From: Michael Prokop Date: Thu, 26 Apr 2012 16:19:06 +0000 (+0200) Subject: Drop --insecure/SECURE option + instead depend on debian-archive-keyring X-Git-Tag: v0.51~6 X-Git-Url: https://git.grml.org/?p=grml-debootstrap.git;a=commitdiff_plain;h=06fc8bd266ad5f2ca4f28af7ae636f5db3c3bc57 Drop --insecure/SECURE option + instead depend on debian-archive-keyring When deploying Debian/squeeze from Debian/wheezy it fails with: | Release signed by unknown key (key id AED4B06F473041FA) and as Ubuntu provides grml-debootstrap in universe but its /etc/apt/trusted.gpg doesn't include Debian's repos keys it also fails there. As soon as /usr/share/keyrings/debian-archive-keyring.gpg is available we don't have to take care of it, so just drop the additional code and deprecate the --insecure cmdline option and SECURE config file option and instead depend on the debian-archive-keyring package. --- diff --git a/cmdlineopts.clp b/cmdlineopts.clp index 845ea73..923cd50 100644 --- a/cmdlineopts.clp +++ b/cmdlineopts.clp @@ -65,6 +65,7 @@ while :; do --arch) # Target architecutre shift; _opt_arch="$1" ;; + # just for backwards compatibility --insecure) _opt_insecure=T ;; diff --git a/config b/config index 4f7bd8b..dba827f 100644 --- a/config +++ b/config @@ -95,10 +95,6 @@ # Default: 'debootstrap' # DEBOOTSTRAP='debootstrap' -# Enable Secure APT (Package sources must be signed). -# Default: 'yes' -# SECURE='no' - # Pass extra options to debootstrap. # Default: no default. # Usage example: diff --git a/debian/control b/debian/control index e17a886..285df43 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,7 @@ Vcs-Browser: http://git.grml.org/?p=grml-debootstrap.git Package: grml-debootstrap Architecture: all -Depends: ${shlibs:Depends}, ${misc:Depends}, debootstrap (>= 0.3.3.3) | cdebootstrap (>= 0.3.16), gawk +Depends: ${shlibs:Depends}, ${misc:Depends}, debootstrap (>= 0.3.3.3) | cdebootstrap (>= 0.3.16), gawk, debian-archive-keyring Recommends: kpartx, mksh, parted, qemu-utils, dialog Description: wrapper around debootstrap for installing pure Debian Provides a wrapper suite around debootstrap and cdebootstrap diff --git a/grml-debootstrap b/grml-debootstrap index 2a6c683..4b46eaa 100755 --- a/grml-debootstrap +++ b/grml-debootstrap @@ -71,7 +71,6 @@ Bootstrap options: --arch Set target architecture, use for installing i386 on amd64. --filesystem Filesystem that should be used when target is a partition or Virtual Machine (see --vmfile). - --insecure Do not download and check Release file signatures. --force Do not prompt for user acknowledgement. Options for Virtual Machine deployment: @@ -327,7 +326,7 @@ fi [ "$_opt_bootappend" ] && BOOT_APPEND=$_opt_bootappend [ "$_opt_grub" ] && GRUB=$_opt_grub [ "$_opt_arch" ] && ARCH=$_opt_arch -[ "$_opt_insecure" ] && SECURE='false' +[ "$_opt_insecure" ] && echo "Warning: --insecure is deprecated, continuing anyway." [ "$_opt_force" ] && FORCE=$_opt_force [ "$_opt_verbose" ] && VERBOSE="-v" @@ -837,19 +836,6 @@ else fi # }}} -# keyring setupt {{{ -KEYRING="" -if [ "$SECURE" = 'yes' ] ; then - if [ -e '/etc/apt/trusted.gpg' ] ; then - KEYRING="--keyring /etc/apt/trusted.gpg" - else - eerror "Could not find /etc/apt/trusted.gpg." - fi -else - ewarn "Not checking Release signatures!" -fi -# }}} - # make sure we have the right syntax when using an iso image {{{ if [ -n "$ISO" ] ; then case $ISO in diff --git a/grml-debootstrap.8.txt b/grml-debootstrap.8.txt index e68f4bb..d45a3d0 100644 --- a/grml-debootstrap.8.txt +++ b/grml-debootstrap.8.txt @@ -106,10 +106,6 @@ Options and environment variables mounted the according Debian-ISO to the given _/mntpoint_. See section 'Usage examples' for a demonstration. -*--insecure*:: - - Do not download and check signatures for retrieved Release files. - *--keep_src_list*:: Do not overwrite user provided /etc/apt/sources.list.