It combines apt-get install with --yes and --force-yes, which could lead to installation of unsigned packages.
Happens only for jessie and later based builds.
upstream bug report:
https://github.com/grml/grml-debootstrap/issues/62
Description
Description
Event Timeline
Comment Actions
Research:
https://www.whonix.org/wiki/Dev/apt-get
Added a workaround:
https://github.com/Whonix/Whonix/commit/7ce93134bb9226c7a1062674f443f5c980fa6627
But I leave this open as a reminder for testing and while I wait for comments.
Comment Actions
Tested the workaround. Looked how grml-debootstrap would call it.
~ $ sudo su root@host:/home/user# root@host:/home/user# DEBIAN_FRONTEND=noninteractive apt-get --force-yes -y --no-install-recommends install -o Acquire::http::Timeout=180 -o Acquire::ftp::Timeout=180 -o Acquire::Retries=3 -o Acquire::Check-Valid-Until=false -o APT::Get::force-yes=0 libreoffice Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libavahi-core7 libdaemon0 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: fonts-sil-gentium-basic libcolamd2.7.1 libhsqldb-java liblucene2-java libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filter-mobiledev libreoffice-impress libreoffice-report-builder-bin libservlet2.5-java libvisio-0.0-0 lp-solve ttf-sil-gentium-basic Suggested packages: java-virtual-machine libhsqldb-java-doc libhsqldb-java-gcj hunspell-dictionary libreoffice-help-3.5 libreoffice-l10n-3.5 unixodbc cups-bsd libsane hyphen-hyphenation-patterns mythes-thesaurus libreoffice-grammarcheck libreoffice-gnome libreoffice-kde openclipart-libreoffice pstoedit gstreamer0.10-plugins-ugly libreoffice-officebean libmyodbc odbc-postgresql libsqliteodbc tdsodbc mdbtools libmysql-java libpg-java libjtds-java libreoffice-gcj libreoffice-report-builder Recommended packages: fonts-sil-gentium libcommons-beanutils-java libcommons-collections3-java libcommons-compress-java libcommons-digester-java libcommons-logging-java libdb-java libdb-je-java libicu4j-java libjline-java libjtidy-java libregexp-java ttf-liberation ttf-mscorefonts-installer The following NEW packages will be installed: fonts-sil-gentium-basic libcolamd2.7.1 libhsqldb-java liblucene2-java libreoffice libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filter-mobiledev libreoffice-impress libreoffice-report-builder-bin libservlet2.5-java libvisio-0.0-0 lp-solve ttf-sil-gentium-basic 0 upgraded, 15 newly installed, 0 to remove and 0 not upgraded. Need to get 19.3 MB of archives. After this operation, 60.1 MB of additional disk space will be used. WARNING: The following packages cannot be authenticated! fonts-sil-gentium-basic libcolamd2.7.1 libservlet2.5-java libhsqldb-java liblucene2-java lp-solve libreoffice-calc libvisio-0.0-0 libreoffice-draw libreoffice-impress libreoffice-base libreoffice-report-builder-bin ttf-sil-gentium-basic libreoffice-filter-mobiledev libreoffice E: There are problems and -y was used without --force-yes root@host:/home/user#
The workaround isn't pretty. Would be better if upstream fixed it. But the workaround is sufficient.