On Wed, 10 Apr 2013, Robert Spencer wrote: > I don't have a non-Debian system to test it on, but I hope the > attached patch file meets your requirements (it's for debian-cd > 3.1.12). > > I have tested it on my build system and the defaults work.
I applied it. But thinking a bit more about what you did there's more to improve. First you enable all keyrings in /usr/share/keyrings which means also /usr/share/keyrings/debian-archive-removed-keys.gpg. I don't think that we should use this one. So we should be able to tell that we want to use a specific keyring and not assume that all those in /usr/share/keyrings/ are OK. > On a related note, should I file a bug on the addition of the > following line to CONF.sh or just provide another patch? > > #export DEBOOTSTRAP_OPTS="--keyring > /usr/share/keyrings/debian-archive-keyring.gpg" I do not understand your question. That line is already in CONF.sh. $ grep DEBOOTSTRAP_OPTS CONF.sh unset DEBOOTSTRAP_OPTS || true #export DEBOOTSTRAP_OPTS="--keyring /usr/share/keyrings/debian-archive-keyring.gpg" But when you see that line it seems obvious that there's room for improvement here. Why should we have to specify the keyring file twice, once for APT and once for debootstrap ? So IMO we should be able to use only two parameters: ARCHIVE_KEYRING_PACKAGE=debian-archive-package ARCHIVE_KEYRING_FILE=/usr/share/keyrings/debian-archive-keyring.gpg And have debian-cd extract the file and pass it around to APT and debootstrap. And then DEBOOTSTRAP_OPTS would default to "--no-check-gpg" and we would just unset it to activate the GPG check at the debootstrap level. Can you implement this ? Cheers, -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-cd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130412085457.gb2...@x230-buxy.home.ouaza.com