[Merge] ~toabctl/livecd-rootfs:master-replace-apt-key-lp#1948929 into livecd-rootfs:ubuntu/master
Robert C Jennings
mp+410866 at code.launchpad.net
Wed Oct 27 16:26:01 UTC 2021
I can't get this out of my head, probably because changes like this tend to get copied around and this first change in livecd-rootfs could end up being a template for people addressing this deprecation in their projects.
Diff comments:
> diff --git a/live-build/auto/build b/live-build/auto/build
> index 950d95d..93820ac 100755
> --- a/live-build/auto/build
> +++ b/live-build/auto/build
> @@ -431,7 +431,7 @@ deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS
> chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release
> mv config/gnupg/Release.asc \
> chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg
> - apt-key --keyring chroot/etc/apt/trusted.gpg add config/gnupg/pubring.gpg
> + cp config/gnupg/pubring.gpg /etc/apt/trusted.gpg.d/
And for safety `chmod 444 /etc/apt/trusted.gpg.d/preinstalled-pool.gpg` as you're not expecting this to change once put in place and it ensures that people copying this pattern around don't create a permission issue that allows injection of keys into images.
> find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm
>
> Chroot chroot "apt-get update"
--
https://code.launchpad.net/~toabctl/livecd-rootfs/+git/livecd-rootfs-1/+merge/410866
Your team Ubuntu Core Development Team is subscribed to branch livecd-rootfs:ubuntu/master.
More information about the Ubuntu-reviews
mailing list