Hi, Quoting Blair Noctis (2024-07-30 12:55:39) > With gpg-from-sq installed, which diverts gnupg and links > sequoia-chameleon-gnupg as /usr/bin/gpg, which did not implement > --update-trustdb yet, mmdebstrap breaks: > > > I: automatically chosen mode: unshare > > I: chroot architecture amd64 is equal to the host's architecture > > gpg: The command --update-trustdb is not yet implemented in the Sequoia > > gpg: Chameleon. To help us prioritize our work, please file a bug at > > gpg: https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues > > E: gpg failed to initialize trustdb:: 512 > > Reading its source, mmdebstrap seems to call gpg with --update-trustdb > unconditionally. It seems unnecessary and fragile to add a check, is it > possible > to maybe add a customization that disables it? Thanks.
this part of the mmdebstrap codebase is very ugly and caters for a lot of the idiosyncrasies of gpg. Ideally, mmdebstrap shouldn't even be doing any of that. Ideally, I'd remove all of that code and replace it with something that more reliably and without using gpg at all is able to map a Debian suite to a keyring filename. Are you interested in working on that and submit a patch? Until then, a simple workaround is to run mmdebstrap with --skip=check/signed-by Thanks! cheers, josch
signature.asc
Description: signature
