Bug#770538: debootstrap: Sometimes fail with "Invalid Release signature" using default mirror
Package: debootstrap
Version: 1.0.48
Severity: important
Some times, when trying to build a chroot, debootstrap fail like this
when using the default mirror:
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
E: Invalid Release signature (key id 8B48AD6246925553)
When I retry, it normally succeed. The default mirror for debootstrap
is <URL: http://ftp.us.debian.org/debian >, which at my place map to
ftp.us.debian.org has address 64.50.233.100
ftp.us.debian.org has address 64.50.236.52
ftp.us.debian.org has address 128.61.240.89
ftp.us.debian.org has IPv6 address 2610:148:1f10:3::89
I reported this earlier to mirrors@debian.org, believing this was a
problem with a mirror, and Simon Paillard noted that the invalid
signature key is actually the end of the valid key:
pub 4096R/46925553 2012-04-27 Debian Archive Automatic Signing Key
(7.0/wheezy) <ftpmaster@debian.org>
fingerprint: A1BD 8E9D 78F7 FE5C 3E65 D8AF 8B48 AD62 4692 5553
A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
8B48AD6246925553
It has happend to myself, and I have also seen it happen on the
ci.debian.net machine and today I saw it with jenkins.debian.net too.
Here are a few example logs:
<URL: http://ci.debian.net/data/packages/unstable/amd64/d/debian-edu/20140918_181104.autopkgtest.log >
<URL: http://ci.debian.net/data/packages/unstable/amd64/f/freedombox-setup/20140930_043843.autopkgtest.log >
<URL: https://jenkins.debian.net/job/chroot-installation_jessie_install_education-language/20//console >
I suspect this isn't a problem with debootstrap, but it would be nice if
debootstrap could report a bit more when this happen to make it possible
to understand exactly which mirror was used when the problem hit.
Could this be a problem with the mirror push, bad GPG parsing or DNS
injection?
The only bug I find with the same error message from debootstrap is
<URL: https://bugs.debian.org/573791 > from 2010, which seem to be
unrelated to this issue.
--
Happy hacking
Petter Reinholdtsen
Reply to: