Bug#703146: apt: BADSIG AED4B06F473041FA Debian Archive Automatic Signing Key (6.0/squeeze)?
On Sun, Mar 17, 2013 at 10:48:14AM +0100, Michael Vogt wrote:
> On Sat, Mar 16, 2013 at 11:24:38AM +0100, David Kalnischkies wrote:
[..]
> It looks like debootstrap is putting it here, I just re-ran
> debootstrap and indeed, the file put there in the chroot is called
> "_Release" but its actually the "_InRelease" file. Apt-get update will
> send a if-modified-since header to the remote server and get a
> "not-modified" so leaves the Release file alone but the downloaded
> Release.gpg does not match.
[..]
The attached debdiff should fix it in debootstrap. It adds a gpg
dependency though.
Cheers,
Michael
diff -Nru debootstrap-1.0.44/debian/changelog debootstrap-1.0.44.1/debian/changelog
--- debootstrap-1.0.44/debian/changelog 2012-11-20 23:55:54.000000000 +0100
+++ debootstrap-1.0.44.1/debian/changelog 2013-03-17 20:10:37.000000000 +0100
@@ -1,3 +1,9 @@
+debootstrap (1.0.44.1) UNRELEASED; urgency=low
+
+ * fix #703146
+
+ -- Michael Vogt <mvo@debian.org> Sun, 17 Mar 2013 20:09:28 +0100
+
debootstrap (1.0.44) unstable; urgency=low
* Remove double quotes to fix for loop on GNU/kFreeBSD, thanks to
diff -Nru debootstrap-1.0.44/functions debootstrap-1.0.44.1/functions
--- debootstrap-1.0.44/functions 2012-09-10 23:20:08.000000000 +0200
+++ debootstrap-1.0.44.1/functions 2013-03-17 20:09:25.000000000 +0100
@@ -530,7 +530,7 @@
warning KEYRING "Cannot check Release signature; keyring file not available %s" "$KEYRING_WANTED"
fi
if [ "$release_file_variant" = "IN" ]; then
- mv "$relsigdest" "$reldest"
+ gpg --output "$reldest" --decrypt --keyring "$KEYRING" --ignore-time-conflict "$relsigdest"
fi
}
Reply to: