Anyway its undone with all the
"W: Download is performed unsandboxed as root
as file
'/mnt/debian_build/rootfs/var/lib/apt/lists/partial/deb.debian.org_debian_dists_stable_InRelease'
couldn't be accessed by user '_apt'. - pkgAcquire::Run (13:
Permission denied)
W: GPG error: http://deb.debian.org/debian
stable InRelease: The following signatures couldn't be
verified because the public key is not available: NO_PUBKEY
04EE7237B7D453EC NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY
DCC9EFBF77E11517
E: The repository 'http://deb.debian.org/debian
stable InRelease' is not signed.
"
yes i've found the threadds about adding the keys , gpg and all that
- didn't work
sure...
--allow-unauthenticated
Ignore if packages can't be authenticated and don't
prompt about it. This can be useful while working with local
repositories, but is a huge security risk if data
authenticity isn't ensured in another way by the user itself.
The
usage of the Trusted option for sources.list(5)
entries should usually be preferred over this global override.
Configuration Item: APT::Get::AllowUnauthenticated.
trouble is it only half works........
or am I misunderstanding the man page ? ......which wouldn't surprise me, lost count of number of times peering through man pages
completely obtuse and wrong.
$ apt --version
apt 1.8.2.3 (amd64)
looking at the source code, looks like some cases of should be skipping the verify fail for "allow-unauthenticated"
and not understanding why....
Changed the code and got much further.
addendum: got to the repo for https://salsa.debian.org/apt-team/apt
its version is 2.3.8, so not sure why update on buster64 didn't have this version
some preliminary diff analysis still seems to
be that "allow-unauthenticated" is NOT going to fully work
the way I understand it should......?