From a3d8d7c7555974a714de141f156ae57411d66e9f Mon Sep 17 00:00:00 2001
From: gdm85 <gdm85@users.noreply.github.com>
Date: Sat, 7 Jun 2014 12:57:59 +0200
Subject: [PATCH] * added Debian Archive keyring * added questions to user
 about keyring differences/trust * added documentation notes about the Debian
 Archive keyring

---
 docker/gitian-host/README.md               |   5 +++
 docker/gitian-host/build-base-vms.sh       |   4 ++-
 docker/keyrings/debian-archive-keyring.gpg | Bin 0 -> 13568 bytes
 docker/scripts/build-wheezy.sh             |  39 +++++++++++++++++++--
 docker/scripts/create-gitian-host.sh       |   2 +-
 5 files changed, 45 insertions(+), 5 deletions(-)
 create mode 100644 docker/keyrings/debian-archive-keyring.gpg

diff --git a/docker/gitian-host/README.md b/docker/gitian-host/README.md
index 804c96e..7472a9d 100644
--- a/docker/gitian-host/README.md
+++ b/docker/gitian-host/README.md
@@ -14,11 +14,16 @@ Preamble
 It is **necessary** that before you using these scripts you read them and understand what they do.
 Why? Because your goal is to create a gitian build (deterministic) that has not been tampered with, thus trust shall be correctly attributed during your process.
 
+For example, in this repository I provide the [Debian Archive keyring](../keyrings/debian-archive-keyring.gpg) that is used for the original debootstrap,
+however you **must** verify its authenticity and that it is exactly [as provided officially by Debian](https://packages.debian.org/wheezy/all/debian-archive-keyring/download)
+in order to continue using a trusted chain of systems.
+
 See also:
 - https://gitian.org/
 - https://en.wikipedia.org/wiki/Web_of_trust
 - http://www.dwheeler.com/trusting-trust/
 - https://www.debian.org/
+- https://wiki.debian.org/SecureApt
 - https://www.docker.io/
 - http://www.ubuntu.com/
 
diff --git a/docker/gitian-host/build-base-vms.sh b/docker/gitian-host/build-base-vms.sh
index d05546e..beec2c9 100755
--- a/docker/gitian-host/build-base-vms.sh
+++ b/docker/gitian-host/build-base-vms.sh
@@ -23,10 +23,12 @@ function ext_partition() {
  	loop=`sudo kpartx -av $OUT.raw|sed -n '/loop.p1/{s/.*loop\(.\)p1.*/\1/;p}'`
 	sudo cp --sparse=always /dev/mapper/loop${loop}p1 $OUT
 	sudo chown $USER $OUT
+	## following 2 lines are a sloppy hack to an unknown problem with kpartx
 	sudo sync
 	sleep 5
+	## these are silenced because if former fails, second doesn't and viceversa
 	sudo kpartx -d /dev/loop$loop 2>/dev/null
-	sudo rm /dev/mapper/loop${loop}p1
+	sudo rm /dev/mapper/loop${loop}p1 2>/dev/null
 	rm -f $OUT.raw
 }
 
