i'm not 100% sure that this will be helpful, but somewhere in here you might find something useful (apt version 1.2.19)...
if you already have the desired key in some form you should be able to either use a gpg command directly (per earlier replies) or `apt-key export` and redirect the output to a .asc file. this can be included in the fai configuration space under package_config/. i can confirm that with this approach the key is loaded early in the build process, used during the install, and available in the built system. it's worth noting that the resultant keyring is stored with the same name and an additional .gpg extension in /etc/apt/trusted.gpg.d, and that further actions (e.g., renewal) on it need to use the --keyring option to apt-key. if you don't have the desired key you should be able to add it to your personal keyring for later export via something like: gpg --keyserver pgp.mit.edu --recv-key 2BF8D9FE074BCDE4 i believe (but have not tested) that if you have an fai script that ran `$ROOTCMD apt-key adv --recv-keys` (as described in your initial email) you would also end up with the key in the built system, but as part of the default keyring. anyway, hth... andy -- andrew bezella <abeze...@archive.org> Internet Archive
