From d5e06cb5cae17d5f8b6ce1954e35443b2c7a7df3 Mon Sep 17 00:00:00 2001
From: Junichi Uekawa <dancer@netfort.gr.jp>
Date: Mon, 5 Jul 2010 22:18:05 +0900
Subject: Add an option to verify key signatures. (closes: #579028)

By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
---
 pbuilder-satisfydepends-checkparams | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'pbuilder-satisfydepends-checkparams')

diff --git a/pbuilder-satisfydepends-checkparams b/pbuilder-satisfydepends-checkparams
index 16e418d..58ce976 100755
--- a/pbuilder-satisfydepends-checkparams
+++ b/pbuilder-satisfydepends-checkparams
@@ -27,6 +27,12 @@ FORCEVERSION=""
 CONTINUE_FAIL="no"
 CHROOTEXEC_AFTER_INTERNAL_CHROOTEXEC=no
 
+# aptitude flag to ignore key verification
+PBUILDER_APTITUDE_CHECK_OPTS=('-o' \
+    'Aptitude::CmdLine::Ignore-Trust-Violations=true')
+# apt flag to ignore key verification
+PBUILDER_APT_GET_CHECK_OPTS="--force-yes"
+
 while [ -n "$1" ]; do
     case "$1" in
 	--control|-c)
@@ -72,6 +78,11 @@ while [ -n "$1" ]; do
 	    FORCEVERSION="yes"
 	    shift;
 	    ;;
+	--check-key)
+	    unset PBUILDER_APTITUDE_CHECK_OPTS
+	    unset PBUILDER_APT_GET_CHECK_OPTS
+	    shift;
+	    ;;
 	--help|-h|*)
 	    print_help
 	    exit 1
-- 
cgit v1.2.3