diff --git a/docker/keyrings/debian-archive-keyring.gpg b/docker/keyrings/debian-archive-keyring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..46d1f0e23f17522e0d4fb358b24d78b8c53add58
GIT binary patch
literal 13568
zcmbW7V{m8f)~Elm-LdVYW81cE+qRSLxMSP4Z5!ROopg-p^mER6-+8NMYHGgj4{KNL
zy7pSvx_@^nFdV3~cF{QyB4DytVuq8PuNSrP#J^d`7Ia<=#*|OHpW`KYMaR1kfj(IK
z3Ku?hh8iHa0xgBD+ir&h#<<0oZHAT&W9yl{d_<(KL%_-F(XCg{?}M9bQ+ynEC79er
z5LRo1lGGW@0WI8`k<&_`Sx{Rd+_pID&!<Cns;f!k)A|<euJ29A?if;11#W!ecDgsr
zFqg$Z4u%y6i7FfgqITL75tq%T1vIVcP%{9f(Yox`nlEYECNycK(&h)umw5G)SuJSK
zJF1dygz)Xs0913@9iD>rdB(I}BYT?Gu?&X~=dPVv3Mcv@ClaKM#A#?-RM%QzcMnCd
zkqi}mQ@wYH4Mr*ex}xA4D$Nf*40G+2T2))d#fG(N`WU*Za`a~u($f&VmC0;Y8&}P@
zUTJ{=IxWmL*9F>6HJ$eI#PPT$UB-cjhr6?z6!eN$wTlOW!n>+RlO=4d3v!8};qbcJ
zeE**Ps<8&S`3g>OIKuDOzfCqU2GJa(xlL$`(*{Lc`$No(){u(i2hZ9G5%N&75{<*Z
z<H-0SnBZ(H+)rQRce&S5@?zL)>#BGVNqF1;{&mtjny_c7?;5+Oo7U{4DdJpp!MWd{
zQHkilN6L$&7Qy#JrZvx9eQ_}(KCY=Pj6?}CzS}Q~v<0+=4k>y$c8Ymh;D%R5d085G
z#E<75lzvn0kv|N81OxzT;8t>QF){HpAy9HQFtj!yP&BbNF>o>=kTUTg;5Iffv@o!x
zb^PZUzqN&vvlHDv59#b2&3Ge#c|lQtfB_U>z@Jb7V}pP}!BLp|gTp{ULVy5+qe22h
zLBoKe0fPVm;{gGq`vah%5RJuA<646VpQx`80Ub{Qi4kpytwXd7dmRk=7U`*67@>$M
z{3<_RcS#wdF@-DIj@1N2nKrveHj1>HzT*6Lhf-~>J=Wg7lF>(@-R`=csJ7ID(5xN|
zff>0Nb#&nU?NL(L?;;eZXl+3{RZF_)I*WpVgp_u<DFdwb^~%#?voQlpg)St~Ov5u>
zwK2-noA%I3dn7JtM97*IjREq~nHrGMSH<lVpWmHgYf9IKz#QS4SJ=-MfhRVf_jLyR
ze8uJt9Hf+g;C9%oOm*y%GOeysRVRIgHAqDy-fXl)4F`}Cxe?tJ^1*0g^#*Fx(&b}5
z{nJr&aG^lC{axD3t$-T<zS8Rj0Cg#qHrrY0y$lW&cCLF!pRf`)4kydua=LuHE-{iT
z<}+#_LBWuZvhbSOFza6vpwYjcpDhHJ)p}x-b=6N3{ZQx1Xd|b!a*<;HF3pWZBH7cI
z81{4UnB|9~L@pE(S^ok7&uBT(i=`P#3$Jk_5G;aqm)J5TX&PjgW^<Lq5n#i44@kV;
zq?S0tuBpfCBf|56*;pymhNt}3veYOyDF?5&mS_a!)yc)qi0F~+MAWyZiSdMcSk{ho
zlX&G`*(!m4abikPM8c>8-?j=ybGRsMOaDXOrMQ+ML*uG%v1d)>1yJ3smnv<@(v%w^
zE*}$QFu_K&{$h4(tX#SnBz-uKP^C4%0FVe!98g3cNC5aJL<2gXh{*RF$#7EQJWY<`
ze`qAF309?tD(;HHK8Zcsv>V^~I=M}X9(&M?M5aS8)prF|`>2>+H#hN?x6?kavXzE(
z9}VxCeO*st?9*esw_EduKg(~80e_++1%)rDcGm(=8FgSeFB|h-aAae2D~`g`Rbro`
z<*O{&6XsuG`KjmCRE#-tbE;n+*|6;XdJKYFk1o*!3vqQaq-p&-8LXTM@Jh5^?M!p-
zGNneGM?;Zydy1YocQgN-NEpmn%-4Qlnak^NAxVD-d#pm9F_=r%{<EV^n#m$7kZ$WG
zZc+g9%dZhC!$6^w;-<M7>nD#x-`d_@S)bDY`w6cSLb`VKwmXQxg7XW#NklmUCp)aG
z$C63$3q={FM=*1%7JCMAp4xnj^U(7>H)+3}(MT$=#T%U0NBecs))c?}M@=DJP{slv
z5yIX^w>`Kx9Q||K^9m^{x@xTt!71gDI4Oy-i6vtq-*P>IJ7gxQ*^++m4eu%W9g@LE
z@pcu&adWQjwOr0l74}q!@fC2=>IT$dtlE}Z&d9HH-S)Mu7;e+(GQ}@x`GMd1#$E$u
ze1d(v%IpO5E=gd%s17hP!wu2G!6buEQl7J!ikLxJz%~xujJGR2LFp0ZI;t|X$7r|v
z2XnfQSN36z^cWV$GAZm7=~)k_qi6(t6iZLMpwQ**r-Vt(eVc~Y9e8Cn@3in?Us~ub
zRHWQ_5rv2)5|pa7zxB+Al{1C5p(uh5N5_>_O#+$c)?D6S`9V0#kl=WfSP}y@hWyo~
z$n-*dG9?Js<9Abo7}hDP)hW!x`@a9ZpCmU-e~rza3l@a&hC|j`vH=Ek(WD)`UtN1Y
z=<_{q!VVw3J(d|!a<;QXma+*-4n4m}Q)ko&sX(?otik?M9Fpn8^Wm4vQ8!i{xu>9m
z^kwSg<^@b+nCwUV%wtT(wlU;RGy`RE1;}(8L9w4HY-~1Lkreo977Jm`0jR=6+5@Ut
zw9R?>sCi<)o2u>78&Y;=mokD84-<_ZDX`I&=Md1NAvc}g_7Y*{)k=33w;9PZ>6D|S
zzmqV|GBI;)`|f`WZ4hLKe?b5BGEEHea+W`Sw@aRMT8B`;opVX>jtw2jbh+Z$cF7yj
zFktg5m||e~UDQ!jkgJ%oIvso9N7%N8lR;!SPxnQ9<<20p49S*M{&$~~v|9<B9?u`T
zwJn_7zl1~`SsAW%NwHl#Ub}XE6&USI>1`(lLpz#RX4^!-b3mm=B7u0T;x0#_y5^M^
zG3rSptMbm!5e+BKiJoymuek1nX{i-~^mBnbAd#mhN_`S4+I7kgI&O^mes8?l%%2F(
zwD@e=YM`yGw`<UJU>v*9kVp3mijaY05XIchonYM!;`Q@J)Ai@<{Am$@a8Xc1q<?pa
z#Lo_Kj>W-LH$AyRq6o-2RaK@M+_p*;Hfj;C4_iff_y*ko$RZz{!@cfNX`$0oa_!5$
z&SotS#`~-l0sP<E&7kgQvB4>wzCpoBjUH-*SLlbMJ5$FOFpddo=W9*^s!cWVk}@|9
z6A)`&==qpgvY36{@2;YQO|EI%Nu%ZtN5w<W`?ebAkhQQ^T$&39=~!IMMOtm;;y^0a
z(6!hs_O(A`f5+=@`SR+j9idWkk2IgT(<V$K?#5xtiRdqf087rsQa82E59wO2=Rsy~
zzXyDXi=Smw=sR&<+=VTO31?ouFRZ8d>6fM#UGLNWHs@&pH=KT)pJ#FZQR$zG*QZWq
zH+--eZb>uU$j*&VO4+AAbZ{awnwcJJQAqd#d1UW0IVn^d4&LvWUZ<ODf2^fa%Q9#R
zbKZhzm_YNRa5453e$F9Xy(UjPLl1~g=E)XDQpj`G=HWF0ceL{eR9p1*2FOFXi((*G
z?WcQPD@!eT!fiRsl`E6WLW`p`@fbM=VaAryChV+Pb7=uk%dVL=xr3#C)!9etY7kPO
zr?Y*N%>DtS$Zt2F46}Wag<;m`m$)%*ry@5%b{KZ{rtt-6aIcMdRF*07ZvTx+c{;2%
zYGY9fFx8+Arry~3m6tgAJTVB#bwKCI6&2O>dxz26uN_hJzzrQ;D=Fl;D5W~=-@MaT
z-tj%%QL90;rdX{~B`e7=@2)9vj4Zn%u+`;PyBkaVCd&L5O=xhU=6%;c$6-S~6l{WY
z84y73z<72OHd=sy;B*7*qnUq?0f~GflKLsh?s(IGB>BMCj1fA?;rgQ?=|RMBPwHHL
z(lslsSAy2)Cd%;4FPN5GNkz;>puW=-^|0FnjRTTyxflCVwbUC6&8c)3i;bm;e^TLW
zE?UO3@$i67M<9d82250?8GAN#rfwP^3|g{N^apwH(Rco-^IlPzWdU%dRVLF^NL)T#
z%iF;(XyLTgcf;C5ft{=1ebX1n+W^L^<(vq_9v{c2=L`_{I!8IZ&BGQ}`JDMW^tJH&
zY|Tl|4M}VVXsGIld&HT*Z-joi(%g7cHW0#FIhpkc(qFYnG=@ct9lbS=W0k8CKES#X
z!{7)4Cw}ASAIUaweG5XY_gwtaZ@~h}p7`S7K#RC8;cF(k8F-D%8x_k_t|cL-XLt&I
zu@dkaPVb}{t<~?Ppa_g{kL&C3@og`{VVd4DJjMYBPmF)@t@a0bfRoyWlR(|L#^^Wy
zurnTa<oA=_$x^KLpU}(S7<p%G!raqT=UKyA>w&hgklKS6r2?9zfoQ|+-hJkRFq>1}
z;%}MTjkEY@{3ZGu6!QI^D_AR(Y!0K!e>Q{=up>r?vE_jv_^2S8dPO+GLrmByV|H=C
zdZ#~HT!`U$=|GlluES^sKA!F7VNnrT1Q8;t#ETF~WLK2K{tWnXCDI5|&4FAa{&qWH
zCU)7#CjAr39)^oWjFeFoFdHiWw6_*DQkE$2k0eV7{}o{Z0Y@Wq3s(~Y0T*XG8v|zx
zBLXE0Gg}K=v%k7b!Akd)-svBmrX=7tb+)%LaB?<r<p1A{ndh%DlmB&Pc+znHf5iBY
z`?%w8f&KMnFjUAt)(rM(&4ADLRJBlJC-zm~d6*FqP-t`5;r1BfdIHqS=?%=TNi&_#
zov!WyNjjz3%0p)PlTH(I{;Ne*)yst+3qechh!t*XMw#oCbCctbghHxzt6zQfceo<<
zsrSoPR8}I)OuC~xZ6_KJlV4}QSKeJEw%1ZzSU%>hl!+eUpS0)cbp!%lq5vT|U}8dV
zq(X#aUekAuecI0E$+lbe+h5x0UubRXm5`=4huwEhc{<l{!^dM%ct!9Z*3>hmETsJk
z<)orWG#Lpw65Dr3fznL5Z-KPf6w?w_g9g?3c`2=BLjtZIgY>twOPO4lExrni4F!0y
zUFqf;>7x9=OWI^7zH17aocy3}qZzhsmguE`u$bp}RzbN1XSg5q{F=#0q7I1;s-_mv
z!-yYkD!~a^&voE{^gXel%qew0F}4yuI9sjGw~s-#-vJEzHsASOCpg=uEpO!QN68Im
z`J<3rvhYjiRByXiP(8|m#$_@`f9n#F5js7VMUF?_D~03Yu5S8b^|)*q$dOHKsAlDD
ztAw%&i%!ncqYSLyfKS*c5rhmS9P{sj-n|O%Wwu1*U=i0I@SGx_Mq9W}*-JZ5$Vf|d
zEN+(${A<n;(CP<Svj$oCgbPG?3_H6wr$+gJ9j)Xt=8~RGr7>IgM{%!b(-QxMm=~6U
