On Friday 03 March 2006 10:05, Bastian Blank wrote:
> WARNING: The following packages cannot be authenticated!
>
> A buildd chroot have no valid setup to do archive key checks.
I think the attached patch may allow the buildd to perform the key check,
but I'm not completely sure. Main reason I'm not sure is that the logs
also show the following lines:
W: GPG error: http://incoming.debian.org etch Release: The following
signatures couldn't be verified because the public key is not
available: NO_PUBKEY 010908312D230C5F
W: You may want to run apt-get update to correct these problems
If an apt-get update is really needed, this solution will not work.
I cannot reproduce the error completely in pbuilder, although I have
verified that the patch in itself is correct (the keyring is used).
Advice on how to proceed is appreciated.
Alternative solution would be to also use --allow-unauthenticated if
./build/sources.list.udeb points to incoming.debian.org or even
unconditionally.
The reason that this error did not come up with previous uploads is that
in both cases I accidentally included a udeb in localudebs :-P
Index: build/util/get-packages =================================================================== --- build/util/get-packages (revision 35185) +++ build/util/get-packages (working copy) @@ -54,6 +54,8 @@ make sources.list.$TYPE fi +SECOPTS="-o Apt::GPGV::TrustedKeyring=/usr/share/keyrings/debian-archive-keyring.gpg" + # localudebs support apt-ftparchive packages $LOCALUDEBDIR > $LOCALUDEBDIR/Packages cat $LOCALUDEBDIR/Packages | gzip > $LOCALUDEBDIR/Packages.gz @@ -63,7 +65,7 @@ echo "* Secure apt validation will be disabled for this build." >&2 echo "* This build should not be used for official purposes." >&2 echo "*" >&2 - SECOPTS="--allow-unauthenticated" + SECOPTS="$SECOPTS --allow-unauthenticated" fi # All these options make apt read the right sources list, and use APTDIR for Index: debian/control =================================================================== --- debian/control (revision 35185) +++ debian/control (working copy) @@ -6,7 +6,7 @@ Standards-Version: 3.6.2 Build-Conflicts: libnewt-pic [mipsel] # NOTE: Do not edit the next line by hand. See comment below. -Build-Depends: debhelper (>= 4), apt, apt-utils, gnupg, dpkg (>= 1.13.9), grep-dctrl, bc, debiandoc-sgml, glibc-pic, libdebian-installer4 (>= 0.31), libdebconfclient0, libparted1.6-13, libslang2-pic, libnewt-pic [!mipsel], libnewt-dev [mipsel], libdiscover1-pic [!s390 !s390x], libdiscover1 [!s390 !s390x], libbogl-dev, libtextwrap1, cramfsprogs [powerpc ia64 mips mipsel arm armeb], genext2fs (>= 1.3-7.1), e2fsprogs, mklibs (>= 0.1.15), mkisofs, genromfs [sparc], hfsutils [powerpc], dosfstools [i386 ia64 m68k amd64], cpio, devio [arm armeb], syslinux (>= 2.11-0.1) [i386 amd64], palo [hppa], elilo [ia64], yaboot [powerpc], aboot (>= 0.9b-2) [alpha], silo [sparc], sparc-utils [sparc], genisovh [mips], delo [mipsel], tip22 [mips], colo (>= 1.10-1) [mipsel], sibyl [mips mipsel], atari-bootstrap [m68k], vmelilo [m68k], m68k-vme-tftplilo [m68k], amiboot [m68k], tofrodos [i386 amd64], mtools (>= 3.9.9-1) [i386 ia64 m68k amd64], modutils, module-init-tools [i386 powerpc amd64 alpha hppa ia64 sparc], bf-utf-source [!s390 !s390x], upx-ucl-beta (>= 1:1.91+0.20030910cvs-2) [i386], mkvmlinuz [powerpc] +Build-Depends: debhelper (>= 4), apt, apt-utils, gnupg, debian-archive-keyring, dpkg (>= 1.13.9), grep-dctrl, bc, debiandoc-sgml, glibc-pic, libdebian-installer4 (>= 0.31), libdebconfclient0, libparted1.6-13, libslang2-pic, libnewt-pic [!mipsel], libnewt-dev [mipsel], libdiscover1-pic [!s390 !s390x], libdiscover1 [!s390 !s390x], libbogl-dev, libtextwrap1, cramfsprogs [powerpc ia64 mips mipsel arm armeb], genext2fs (>= 1.3-7.1), e2fsprogs, mklibs (>= 0.1.15), mkisofs, genromfs [sparc], hfsutils [powerpc], dosfstools [i386 ia64 m68k amd64], cpio, devio [arm armeb], syslinux (>= 2.11-0.1) [i386 amd64], palo [hppa], elilo [ia64], yaboot [powerpc], aboot (>= 0.9b-2) [alpha], silo [sparc], sparc-utils [sparc], genisovh [mips], delo [mipsel], tip22 [mips], colo (>= 1.10-1) [mipsel], sibyl [mips mipsel], atari-bootstrap [m68k], vmelilo [m68k], m68k-vme-tftplilo [m68k], amiboot [m68k], tofrodos [i386 amd64], mtools (>= 3.9.9-1) [i386 ia64 m68k amd64], modutils, module-init-tools [i386 powerpc amd64 alpha hppa ia64 sparc], bf-utf-source [!s390 !s390x], upx-ucl-beta (>= 1:1.91+0.20030910cvs-2) [i386], mkvmlinuz [powerpc] # This package has the worst Build-Depends in Debian, so it deserves some # explanation. Note that this comment can also be used to generate a # Build-Depends line, by running the debian/genbuilddeps program. @@ -23,6 +23,8 @@ # apt-ftparchive is used for including localudebs. # - gnupg # New versions of apt need gnupg for security checks. +# - debian-archive-keyring +# To provide the archive key for security checks. # - dpkg (>= 1.13.9) # We tweak dpkg logging options only understood by this # version. Index: debian/changelog =================================================================== --- debian/changelog (revision 35185) +++ debian/changelog (working copy) @@ -1,3 +1,10 @@ +debian-installer (20060303) unstable; urgency=low + + * Add build dependency on debian-archive-keyring and make sure that is used + for downloading udebs. Closes: #355098. + + -- Frans Pop <fjp@debian.org> Fri, 3 Mar 2006 19:51:22 +0100 + debian-installer (20060302) unstable; urgency=low * Remove floppy-modules udeb again from powerpc root floppy as it seems this
Attachment:
pgp3aAJNu2qjs.pgp
Description: PGP signature