[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#614029: marked as done (pbuilder: Hard to avoid debootstrap failure, Release signed by unknown key (key id AED4B06F473041FA))

Your message dated Sun, 13 Nov 2016 17:56:38 -0800
with message-id <20161114015638.oqpfxshaaoljkbqk@tomate.cristau.org>
and subject line Re: Bug#614029: pbuilder: Hard to avoid debootstrap failure, Release signed by unknown key (key id AED4B06F473041FA)
has caused the Debian Bug report #614029,
regarding pbuilder: Hard to avoid debootstrap failure, Release signed by unknown key (key id AED4B06F473041FA)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

614029: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614029
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: pbuilder
Version: 0.199+nmu1
Severity: wishlist

My situation is that I'm trying to build some packages for Debian unstable, on
an Ubuntu system, using cowbuilder

To create base.cow image, I first tried,

 $ sudo cowbuilder --create --distribution unstable --mirror http://mirrors.kernel.org/debian/
 E: Release signed by unknown key (key id AED4B06F473041FA)

Guessing that I was missing the debian-archive-keyring package, I installed it
and tried again, with same result. I double checked that the
debian-archive-keyring package includes key id AED4B06F473041FA

By studying the debootstrap manpage I learned that, "By  default, Release file
signatures are not checked". I used the cowbuilder "--debug" option to find the
"--keyring" option passed to debootstrap, and configured in

Next I tried to omit the debootstrap "--keyring" option using the cowbuilder
"--debootstrapopts" option, without success - it's apparently appended to value
from /usr/share/pbuilder/pbuilderrc, in pbuilder-checkparams

Next I tried to omit the debootstrap "--keyring" option using a ~/.pbuilderrc


This failed because sudo resets the environment ($HOME),

 W: /root/.pbuilderrc does not exist

Next I tried,

 $ sudo sh -c "HOME=$HOME cowbuilder --create --distribution unstable --mirror http://mirrors.kernel.org/debian/";
 E: Release signed by unknown key (key id AED4B06F473041FA)

This failed to omit the "--keyring" option. My bash knowledge isn't strong -
maybe it's possible to have two variables with same name, one a scalar and one
a "list"? I tried,


This worked! It omitted the "--keyring" option and the base.cow image built
successfully. However it's prohibitively difficult to figure out

If the "--debootstrapopts" option overrode DEBOOTSTRAPOPTS in
/usr/share/pbuilder/pbuilderrc, then it would be little easier to figure out.
If installing debian-archive-keyring was all that was required, I'd be done
after my first guess - maybe debootstrap could look in both keyrings? or in
some merged keyring? I dunno...

As I write this I found Ubuntu bug,
https://bugs.launchpad.net/ubuntu/+source/pbuilder/+bug/599695. Unfortunately I
didn't check the Ubuntu bug tracker before trying to debug my issue - I did
check the Debian bug tracker but didn't find my issue mentioned

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages pbuilder depends on:
ii  coreutils                     8.5-1      GNU core utilities
ii  debconf [debconf-2.0]         1.5.38     Debian configuration management sy
ii  debianutils                   3.4.3      Miscellaneous utilities specific t
ii  debootstrap                   1.0.26     Bootstrap a basic Debian system
ii  wget                          1.12-2.1   retrieves files from the web

Versions of packages pbuilder recommends:
ii  devscripts                    2.10.69    scripts to make the life of a Debi
ii  fakeroot                      1.14.5-1   Gives a fake root environment
ii  sudo                          1.7.4p4-6  Provide limited super user privile

Versions of packages pbuilder suggests:
ii  cowdancer                     0.62+nmu2  Copy-on-write directory tree utili
ii  gdebi-core                    0.6.4      Simple tool to install deb files
pn  pbuilder-uml                  <none>     (no description available)

-- debconf information:
  pbuilder/mirrorsite: http://mirrors.kernel.org/debian/
  pbuilder/rewrite: false

--- End Message ---
--- Begin Message ---
On Mon, Jun 04, 2012 at 06:13:22PM +0200, John Paul Adrian Glaubitz wrote:
> Package: pbuilder
> Version: 0.210
> Followup-For: Bug #614029
> reassign: 614029 debootstrap
> Hi,
> the problem seems to result from the fact that debootstrap looks for the
> archive signing keys at the wrong place. The current version of debootstrap
> looks for these key in /etc/apt/trusted.gpg. However, the keys for the
> Debian archives have been moved into the subdirectory /etc/apt/trusted.gpg.d
> with the upcoming Debian Wheezy.
As far as I can tell debootstrap has been looking at
/usr/share/keyrings/debian-archive-keyring.gpg ever since gpg
verification was added, so I'm not sure where the above comes from.


--- End Message ---

Reply to: