From ce45f552e6ec5837ed6d8ce19dec6f591e561dbb Mon Sep 17 00:00:00 2001
From: Holger Paradies <retabell@gmx.de>
Date: Sat, 8 Feb 2025 08:08:31 +0100
Subject: Signed by in sources.list

---
 config/chroot_local-hooks/xx-sources.list | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/config/chroot_local-hooks/xx-sources.list b/config/chroot_local-hooks/xx-sources.list
index 337385d..caf7cd6 100755
--- a/config/chroot_local-hooks/xx-sources.list
+++ b/config/chroot_local-hooks/xx-sources.list
@@ -12,8 +12,39 @@ esac
 sed -i -e "s#${LB_MIRROR_CHROOT}#http://deb.debian.org/debian#"g /etc/apt/sources.list
 
 # update apt index debpool
+# live is already signed-by
 cp -f /etc/apt/sources.list /etc/apt/sources.list.bak
 sed -i '/live/!d' /etc/apt/sources.list
 apt-get update -y
 cp -f /etc/apt/sources.list.bak /etc/apt/sources.list
 rm -f /etc/apt/sources.list.bak
+
+case "${LB_DISTRIBUTION}" in
+    stretch|buster|bullseye) exit ;;
+esac
+
+# add signed-by to sources.list
+# TODO dep822
+# TODO wine
+# TODO fix it
+
+#sed -i 's/^deb-src/dummy/g' /etc/apt/sources.list
+
+#sed -i '/kanotix/s/^deb/deb [signed-by=\/usr\/share\/keyrings\/kanotix25.asc]/g' /etc/apt/sources.list
+#sed -i '/debian.org/s/^deb/deb [signed-by=\/usr\/share\/keyrings\/debian-archive-keyring.gpg]/g' /etc/apt/sources.list
+#sed -i '/dl.winehq/s/^deb/deb [signed-by=\/etc\/apt\/keyrings\/wine-staging.key.asc]/g' /etc/apt/sources.list
+
+#sed -i 's/^dummy/deb-src/g' /etc/apt/sources.list
+#sed -i '/kanotix/s/^deb-src/deb-src [signed-by=\/usr\/share\/keyrings\/kanotix25.asc]/g' /etc/apt/sources.list
+#sed -i '/debian.org/s/^deb-src/deb-src [signed-by=\/usr\/share\/keyrings\/debian-archive-keyring.gpg]/g' /etc/apt/sources.list
+#sed -i '/dl.winehq/s/^deb-src/deb-src [signed-by=\/etc\/apt\/keyrings\/wine-staging.key.asc]/g' /etc/apt/sources.list
+
+#if [ -e /etc/apt/trusted.gpg.d/wine-staging.key.asc ]; then
+#  cp -f /etc/apt/trusted.gpg.d/wine-staging.key.asc /etc/apt/keyrings/wine-staging.key.asc
+#fi
+
+# key.asc is kanotix spec
+# debian keys needed by live-build ?
+rm -f /etc/apt/trusted.gpg.d/*.key.asc
+# test if we need debian-keys
+rm -f /etc/apt/trusted.gpg.d/*
-- 
cgit v1.0