I think I understand Yves' implementation, I've done something similar myself. One feature of how that works for me is that I end up with as many pbuilderrc-foo files as I need different mechanisms.
0: Default Debian build ... 1: Secondary Debian build using a local mirror URL which cannot be resolved outside the building.. 2: internal base.tgz where there is no network access outside the building and Debian is copied in as a mirror, apt sources include an internal, unsigned, repository... 3: cross base.tgz with Emdebian apt sources from Squeeze on a Debian sid environment Mixing suites, mixing access sites, use inside and outside restrictive networks, these are all use-cases for having multiple config files for pbuilder and some will require SecureApt to be turned off. Why not extend this principle? To use these other configurations, I have to specify the --config-file option anyway, so it is just a single change to the existing config files for each of the configurations which already need a config file. This isn't suitable for debconf or similar because it is a choice which needs to be made per-run, not per installation. The problem with the current state of pbuilder is that the --check-key behaviour cannot be undone once enabled by an option elsewhere. pbuilder-satisfydepends-checkparams needs a corresponding --no-check-key option which *re-asserts* the previous value of PBUILDER_APTITUDE_CHECK_OPTS and PBUILDER_APT_GET_CHECK_OPTS. With that in place, /etc/pbuilderrc and /usr/share/pbuilder/pbuilderrc could set --check-key by default and individual --configfile uses could reliably unset it. The bootstrap option is different as it's a fire-and-forget mostly. The problem with --check-key is that I absolutely want SecureApt enabled whenever I use 'pbuilder update' but I also want it to be disabled reliably when I use 'pbuilder update --configfile /foo/foo.rc'. -- Neil Williams ============= http://www.linux.codehelp.co.uk/
pgpvfhUD3KDM1.pgp
Description: PGP signature
