Use ARCHIVE_KEYRING parameter to not hardcode debian-archive-keyring and let derivatives use their own keyring package.

CONF.sh

@@ -185,6 +185,10 @@ export CONTRIB=1
 # validate the mirror.
 #export DEBOOTSTRAP_OPTS="--keyring /usr/share/keyrings/debian-archive-keyring.gpg"
 
+# Indicate the package which contains the keyrings needed so that APT
+# doesn't complain about unsigned package.
+#export ARCHIVE_KEYRING="debian-archive-keyring"
+
 # ISOLinux support for multiboot on CD1 for i386
 export ISOLINUX=1
 

Makefile

@@ -37,6 +37,9 @@ endif
 ifndef HOOK
 HOOK=$(BASEDIR)/tools/$(CODENAME).hook
 endif
+ifndef ARCHIVE_KEYRING
+ARCHIVE_KEYRING=debian-archive-keyring
+endif
 
 export BUILD_DATE=$(shell date -u +%Y%m%d-%H:%M)
 export ARCHES_NOSRC=$(shell echo $(ARCHES) | sed 's/source//')
@@ -227,12 +230,12 @@ $(ADIR)/status:
 	:> $(ADIR)/status
 
 	# Set up keyring so apt doesn't complain
-	@echo "Setting up debian-archive-keyring"
+	@echo "Setting up archive-keyring"
-	$(Q)mkdir -p $(TDIR)/debian-archive-keyring
+	$(Q)mkdir -p $(TDIR)/archive-keyring
-	$(Q)dpkg -x $(MIRROR)/$(shell $(which_deb) $(MIRROR) $(CODENAME) debian-archive-keyring) $(TDIR)/debian-archive-keyring
+	$(Q)dpkg -x $(MIRROR)/$(shell $(which_deb) $(MIRROR) $(CODENAME) $(ARCHIVE_KEYRING)) $(TDIR)/archive-keyring
 	$(Q)for ARCH in $(ARCHES); do \
 		mkdir -p $(ADIR)/$(CODENAME)-$$ARCH/apt/trusted.gpg.d; \
-		ln -s $(TDIR)/debian-archive-keyring/usr/share/keyrings/* $(ADIR)/$(CODENAME)-$$ARCH/apt/trusted.gpg.d; \
+		ln -s $(TDIR)/archive-keyring/usr/share/keyrings/* $(ADIR)/$(CODENAME)-$$ARCH/apt/trusted.gpg.d; \
 	done
 
 	# Updating the apt database

debian/changelog

@@ -1,3 +1,11 @@
+debian-cd (3.1.13) UNRELEASED; urgency=low
+
+  [ Robert Spencer ]
+  * Use ARCHIVE_KEYRING parameter to not hardcode debian-archive-keyring
+    and let derivatives use their own keyring package.
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Fri, 12 Apr 2013 10:32:56 +0200
+
 debian-cd (3.1.12) unstable; urgency=low
 
   [ Steve McIntyre ]