Re: pdebuild-cross fixes in wook-shed branch

To: debian-embedded@lists.debian.org
Subject: Re: pdebuild-cross fixes in wook-shed branch
From: Wookey <wookey@wookware.org>
Date: Mon, 27 Sep 2010 15:09:46 +0100
Message-id: <[🔎] 20100927140946.GC32311@dream.aleph1.co.uk>
Mail-followup-to: debian-embedded@lists.debian.org
In-reply-to: <[🔎] 20100925194440.a591ee1a.codehelp@debian.org>
References: <[🔎] 20100914012812.GX1447@dream.aleph1.co.uk> <[🔎] 20100925133431.4fb130dd.codehelp@debian.org> <[🔎] 20100925194440.a591ee1a.codehelp@debian.org>

+++ Neil Williams [2010-09-25 19:44 +0100]:
> On Sat, 25 Sep 2010 13:34:31 +0100
> > > * xapt uses --force-yes so that it works in the presence of
> > > unauthenticated repositories. Without this it installs nothing. 
> 
> Need to handle the keyring packages, probably. (Unauthenticated
> repositories halt before downloading, rather than installing.)

The problem seems to be that the apt config in the target chroot has
no authentication tokens so it complains. This seems fair enough, and
what I don;t unsdertstand is how this ever worked in per 0.8 apt.
Presumably apt fell back to the tokens it already had in the 'real'
install even though we just told it not to look there. So I suspect it
is now working properly, and before we were relying on a handy bug.

I think what is needed is for multstrap to do a bit of apt-key fooage
to get keys out of a) internal file b) specified keyuring packages c)
URL/files (to support PPAs and other 'local' stuff).

I haven't yet worked out how to do this but will mail the deity list
to find out (as no-one has replied to my bugrep asking for
clarification).

> > > This
> > > was previously not set when cross-installing. I don't understand
> > > why, but there may be an issue here. 
> > 
> > There is - use the normal apt support for disabling SecureApt, not
> > --force*. -o Apt::Get::AllowUnauthenticated=true
> 
> That needs to be configurable, with the default to require SecureApt
> and fail if the keyring isn't available. 

It would actually be correct for apt to treat authentication as a
per-repo setting, not an 'everything/nothing' setting. Guess I should
file a bug.

A related issue is that the keyring set required inside the chroot may
be different to the one specified when downloading the chroot files. I
suppose it can be inferred from the debootstrap/aptsources settings. 

> Along with the distribution and default_suites, this can be done via
> emvendor or just plain dpkg-vendor support. 

I don't understand this bit. multistrap and pdebuild-cross can work
independently of emvendor.


Wookey
-- 
Principal hats:  Linaro, Emdebian, Wookware, Balloonboard, ARM
http://wookware.org/

Reply to:

References:
- pdebuild-cross fixes in wook-shed branch
  - From: Wookey <wookey@wookware.org>
- Re: pdebuild-cross fixes in wook-shed branch
  - From: Neil Williams <codehelp@debian.org>
- Re: pdebuild-cross fixes in wook-shed branch
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: Re: pdebuild-cross fixes in wook-shed branch
Next by Date: Re: pdebuild-cross fixes in wook-shed branch
Previous by thread: Re: pdebuild-cross fixes in wook-shed branch
Next by thread: Re: pdebuild-cross fixes in wook-shed branch
Index(es):
- Date
- Thread