zWl@y_Y?<no9VJoG(c%kG1lt(wG~oCwb(2qF{yPnU|N62!!Iw`$9CVj*e7zz^OKbpH
zyyrwrYhwbqUt4!@pi8@H(YiD10a@JJVcfZ9;XzF99gj4Uy=dGBhKB!4!#|_-&j$DP
z6F>r52rMUO$3Hw1VwpQT+jG*>o7tPunHkvHnwXmYS^Vhj?W`?~Jm{R=oj+f@jyA1T
zOG-MRFNO%1L*keY|KWb{ItikpWv9gKFby6<$<w!|K|jBRY?9)EThZa}B`<V!+yu3h
zK(SVw2N#cNlmEJ2wb37I_nRU*M-jNY26-p6N_|vunx3*Ju7ykNjI|!CK9K_+*8kbC
zCit<RQ1uO{Gs#ME|0(=CqCEI72yii(hbm|ts(!W(hE)672jKkNfG%t{R`F|OsWw<s
zq@QdcSrUZXaUb&0xEP^@a?0GWlE#*)X+3GuJ;cN2cL5MlI7W#2*tzs)DYaL<1~hC#
zDaQiMQV)(bL&US%ED!ej7)dfXGz2*v86hVtRmX>|NkbNANp?sNM~m+SNtHs&_UH`U
zrx9}IJbH+i^@P7-r6>3orUDHU-En(f>w|u`tZGBh^9;TxZw7!H(q`hf_LwON?n0H1
zdq6TG#2d%BT@W(^U(@^+&8>Hl#W=P-s7PLy@<o0k@b$P!J224j{*uw<+3>-<%}^*G
zR*^INwlhSx5~F6i@{mmLc6h(IQsE)2qyKP5rNRqsKg}RBHWsVAa=W=;#EL<z>Dj)w
zX+n8BDY;6@xe5S)e3&2xEdYlN+|gd7dd?_E@LLb59F9S%l^))}l4z9S?|LhG8;{d9
zA2Dv+({WjFf#;?~f|7b5drauS&n+3u$ixPYXux|ak*HYTz1P4A8lYhl4SKJz<Dp~p
zeZutL!6YX7B!oGn4RYoTg4j9|kP|e!^gyUte|;-{NiVaTls}T;Ar8oy8j6$fnihWp
z$zhPLVejK7jL&2F2h9J{G<TA<&tmmR(U*}Y-!BGE5dlvK4}^)F^<r21e%>$}87yUI
z*iUkSO+hwB0dTR9%ijGemnP|eJX7=E+~Jq>D6uIxwh!NX`pYm#aq`SYRKH`DF4wv<
zv9N^Y*uq}j8|?}<uMJb__g0A1Qqsj-K&5^-jt>d_;5?I^<^<+miOwl!mG<4Rj_SEt
zPW)Dxy~sy)1~n^!Z96*F+X5Y7$EMS(KX2Gi4kG70#EU_bi~2GQNe)~%KxyP%>|5GE
z=_k>o!rMQ{(;-(ffom*T<jC1L4qx68B9meCG8cTebtl##gt)TEm=6h*dlJ_dOcoIP
zKK*_M6_{--_~Z{8ZkLoLd)=VZUM*O-JaCTz8ld9*#aP}G(5a>ZNkrO!v6a&{?}JUq
zj~?jra&hxCh^)2g;`WIC;QgfRY>D_grlY#e9f5$=PiHB#*$8)w5^?G4@${;p5Y=$+
zwF;H%hpb=o!JSS4#CpQ&SZ(}cog$26jSb@V%?ODl2sAOlq2^Q9U?V==$mT7uAGNqz
zNVHg#A1_+=#xcM1S(+tyaUaHn^s{>s)cl%A9CB%4*l}}UX1JK(g)BsSNsVWa^?ZXr
z?Z%?ryrO!EI+TjzyEd6nvt7>!HSfHoS$f3u-d+FN`A<F(AI*Eodp=It`mFHbAI!MT
z1V)R}=;*|4>mKb;?OP7W7@i9@I1w$uax?RP5dr#dh^U!=BBDF?0?4ltE||cA_;7M@
zRHa+s^gqXlfPQsMVJ_V}Tqe0aMCO*sSWEhlj1q*7VH;;e7|?Pqzf|NeORl=lsWqp3
z_5AHlF93GBoWL6&oYny>Z@%2P33hSyGIm6Xu|HM8YcKMFw$f3rT7P7+-ewW3{l)mr
z#g2-FdnV{gHw<FlFS;|{Ihyo&P^y^2JxbdeNn1!I+6Ig2X&;6XnvY=01iGzqW)n@2
zY-WSR%Yz%$gZtFy(JLfZX8Z@-ylLZ-0s{`SB=AtXK1ms@ieB)s_^}e@t;muD?02Rg
zSkiUJ*hcHd3Y|Xwc9?c<`a2QM1^Axysw9=Gl|PS9f{qe=HZ>L|@TMHky-)w=AF0Lq
z`Gp|RowoohlW3xrfGm;?HvUZ{Bk>L4^}6pezcA_RX>9>H@%9pdG~Y67Mi1x#HBig>
z61?e{|Ff2M&1bC$!p4nB)RG_^c|f)xq94tyx2)%nL29R}n)cG5o_tb3wiyJi9LS-5
z41(1*5_t{zQojlc%76Xc|C(Xi1E0nEq)hV6XrhpFj1fLuEqw)F9Bam6bDLG9Epo%a
z$ocV5Q<I)qV1#Q(ubdG3%B`c`inBQjnCKM0<vcHx-KbYrzh>q@65?Q-V6(69urj)+
z8T?R08o<E(9k85eAa0KKHta;=t?ygLmz=r%7Mx(!f8<*Uj^7=|lNuIa5$zbf$fyHP
zv@3+5d&8fMgoE9wfC_Sgfvr~x7fOvzbU&-~Hn3`O?G_%7WB;`a+!02aLfqEii}nST
z(A6`@MTqX8H1R=b(R4ZEdN|6{a*RVZQYdjmvf1L5c(>Yq%^a}(bTuab)`KYXWdr5I
zE=#U<((V8eJ!c?kZP;z(Z}00Te3Zlbi4^gNy?a9Y2+xDLpH#w(5Sdkq5g(c7T-6sU
za^y;0edHl_GjUZ%c270%?RRsX@ma`sppz#%M9dDg1;A9_rGDi4Z@hyPgA0xhWUQn|
