From 24d9ce3e7cf943d63880f371af67e23a2f92a2c1 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
Date: Tue, 23 Dec 2014 16:14:21 +0000
Subject: [PATCH] mk-sbuild: support debootstrap keyring and no-check-gpg
 options. (Closes: 754327)

---
 debian/changelog |  4 ++++
 doc/mk-sbuild.1  | 17 +++++++++++++++++
 mk-sbuild        | 23 ++++++++++++++++++++++-
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 4c08ad5..d86cb06 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,10 @@ ubuntu-dev-tools (0.154) UNRELEASED; urgency=medium
   * mk-sbuild: better message for cross build so that new start have 
     correct sbuild command from the last message of mk-sbuild.
 
+  [ Niklas Fiekas ]
+  * mk-sbuild: support debootstrap keyring and no-check-gpg
+    options. (Closes: 754327)
+
   [ Dimitri John Ledkov ]
   * Port ubuntutools module to python3.
 
diff --git a/doc/mk-sbuild.1 b/doc/mk-sbuild.1
index 0423a77..32ec936 100644
--- a/doc/mk-sbuild.1
+++ b/doc/mk-sbuild.1
@@ -55,6 +55,15 @@ Pass along a comma separated list of packages to debootstrap's
 \fBWARNING:\fR be careful using this option as you can end up
 excluding essential package. See \fBdebootstrap \fR(8) for more details.
 .TP
+.B \-\-debootstrap\-keyring\fR=\fIkeyring
+Pass along the path to a gpg keyring file to debootsrap's
+\fB\-\-keyring\fR argument. See \fBdebootstrap\fR (8) for more details.
+.TP
+.B \-\-debootstrap\-no\-check\-gpg
+Disable checking gpg signatures of downloaded Release files by using
+debootstrap's \fB\-\-no\-check\-gpg\fR option. See \fBdebootstrap\fR (8)
+for more details.
+.TP
 .B \-\-distro\fR=\fIDISTRO
 Enable distro-specific logic.
 When not provided, the distribution is determined from \fIrelease\fR.
@@ -103,6 +112,14 @@ Comma separated list of packages to include when bootstrapping (same as
 Comma separated list of packages to exclude when bootstrapping (same as
 \fB\-\-debootstrap-exclude\fR; see warning above)
 .TP
+.B DEBOOTSTRAP_KEYRING
+Keyring file to use for checking gpg signatures of retrieved release files
+(same as \fB\-\-debootstrap\-keyring\fR)
+.TP
+.B DEBOOTSTRAP_NO_CHECK_GPG
+Disable gpg verification of retrieved release files (same as
+\fB\-\-debootstrap\-no\-check\-gpg\fR)
+.TP
 .B SOURCE_CHROOTS_DIR
 Use \fBSOURCE_CHROOTS_DIR\fR as home of schroot source directories.
 (default \fB/var/lib/schroot/chroots\fR)
diff --git a/mk-sbuild b/mk-sbuild
index 9601cff..cfbc411 100755
--- a/mk-sbuild
+++ b/mk-sbuild
@@ -57,6 +57,9 @@ function usage()
     echo "  --debootstrap-include=list Comma separated list of packages to include"
     echo "  --debootstrap-exclude=list Comma separated list of packages to exclude"
     echo "  --debootstrap-proxy=URL    Use PROXY as apt proxy"
+    echo "  --debootstrap-keyring=KEYRING"
+    echo "                             Use KEYRING to check signatures of retrieved Release files"
+    echo "  --debootstrap-no-check-gpg Disables checking gpg signatures of retrieved Release files"
     echo "  --eatmydata                Install and use eatmydata"
     echo "  --distro=DISTRO            Install specific distro:"
     echo "                                 'ubuntu' or 'debian' "
@@ -80,6 +83,8 @@ function usage()
     echo "  DEBOOTSTRAP_INCLUDE        Included packages (same as --debootstrap-include)"
     echo "  DEBOOTSTRAP_EXCLUDE        Excluded packages (same as --debootstrap-exclude)"
     echo "  DEBOOTSTRAP_PROXY          Apt proxy (same as --debootstrap-proxy)"
+    echo "  DEBOOTSTRAP_KEYRING        GPG keyring (same as --debootstrap-keyring)"
+    echo "  DEBOOTSTRAP_NO_CHECK_GPG   Disable GPG verification (same as --debootstrap-no-check-gpg)"
     echo "  EATMYDATA                  Enable --eatmydata"
     echo "  TEMPLATE_SOURCES           A template for sources.list"
     echo "  TEMPLATE_SCHROOTCONF       A template for schroot.conf stanza"
@@ -93,13 +98,14 @@ function usage()
 if [ -z "$1" ]; then
     usage
 fi
-OPTS=`getopt -o 'h' --long "help,debug,skip-updates,skip-proposed,eatmydata,arch:,name:,source-template:,debootstrap-mirror:,debootstrap-include:,debootstrap-exclude:,debootstrap-proxy:,personality:,distro:,vg:,type:,target:" -- "$@"`
+OPTS=`getopt -o 'h' --long "help,debug,skip-updates,skip-proposed,eatmydata,arch:,name:,source-template:,debootstrap-mirror:,debootstrap-include:,debootstrap-exclude:,debootstrap-proxy:,debootstrap-no-check-gpg,debootstrap-keyring:,personality:,distro:,vg:,type:,target:" -- "$@"`
 eval set -- "$OPTS"
 
 VG=""
 DISTRO=""
 name=""
 proxy="_unset_"
+DEBOOTSTRAP_NO_CHECK_GPG=0
 EATMYDATA=0
 
 while :; do
@@ -156,6 +162,15 @@ while :; do
             proxy="$2"
             shift 2
             ;;
+        --debootstrap-keyring)
+            # Store the absolute path because we cd to the root directory later.
+            DEBOOTSTRAP_KEYRING=$(readlink -f "$2")
+            shift 2
+            ;;
+        --debootstrap-no-check-gpg)
+            DEBOOTSTRAP_NO_CHECK_GPG=1
+            shift
+            ;;
         --eatmydata)
             EATMYDATA=1
             shift
@@ -531,6 +546,12 @@ if [ -n "$DEBOOTSTRAP_EXCLUDE" ] ; then
     debootstrap_opts="$debootstrap_opts --exclude=$DEBOOTSTRAP_EXCLUDE"
 fi
 
+if [ $DEBOOTSTRAP_NO_CHECK_GPG -eq 1 ]; then
+    debootstrap_opts="$debootstrap_opts --no-check-gpg"
+elif [ -n "$DEBOOTSTRAP_KEYRING" ]; then
+    debootstrap_opts="$debootstrap_opts --keyring=$DEBOOTSTRAP_KEYRING"
+fi
+
 # if http_proxy is set in the environment (even empty) set 'proxy' to it
 [ "$proxy" = "_unset_" -a "${DEBOOTSTRAP_PROXY-xx}" != "xx" ] &&
     proxy=${DEBOOTSTRAP_PROXY}