diff options
| author | Cyril Brulebois <kibi@debian.org> | 2015-05-15 02:32:07 (GMT) |
|---|---|---|
| committer | Cyril Brulebois <kibi@debian.org> | 2015-05-15 02:38:31 (GMT) |
| commit | be99f7b4c1fc622f9c4d4f93d96aec649ff7c543 (patch) | |
| tree | 286ebcbb9d544a3693cbb338701df561e38a9ff4 | |
| parent | eec4c44fc78efa492d4eea5ff69089b6b86979e1 (diff) | |
| download | debootstrap-be99f7b4c1fc622f9c4d4f93d96aec649ff7c543.zip debootstrap-be99f7b4c1fc622f9c4d4f93d96aec649ff7c543.tar.gz debootstrap-be99f7b4c1fc622f9c4d4f93d96aec649ff7c543.tar.bz2 | |
Add support for --force-check-gpg (Closes: #661501, #733179, #775454).
With this option, one can programmatically make sure keyring checks are
used and that no fallback to an https mirror happens.
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rwxr-xr-x | debootstrap | 8 | ||||
| -rw-r--r-- | debootstrap.8 | 4 | ||||
| -rw-r--r-- | functions | 5 |
4 files changed, 19 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 0350d3c..64bafb7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,9 @@ debootstrap (1.0.69) UNRELEASED; urgency=medium issues while counting downloaded packages. The failure path could lead to printing some strange integer (Closes: #709751, #768445, #785276). This was reported to mostly happen whenever --no-resolve-deps is used. + * Add support for --force-check-gpg so that one can programmatically + make sure keyring checks are used and that no fallback to an https + mirror happens (Closes: #661501, #733179, #775454). -- Cyril Brulebois <kibi@debian.org> Thu, 14 May 2015 23:52:52 +0200 diff --git a/debootstrap b/debootstrap index 3d45c9c..e987112 100755 --- a/debootstrap +++ b/debootstrap @@ -27,6 +27,7 @@ LANG=C USE_COMPONENTS=main KEYRING="" DISABLE_KEYRING="" +FORCE_KEYRING="" VARIANT="" ARCH="" HOST_ARCH="" @@ -104,6 +105,9 @@ usage() scratchbox, minbase) --keyring=K check Release files against keyring K --no-check-gpg avoid checking Release file signatures + --force-check-gpg force checking Release file signatures + (also disables automatic fallback to HTTPS in case + of a missing keyring), aborting otherwise --no-resolve-deps don't try to resolve dependencies automatically --unpack-tarball=T acquire .debs from a tarball instead of http @@ -319,6 +323,10 @@ if [ $# != 0 ] ; then shift 1 DISABLE_KEYRING=1 ;; + --force-check-gpg) + shift 1 + FORCE_KEYRING=1 + ;; --certificate|--certificate=?*) if [ "$1" = "--certificate" -a -n "$2" ]; then CERTIFICATE="--certificate=$2" diff --git a/debootstrap.8 b/debootstrap.8 index 2cf44ca..106d172 100644 --- a/debootstrap.8 +++ b/debootstrap.8 @@ -93,6 +93,10 @@ to check signatures of retrieved Release files. .IP "\fB\-\-no-check-gpg\fP" Disables checking gpg signatures of retrieved Release files. .IP +.IP "\fB\-\-force-check-gpg\fP" +Forces checking Release file signatures, disabling automatic fallback to +HTTPS in case of a missing keyring. +.IP .IP "\fB\-\-verbose\fP" Produce more info about downloading. .IP @@ -200,11 +200,14 @@ keyring () { if [ -e "$1" ]; then KEYRING="$1" elif [ -z "$DISABLE_KEYRING" ]; then - if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" ] ; then + if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" ] && [ -z "$FORCE_KEYRING" ]; then info KEYRING "Keyring file not available at %s; switching to https mirror %s" "$1" "$DEF_HTTPS_MIRROR" USER_MIRROR="$DEF_HTTPS_MIRROR" else warning KEYRING "Cannot check Release signature; keyring file not available %s" "$1" + if [ -n "$FORCE_KEYRING" ]; then + error 1 KEYRING "Keyring-based check was requested; aborting accordingly" + fi fi fi fi |