zk`ygfdy2rrUS^p^hL%2cw6=VN8`xpj;T*x{+Z@1AuV5{7fH10hftI~_OkH+gCxA*O
zsdY~b2UCg)*=9nF6D^kxL4iYBZ?=CUQ}!#ZIiMYfMGCYQvBjlLQ{%_^+HcJUf%CeY
zv5nUj2U46+lZ+{uwSGf)PjHn!7gRY)N20j1QP0SZRilO<b+6ARN<il`;iSIzUGx~8
z>xgqZeYw|xE8Wps+EuksHn_t*y21$~ag7Xq^<TIl|7+)W-+TNd#3yDmVqp4Pe~S+w
z+b^(L4g*tHw3aJywJM6X@fuBI50LHqL~~dW-vYYkcMjg#@?`r!3-Wg`eeV3o|2krH
z-#hy(c0y@<y+lzsre}l*2(s6xnE@IM*HXD=o5fTX6FNP(mX5|98)I|We){sP#mQil
z<&d9d!2oPl-r~<{3WWV!(fD*gq{@KbscA(pyPKC4FB5Nj;%8e!6I%HLG*x2n(I&dJ
zg^t+`ZlkPkFDsA6>uH>Z64DvUCIf*xyiZC<iIFhRIoFXKLO1Mzv<CMjZ`R<rTBxWy
z5NiQ)W~X#@t4MXC8)tPCr@6XpL&hhMEoy||6jSb}Qh|~66pKnMD}AGN#<H3!^Sh`9
z?(%(q0CCe#`(_i2d28)U8EJ)J>@hIwqdAW%lR<}W^2wB$!Mk>5`(NHvaK^Huhczvi
zv2b!D%M8U>-V3w0%W7uwu={TJjMa=zIp4m#w`x4lL7dwd$FWE{sXr*FlHr-BSwq|)
zmy5x;qt#J_XVdcWI)$?x6(^*D0n%`R=1AE+6fF4lj8cLz<CHjq8k{*U?;S?7Q%Ca}
zEBiv74^}%XM{T(Y9lqkt96v(7h`Wa=A!y$&tYRiNDoY$cG2_h(L@Erb85JsI?qgr;
zqD=ur!CGQ{mV1t`{2IJ+g#D!oAO-x#)%GPWG(!_l6jLW0^uOdO1cKLX^IGihE&Cg4
zU!yeFLP|SvRm{;+zR~w%%Kcg0tm<M0(P0xj7eRX3wlWq7<J}AFfvV3$YOy3a3AQv&
zA4AKLC?|N${^Itz^UIa8HU8Q8+bAX3lsX~YFFXQ#xmtd1&-|o|WJ>FbSSqi*Mgvis
ztW$|p)?%KXmJD#b-a=ANfxmaVeBk>nrF{32$RtPbI@0`sQnk-%v@J5cg@ca4OAb#n
z^9pWVs~`H)G89#C=%Ha%Tkoq&(3%w|t}5NWmV^-~Iv>kIKooIB5dz|pQ2FhipWZd2
zzdIuBM>8I@?OK;zsk?&W`ihUbiO79^|H=U=dY)UlcV@y<7$=T>-MIjg^rV+)(CgqT
zB45;yTg4k()Vbk=pR+_^$I*qdsFOQzWn$Ncuk$g?9{e6z#~zOyHO>2_Q#^Q0TQs@^
z`l+zfyG09v?9Nw=dU{%rM>9-H%JGQJbMR~(C01HKEsce+ppb%HRpmz&8c`YB@Ea;V
zxZmwku$cE!k~VL1U<+I^tdAiey37*DMBTba8+T|adUDHVLhnH2BE46dJ)9QjG>-J%
zQu_gdCfsMDo8P6UF7%IEn&`z!lW`R8+<F;*snpX!nHIcolJ}fr=(+?we$TgKR4=uF
z3P<5XU~K<sk;>$ziwLY8Xd^s?3s=bbj%Af-g_ulK*2CX$$j<MnQ!GY{1s=@O2+ck;
z?sLea%8r`Oe0Z5pPTfW<!sY1O77`3^Xjp;%c*jLvM`%R{vtXU^>q_znZdj?!AU!kK
z5vqY9AUSAxmdNOXlk}gRpG(dBPcG*1|Cx(@ZuyV^axmaerv8(Q{b#?2hWgij|6j3~
zU0rUU$w#yCq$0vQc@VTZyJvpUSN}7yVTPkXHk7CGi(<+c5q$oMeccK4vD=31T#e#Z
zeSiAlV~h~XD_Q;QvYAc(x7MavjRAjuIHTVi{DifJ)2Tyi17GTYhFbrW3&p~+OGWhE
z6u(B`?R+o~els60HM>7|vD3iHt0`IZIyqyds~dcng5B5A{E^KOvDMhNEmH4oTy64v
zU4XWoZg1C+N4@EQnwg4ns@`YwH6)KtD19mX7=MiRK{BR8P6_n55J-0SRWp*LLy@tC
zQ{k!BvRcRWQIp?eC60m!VkI8hQLMdsa!n~)@r46AGB7O=ff*v#qPaT}H!w0JQlbjv
zy;6TaR`J{^^hNk=uEN=KDdm0!XttLa5zBcU4+<a5%ME3QDE$OeEm*)`fg@=%phlOw
zi9YABT1=XL#XXjaHOIy#mRnv^EZh*5#~~o;$T<46>!3^>beW=%Uh4R4X_339mv!wH
z6Tw3M@aNtla%lJ_l?n@?o<!`57LURe7mj&G7Jzd_v9%ehQzb6!hfP-B)#c(H*RR@s
z?N%6?clN$iaHjCC7(1aWbY8rkeLE#~2HB`ebWSmmk_zVUGFG!?1MG=y3yitzRw|c3
zE1KXI+uKMq#9H6kr94LByT*9;Fcu;mHWBo}sX@6xOANC%Q-nE;b;1pY@i6O^p#-6`
za#sVe1OCiEkblmp|0<GPC9>S-%=-5^wU7ZK;KxBL3s$$RQwL5etz{?$ViC=P0X>t)
z>I5_(1ce{=gVAF)$}lIwdoC?fPBY1>c0Tv+7fJNZpXK+hNZ^V>JR%68&Y!Bf-Twz6
zQn5IAZ{;FCpf@T%Z;s@6b8EnI5HMSNDmo^p;*w@L0lD8<!(5G^$6{GX?VU$@w*#p}
zPVJlTPT_zm7a+)uxqeqS)ZEM69UJdHMcL_R>YEH>hY1n|pG`xwATgmo+T;t&=Ob`j
