On Fri, Jul 12, 2019 at 09:07:45AM +0000, Cyril Brulebois wrote: > apt-setup (1:0.151) unstable; urgency=medium > . > [ Moritz Mühlenhoff ] > * When preseeding a local repository via apt-setup/localX/repository, > the repository key for Secure Apt needs to be configured with > apt-setup/localX/key. This key used to be set up with apt-key, but > its use is deprecated and apt's former dependency on gnupg has been > demoted to a Suggests, rendering apt-key non-functional in d-i. > Apply a patch by Lars Kollstedt (thanks!) which adds the repository > key(s) to /etc/apt/trusted.gpg.d, following the approach used by > pbuilder (Closes: #851774, #928931): > - .asc suffix if the key file seems to be armoured ASCII (i.e. it > contains a “-----BEGIN PGP PUBLIC KEY BLOCK-----” line); > - .gpg suffix otherwise. Please note that only “GPG key public ring” > are supported by APT, newer “keybox database” format isn't at the > moment.
Hi Cyril, as discussed on #debian-boot last week: I've tested a Buster installation with "d-i mirror/udeb/suite string unstable" and our previous "d-i base-installer/includes string gnupg" workaround dropped which uses the https://apt.wikimedia.org repository and that worked fine. I've also submitted a patch to installation-guide to enhance the docs so that the constraints for the Secure Apt key file are explicitly mentioned (#932284) Cheers, Moritz