Bug#509603: installer: debootstrap unable to authenticate Grip repository
Package: buildd.emdebian.org
Severity: important
Emdebian Grip: emdebian-archive-keyring - if the Emdebian Archive
public key is not integrated into the Debian Installer, then
debootstrap fails to authenticate any of the packages after booting the
installer.
The only keyring that debootstrap allows (inside D-I) is
/usr/share/keyrings/archive.gpg which is normally a symlink
to /usr/share/keyrings/debian-archive-keyring.gpg. Our Emdebian key is
not part of that keyring - principally because DSA do not maintain the
www.emdebian.org server and it is not an "official" Debian release
machine.
Instead of rebuilding 21 ISO's (3 per architecture), I've asked
Jelle to research how the debian-eeepc team manage to hack their
keys into the image. Anyone able to help, please do so - we really
need a method that can be used independently of the architecture
of the ISO itself - i.e. without actually having to *run* any of
the code in the ISO.
In emdebian-tools 1.4.14, there will be a new package:
emdebian-archive-keyring-udeb which conflicts with and provides
debian-archive-keyring-udeb which is the package that provides
/usr/share/keyrings/debian-archive-keyring.gpg and the
/usr/share/keyrings/archive.gpg symlink for D-I. Our package can
replace that symlink with one to a keyring that includes the current
debian keyring plus our Emdebian one. I'm not sure if that is going to
help but it might.
What we do need is a script that can run on the www.emdebian.org
server to rsync the relevant ISO's, process them to add the key
and only then make them available for download. Again, emdebian-grip
1.4.14 will include a short preseeding file that can be used to set the
Emdebian Grip repository but it's just as easy to set it yourself
during install.
If there is a way of wrapping the installer so that a
simple script can be called instead of manually typing the entire
preseeding command, that would be handy too. The D-I team are
hard-pressed right now with Lenny so please, don't pester them with
this - I've already asked and the above is the best we can devise
right now. You do need experience (or the time to gain experience) of
D-I to fix this one.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Reply to: