Package: debootstrap Version: 1.0.44 Running debootstrap on Gentoo (where the latest version available is 1.0.44) via 'lxc-create' (to generate an LXC guest environment) I receive the unhelpful error:
E: Release signed by unknown key (key id 64481591B98321F9) I believe that this is possibly/probably because the key validity has expired, and the Gentoo package's included keyring is no longer fresh. That's fine and a reported bug at https://bugs.gentoo.org/show_bug.cgi?id=387565 The issue I am reporting here is that *the error itself is not very helpful*, specifically at identifying the keyring that requires maintenance. Given that: (a) There are multiple potential keyring paths acknowledged within the debootstrap source (b) This tool is largely useful on other distributions that, like gentoo, may understandable modify the keyring path (c) This tool is often going to be executed deep within automated processes (eg. for continuous integration / automated testing, etc.) It makes sense to extend the output of the error to something more verbose that includes the keyring path and saves people wasted time digging. Two pieces of information should ideally be made available: 1. The path to the keyring itself 2. A debian (security/release team?) URL that may be used in third party distro scripts to validate/update the current/expected signing key IDs (I suppose, on a per-release basis), which as far as I can tell does not presently exist in a simple list/automateable fashion (though data is available in a not-well-documented form @ 'active-keys/' in the tarball at http://packages.debian.org/source/squeeze/debian-archive-keyring). For the moment the URL could be http://www.debian.org/doc/manuals/securing-debian-howto/ch7#s7.5.3.6 ... to allow users to resolve the issue without relying on (probably out of date) third-party distros' packages. That URL should probably be updated with a more useful line for people without debian (and therefore apt-key installed), like: gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --keyserver pgpkeys.mit.edu --recv-key 64481591B98321F9 (Acknowledgement: command line built from post @ https://groups.google.com/forum/?fromgroups=#!topic/linux.debian.bugs.dist/tKv7EYb1HkE ) 3. In addition, that URL's year-based-path solution appears no longer valid (at least for 2013). For reference purposes, the MD5 checksum of my Gentoo-debootstrap-package-installed keyring prior to manual addition of the key in question was d091e2e61800b3e5d65f956e05a42f36 PS. Apologies for the verbosity and not splitting the bugs (re: points 2 and 3 above) -- I am not normally a Debian/Ubuntu user and don't have enough familiarity with project structure to do this efficiently. Hopefully someone can deal with this on my behalf. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CACwuEiOEJnbEWJW3N-6U6ENb4Bk9jq3Yt=o+epzym-vt0-g...@mail.gmail.com
