Support and enable per default --keyring option. [Closes: issue746]

diff --git a/cmdlineopts.clp b/cmdlineopts.clp
index acb9489..cdb6640 100644 (file)
--- a/cmdlineopts.clp
+++ b/cmdlineopts.clp
@@ -13,7 +13,7 @@
 ################################################################################
 
 _opt_temp=`getopt --name grml-debootstrap -o +m:i:r:t:p:c:d:vhV --long \
 ################################################################################
 
 _opt_temp=`getopt --name grml-debootstrap -o +m:i:r:t:p:c:d:vhV --long \

-    mirror:,iso:,release:,target:,mntpoint:,debopt:,interactive,nodebootstrap,config:,confdir:,packages::,chroot-scripts::,scripts::,debconf::,keep_src_list,hostname:,password:,bootappend:,grub:,arch:,verbose,help,version \
+    mirror:,iso:,release:,target:,mntpoint:,debopt:,interactive,nodebootstrap,config:,confdir:,packages::,chroot-scripts::,scripts::,debconf::,keep_src_list,hostname:,password:,bootappend:,grub:,arch:,insecure,verbose,help,version \

   -- "$@"`
 if [ $? != 0 ]; then
   eerror "Try 'grml-debootstrap --help' for more information."; eend 1; exit 1
   -- "$@"`
 if [ $? != 0 ]; then
   eerror "Try 'grml-debootstrap --help' for more information."; eend 1; exit 1


@@ -51,6 +51,9 @@ while :; do
   --arch)              # Target architecutre
     shift; _opt_arch="$1"
     ;;
   --arch)              # Target architecutre
     shift; _opt_arch="$1"
     ;;

+  --insecure)
+    _opt_insecure=T
+    ;;

   #
 
   # == Configuration options
   #
 
   # == Configuration options

diff --git a/config b/config
index caa3a32..f99d312 100644 (file)
--- a/config
+++ b/config
@@ -93,6 +93,10 @@ HOSTNAME='grml'
 # supported values: debootstrap cdebootstrap
 DEBOOTSTRAP='debootstrap'
 
 # supported values: debootstrap cdebootstrap
 DEBOOTSTRAP='debootstrap'
 

+# check signature of release file per default
+# set to any other value then yes to disable signature checks.
+SECURE='yes'
+

 # To pass extra parameters to the debootstrap command. This feature allows
 # grml-debootstrap to pass extra parameters, e.g., --include=, --exclude=,
 # --components=, etc to debootstrap. E.g.,
 # To pass extra parameters to the debootstrap command. This feature allows
 # grml-debootstrap to pass extra parameters, e.g., --include=, --exclude=,
 # --components=, etc to debootstrap. E.g.,

diff --git a/grml-debootstrap b/grml-debootstrap
index a82a853..99e71ac 100755 (executable)
--- a/grml-debootstrap
+++ b/grml-debootstrap
@@ -49,6 +49,7 @@ Bootstrap options:
       --nodebootstrap    Skip debootstrap, only do configuration to the target.
       --grub <device>    Target for grub installation. Usage example: /dev/sda
       --arch <arch>      Architecture to use. Currently only i386 is supported.
       --nodebootstrap    Skip debootstrap, only do configuration to the target.
       --grub <device>    Target for grub installation. Usage example: /dev/sda
       --arch <arch>      Architecture to use. Currently only i386 is supported.

+      --insecure         Do not download and check Release file signatures.

 
 Configuration options:
 
 
 Configuration options:
 


@@ -147,6 +148,7 @@ fi
 [ "$_opt_bootappend" ]          && BOOT_APPEND=$_opt_bootappend
 [ "$_opt_grub" ]                && GRUB=$_opt_grub
 [ "$_opt_arch" ]                && ARCH=$_opt_arch
 [ "$_opt_bootappend" ]          && BOOT_APPEND=$_opt_bootappend
 [ "$_opt_grub" ]                && GRUB=$_opt_grub
 [ "$_opt_arch" ]                && ARCH=$_opt_arch

+[ "$_opt_insecure" ]            && SECURE='false'

 [ "$_opt_verbose" ]             && VERBOSE="-v"
 
 [ "$_opt_help" ] && {
 [ "$_opt_verbose" ]             && VERBOSE="-v"
 
 [ "$_opt_help" ] && {


@@ -591,6 +593,19 @@ else
 fi
 # }}}
 
 fi
 # }}}
 

+# keyring setupt {{{
+KEYRING=""
+if [ "$SECURE" = 'yes' ] ; then
+   if [ -e '/etc/apt/trusted.gpg' ] ; then
+      KEYRING="--keyring /etc/apt/trusted.gpg"
+   else
+      eerror "Could not find /etc/apt/trusted.gpg."
+   fi
+else
+   ewarn "Not checking Release signatures!"
+fi
+# }}}
+

 # make sure we have the right syntax when using an iso image {{{
 if [ -n "$ISO" ] ; then
    case $ISO in
 # make sure we have the right syntax when using an iso image {{{
 if [ -n "$ISO" ] ; then
    case $ISO in


@@ -735,9 +750,9 @@ debootstrap_system() {
   if grep -q "$MNTPOINT" /proc/mounts || [ -n "$DIRECTORY" ] ; then
      einfo "Running $DEBOOTSTRAP $DEBOOTSTRAP_OPT for release ${RELEASE}${ARCHINFO} using ${MIRROR}${ISO}"
      if [ -n "$MIRROR" ] ; then
   if grep -q "$MNTPOINT" /proc/mounts || [ -n "$DIRECTORY" ] ; then
      einfo "Running $DEBOOTSTRAP $DEBOOTSTRAP_OPT for release ${RELEASE}${ARCHINFO} using ${MIRROR}${ISO}"
      if [ -n "$MIRROR" ] ; then

-        $DEBOOTSTRAP $ARCHCMD $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $MIRROR
+        $DEBOOTSTRAP $ARCHCMD $KEYRING $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $MIRROR

      else
      else

-        $DEBOOTSTRAP $ARCHCMD $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $ISO
+        $DEBOOTSTRAP $ARCHCMD $KEYRING $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $ISO

      fi
      eend $?
   else
      fi
      eend $?
   else

diff --git a/grml-debootstrap.8.txt b/grml-debootstrap.8.txt
index adf6383..0e69323 100644 (file)
--- a/grml-debootstrap.8.txt
+++ b/grml-debootstrap.8.txt
@@ -103,6 +103,10 @@ Options and environment variables
 
     Skip debootstrap, only do configuration to the target.
 
 
     Skip debootstrap, only do configuration to the target.
 

+*--insecure*::
+
+    Do not download and check signatures for retrieved Release files.
+

 *-p*, *--mntpoint* <_/mntpoint_>::
 
     Specify mountpoint that should be used for mounting the target system.
 *-p*, *--mntpoint* <_/mntpoint_>::
 
     Specify mountpoint that should be used for mounting the target system.