On Thu, Aug 15, 2019 at 04:25:53PM +0200, Cyril Brulebois wrote:
> Hi,
>
> Moritz Muehlenhoff <mmuhlenh...@wikimedia.org> (2019-07-17):
> > On Fri, Jul 12, 2019 at 09:07:45AM +0000, Cyril Brulebois wrote:
> > > apt-setup (1:0.151) unstable; urgency=medium
> > > .
> > > [ Moritz Mühlenhoff ]
> > > * When preseeding a local repository via apt-setup/localX/repository,
> > > the repository key for Secure Apt needs to be configured with
> > > apt-setup/localX/key. This key used to be set up with apt-key, but
> > > its use is deprecated and apt's former dependency on gnupg has been
> > > demoted to a Suggests, rendering apt-key non-functional in d-i.
> > > Apply a patch by Lars Kollstedt (thanks!) which adds the repository
> > > key(s) to /etc/apt/trusted.gpg.d, following the approach used by
> > > pbuilder (Closes: #851774, #928931):
> > > - .asc suffix if the key file seems to be armoured ASCII (i.e. it
> > > contains a “-----BEGIN PGP PUBLIC KEY BLOCK-----” line);
> > > - .gpg suffix otherwise. Please note that only “GPG key public ring”
> > > are supported by APT, newer “keybox database” format isn't at the
> > > moment.
> >
> > Hi Cyril,
> > as discussed on #debian-boot last week: I've tested a Buster installation
> > with
> > "d-i mirror/udeb/suite string unstable" and our previous
> > "d-i base-installer/includes string gnupg" workaround dropped which
> > uses
> > the https://apt.wikimedia.org repository and that worked fine.
>
> Many thanks, I'll be submitting a buster-pu bug accordingly. I wouldn't
> mind an extra confirmation after it's been published in a point release
> (peace of mind and all that).
Sure, I'll drop the "base-installer/includes string gnupg" workaround from our
Puppet tree once 10.1 is out and will confirm back.
Cheers,
Moritz
