Move the code taking a backup of the APT trusted keyring to just after

sources.list generation (this is safe since there's no apt call inbetween)
and move the installation of the moblin-archive-keyring just before the
backup is taken; this allows dropping the hack of reinstalling the keyring
package at the end of the build.  It might break apt-get update for UMR
before the host keys are appended to the trusted keyring though.

debian/changelog

@@ -14,6 +14,12 @@ livecd-rootfs (0.99) UNRELEASED; urgency=low
     db is put back in place since otherwise we miss the GPG key we wanted.
   * Fix computation of Origin fields for PPAs named "ppa" and document the
     exception along with the expected format for the PPA var in comments.
+  * Move the code taking a backup of the APT trusted keyring to just after
+    sources.list generation (this is safe since there's no apt call inbetween)
+    and move the installation of the moblin-archive-keyring just before the
+    backup is taken; this allows dropping the hack of reinstalling the keyring
+    package at the end of the build.  It might break apt-get update for UMR
+    before the host keys are appended to the trusted keyring though.
 
  -- Loïc Minier <loic.minier@ubuntu.com>  Thu, 24 Sep 2009 11:52:25 +0200
 

livecd.sh

@@ -320,11 +320,6 @@ link_in_boot = $link_in_boot
 	    mkdir -p ${ROOT}spu;;
     esac
 
-    # In addition to the ones we got from apt, trust whatever the local system
-    # believes in, but put things back afterwards.
-    cp ${ROOT}etc/apt/trusted.gpg ${ROOT}etc/apt/trusted.gpg.$$
-    cat /etc/apt/trusted.gpg >> ${ROOT}etc/apt/trusted.gpg
-
     case $TARGETARCH in
 	amd64)		LIST="$LIST linux-generic";;
 	i386)		LIST="$LIST linux-generic";;
@@ -396,11 +391,18 @@ Pin: release o=LP-PPA-$origin
 Pin-Priority: 550
 @@EOF
     fi
-    chroot $ROOT apt-get update
+
     if [ "$FS" = "ubuntu-moblin-remix" ]; then
-	chroot $ROOT apt-get -y --force-yes install ubuntu-moblin-ppa-keyring
 	chroot $ROOT apt-get update
+	chroot $ROOT apt-get -y --force-yes install ubuntu-moblin-ppa-keyring
     fi
+
+    # In addition to the ones we got from apt, trust whatever the local system
+    # believes in, but put things back afterwards.
+    cp ${ROOT}etc/apt/trusted.gpg ${ROOT}etc/apt/trusted.gpg.$$
+    cat /etc/apt/trusted.gpg >> ${ROOT}etc/apt/trusted.gpg
+
+    chroot $ROOT apt-get update
     chroot $ROOT apt-get -y --purge dist-upgrade </dev/null
     chroot $ROOT apt-get -y --purge install $LIST </dev/null
 
@@ -523,12 +525,6 @@ Pin-Priority: 550
     fi
     mv ${ROOT}etc/apt/trusted.gpg.$$ ${ROOT}etc/apt/trusted.gpg
 
-    # gross hack to re-register the GPG key
-    if [ "$FS" = "ubuntu-moblin-remix" ]; then
-	chroot $ROOT apt-get -y --force-yes install --reinstall ubuntu-moblin-ppa-keyring
-	chroot $ROOT apt-get update
-    fi
-
     # get rid of the .debs - we don't need them.
     chroot ${ROOT} apt-get clean
     rm -f ${ROOT}var/lib/apt/lists/*_*