Move the code taking a backup of the APT trusted keyring to just after

sources.list generation (this is safe since there's no apt call inbetween) and move the installation of the moblin-archive-keyring just before the backup is taken; this allows dropping the hack of reinstalling the keyring package at the end of the build. It might break apt-get update for UMR before the host keys are appended to the trusted keyring though.
2025-04-14 12:41:20 +00:00 · 2009-10-03 22:22:21 +02:00 · 2009-10-03 22:22:21 +02:00 · d5d9c8369a
commit d5d9c8369a
parent e5a529f136
2 changed files with 15 additions and 13 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -14,6 +14,12 @@ livecd-rootfs (0.99) UNRELEASED; urgency=low
    db is put back in place since otherwise we miss the GPG key we wanted.
  * Fix computation of Origin fields for PPAs named "ppa" and document the
    exception along with the expected format for the PPA var in comments.
+  * Move the code taking a backup of the APT trusted keyring to just after
+    sources.list generation (this is safe since there's no apt call inbetween)
+    and move the installation of the moblin-archive-keyring just before the
+    backup is taken; this allows dropping the hack of reinstalling the keyring
+    package at the end of the build.  It might break apt-get update for UMR
+    before the host keys are appended to the trusted keyring though.

 -- Loïc Minier <loic.minier@ubuntu.com>  Thu, 24 Sep 2009 11:52:25 +0200

--- a/livecd.sh
+++ b/livecd.sh
@ -320,11 +320,6 @@ link_in_boot = $link_in_boot
 	    mkdir -p ${ROOT}spu;;
    esac

-    # In addition to the ones we got from apt, trust whatever the local system
-    # believes in, but put things back afterwards.
-    cp ${ROOT}etc/apt/trusted.gpg ${ROOT}etc/apt/trusted.gpg.$$
-    cat /etc/apt/trusted.gpg >> ${ROOT}etc/apt/trusted.gpg
-
    case $TARGETARCH in
 	amd64)		LIST="$LIST linux-generic";;
 	i386)		LIST="$LIST linux-generic";;
@ -396,11 +391,18 @@ Pin: release o=LP-PPA-$origin
 Pin-Priority: 550
@@EOF
    fi
-    chroot $ROOT apt-get update
+
    if [ "$FS" = "ubuntu-moblin-remix" ]; then
-	chroot $ROOT apt-get -y --force-yes install ubuntu-moblin-ppa-keyring
 	chroot $ROOT apt-get update
+	chroot $ROOT apt-get -y --force-yes install ubuntu-moblin-ppa-keyring
    fi
+
+    # In addition to the ones we got from apt, trust whatever the local system
+    # believes in, but put things back afterwards.
+    cp ${ROOT}etc/apt/trusted.gpg ${ROOT}etc/apt/trusted.gpg.$$
+    cat /etc/apt/trusted.gpg >> ${ROOT}etc/apt/trusted.gpg
+
+    chroot $ROOT apt-get update
    chroot $ROOT apt-get -y --purge dist-upgrade </dev/null
    chroot $ROOT apt-get -y --purge install $LIST </dev/null

@ -523,12 +525,6 @@ Pin-Priority: 550
    fi
    mv ${ROOT}etc/apt/trusted.gpg.$$ ${ROOT}etc/apt/trusted.gpg

-    # gross hack to re-register the GPG key
-    if [ "$FS" = "ubuntu-moblin-remix" ]; then
-	chroot $ROOT apt-get -y --force-yes install --reinstall ubuntu-moblin-ppa-keyring
-	chroot $ROOT apt-get update
-    fi
-
    # get rid of the .debs - we don't need them.
    chroot ${ROOT} apt-get clean
    rm -f ${ROOT}var/lib/apt/lists/*_*