The ability to add a custom gpg key into the chroot within "/target" would be just fine.
Robert sent from my mobile device -------- Originale Nachricht -------- Von: Geert Stappers <stapp...@stappers.nl> Gesendet: Fri Oct 04 22:16:55 GMT+02:00 2019 An: debian-boot@lists.debian.org Betreff: Re: Custom GPG key for custom mirror within debian-installer On Fri, Oct 04, 2019 at 04:40:40PM +0200, Robert Paschedag wrote: > Hi list, > > I'm a bit stuck in installing buster via netinst. > > Previously, I used the normal installation DVD as source and provided that as > a "mirror" with > the preseed configuration (via a webserver) > > Since buster, this does not work anymore as "apt" now requires the > repositories to be signed, > which - of course - is a good idea. > > The problem is, that I'm unable to set a custom gpg key for a custom mirror, > as I'm able to > specify a custom GPG key for a "local" repository (bug just fixed within 10.1 > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774)). > > AND.....setting "allow_unauthenticated" to true does NOT work. I have this > set already. > > What "would" work (not that beautiful) is > > - set the "custom" mirror as "[trusted=yes]" within > https://salsa.debian.org/installer-team/apt-setup/blob/master/generators/50mirror > or > - also add the possibility to add custom GPG keys for a "mirror" (just like > for a local repository) or > - also set "Acquire::AllowInsecureRepositories" to "1" within > > https://salsa.debian.org/installer-team/base-installer/blob/master/library.sh#L172 > > After my setup fails, and enter a "shell", setting the > "Acquire::AllowInsecureRepositories" to "true" (1), the "apt-get update" > succeeds (with warnings present). > I would go for option two: - add custom GPG keys for a "mirror" (just like for a local repository) My approach would be a cpio? file that the bootloader sees as initrd extension. No, I'm not 100% sure it will lead to succes. It is only based on this - initrd has GPG information on which (Debian) keys to trust - bootloaders can fetch multiple initrd files and represent its content as single file tree to the kernel > Any help will be appreciated. It is what I can offer right now. Feel free to come with follow-up questions. Groeten Geert Stappers -- Leven en laten leven
