Your message dated Sun, 13 Nov 2016 17:56:38 -0800
with message-id <20161114015638.oqpfxshaaoljk...@tomate.cristau.org>
and subject line Re: Bug#614029: pbuilder: Hard to avoid debootstrap failure,
Release signed by unknown key (key id AED4B06F473041FA)
has caused the Debian Bug report #614029,
regarding pbuilder: Hard to avoid debootstrap failure, Release signed by
unknown key (key id AED4B06F473041FA)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
614029: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614029
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pbuilder
Version: 0.199+nmu1
Severity: wishlist
My situation is that I'm trying to build some packages for Debian unstable, on
an Ubuntu system, using cowbuilder
To create base.cow image, I first tried,
$ sudo cowbuilder --create --distribution unstable --mirror
http://mirrors.kernel.org/debian/
[...]
E: Release signed by unknown key (key id AED4B06F473041FA)
Guessing that I was missing the debian-archive-keyring package, I installed it
and tried again, with same result. I double checked that the
debian-archive-keyring package includes key id AED4B06F473041FA
By studying the debootstrap manpage I learned that, "By default, Release file
signatures are not checked". I used the cowbuilder "--debug" option to find the
"--keyring" option passed to debootstrap, and configured in
/usr/share/pbuilder/pbuilderrc
Next I tried to omit the debootstrap "--keyring" option using the cowbuilder
"--debootstrapopts" option, without success - it's apparently appended to value
from /usr/share/pbuilder/pbuilderrc, in pbuilder-checkparams
Next I tried to omit the debootstrap "--keyring" option using a ~/.pbuilderrc
file,
DEBOOTSTRAPOPTS=--variant=buildd
This failed because sudo resets the environment ($HOME),
W: /root/.pbuilderrc does not exist
Next I tried,
$ sudo sh -c "HOME=$HOME cowbuilder --create --distribution unstable --mirror
http://mirrors.kernel.org/debian/";
[...]
E: Release signed by unknown key (key id AED4B06F473041FA)
This failed to omit the "--keyring" option. My bash knowledge isn't strong -
maybe it's possible to have two variables with same name, one a scalar and one
a "list"? I tried,
DEBOOTSTRAP=(--variant=buildd)
This worked! It omitted the "--keyring" option and the base.cow image built
successfully. However it's prohibitively difficult to figure out
If the "--debootstrapopts" option overrode DEBOOTSTRAPOPTS in
/usr/share/pbuilder/pbuilderrc, then it would be little easier to figure out.
If installing debian-archive-keyring was all that was required, I'd be done
after my first guess - maybe debootstrap could look in both keyrings? or in
some merged keyring? I dunno...
As I write this I found Ubuntu bug,
https://bugs.launchpad.net/ubuntu/+source/pbuilder/+bug/599695. Unfortunately I
didn't check the Ubuntu bug tracker before trying to debug my issue - I did
check the Debian bug tracker but didn't find my issue mentioned
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii coreutils 8.5-1 GNU core utilities
ii debconf [debconf-2.0] 1.5.38 Debian configuration management sy
ii debianutils 3.4.3 Miscellaneous utilities specific t
ii debootstrap 1.0.26 Bootstrap a basic Debian system
ii wget 1.12-2.1 retrieves files from the web
Versions of packages pbuilder recommends:
ii devscripts 2.10.69 scripts to make the life of a Debi
ii fakeroot 1.14.5-1 Gives a fake root environment
ii sudo 1.7.4p4-6 Provide limited super user privile
Versions of packages pbuilder suggests:
ii cowdancer 0.62+nmu2 Copy-on-write directory tree utili
ii gdebi-core 0.6.4 Simple tool to install deb files
pn pbuilder-uml <none> (no description available)
-- debconf information:
pbuilder/mirrorsite: http://mirrors.kernel.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
--- End Message ---
--- Begin Message ---
On Mon, Jun 04, 2012 at 06:13:22PM +0200, John Paul Adrian Glaubitz wrote:
> Package: pbuilder
> Version: 0.210
> Followup-For: Bug #614029
>
> reassign: 614029 debootstrap
>
> Hi,
>
> the problem seems to result from the fact that debootstrap looks for the
> archive signing keys at the wrong place. The current version of debootstrap
> looks for these key in /etc/apt/trusted.gpg. However, the keys for the
> Debian archives have been moved into the subdirectory /etc/apt/trusted.gpg.d
> with the upcoming Debian Wheezy.
>
As far as I can tell debootstrap has been looking at
/usr/share/keyrings/debian-archive-keyring.gpg ever since gpg
verification was added, so I'm not sure where the above comes from.
Closing.
Cheers,
Julien
--- End Message ---
