On 12/22/2009 02:03 PM, Neil Williams wrote: > multistrap was written to make that whole process easier - it simply > uses the keyring via apt-key. There is no need for /usr/share/keyrings/
interesting, i didn't know about multistrap. using the system keyring
from apt-key might not make sense, if the goal is to build a target
device that pulls from an entirely different repository than the host
uses, though.
or am i misunderstanding what you mean by "the keyring via apt-key" ?
> There is no guarantee that Emdebian packages will work with
> debootstrap. emdebian-rootfs provides a debootstrap replacement
> (because debootstrap itself doesn't understand Emdebian Crush) and
> Emdebian Grip is best utilised via multistrap, not debootstrap.
ok, good to know, thanks.
> I'm not sure now whether it is wise to *have* the emdebian key
> in /usr/share/keyrings - it might give the wrong impression.
what impression are you concerned that you'll make? are you aware that
many other keyrings can be placed there (including the keyring for all
DDs, and the DM keyring) that have nothing to do with apt repositories
at all? i don't know of any policy about it, but it seems to be the
main location for packages to install keyrings that might be needed by
other processes the system in general.
> Remember: debootstrap is horribly incomplete for embedded use and is
> only truly capable of making a (poor) chroot that is too biased
> towards a full size desktop or server installation. Emdebian Grip and
> Crush need a custom installer that can make a bootable filesystem
> without needing to boot the device itself (as D-I requires) to copy the
> files over.
well, i can't remember this right now because i didn't know it before.
but i'll remember it in the future ;) and i'll learn about multistrap
to see if it's something we should be using in debirf instead.
> I'm no longer sure I want to have a keyring in /usr/share/keyrings -
> I'm not sure it is helpful. The more I hear about what you're trying to
> do, the more I think I'll revert the change and close this bug as
> wontfix. This is why I didn't put the keyring in /usr/share/keyrings in
> the first place, now I think about it.
i'm not sure i think that's a good argument for putting a keyring in an
unusual location, when it might be handy for other tools to find it,
given the various types of keyrings that are placed in /usr/share/keyrings.
But if you decide to go that way, at least this discussion is logged
publicly so that the next person to get confused about the location of
the emdebian keyring has a chance of finding the rationale behind it.
Thanks for being so responsive, Neil, even if you ultimately don't agree
with me about what should be done.
--dkg
signature.asc
Description: OpenPGP digital signature
