[elbe-devel] [PATCH] pbuilder: force apt-secure to issue only warnings for the unsigned repositories

Yegor Yefremov yegorslists at googlemail.com
Mon Jan 27 08:50:42 CET 2020


Hi Torben,

On Fri, Jan 24, 2020 at 8:43 PM <torben.hohn at linutronix.de> wrote:
>
> On Fri, Jan 17, 2020 at 11:58:38AM +0100, yegorslists at googlemail.com wrote:
> > From: Yegor Yefremov <yegorslists at googlemail.com>
> >
> > Without this "elbe pbuilder create" will fail with the following error:
> >
> > The following signatures couldn't be verified because the public key
> > is not available: NO_PUBKEY 8F5559AED64D8F15
>
> Hi Yegor,
>
> please improve the commit message a bit, to make it
> clear, that this is the codepath, where <noauth> is set.

Will do.

> Additionally, it makes me unhappy, to still see people using <noauth>
> Do you have a good reason to use that ?

We have the following usage for ELBE in our company: for internal
projects and providing a demo image for our am335x systems as also
some kind of BSP [1].

For the internal projects it doesn't really matter whether the
packages are signed or not. But what do you suggest for the customer
side i.e. demo image? We don't provide a package repository for the
customers, only some prepared deb files on the ftp server.

By the way how do I create a source CD from the rootfs that also has
packages without the source code i.e. binary only?

[1] https://github.com/visionsystemsgmbh/vscom-elbe

Yegor

> >
> > Signed-off-by: Yegor Yefremov <yegorslists at googlemail.com>
> > ---
> >  elbepack/pbuilder.py | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/elbepack/pbuilder.py b/elbepack/pbuilder.py
> > index 43b7b423a..6c40a2405 100644
> > --- a/elbepack/pbuilder.py
> > +++ b/elbepack/pbuilder.py
> > @@ -82,6 +82,9 @@ def pbuilder_write_apt_conf(builddir, xml):
> >      # Also for safety add this:
> >      fp.write('APT::Get::AllowUnauthenticated "true";\n')
> >
> > +    # Force apt-secure to issue only warnings for the unsigned repositories
> > +    fp.write('Acquire::AllowInsecureRepositories "true";\n')
> > +
> >      # Make aptitude install untrusted packages without asking
> >      fp.write('Aptitude::CmdLine::Ignore-Trust-Violations "true";\n')
> >      fp.close()
> > --
> > 2.17.0
> >
> >
> > _______________________________________________
> > elbe-devel mailing list
> > elbe-devel at linutronix.de
> > https://lists.linutronix.de/mailman/listinfo/elbe-devel



More information about the elbe-devel mailing list