deb: make sure to have the right apt keyrings

src/apt/keyring.rs

@@ -0,0 +1,54 @@
+//! APT keyring management for mmdebstrap
+//!
+//! Provides a simple function to ensure that archive keyrings are available
+//! for mmdebstrap operations by downloading them from specified URLs.
+
+use crate::context;
+use crate::distro_info;
+use std::error::Error;
+use std::path::Path;
+use std::sync::Arc;
+
+/// Download a keyring into apt trusted.gpg.d directory, trusting that keyring
+pub async fn download_trust_keyring(
+    ctx: Option<Arc<context::Context>>,
+    series: &str,
+) -> Result<(), Box<dyn Error>> {
+    let ctx = ctx.unwrap_or_else(context::current);
+
+    // Obtain keyring URL from distro_info
+    let keyring_url = distro_info::get_keyring_url(series).await?;
+    log::debug!("Downloading keyring from: {}", keyring_url);
+
+    // Create trusted.gpg.d directory if it doesn't exist
+    let trusted_gpg_d = "/etc/apt/trusted.gpg.d";
+    if !ctx.exists(Path::new(trusted_gpg_d))? {
+        ctx.command("mkdir").arg("-p").arg(trusted_gpg_d).status()?;
+    }
+
+    // Generate a filename for the keyring
+    let filename = format!("pkh-{}.gpg", series);
+    let keyring_path = format!("{}/{}", trusted_gpg_d, filename);
+
+    // Download the keyring directly to the final location using curl
+    let mut curl_cmd = ctx.command("curl");
+    curl_cmd
+        .arg("-s")
+        .arg("-f")
+        .arg("-L")
+        .arg(&keyring_url)
+        .arg("--output")
+        .arg(&keyring_path);
+
+    let status = curl_cmd.status()?;
+    if !status.success() {
+        return Err(format!("Failed to download keyring from {}", keyring_url).into());
+    }
+
+    log::info!(
+        "Successfully downloaded and installed keyring for {} to {}",
+        series,
+        keyring_path
+    );
+    Ok(())
+}