Attached is my proposed debdiff for this, fixing multistrap to use the host keyring instead of turning off gpg checking. This is sufficient for running multistrap with the ubuntu/armel profile from an existing Ubuntu system (i.e., a system that has the Ubuntu keyring already in trusted.gpg). It does not solve the problem of bootstrapping a chroot from repositories with whose signing key you don't already have a trust relationship (e.g., bootstrapping an Ubuntu chroot from a Debian system; or bootstrapping from a PPA), so a more general solution is probably wanted here, but I think that shouldn't block us from getting a fix in for the common case.
This also fixes the s/gcc/g++/ nit mentioned in the previous comment.
I've kept in the added 'reinstall=binutils-multiarch' line, but you don't mention in the changelog why this change is needed - why does this package need reinstallation?
Attached is my proposed debdiff for this, fixing multistrap to use the host keyring instead of turning off gpg checking. This is sufficient for running multistrap with the ubuntu/armel profile from an existing Ubuntu system (i.e., a system that has the Ubuntu keyring already in trusted.gpg). It does not solve the problem of bootstrapping a chroot from repositories with whose signing key you don't already have a trust relationship (e.g., bootstrapping an Ubuntu chroot from a Debian system; or bootstrapping from a PPA), so a more general solution is probably wanted here, but I think that shouldn't block us from getting a fix in for the common case.
This also fixes the s/gcc/g++/ nit mentioned in the previous comment.
I've kept in the added 'reinstall= binutils- multiarch' line, but you don't mention in the changelog why this change is needed - why does this package need reinstallation?