z5wAiY^O|@3n}`5JrX;6^#5l^Y9Rf&#zK3N-Z9Ds04=dn>g<9Em?dauK(K>>)87*DF
z5%`l=JNq=6aI;=}qBL8OQ%N|->N(3(!%-*!CTlYBQ~Ao$XgQ|9=-QpaTB0`}Nx)T$
z9Sss3i_{fAIt1syd}d;lPlHp*muMOZk=+mn2Hlq0hOe=*4^`r|GKrYanh=?csqO%Z
z=_bG^NQG%A5u8`+;TAneqhaLbW99c&42<uv;z_c;SX%UJ&XPO^XSh?1OE-ocD7Cx-
z&|&(=XGzHbz8-?p9O`_ql~u9BIOtW0vMC_;D~XZZaEb6;xH%B_k@fu5k^B&g^&@fR
z_l*&aNzf9yak=936_{Fq=RPBsT=zClRDes@DcOv|(*v<;R=yrt&CZK#Pko4pq5`=2
zL+6c(uHv(2`^Bkh>a1(o5WPR&!+(tYZ!98L%AWa2$iHI|3K&4PzH%6fG0YpFtM74x
zg9)e)@j3k-kS+5Y1^_WIJ!XxC8N6sX%a4NZr|{Rv|E942;8w~$`C07WDePkk0iXyU
zC@WMHIt@Vuju$4peSjf?*0!Q1YYym3ueONfqkLxw(8-4*Gf0VTAiO_r^&M%P1R<TK
zw$ilufbB1=Uui&6cW4>Vl0pdbe04BABiMIBRI07HzpAx{Q@HX{C0`F}Jk>mnVCc9x
z8|q|yLzr~1PGTUHmJ;iP&>?Yhi$(dRQK=Gyv`L1K^b2CUB0|=J>9XI<11IWAc=;uP
z-zxCMWM&8RuT-MlC8g8#ie($hXXj_qGQA^J{lXf_Yl%B6ctOP(!F$QOh@oH9KWI24
zk*(v-aQOh%M^G?G9&!)x?8fx%d#icQ&{bDrT%*()XeVwpojt;p`7%_bexPfc^uOk2
z@_7ai_Mn)_XgH5IK(nBV^2Eml<J{8_GdmRVBor$2?fqbBni7m%A=DKgAp6$q+hMWu
zA_O-Aau4MKcoxWn0{VU&JpPslO2_DS{pL=sapHC8NEDB{5vVuq-q;UE5;V<ZXRddc
zMRN_^Tszt_K<C=EdJ5(Qxp3GV#yp!0TgVUsWt;9K=*qAr;F&yR-~cDuNhjvo6gIz{
zJn^$mp)O~na0O|;<Gmn+ZtNGm#4G5DCH{(+NS5am<5V<<_!XF1O{|XtzF#n8P+8Ul
zf}k)`4ihUuq0KPn!Z!hH=xW_r+_l6I+`s`ENNp}pZhSm2XjTo1<pfNF;?*|uxR!xz
zD-&WD1Ycqm3hYU%t)hJjU1yPz{c_Z%mTJG9Duk@@HPWk?tjXQ+vFw~R$1Ho|m=ruG
z?(csN1{vbA^owy?zaUaFkV$<Qym&M=Aow=XbC{!E@@)s-qVpp^c@T7z?K`&j=VGQh
z;(w(PGUx_(u)g)dh;?i!?T*52t-*hW9Q2SkOov0)pW&w<9CLBGbaqmyc-q#P5A)6V
zpsWMQ3vm$OrixB)f}4nGZbG+AK{U&h4vfb<Eh1M)BV*zI1$BJ3magaNttq?BGq1py
zT_j_ZGUzBp-T`=qk1ZB9s2~^mB4&M20D!XR`_MzOcY=~bgYwa{lsxmR5=Bvgp^)2A
zJLO~j71UB9ux=Npy^$M{eh*YnQrTr)CQ`IOqX%avAi(|WA~L#US?!e-(e!4ybG6Zy
zF-hcRvSl4vn0udeN8~MyHza!irGm0y^g_N!U9y{YZOM&mrjpcGcaD#OOb0Z-8mJ>0
zT2WpM$83`@TM$_r$@C5foUkTHS*5zJ{jgtaGw#Br|DdA&$u0_=U?}0Fo+&+N^j6y9
zN}15Htdd2q*wT`Dug*L+3hPnN)zI}W5-rEXBzCa_+{#4F7#lKL{u@Q4W5Lwc-ELXk
zbA|w&O-<5PJ*!^&u#fzgiF_Wdm2kXVcQK&MC`;<$c(z3O&ld4lk<%_d6?rCHu#)D8
zDzX~G=-G=vDTp!myVwa!*Wz0INY)L>RG5o{MdzzM+#a=hz`iSJQj>?>t6QgemA7M4
z?eVuFUukTEI8tdcYBa58hjCNFbD&~lJKDl3CkFTEUxNeJ$<fwAG6@W5h2_&~-E`kC
z)bU&fTie)R#qzXJ%A*#icUd(cxz}UvlT&NvRCQgQH}PXCfTf~$7mSM(c)}rj#E8}g
zWkBw$n);+3y^@dp5Pa3_7%mJX7PAsh&>4rM^<<&=dhyGL8XkxUD9|r-IUz{fCFdGW
z?^gz?el0TP<3%@1`1$Ww7a0s&=cKXGf8RDy*JOZK8g?ySJu#@D#KTi(w%u&9v6P?e
zLX+$~{OTu|24telv|SsA|LuqKnUIu}E$fvjYIJ0HsaW4xaVh4~+(Psu76<M`{{zj4
zqB@0oV7^0~0Ab4fWd?lnwg3)1`8un|cBquz$V2+5F}#zhw@du!)T~W5uDoW4f84E&
zFengao#Jiv4t!;e%W(jo`DPx->bwJ(@#*4EWITO~qd>Dd0}zWnU<9mJAFC}?0hk9E
zPuOk6+qXFho~_ZS1)dzELeh~cMp=g~mB%w7_^P%3{^X{jQF{$f%rT2Pa_338U)7K{
zcHq)$%>Ek$@BZB#LiUFCbb5Q8r?=gUZZkP3R!=8NDhn+tKqFB9D6;tfTP()*Cl+)2
zE7SkyRP6H}8RX|ZGPys1{q<!8s0_gW^&VN2c%`9eyo!>`A0GSqQU<8cX+-3k2#T6c
z_jlV`VEAr4Ai<FZCMAAm?34HP$8ALNy!UQgQFRZ!3CRv|U?&piao5zT{zU(VGJxj%
z-Q_EfEZceWWPL}1s5pWu(%5^G4{-9K$xKn}uK-2<DQM)y>(@Rr-D#^I(baM6>M__f
zQ~V%ai(hK=aWo?ofw)pB-wv)=q^4OuP-1tKf2+H#am{re`)0-a)EB&TV-J-*``;*=
z9W4OILS9L1Z2g$kcf(jrw<mi&6lc7DkxbIR7=d)Lnkn4d9Zrg@zo`x@<HhvAfC^^^
z4z$AnRt(My0Dr%6ss~Sbq&=K2kMTw?I~6A6dBoxx3r%hb4AuuL|N4BL$gwd)Nschp
z4(3`Mo0BCS3Z#&_XqDpN{n6u{Xa%)gZm)N`AW=88W>-*FH0Nk|lyc2?-)XEbgr2|L
z=WizUTeW)vMzy}UU@73Pu-@zv>-N|EH8wSY!e)TxffW*krGn+@W3NR9?Y(bw-?}(h
zfOp_D_2CfRg6OnAdI*NiedCK$#81H|0p_n;VqUi9GG{Zm0w<swT~!02r{8yCnPQQ*
zi_VUcUwMs{k`4?=eaJDQ2CxM|-<nN!<ylzrd35_8W5Otp>oGi*ep(K^3rjOZc1U{(
zk3UMuQSK{*ZhtR`8AsH(!c_*UqAUDHECoI(J!X(*@hQxI(gzfze*`A&=IT>m{vC^P
zeF0=Z28A<rzR?O-FX!U?)^T1t(k;^hWMX9k04wM%5k$==qh0s)@9rCMntyEw_)oDv
zK>mrv<kD`5{{LdJU{Qp3%J(X=*CU^5ZaaV4%%}XY+~rF-igx8bpx#Z(k1C@Jo^Q4g
zGGXtT(?h^wIwA|)P`Yg8X))=u?&tRE4J&mCJ=8-YCt0ptXJP&aCQllnu`L)B+uaVM
zRDuQb=H7_kg*u8fB%*iJRn|Qs^daKjWd3M;rhOCUhRRctXlKeUB;%{PN}z8jJ3hx*
zQZEF5h5p6sYNrxP%(tkQep5{mbA&*txF~tfI^1Qj6e34M0c^t`lrPz<5zh_1;=;Xm
zQfI&L>r<ARvzA!i<j@IL7?k0aF{2ZGq;gi+S04m_>5(aOxJaR7L@(nVac1OvXhb*Z
zI>cL*kvJuIC=m0b;WHrZ)Y4%^I(q>7|2B(H+NPx_+Vr`qnb0<zj1iMSv}xfNY;Al*
zLB#+QP9|!774lSM1Fo{gRJH=m$oUQ)8y>%)sze29FdB7P?_v3J+9sx=@1k35%7cB$
znS0;;P`}-fJQ48)j`MA|t>`-e74vFf_v4mY`c7%f6U{m)xPboEUf0pZp_TcU12r{o
zEZ{jWil0BMp?6c{BZo&mhGKa1J8a0FS^buiFLSLHy8Ug#&bJJ-qxxE~%Nrpj(69JK
zbH^E}xf19DXkn!zWc@G3hr(I4dr5>;1+Cj#MW4E_Y8n)kYqgfX5#%VsxEr3!fr4+b
zZjC<?^Uic!=KO`}Z%*+KndyMuPcr|VQ^Z&Q$tn1l_SZXNaEzSbW0hz}Y_HQ%HnM5`
zEL&&bA1{mE1VRwaRJdrFkd`KZ<o%qusn+>LEZJcSIiQ-E$??*<3Rn9geHN=}`S*k?
z=p`N7?#~qUm_fepfjMbI;}>T9=!y!_$H<8k*c46`sq(WLT_5|MWfxSrIyE40@#P$k
zes}5H=1inYDsG;v>k<|zLy@x%9TFI@%a^CGgR1bsIaz7$<uFz;3*7GY<vPj64_>Q%
zGUD|l@0W?DkL<No$DFNDEI}^OUA>Yi_7v3qH&@zgic`x`DX^C?cx>)@$(0QH!N^ae
z0`%VG)Z%erU&)aDhye9XIbZU>AuIHkIM4p`zkNnI|N2BAH=m!VgN;aW4Cl#M)gR#v
zHN4TXsKPrVPAyW;YZE#+i;n%=EAnYqz79kw7))Z$B9{0z8!a=Dtxlxz0}a)76NM>h
zj?P5G@k!}K3nsmF<xN84gdC}$wXy((k8ab?bBg>ulfb<fCYg>7oZXJ!fa8MIRXq3t
z$#IDinO>&_8^PlYF3NgW;SwtzS<`+*!dG?a&7nf%ogjDTL9@m;A$A8o#WWi(GvLy*
z4b6aQhj8ah3Bt0kev_7L;qq3uTeRT7r3u(h>8U9zR5Lz`<Qk8b>28gIX(7M+(ql;D
zY7c1p6C(;umlE400)$Lm{RA0g8f-7glDB4e63}7n`<8DMiyhrmnsV`1e9KpaUDz%>
zo#jeWKw=`C*Xo>@lNF2r6Kf2607ffxiO?5t-8+8<#Km<a;q2eDa^Z15v}oymzaA4)
z(n(>1y=r7N`Uvf2%O;oaoj2BY>J*9NYX*2~N#Im*`2+W{A=T6AxkcV|DaPnWd50$6
zuaQ5J>yj}V7D$2S<IN^lavl6?lL{Q)g)VbWSl&jb>&JuPaqna<;%^1osmnBLRdG+=
zKW`XT_ttC`Tq6l(!Sa}a=RmyKfdNhdVWc(x@?m)wSl9jtCgtm6@c^WCrwN3i2;;~i
z4NS(yE^EW0v^Ks0p2J)GjtlR&oV!+I1<?vx=ssIo4(EgE-Sy;j;gTyI_+N<pv+bq>
zSAQac)Uf}7TJsiI<%RHucJR>r^z$3A2bK7?x2A;v)Sp8iR^@~Tht|_7tR91;XOxo3
z^BG7+P02D_46$4hujIYTsz#ap%@raJlv@xNTf|4e^T`bJK!NE#&SJ~UQZByT2#ufj
zlR~SiMKc7GhprYSgQKq^u$rr%SgJ|6X~NNTw8@Or7SP!tbw!aV*8T@55=C1fqw3t?
