Bug#925048: debootstrap: --keyring= Release signed by unknown key (key id EF0F382A1A7B6500)
On Thu, 21 Mar 2019 23:40:21 +0900 Hideki Yamane <henrich@iijmio-mail.jp> wrote:
> On Tue, 19 Mar 2019 21:08:42 +0530 "Veek.M" <vek.m1234@gmail.com> wrote:
> > There's a problem with using --keyring=whatever.gpg
>
> No, it's just because you've specified wrong keyring...
> For example, when I use ubuntu-archive-keyring that's not appropriate for
> debian repository, debootstrap returns such error.
>
> > $ sudo debootstrap --download-only --force-check-gpg --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg stable stretch https://debian.ethz.ch/debian
> > I: Retrieving InRelease
> > I: Retrieving Release
> > I: Checking Release signature
> > E: Release signed by unknown key (key id EF0F382A1A7B6500)
>
>
> As I said in previous mail, it's not appropriate step.
>
> > It seems that your procedure of specifying gpg key is bit strange.
> >
> > > dpkg-deb -R debian-archive-keyring_2017.5_all.deb /tmp/
> > > ls *.gpg|xargs -I{} debootstrap --download-only --force-check-gpg --keyring={} --variant minbase --arch amd64 --make-tarball=debian_amd64 stable /root/dbs_debian_amd64 https://debian.ethz.ch/debian
>
> debian-archive-keyring package has some gpg keys but you should
> specify debian-archive-keyring.gpg.
>
> --
> Regards,
>
> Hideki Yamane henrich @ debian.org/iijmio-mail.jp
>
>
Please close - it's not a bug - sorry for the bother.
(A Keyring file is different from a .gpg public key - though they
share the same .gpg file extension - you have to manually create a
keyring file
gpg --no-default-keyring --keyring ./mykeyring.gpg --fingerprint
and then add the downloaded/extracted .gpg file to this keyring file.
gpg --no-default-keyring --keyring ./mykeyring.gpg --import
debian-archive-stretch-stable.gpg
Only then will debootstrap work - by passing the KEYRING FILE to it as
part of --keyring=.)
Reply to: