David Kalnischkies wrote: > You can fix this easily by setting Dir::Etc::Trusted to the same > value as APT::GPGV::TrustedKeyring - the code in libapt which > should have done this does it unfortunately too early… Yes, I've done so in d-i svn. I assume getting apt 0.8.0 into testing is not currently in the cards. It should at least not get in before the next d-i upload. Up to you whether you leave this bug RC or not. (/etc/apt/trusted.gpg) > I honestly don't know why 600 - APT doesn't seem to set a mod on it > so it should be gpg at the time the first keyring is inserted… gpg does make keyrings 600 by default. On older systems, the file was created by something else, so its mode can vary. I think that is a bug by itself -- it should be possible for regular users to verify things against the system's apt's trust keyring. The only reason d-i's build overrides the keyring in the first place, really, is because the build process does not run as root. -- see shy jo
Attachment:
signature.asc
Description: Digital signature