i'm on a buster64 vagrant instance, and building an armel distro, using
a build.sh, multistrap etc
Anyway its undone with all the
"W: Download is performed unsandboxed as root as file
'/mnt/debian_build/rootfs/var/lib/apt/lists/partial/deb.debian.org_debian_dists_stable_InRelease'
couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission
denied)
W: GPG error: http://deb.debian.org/debian stable InRelease: The
following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 04EE7237B7D453EC NO_PUBKEY 648ACFD622F3D138
NO_PUBKEY DCC9EFBF77E11517
E: The repository 'http://deb.debian.org/debian stable InRelease' is not
signed.
"
yes i've found the threadds about adding the keys , gpg and all that
- didn't work
sure...
--allow-unauthenticated
Ignore if packages can't be authenticated and don't prompt
about it. This can be useful while working with local
repositories, but is a huge security risk if data
authenticity isn't ensured in another way by the user itself. The
usage of the Trusted option for sources.list(5) entries
should usually be preferred over this global override.
Configuration Item: APT::Get::AllowUnauthenticated.
trouble is it only half works........
or am I misunderstanding the man page ? ......which wouldn't surprise
me, lost count of number of times peering through man pages
completely obtuse and wrong.
$ apt --version
apt 1.8.2.3 (amd64)
looking at the source code, looks like some cases of should be skipping
the verify fail for "allow-unauthenticated"
and not understanding why....
Changed the code and got much further.
addendum: got to the repo for https://salsa.debian.org/apt-team/apt
its version is 2.3.8, so not sure why update on buster64 didn't have
this version
some preliminary diff analysis still seems to be that
"allow-unauthenticated" is NOT going to fully work the way I understand
it should......?