On 30/07/2024 19:17, Johannes Schauer Marin Rodrigues wrote: > Hi, > > Quoting Blair Noctis (2024-07-30 12:55:39) (...) >> Reading its source, mmdebstrap seems to call gpg with --update-trustdb >> unconditionally. It seems unnecessary and fragile to add a check, is it >> possible >> to maybe add a customization that disables it? Thanks. > > this part of the mmdebstrap codebase is very ugly and caters for a lot of the > idiosyncrasies of gpg. Ideally, mmdebstrap shouldn't even be doing any of > that. > Ideally, I'd remove all of that code and replace it with something that more > reliably and without using gpg at all is able to map a Debian suite to a > keyring filename. Are you interested in working on that and submit a patch?
Hmm. I'm unfamiliar with internal workings of either apt or gpg, thus can't say that I can work out something; a hunch is to rely on apt for that part, but I guess you self implemented it for a reason. Arguably, how many use cases are asking for the "automatically figuring out which keyrings are not yet trusted by apt" part, that can't use the alternatives? > Until then, a simple workaround is to run mmdebstrap with > --skip=check/signed-by Thanks! Far better than modifying the installed script. (I thought --skip was for apt or something, when glancing through the man page, heh) -- Sdrager, Blair Noctis
OpenPGP_signature.asc
Description: OpenPGP digital signature