Hi, On Fri, 19 Apr 2013, Robert Spencer wrote: > >This still requires that the keyring be installed on the system whereas > >we're already extracting it from the binary package in debian-cd. > > I'm sorry, I didn't misunderstand you. I made a bad assumption. > > I hope the attached patch file is satisfactory.
Yes, it's mostly OK. I committed it. > +# Keyring (defaults): > +#ARCHIVE_KEYRING_PACKAGE=debian-archive-keyring > +# The path to the keyring file relative to $TDIR/archive-keyring/ > +#ARCHIVE_KEYRING_FILE=usr/share/keyrings/debian-archive-keyring.gpg > + > # By default we use debootstrap --no-check-gpg to find out the minimal set > # of packages because there's no reason to not trust the local mirror. But > # you can be paranoid and then you need to indicate the keyring to use to > # validate the mirror. > -#export DEBOOTSTRAP_OPTS="--keyring > /usr/share/keyrings/debian-archive-keyring.gpg" > +#export DEBOOTSTRAP_OPTS="--keyring > $TDIR/archive-keyring/$ARCHIVE_KEYRING_FILE" This hardcodes TDIR and ARCHIVE_KEYRING_FILE in a second parameter and makes it impossible to do stuff like this (assuming that you have uncommented DEBOOTSTRAP_OPTS): $ . CONF.sh $ export TDIR=/tmp/debian-cd But I guess it's not a big deal. At least it documents the value that you're expected to set if you want to use it. Thanks again! -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org