znj^EK8O<U8fvb04@l2DM$6a!aB>=+KHH5ZZ!_K%bb%zWUeyVM}1uUe`>pA8=m)XZ1
zlxz~Bff*hh*dt;vcfjs-_BD@6sTyMRF%TA(DTC}PJ@Bo$e`eIs>mIBqqOz5FhpYBd
zYuh3Tc>c>C%KdxAl4!<#NET-@sF7R!o{E`p7y}rStL}rd&p!PxGWm`JKdqqi+mQ;r
z0mFuB)N#}ci(@o{DK~pcqXN1>(*pjTMe|6*<$m|zG*E6FWT8#nDvGS!27_oTE?UfA
zX-{<g5!OQZtX|}}3n89ZnHl9@v6u319f}BLN54Ec5#ODWCFi0*%!*yYPjwx~Dzc05
z6Ck@22DvM0I;4KhL(Lep0GeSzP&X(1=0!y0+&dxno}u-n3DqPX7bu<<h@N(fgP$O2
z{baMu{?aM19%FN5PX{Z`u2ZI3kCVXeAT9H5F^dRapEY75_vE?OLzC3pKW%K2+j?xT
zC(L~?S}-Q&UsL-(fv{Y9e#a*w|4tQcIT7A@(h8GeIJ{E?_w>F@Sc<_$QRfLv0!_gT
zjNr5`Q82+kZ_Hf#xJiaw=?mu2$Ogw0l7VjTiZ}>(kDls~wopJB%7O;{rlF{FE<DCh
zjT~3%6FLt8>ojdB3H_ll(yp%0h1)5nkAh)biVeP%uFU;3CjIWL(p|g1e^JGgQ~-Pq
z3nus`(x}J)YC)Z|09hiX7kK346u(n%Bq&g<MSNbSk+|I&XXflmu=I_ki#DT`*cpSr
z3<HbNEf{N)D<dWptkA%Pv4q%e4Hgk3bguv}BIxZj54HyE9l9F3r2M!P$h;)YRQ?8)
z0GGHjN63G*G|t&&He*!mMx6pcXe~hd9;eq4RCgiOLh@3SO5yKHImD1DszTVlF3=__
zQ?e<5$a>Q&)s*8^@#NlDy#+0c#_9>BAWLd5A<0SU#{h0@p0CopmdepQ$K5g*tuncx
ziia3lDw#TRE}e=*C?5mmYO<H$s)Rt*@?IINBv_N-88rCS+*yq@L2?8{&#NZ{Ygcyu
z!|<jb;a%Aw4M*#6E5`)52omGOy?dUce3n#YJyOM5Dg2FH!*Y1d=Fdg*q{l;|$^gGb
zRZ`gaBiR;@v9!|Zy3#_ukWDZqK7(@EcIDs;>`W*RjRW!cZY1?N|M6>0<(Nn(0!1d>
brdCAhOIaZ?EP#O}tQ%dkE8h6nXBYWjjwlbW

literal 0
HcmV?d00001

diff --git a/docker/scripts/build-wheezy.sh b/docker/scripts/build-wheezy.sh
index dc4bab4..f3a9a56 100755
--- a/docker/scripts/build-wheezy.sh
+++ b/docker/scripts/build-wheezy.sh
@@ -5,26 +5,59 @@
 ## build a base Debian Wheezy
 #
 
+BASENAME=$(dirname $(readlink -m $0))
+
 ## the distro we are going to use
 DISTNAME=wheezy
 DEBIAN_REPO=http://ftp.debian.org/debian
 
 if [ ! $UID -eq 0 ]; then
 	echo "This script can only be run as root" 1>&2
-	exit
+	exit 1
 fi
 
 ## install prerequisites
 ## NOTE: may fail on non-Ubuntu/Debian systems
-if ! type -P debootstrap; then
+if ! type -P debootstrap >/dev/null; then
         apt-get install debootstrap -y || exit $?
 fi
 
+## check about the Debian archive keyring
+DEFK=/usr/share/keyrings/debian-archive-keyring.gpg
+KEYRING=$BASENAME/../keyrings/debian-archive-keyring.gpg
+if [ -s $DEFK ]; then
+	if ! diff $DEFK $KEYRING; then
+		ANSWER=
+		while [[ "$ANSWER" != "Y" && "$ANSWER" != "n" ]]; do
+			echo -n "The Debian Archive keyring in your system ($DEFK) that will be used to debootstrap is different from the reference provided keyring. Continue? (Y/n) "
+			read -r ANSWER || exit $?
+		done
+		if [[ "$ANSWER" == "n" ]]; then
+			exit 1
+		fi
+		## use system's keyring, even if different than provided one
+		## this is a no-issue only in case the system's keyring is more recent than the provided one
+		KEYRING=$DEFK
+	fi
+else
+	ANSWER=
+	while [[ "$ANSWER" != "Y" && "$ANSWER" != "n" ]]; do
+		echo -n "Your system comes with no Debian Archive keyring in $DEFK that is necessary for debootstrap. Use reference provided keyring? (Y/n) "
+		read -r ANSWER || exit $?
+	done
+	if [[ "$ANSWER" == "n" ]]; then
+		exit 1
+	fi
+fi
+
+echo "Will use $KEYRING"
+exit 0
+
 ## NOTE: a temporary directory under /tmp is not used because can't be mounted dev/exec
 mkdir $DISTNAME || exit $?
 TMPDIR=$PWD/$DISTNAME
 
-debootstrap $DISTNAME $DISTNAME $DEBIAN_REPO && \
+debootstrap --keyring=$KEYRING $DISTNAME $DISTNAME $DEBIAN_REPO && \
 cd $DISTNAME && \
 tar -c . | docker import - gdm85/$DISTNAME
 RV=$?
diff --git a/docker/scripts/create-gitian-host.sh b/docker/scripts/create-gitian-host.sh
index ccc3417..6f6ea8f 100755
--- a/docker/scripts/create-gitian-host.sh
+++ b/docker/scripts/create-gitian-host.sh
@@ -37,7 +37,7 @@ echo "Now building base VMs" && \
 IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) && \
 wait_for_ssh $IP 10 && \
 ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP ./build-base-vms.sh && \
-docker stop $CID && \
+docker kill $CID && \
 docker commit $CID gdm85/gitian-host-vms && \
 docker rm $CID && \
 echo "Gitian host images created successfully!" && \