From 1edc3af346f3b94e8bf8d62c9a4dde3dc8b991d4 Mon Sep 17 00:00:00 2001 From: Lyndon Brown Date: Sat, 7 Mar 2020 08:38:35 +0000 Subject: [PATCH] debootstrap: use --force-check-gpg I asked for such a switch to be added in debootstrap back at the start of 2015 in #775454 as part of a review I undertook of its security. A slightly modified patch was merged a few months later and made it into version 1.0.69. A patch was never merged into live-build to make use of it however. Let's do that now. The benefit of this, as explained in #775454, is that if we want strong security (LB_APT_SECURE=true) then should debootstrap not be able to find the GPG key to verify things with, it will abort with an error instead of falling back to just https downloads with a warning. Such a warning would be easy to miss in the log output, and security could potentially be compromised if this were to happen. Gbp-Dch: Short --- scripts/build/bootstrap_debootstrap | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/build/bootstrap_debootstrap b/scripts/build/bootstrap_debootstrap index c25cbacec..6da968343 100755 --- a/scripts/build/bootstrap_debootstrap +++ b/scripts/build/bootstrap_debootstrap @@ -71,6 +71,8 @@ fi if [ "${LB_APT_SECURE}" = "false" ] then DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --no-check-gpg" +else + DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --force-check-gpg" fi if [ "${LB_CACHE_PACKAGES}" = "true" ]