Make apt work with unsigned repositories (#1070)

If an empty key is given for a repository in the buildfarm configuration, use the repository without verifying the GPG signature of the metadata. This is already how the RPM jobs work.
ros-infrastructure · Nov 1, 2024 · 383dc7c · 383dc7c
1 parent cf3d223
commit 383dc7c
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/ros_buildfarm/templates/snippet/add_distribution_repositories.Dockerfile.em b/ros_buildfarm/templates/snippet/add_distribution_repositories.Dockerfile.em
@@ -14,10 +14,10 @@ RUN for i in 1 2 3; do apt-get update && apt-get install -q -y gnupg ca-certific
 @[for i, key in enumerate(distribution_repository_keys)]@
 RUN echo "@('\\n'.join(key.splitlines()))" > /tmp/keys/@(i).key@[if key] && apt-key add /tmp/keys/@(i).key@[end if]
 @[end for]@
-@[for url in distribution_repository_urls]@
-RUN echo deb @url @os_code_name main | tee -a /etc/apt/sources.list.d/buildfarm.list
+@[for i, url in enumerate(distribution_repository_urls)]@
+RUN echo deb @[if not distribution_repository_keys[i]][trusted=yes] @[end if]@ @url @os_code_name main | tee -a /etc/apt/sources.list.d/buildfarm.list
 @[if add_source and url == target_repository]@
-RUN echo deb-src @url @os_code_name main | tee -a /etc/apt/sources.list.d/buildfarm.list
+RUN echo deb-src @[if not distribution_repository_keys[i]][trusted=yes] @[end if]@ @url @os_code_name main | tee -a /etc/apt/sources.list.d/buildfarm.list
 @[end if]@
 @[end for]@
 @# On Ubuntu Trusty a newer version of dpkg is required to install Debian packages created by stdeb on newer distros