Attached
From f84255ee696a393e2a9dc576fc0d39d5199eb6c0 Mon Sep 17 00:00:00 2001 From: Paul Tagliamonte <paul...@debian.org> Date: Sat, 22 Aug 2015 12:07:15 +0200 Subject: [PATCH] Add --extra-repository-key flag for extra apt keys
This will allow users to specify which OpenPGP key should be added
to the trusted keys inside the chroot. This is particularly useful
if the target --extra-repository is not signed with a key that's
trusted by the base chroot.
---
lib/Sbuild/Conf.pm | 6 ++++++
lib/Sbuild/Options.pm | 3 +++
lib/Sbuild/ResolverBase.pm | 21 +++++++++++++++++++++
3 files changed, 30 insertions(+)
diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm
index af89f60..d5b9ca3 100644
--- a/lib/Sbuild/Conf.pm
+++ b/lib/Sbuild/Conf.pm
@@ -1061,6 +1061,12 @@ sub setup ($) {
DEFAULT => [],
HELP => 'Additional per-build packages available as build dependencies. Do not set by hand.'
},
+ 'EXTRA_REPOSITORY_KEYS' => {
+ TYPE => 'ARRAY:STRING',
+ GROUP => '__INTERNAL',
+ DEFAULT => [],
+ HELP => 'Additional per-build apt repository keys. Do not set by hand.'
+ },
'EXTRA_REPOSITORIES' => {
TYPE => 'ARRAY:STRING',
GROUP => '__INTERNAL',
diff --git a/lib/Sbuild/Options.pm b/lib/Sbuild/Options.pm
index c9fe01f..940aad1 100644
--- a/lib/Sbuild/Options.pm
+++ b/lib/Sbuild/Options.pm
@@ -313,6 +313,9 @@ sub set_options {
"extra-repository=s" => sub {
push(@{$self->get_conf('EXTRA_REPOSITORIES')}, $_[1]);
},
+ "extra-repository-key=s" => sub {
+ push(@{$self->get_conf('EXTRA_REPOSITORY_KEYS')}, $_[1]);
+ },
);
}
diff --git a/lib/Sbuild/ResolverBase.pm b/lib/Sbuild/ResolverBase.pm
index ae1bfcf..fa0316a 100644
--- a/lib/Sbuild/ResolverBase.pm
+++ b/lib/Sbuild/ResolverBase.pm
@@ -1010,6 +1010,27 @@ EOF
}
}
+ for my $repokey (@{$self->get_conf('EXTRA_REPOSITORY_KEYS')}) {
+ debug("Adding apt-key: $repokey\n");
+ if (!-f $repokey) {
+ $self->log("Failed to add apt-key '${repokey}' - it doesn't exist!\n");
+ $self->cleanup_apt_archive();
+ return 0;
+ }
+ my ($tmpfh, $tmpfilename) = tempfile(DIR => $session->get('Location') . "/tmp");
+ copy($repokey, $tmpfh);
+ close($tmpfh);
+ $session->run_command(
+ { COMMAND => ['apt-key', 'add', $session->strip_chroot_path($tmpfilename)],
+ USER => 'root',
+ PRIORITY => 0});
+ if ($?) {
+ $self->log("Failed to add external apt key.\n");
+ $self->cleanup_apt_archive();
+ return 0;
+ }
+ }
+
# Write a list file for the dummy archive if one not create yet.
if (! -f $dummy_archive_list_file) {
my ($tmpfh, $tmpfilename) = tempfile(DIR => $session->get('Location') . "/tmp");
--
2.5.0
signature.asc
Description: Digital signature
