Bug#633356: live-build: use LB_APT_SECURE too when bootstrapping system
Package: live-build
Version: 3.0~a23-1
Severity: normal
Tags: patch
Due to a recent change in debootstrap (#560038), it now validates archives' signatures by default.
This is a problem if we are installing (for example) from a local mirror which hasn't the Release.gpg file.
The --no-check-gpg option has been added to override this (#624229).
I made a small patch to use that option if LB_APT_SECURE is false.
Ciao,
Eugenio
-- Package-specific info:
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.39.1-ck1-g7 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages live-build depends on:
ii cdebootstrap 0.5.7 Bootstrap a Debian system
ii debootstrap 1.0.32 Bootstrap a basic Debian system
Versions of packages live-build recommends:
ii cpio 2.11-7 GNU cpio -- a program to manage ar
ii gettext-base 0.18.1.1-3 GNU Internationalization utilities
pn gnu-fdisk <none> (no description available)
Versions of packages live-build suggests:
ii dosfstools 3.0.9-1 utilities for making and checking
ii fakeroot 1.16-1 tool for simulating superuser priv
ii genisoimage 9:1.1.11-1 Creates ISO-9660 CD-ROM filesystem
ii grub 0.97-65 GRand Unified Bootloader (dummy pa
pn memtest86+ | memtest86 <none> (no description available)
ii mtools 4.0.12-1 Tools for manipulating MSDOS files
ii parted 2.3-6 disk partition manipulator
ii squashfs-tools 1:4.2-3 Tool to create and append to squas
ii sudo 1.7.4p6-1 Provide limited super user privile
ii syslinux 2:4.04+dfsg-2 collection of boot loaders
ii uuid-runtime 2.19.1-2 runtime components for the Univers
ii win32-loader 0.7.3 Debian-Installer loader for win32
-- no debconf information
*** /home/g7/semplice/emily/unstable_fixes/live-build/live-build-3.0~a23/debian/patches/aptsecure_debootstrap.diff
--- a/scripts/build/lb_bootstrap_debootstrap
+++ b/scripts/build/lb_bootstrap_debootstrap
@@ -103,6 +103,13 @@
DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --verbose"
fi
+# If LB_APT_SECURE is false, do not check signatures of the Release file
+# WARNING: debootstrap 1.0.30 or later required!
+if [ "${LB_APT_SECURE}" = "false" ]
+then
+ DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --no-check-gpg"
+fi
+
if [ -x "/usr/sbin/debootstrap" ]
then
if [ "${LB_CACHE_PACKAGES}" = "true" ]
Reply to: