Fix Grml repository usage
More recent versions of apt no longer accept unsigned repositories, and fail with:
| The following signatures couldn't be verified because the public key is not available: NO_PUBKEY
21E0CA38EA2EA4AB
| Reading package lists... Done
| W: GPG error: http://deb.grml.org grml-stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY
21E0CA38EA2EA4AB
| E: The repository 'http://deb.grml.org grml-stable InRelease' is not signed.
| N: Updating from such a repository can't be done securely, and is therefore disabled by default.
| N: See apt-secure(8) manpage for repository creation and user configuration details.
By enabling the Acquire::AllowInsecureRepositories=1 option, we can avoid this failure:
| W: GPG error: http://deb.grml.org grml-stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY
21E0CA38EA2EA4AB
| W: The repository 'http://deb.grml.org grml-stable InRelease' is not signed.
| N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
| N: See apt-secure(8) manpage for repository creation and user configuration details.
While at it:
* simplify code
* don't check for "grml" inside /etc/apt/sources.list.d/grml.list,
instead assume the file was set up as needed if it exists already
* improve apt pinning configuration:
- no need to pin Grml *and* Debian repositories, instead let's
set up only the Grml repository and reduce it to a pinning of 100
- use /etc/apt/preferences.d/grml.pref instead of /etc/apt/preferences
* drop direct gpg usage, this is error prone (gpg keyservers known to be
unavailable, we might not have gpg executable available, its code is
fallback and untested,...)
* set up Grml's apt configuration with usage of
"signed-by=/usr/share/keyrings/grml-archive-keyring.gpg"
Thanks: Karl Voit for the bug report
Closes: grml/grml-debootstrap#187
projects / grml-debootstrap.git / commit