[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#770538: debootstrap: Sometimes fail with "Invalid Release signature" using default mirror

Package: debootstrap
Version: 1.0.48
Severity: important

Some times, when trying to build a chroot, debootstrap fail like this
when using the default mirror:

 I: Retrieving Release 
 I: Retrieving Release.gpg 
 I: Checking Release signature
 E: Invalid Release signature (key id 8B48AD6246925553)

When I retry, it normally succeed.  The default mirror for debootstrap
is <URL: http://ftp.us.debian.org/debian >, which at my place map to

  ftp.us.debian.org has address
  ftp.us.debian.org has address
  ftp.us.debian.org has address
  ftp.us.debian.org has IPv6 address 2610:148:1f10:3::89

I reported this earlier to mirrors@debian.org, believing this was a
problem with a mirror, and Simon Paillard noted that the invalid
signature key is actually the end of the valid key:

 pub   4096R/46925553 2012-04-27 Debian Archive Automatic Signing Key
 (7.0/wheezy) <ftpmaster@debian.org>
 fingerprint: A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553


It has happend to myself, and I have also seen it happen on the
ci.debian.net machine and today I saw it with jenkins.debian.net too.
Here are a few example logs:

<URL: http://ci.debian.net/data/packages/unstable/amd64/d/debian-edu/20140918_181104.autopkgtest.log >
<URL: http://ci.debian.net/data/packages/unstable/amd64/f/freedombox-setup/20140930_043843.autopkgtest.log >
<URL: https://jenkins.debian.net/job/chroot-installation_jessie_install_education-language/20//console >

I suspect this isn't a problem with debootstrap, but it would be nice if
debootstrap could report a bit more when this happen to make it possible
to understand exactly which mirror was used when the problem hit.

Could this be a problem with the mirror push, bad GPG parsing or DNS

The only bug I find with the same error message from debootstrap is
<URL: https://bugs.debian.org/573791 > from 2010, which seem to be
unrelated to this issue.

Happy hacking
Petter Reinholdtsen

Reply to: