On Fri, 1 Oct 2010 02:15:27 +0100 Wookey <wookey@wookware.org> wrote: > +++ Neil Williams [2010-09-28 08:43 +0100]: > > ... except that we'd be better using a config file approach as > > outlined in the other message. > > I've now done this. I'll check it in as soon as it's tested OK. I've merged some xapt changes into emdebian-crush trunk/ but I decided to change some of the implementation: 0: use /etc/xapt.d/ 1: switch from Config::Auto (which has lots of YAML dependencies) to Config::IniFiles (which has none). 2: Modify the config parser to match. 3: Bring the config handler into line with dpkg-vendor - the default is whatever is defined by: lc(`dpkg-vendor --query vendor`); Options have been declared in wookshed &usageversion() which are not implemented - build-dep. I've not merged that. You may want to adopt the directory structure from trunk to make it easier to compare changes. (xapt stuff in the xapt directory) > > > Until we work out (or someone tells us) how to do authenticated > > > downloads into a chroot we have to use --force-yes or neither > > > multistrap nor pdebuild-cross actually work at all. I realise > > > this is pretty shoddy but it seemed a lot better than nothing. > > Steve L was nearly as rude as you about this, and worked out what was > needed to use the keys in the 'host' apt config, which is clearly why > it used to work with earlier apt versions. > > diff -Nru multistrap-2.1.6ubuntu2/multistrap > multistrap-2.1.6ubuntu3/multistrap > --- multistrap-2.1.6ubuntu2/multistrap 2010-09-02 > 23:23:46.000000000+0000 +++ multistrap-2.1.6ubuntu3/multistrap > 2010-09-30 18:56:51.000000000+0000 @@ -279,6 +279,8 @@ > > $config_str = ''; > $config_str .= " -o Apt::Architecture=$arch"; > +$config_str .= " -o Dir::Etc::TrustedParts=/etc/apt/trusted.gpg.d"; > +$config_str .= " -o Dir::Etc::Trusted=/etc/apt/trusted.gpg"; > $config_str .= " -o Apt::Get::AllowUnauthenticated=true" > if (defined $noauth); > $config_str .= " -o Apt::Get::Download-Only=true"; > > This doesn't solve the case where we are installing something > different from the host (where we need to install the required keys > into the chroot apt keyring), but it gets us back to where we were > before. I'll check whether it actually needs to be "installed" or simply unpacked and maybe mangled with a call to gpg. Alternatively, the keyring package can be required outside the chroot and then the keyring copied inside. Looks like this should be simple: dpkg -X emdebian-archive-keyring /$dir/ if ($package eq $keyring_package) { gpg --no-default-keyring --homedir= $dir/etc/apt/trusted.gpg.d/ --keyring=combined.gpg --import /$dir/usr/share/keyrings/emdebian-archive-keyring.gpg } or similar... -- Neil Williams ============= http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/
Attachment:
pgp85fCIDhsOV.pgp
Description: PGP signature