Hi,
Quoting Dima Kogan (2023-02-23 00:45:37)
> This should work, but it doesn't. I used sysdig to confirm that
> something is indeed looking in $PWD/keys/ and something is indeed
> calling read() on the relevant key. I have also confirmed that if I copy
> my keys to /etc/apt/trusted.gpg.d/ then it does work properly. But I
> don't want to do that. Ideally I'd like mmdebstrap to grab all the keys
> in $PWD/keys and add them to /etc/apt/trusted.gpg.d/ in the chroot, but
> NOT on the host machine. Any clear way to do that? Any debugging tricks
> I'm missing?
there unfortunately exists no way to ask apt for more information about why
"apt-get update" fails. So lets try to figure out whether this is an apt
problem or an mmdebstrap problem. At the end of the mmdebstrap man page you
find a small shell script:
mkdir -p "$2/etc/apt" "$2/var/cache" "$2/var/lib"
cat << END > "$2/apt.conf"
Apt::Architecture "$(dpkg --print-architecture)";
Apt::Architectures "$(dpkg --print-architecture)";
Dir "$(cd "$2" && pwd)";
Dir::Etc::Trusted "$(eval "$(apt-config shell v Dir::Etc::Trusted/f)";
printf "$v")";
Dir::Etc::TrustedParts "$(eval "$(apt-config shell v
Dir::Etc::TrustedParts/d)"; printf "$v")";
END
echo "deb http://deb.debian.org/debian/ $1 main" > "$2/etc/apt/sources.list"
APT_CONFIG="$2/apt.conf" apt-get update
APT_CONFIG="$2/apt.conf" apt-get --yes --download-only install '?essential'
for f in "$2"/var/cache/apt/archives/*.deb; do dpkg-deb --extract "$f"
"$2"; done
chroot "$2" sh -c "dpkg --install --force-depends
/var/cache/apt/archives/*.deb"
This script sets up a chroot in the same way as mmdebstrap does. But now you
can directly change some values like Dir::Etc::TrustedParts which you can now
explicitly set to your keyring directory. If you do that (and also put your
mirror into the sources.list), what happens?
Thanks!
cheers, josch
