Bug#770538: debootstrap: Sometimes fail with "Invalid Release signature" using default mirror

To: submit@bugs.debian.org
Subject: Bug#770538: debootstrap: Sometimes fail with "Invalid Release signature" using default mirror
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sat, 22 Nov 2014 08:46:50 +0100
Message-id: <[🔎] 2fl7fynisnp.fsf@diskless.uio.no>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 770538@bugs.debian.org

Package: debootstrap
Version: 1.0.48
Severity: important

Some times, when trying to build a chroot, debootstrap fail like this
when using the default mirror:

 I: Retrieving Release 
 I: Retrieving Release.gpg 
 I: Checking Release signature
 E: Invalid Release signature (key id 8B48AD6246925553)

When I retry, it normally succeed.  The default mirror for debootstrap
is <URL: http://ftp.us.debian.org/debian >, which at my place map to

  ftp.us.debian.org has address 64.50.233.100
  ftp.us.debian.org has address 64.50.236.52
  ftp.us.debian.org has address 128.61.240.89
  ftp.us.debian.org has IPv6 address 2610:148:1f10:3::89

I reported this earlier to mirrors@debian.org, believing this was a
problem with a mirror, and Simon Paillard noted that the invalid
signature key is actually the end of the valid key:

 pub   4096R/46925553 2012-04-27 Debian Archive Automatic Signing Key
 (7.0/wheezy) <ftpmaster@debian.org>
 fingerprint: A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553

 A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
			 8B48AD6246925553

It has happend to myself, and I have also seen it happen on the
ci.debian.net machine and today I saw it with jenkins.debian.net too.
Here are a few example logs:

<URL: http://ci.debian.net/data/packages/unstable/amd64/d/debian-edu/20140918_181104.autopkgtest.log >
<URL: http://ci.debian.net/data/packages/unstable/amd64/f/freedombox-setup/20140930_043843.autopkgtest.log >
<URL: https://jenkins.debian.net/job/chroot-installation_jessie_install_education-language/20//console >

I suspect this isn't a problem with debootstrap, but it would be nice if
debootstrap could report a bit more when this happen to make it possible
to understand exactly which mirror was used when the problem hit.

Could this be a problem with the mirror push, bad GPG parsing or DNS
injection?

The only bug I find with the same error message from debootstrap is
<URL: https://bugs.debian.org/573791 > from 2010, which seem to be
unrelated to this issue.

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Prev by Date: Processed: Re: Bug#770525: pkgsel: Task selection menu does not have "Go Back" button
Next by Date: Bug#770231: Amd64-efi installer becomes unresponsive on x86 bios
Previous by thread: Processed: Re: Bug#770525: tasksel: Task selection menu does not have "Go Back" button
Next by thread: Bug#770546: installation-report: Mouse not working in graphical install
Index(es):
- Date
- Thread