Since apt 1.5 it is not enough to have the noauth option for dev
repositories. The content of the release file will also be checked
before apt starts it work. To be able to use a repo without signing
infrastructure for development we need an additional option
allow-insecure=yes which can be set per source in the multistrap.conf.
Don't use this in production.
Signed-off-by: Stefan Müller-Klieser <s.mueller-klie...@phytec.de>
---
multistrap | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/multistrap b/multistrap
index 4b4db507fc46..39b939a965fd 100755
--- a/multistrap
+++ b/multistrap
@@ -37,7 +37,7 @@ use vars qw/ $progname $ourversion $dstrap $extra @aptsources
$explicit_suite $allow_recommends %omitdebsrc @dsclist @sectoutput
%flatfile %important $addimportant @debconf $hookdir %hooks
$warn_count $use_shortcut @foreignarches $olddpkg $ignorenative
- %foreignpkgs $markauto $default_release $pre_config_str/;
+ %foreignpkgs $markauto $default_release $pre_config_str %insecure/;
setlocale(LC_MESSAGES, "");
textdomain("multistrap");
@@ -46,6 +46,7 @@ $ourversion = &our_version();
$default_release = "*";
$unpack = "true";
%omitdebsrc=();
+%insecure=();
%foreignpkgs=();
while( @ARGV ) {
$_= shift( @ARGV );
@@ -249,15 +250,19 @@ foreach my $aptsrc (@debootstrap) {
my $suite = (exists $flatfile{$aptsrc}) ? "" : $suites{$aptsrc};
my $component = (exists $flatfile{$aptsrc}) ? ""
: (defined $components{$aptsrc}) ? $components{$aptsrc}
: "main";
+ my $options = "";
+ if (defined $insecure{$aptsrc}) {
+ $options .= "allow-insecure=yes";
+ }
if (defined $mirror and defined $suite) {
if ($olddpkg != 0) {
- print SOURCES "deb $mirror $suite $component\n";
+ print SOURCES "deb [$options] $mirror $suite
$component\n";
} else {
if (scalar (@foreignarches) == 0) {
- print SOURCES "deb [arch=$arch] $mirror
$suite $component\n";
+ print SOURCES "deb [arch=$arch
$options] $mirror $suite $component\n";
} else {
foreach my $farch (@foreignarches) {
- print SOURCES "deb
[arch=$farch] $mirror $suite $component\n";
+ print SOURCES "deb [arch=$farch
$options] $mirror $suite $component\n";
}
}
}
@@ -440,15 +445,19 @@ foreach my $aptsrc (@aptsources) {
my $suite = (exists $flatfile{$aptsrc}) ? "" : $suites{$aptsrc};
my $component = (exists $flatfile{$aptsrc}) ? ""
: (defined $components{$aptsrc}) ? $components{$aptsrc}
: "main";
+ my $options = "";
+ if (defined $insecure{$aptsrc}) {
+ $options .= "allow-insecure=yes";
+ }
if (defined $mirror and defined $suite) {
if ($olddpkg != 0) {
- print SOURCES "deb $mirror $suite $component\n";
+ print SOURCES "deb [$options] $mirror $suite
$component\n";
} else {
if (scalar (@foreignarches) == 0) {
- print SOURCES "deb [arch=$arch] $mirror
$suite $component\n";
+ print SOURCES "deb [arch=$arch
$options] $mirror $suite $component\n";
} else {
foreach my $farch (@foreignarches) {
- print SOURCES "deb
[arch=$farch] $mirror $suite $component\n";
+ print SOURCES "deb [arch=$farch
$options] $mirror $suite $component\n";
}
}
}
@@ -1124,6 +1133,11 @@ packages=
source=http://http.debian.net/debian
keyring=debian-archive-keyring
suite=stable
+# for development purpurses a source can be declared as insecure. The
+# option allow-insecure=yes will be set in the sources.list file. This
+# prevents apt-secure to check the contents of the release file of the
+# repository. Don't use this in production.
+insecure=false
This will result in a completely normal bootstrap of Debian stable from
the specified mirror, for armel in /opt/multistrap/.
@@ -1300,6 +1314,8 @@ sub cascade {
if (not exists $components{$section} and not
exists $flatfile{$section});
$omitdebsrc{$section}=$section if ((defined
$keys{$section}{'omitdebsrc'})
and ($keys{$section}{'omitdebsrc'} eq "true"));
+ $insecure{$section}=$section if ((defined
$keys{$section}{'insecure'})
+ and ($keys{$section}{'insecure'} eq "true"));
push @reinstall, split (/ /,
$keys{$section}{'reinstall'})
if (defined $keys{$section}{'reinstall'});
$components{$section}='main' if (not defined
$components{$section});
--
2.15.1
