bene42
commented
11 months ago Dublicate. Tracked in https://github.com/Linutronix/elbe/issues/104
Closed kempfsn closed 11 months ago
bene42
commented
11 months ago Dublicate. Tracked in https://github.com/Linutronix/elbe/issues/104
This is essentially the same issue as #104 reported by @mischelebuha. But let me explain the problem again.
When using a custom signed Debian repo as a primary mirror, running debootstrap fails unless signature checking of the repo is disabled.
However, we could run debootstrap with the
--keyringoption to specify a custom key. Somewhere around here, ELBE would have to construct the debootstrap command invocation accordingly: https://github.com/Linutronix/elbe/blob/v14.8/elbepack/rfs.py#L183What would be the preferred way to implement this?
<primary_key>tag in the<mirror>section as specified in #104 and make use of it in debootstrap<debootstrap>section so that we can specify the--keyringoption manually (the custom keyring could be added to the initvm via a package when the initvm is created)Currently the raw-keys are not evaluated for the debootstrap call. As I understood, they are also only used for the additional mirrors, not for the primary one. However, debootstrap can fetch packages only from a single mirror (the primary one).