From b901134bfb0a25bf1b6c8f25b953bb2231e21e90 Mon Sep 17 00:00:00 2001 From: Ulrich Dangel Date: Wed, 11 Nov 2009 18:20:40 +0100 Subject: [PATCH] Support and enable per default --keyring option. [Closes: issue746] --- cmdlineopts.clp | 5 ++++- config | 4 ++++ grml-debootstrap | 19 +++++++++++++++++-- grml-debootstrap.8.txt | 4 ++++ 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/cmdlineopts.clp b/cmdlineopts.clp index acb9489..cdb6640 100644 --- a/cmdlineopts.clp +++ b/cmdlineopts.clp @@ -13,7 +13,7 @@ ################################################################################ _opt_temp=`getopt --name grml-debootstrap -o +m:i:r:t:p:c:d:vhV --long \ - mirror:,iso:,release:,target:,mntpoint:,debopt:,interactive,nodebootstrap,config:,confdir:,packages::,chroot-scripts::,scripts::,debconf::,keep_src_list,hostname:,password:,bootappend:,grub:,arch:,verbose,help,version \ + mirror:,iso:,release:,target:,mntpoint:,debopt:,interactive,nodebootstrap,config:,confdir:,packages::,chroot-scripts::,scripts::,debconf::,keep_src_list,hostname:,password:,bootappend:,grub:,arch:,insecure,verbose,help,version \ -- "$@"` if [ $? != 0 ]; then eerror "Try 'grml-debootstrap --help' for more information."; eend 1; exit 1 @@ -51,6 +51,9 @@ while :; do --arch) # Target architecutre shift; _opt_arch="$1" ;; + --insecure) + _opt_insecure=T + ;; # # == Configuration options diff --git a/config b/config index caa3a32..f99d312 100644 --- a/config +++ b/config @@ -93,6 +93,10 @@ HOSTNAME='grml' # supported values: debootstrap cdebootstrap DEBOOTSTRAP='debootstrap' +# check signature of release file per default +# set to any other value then yes to disable signature checks. +SECURE='yes' + # To pass extra parameters to the debootstrap command. This feature allows # grml-debootstrap to pass extra parameters, e.g., --include=, --exclude=, # --components=, etc to debootstrap. E.g., diff --git a/grml-debootstrap b/grml-debootstrap index a82a853..99e71ac 100755 --- a/grml-debootstrap +++ b/grml-debootstrap @@ -49,6 +49,7 @@ Bootstrap options: --nodebootstrap Skip debootstrap, only do configuration to the target. --grub Target for grub installation. Usage example: /dev/sda --arch Architecture to use. Currently only i386 is supported. + --insecure Do not download and check Release file signatures. Configuration options: @@ -147,6 +148,7 @@ fi [ "$_opt_bootappend" ] && BOOT_APPEND=$_opt_bootappend [ "$_opt_grub" ] && GRUB=$_opt_grub [ "$_opt_arch" ] && ARCH=$_opt_arch +[ "$_opt_insecure" ] && SECURE='false' [ "$_opt_verbose" ] && VERBOSE="-v" [ "$_opt_help" ] && { @@ -591,6 +593,19 @@ else fi # }}} +# keyring setupt {{{ +KEYRING="" +if [ "$SECURE" = 'yes' ] ; then + if [ -e '/etc/apt/trusted.gpg' ] ; then + KEYRING="--keyring /etc/apt/trusted.gpg" + else + eerror "Could not find /etc/apt/trusted.gpg." + fi +else + ewarn "Not checking Release signatures!" +fi +# }}} + # make sure we have the right syntax when using an iso image {{{ if [ -n "$ISO" ] ; then case $ISO in @@ -735,9 +750,9 @@ debootstrap_system() { if grep -q "$MNTPOINT" /proc/mounts || [ -n "$DIRECTORY" ] ; then einfo "Running $DEBOOTSTRAP $DEBOOTSTRAP_OPT for release ${RELEASE}${ARCHINFO} using ${MIRROR}${ISO}" if [ -n "$MIRROR" ] ; then - $DEBOOTSTRAP $ARCHCMD $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $MIRROR + $DEBOOTSTRAP $ARCHCMD $KEYRING $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $MIRROR else - $DEBOOTSTRAP $ARCHCMD $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $ISO + $DEBOOTSTRAP $ARCHCMD $KEYRING $DEBOOTSTRAP_OPT $RELEASE $MNTPOINT $ISO fi eend $? else diff --git a/grml-debootstrap.8.txt b/grml-debootstrap.8.txt index adf6383..0e69323 100644 --- a/grml-debootstrap.8.txt +++ b/grml-debootstrap.8.txt @@ -103,6 +103,10 @@ Options and environment variables Skip debootstrap, only do configuration to the target. +*--insecure*:: + + Do not download and check signatures for retrieved Release files. + *-p*, *--mntpoint* <_/mntpoint_>:: Specify mountpoint that should be used for mounting the target system. -- 2.1.4