Add keyring if supplied

When building with debootstrap, debootstrap will use the key to check
that everything is properly signed. It will not `apt-key add` the key
into the final environment, however.

Early adding the key after debootstrap before we need to read from the
private repo again prevents unsigned issues. This also maintains the
integrity of the packages in the environment throughout the build.

Change-Id: I5ca75ae4620c9fb26b512cb30f8cd79fa7a0373a
This commit is contained in:
Sam Yaple 2018-07-02 13:57:46 -04:00
parent 927e8115f6
commit c144246cc9
No known key found for this signature in database
GPG Key ID: 9329D8A45034DAB9
2 changed files with 10 additions and 0 deletions

View File

@ -24,6 +24,11 @@ fi
set -eu
set -o pipefail
# NOTE(SamYaple): Add the keyring deboostrap used if specified
if [ -n "${DIB_APT_KEYRING:-${DIB_DEBIAN_KEYRING:-}}" ]; then
cat $DIB_APT_KEYRING | sudo chroot $TARGET_ROOT /usr/bin/apt-key add -
fi
# Writes the apt sources files.
# The description is passed in via line coded elements.
# (The approach using associative arrays for configuration faild,

View File

@ -21,6 +21,11 @@ fi
set -eu
set -o pipefail
# NOTE(SamYaple): Add the keyring deboostrap used if specified
if [ -n "${DIB_APT_KEYRING:-${DIB_DEBIAN_KEYRING:-}}" ]; then
cat $DIB_APT_KEYRING | sudo chroot $TARGET_ROOT /usr/bin/apt-key add -
fi
# We should manage this in a betterer way
sudo bash -c "cat << EOF >$TARGET_ROOT/etc/apt/sources.list
deb $DIB_DISTRIBUTION_MIRROR $DIB_RELEASE ${DIB_DEBIAN_COMPONENTS//,/ }