diff options
Diffstat (limited to 'actions/debootstrap_action.go')
-rw-r--r-- | actions/debootstrap_action.go | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/actions/debootstrap_action.go b/actions/debootstrap_action.go index 4f30ee6..bfbf3dd 100644 --- a/actions/debootstrap_action.go +++ b/actions/debootstrap_action.go @@ -10,6 +10,7 @@ Yaml syntax: components: <list of components> variant: "name" keyring-package: + keyring-file: Mandatory properties: @@ -17,6 +18,8 @@ Mandatory properties: Optional properties: +- check-gpg -- verify GPG signatures on Release files, true by default + - mirror -- URL with Debian-compatible repository - variant -- name of the bootstrap script variant to use @@ -25,7 +28,9 @@ Optional properties: Example: components: [ main, contrib ] -- keyring-package -- keyring for packages validation. Currently ignored. +- keyring-package -- keyring for package validation. + +- keyring-file -- keyring file for repository validation. - merged-usr -- use merged '/usr' filesystem, true by default. */ @@ -47,14 +52,18 @@ type DebootstrapAction struct { Mirror string Variant string KeyringPackage string `yaml:"keyring-package"` + KeyringFile string `yaml:"keyring-file"` Components []string MergedUsr bool `yaml:"merged-usr"` + CheckGpg bool `yaml:"check-gpg"` } func NewDebootstrapAction() *DebootstrapAction { d := DebootstrapAction{} // Use filesystem with merged '/usr' by default d.MergedUsr = true + // Be secure by default + d.CheckGpg = true return &d } @@ -74,17 +83,31 @@ func (d *DebootstrapAction) RunSecondStage(context debos.DebosContext) error { // Can't use nspawn for debootstrap as it wants to create device nodes c.ChrootMethod = debos.CHROOT_METHOD_CHROOT - return c.Run("Debootstrap (stage 2)", cmdline...) + err := c.Run("Debootstrap (stage 2)", cmdline...) + + if (err != nil) { + log := path.Join(context.Rootdir, "debootstrap/debootstrap.log") + _ = debos.Command{}.Run("debootstrap.log", "cat", log) + } + + return err } func (d *DebootstrapAction) Run(context *debos.DebosContext) error { d.LogStart() - cmdline := []string{"debootstrap", "--no-check-gpg"} + cmdline := []string{"debootstrap"} if d.MergedUsr { cmdline = append(cmdline, "--merged-usr") } + if !d.CheckGpg { + cmdline = append(cmdline, fmt.Sprintf("--no-check-gpg")) + } else if d.KeyringFile != "" { + path := debos.CleanPathAt(d.KeyringFile, context.RecipeDir) + cmdline = append(cmdline, fmt.Sprintf("--keyring=%s", path)) + } + if d.KeyringPackage != "" { cmdline = append(cmdline, fmt.Sprintf("--include=%s", d.KeyringPackage)) } @@ -115,6 +138,8 @@ func (d *DebootstrapAction) Run(context *debos.DebosContext) error { err := debos.Command{}.Run("Debootstrap", cmdline...) if err != nil { + log := path.Join(context.Rootdir, "debootstrap/debootstrap.log") + _ = debos.Command{}.Run("debootstrap.log", "cat", log) return err } |