[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian-installer: cdrom vs. netboot

On 01/27/2016 05:31 PM, rod wrote:
> On 1/25/2016 12:45 PM, John Paul Adrian Glaubitz wrote:
>> On 01/25/2016 07:05 PM, rod wrote:
>>> root@cerberus:/var/log/installer# apt-get update
>>> Hit:1 http://ftp.debian-ports.org/debian sid InRelease
>>> Reading package lists... Done
>>> W: There is no public key available for the following key IDs:
>>> A53AB45AC448326E
>>
>> Is the debian-ports-archive-keyring package installed?
> 
> Yes it is installed.

The package probably just contains the key for 2016. I didn't check it.
The key that apt is complaining about is the 2015 key which is due to
expire (or has expired).

>> If that doesn't help (it should), you can add the signing key manually:
>>
>> $ gpg --keyserver pgp.mit.edu --recv-keys C448326E ; gpg --armor
>> --export C448326E |apt-key add - && apt-get update
> 
> I'm still getting the error: W: There is no public key available for the
> following key IDs: A53AB45AC448326E
> 
> until I manually entered the following (your commands broken out
> individually from above):
> 
> root@cerberus:/# gpg --keyserver pgp.mit.edu --recv-keys C448326E
> gpg: requesting key C448326E from hkp server pgp.mit.edu
> gpg: key C448326E: "Debian Ports Archive Automatic Signing Key (2015)
> <ftpmaster@debian-ports.org>" not changed
> gpg: Total number processed: 1
> gpg:              unchanged: 1
> root@cerberus:/# gpg --armor --export C448326E | apt-key add
> OK
> root@cerberus:/# apt-get update
> Hit:1 http://ftp.debian-ports.org/debian sid InRelease
> Reading package lists... Done
> root@cerberus:/#

Yeah, in case the keyring package doesn't contain the old key anymore,
you have to import the key manually which is what the above command
does. The keyring package is merely for convenience purposes.

> I dropped the "-" from after the apt-key add. I don't know if this makes
> any real difference but it seems to work now.

The "-" tells apt-key (or any other command I know of) to take it's
input from a pipe. Probably apt-key is designed in a way that it
just defaults to taking input from pipe when there is no filename
provided.

> Q: is this something which needs changing in the .iso creation so that
> the software selection function of the installation works? (I don't know
> much about the creation process of the .iso so I'm asking.)

We will probably just have to update the signing key shipped in the
ISO. You were just really unlucky to perform your installation when
the Debian ports keyring changed. Really nothing to worry about.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
Reply to: