth);
>  $config_str .= " -o Apt::Get::Download-Only=true";
> 
> This doesn't solve the case where we are installing something
> different from the host (where we need to install the required keys
> into the chroot apt keyring), but it gets us back to where we were
> before. 

I'll check whether it actually needs to be "installed" or simply
unpacked and maybe mangled with a call to gpg. Alternatively, the
keyring package can be required outside the chroot and then the keyring
copied inside.

Looks like this should be simple:
dpkg -X emdebian-archive-keyring /$dir/
if ($package eq $keyring_package) {
gpg --no-default-keyring --homedir=
 $dir/etc/apt/trusted.gpg.d/ --keyring=combined.gpg
 --import /$dir/usr/share/keyrings/emdebian-archive-keyring.gpg
}
or similar...

-- 


Neil Williams
=============
http://www.data-freedom.org/
http://www.linux.codehelp.co.uk/
http://e-mail.is-not-s.ms/

Attachment: pgp85fCIDhsOV.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: pdebuild-cross fixes in wook-shed branch
  - From: Neil Williams <codehelp@debian.org>

References:
- Re: pdebuild-cross fixes in wook-shed branch
  - From: Wookey <wookey@wookware.org>

Prev by Date: Re: pdebuild-cross fixes in wook-shed branch
Next by Date: Re: pdebuild-cross fixes in wook-shed branch
Previous by thread: Re: pdebuild-cross fixes in wook-shed branch
Next by thread: Re: pdebuild-cross fixes in wook-shed branch
Index(es):
- Date
- Thread