Add easier support for extra archive signing keys

Useful when adding local packages
This commit is contained in:
Steve McIntyre 2020-03-29 19:11:02 +01:00
parent 4c5c9db645
commit 3aa5bbe31c
3 changed files with 12 additions and 0 deletions

View File

@ -206,6 +206,11 @@ export JIGDO_CHECKSUM="md5"
# The path to the keyring file relative to $TDIR/archive-keyring/
#export ARCHIVE_KEYRING_FILE=usr/share/keyrings/debian-archive-keyring.gpg
# Extra keys that you might want apt to trust. List their fingerprints
# here and debian-cd will grab them from the user's keyring as needed
# (The example here is the buster release key)
#export ARCHIVE_EXTRA_KEYS="80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE"
# By default we use debootstrap --no-check-gpg to find out the minimal set
# of packages because there's no reason to not trust the local mirror. But
# you can be paranoid and then you need to indicate the keyring to use to

View File

@ -269,6 +269,9 @@ $(ADIR)/status:
$(Q)for ARCH in $(ARCHES); do \
mkdir -p $(ADIR)/$(CODENAME)-$$ARCH/apt/trusted.gpg.d; \
ln -s $(TDIR)/archive-keyring/$(ARCHIVE_KEYRING_FILE) $(ADIR)/$(CODENAME)-$$ARCH/apt/trusted.gpg.d; \
for key in $(ARCHIVE_EXTRA_KEYS); do \
gpg --export -a $$key >> $(ADIR)/$(CODENAME)-$$ARCH/apt/trusted.gpg.d/$$key.asc; \
done; \
if [ "$$BACKPORTS"x != ""x ] ; then \
mkdir -p $(ADIR)/$(CODENAME)-backports-$$ARCH/apt/trusted.gpg.d; \
ln -s $(TDIR)/archive-keyring/$(ARCHIVE_KEYRING_FILE) $(ADIR)/$(CODENAME)-backports-$$ARCH/apt/trusted.gpg.d; \

4
debian/changelog vendored
View File

@ -7,6 +7,10 @@ debian-cd (3.1.29) UNRELEASED; urgency=medium
[ Holger Levsen ]
* Drop myself from uploaders.
[ Steve McIntyre ]
* Add easier support for extra archive signing keys - list
fingerprints in ARCHIVE_EXTRA_KEYS
-- Raphaël Hertzog <raphael@offensive-security.com> Thu, 13 Feb 2020 15:07:42 +0100
debian-cd (3.1.28) unstable; urgency=medium