[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#509603: installer: debootstrap unable to authenticate Grip repository

Package: buildd.emdebian.org
Severity: important

Emdebian Grip: emdebian-archive-keyring - if the Emdebian Archive
public key is not integrated into the Debian Installer, then
debootstrap fails to authenticate any of the packages after booting the

The only keyring that debootstrap allows (inside D-I) is 
/usr/share/keyrings/archive.gpg which is normally a symlink
to /usr/share/keyrings/debian-archive-keyring.gpg. Our Emdebian key is
not part of that keyring - principally because DSA do not maintain the
www.emdebian.org server and it is not an "official" Debian release

Instead of rebuilding 21 ISO's (3 per architecture),  I've asked 
Jelle to research how the debian-eeepc team manage to hack their 
keys into the image. Anyone able to help, please do so - we really 
need a method that can be used independently of the architecture 
of the ISO itself - i.e. without actually having to *run* any of 
the code in the ISO. 

In emdebian-tools 1.4.14, there will be a new package: 
emdebian-archive-keyring-udeb which conflicts with and provides 
debian-archive-keyring-udeb which is the package that provides 
/usr/share/keyrings/debian-archive-keyring.gpg and the 
/usr/share/keyrings/archive.gpg symlink for D-I. Our package can
replace that symlink with one to a keyring that includes the current
debian keyring plus our Emdebian one. I'm not sure if that is going to
help but it might. 

What we do need is a script that can run on the www.emdebian.org 
server to rsync the relevant ISO's, process them to add the key 
and only then make them available for download. Again, emdebian-grip 
1.4.14 will include a short preseeding file that can be used to set the
Emdebian Grip repository but it's just as easy to set it yourself
during install.

If there is a way of wrapping the installer so that a
simple script can be called instead of manually typing the entire
preseeding command, that would be handy too. The D-I team are
hard-pressed right now with Lenny so please, don't pester them with
this - I've already asked and the above is the best we can devise
right now. You do need experience (or the time to gain experience) of
D-I to fix this one.

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Reply to: