On 25 October 2016 at 12:00, Stefani Seibold <stef...@seibold.net> > wrote: > > > > Hi, > > > > i want modify an existing ubuntu 16.10 iso image to provide a new > > kernel for a server device which is currently in development and > > yet > > not on the market. > > > > I trying to build a new ubuntu-keyring.deb to sign my modified > > packages > > in the ISO Image. I followed the instructions provided by > > Ubuntu (http > > s://help.ubuntu.com/community/InstallCDCustomization), but without > > success. > > > > When i follow the instructions in the chapter "Generating a new > > ubuntu- > > keyring .deb to sign your CD" i get a lot off errors: > > > > dpkg-buildpackage -rfakeroot -m"Myname <myn...@myhost.net>" > > -k7F6D4417D881EFC3E7FA02E636F2F7B4F8A2CAC9 > > dpkg-buildpackage: info: source package ubuntu-keyring > > dpkg-buildpackage: info: source version 2016.09.19 > > dpkg-buildpackage: info: source distribution yakkety > > dpkg-buildpackage: info: host architecture amd64 > > dpkg-source --before-build ubuntu-keyring-2016.09.19 > > fakeroot debian/rules clean > > test -f keyrings/ubuntu-archive-keyring.gpg > > rm -f foo foo.asc *.bak *~ */*~ debian/files* debian/*substvars > > rm -rf debian/tmp debian/ubuntu-keyring-udeb > > dpkg-source -b ubuntu-keyring-2016.09.19 > > dpkg-source: warning: no source format specified in > > debian/source/format, see dpkg-source(1) > > dpkg-source: info: using source format '1.0' > > dpkg-source: info: building ubuntu-keyring in ubuntu- > > keyring_2016.09.19.tar.gz > > dpkg-source: info: building ubuntu-keyring in ubuntu- > > keyring_2016.09.19.dsc > > debian/rules build > > make: Nothing to be done for 'build'. > > fakeroot debian/rules binary > > test -f keyrings/ubuntu-archive-keyring.gpg > > test root = "`whoami`" > > gpg --no-default-keyring --keyring /usr/share/keyrings/debian- > > keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c - > > gpg: Signature made Mon Sep 19 19:22:17 2016 CEST > > gpg: using RSA key CAC2D8B9CD2CA5F9 > > keyrings/ubuntu-archive-keyring.gpg: OK > > keyrings/ubuntu-archive-removed-keys.gpg: OK > > keyrings/ubuntu-keyring-2004-archive.gpg: OK > > keyrings/ubuntu-keyring-2004-cdimage.gpg: OK > > keyrings/ubuntu-keyring-2012-archive.gpg: OK > > keyrings/ubuntu-keyring-2012-cdimage.gpg: OK > > keyrings/ubuntu-master-keyring.gpg: OK > > gpg: BAD signature from "Dimitri John Ledkov <x...@ubuntu.com>" > > [unknown] > > gpg --no-default-keyring --keyring /usr/share/keyrings/debian- > > keyring.gpg --decrypt md5sums.txt | md5sum -c - > > gpg: Signature made Sat May 19 03:30:13 2012 CEST > > gpg: using RSA key 393587D97D86500B > > keyrings/ubuntu-archive-keyring.gpg: FAILED > > gpg: Good signature from "Colin Watson <cjwat...@chiark.greenend.or > > g.uk>" [unknown] > > gpg: aka "Colin Watson <cjwat...@debian.org>" > > [unknown] > > gpg: aka "Colin Watson <cjwat...@ubuntu.com>" > > [unknown] > > gpg: aka "Colin Watson <cjwat...@canonical.com>" > > [unknown] > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to > > the owner. > > Primary key fingerprint: AC0A 4FF1 2611 B6FC CF01 C111 3935 87D9 > > 7D86 500B > > md5sum: WARNING: 1 computed checksum did NOT match > > debian/rules:92: recipe for target 'checkkeyrings' failed > > make: *** [checkkeyrings] Error 1 > > dpkg-buildpackage: error: fakeroot debian/rules binary gave error > > exit status 2 > > > > Any idea? Is there a instruction manual or a how to which gives me > > detailed instructions how i can modify an existing iso image? > > > > I am not sure it this is the right mailing list for my question, > > please > > feel free to tell me the right one ;-) > > > > I added these extra validation checks in the ubuntu-keyring package > to > make sure that signing keys are not modified by accident, and to make > sure that checksums are signed by semi known-to-be-good keys. > > To bypass these checks comment out commands under the > "checkkeyrings:" target. > > NB! Do make sure you ship your key as a key fragment in > /etc/apt/trusted.gpg.d/ as apt-key is no longer called, and from > yakkety and up signing keys must be shipped as individually exported > keys in /etc/apt/trusted.gpg.d directory. > > Ideally d-i would support key fragments just like installed systems > can, then one wouldn't need to rebuild ubuntu-keyring at all.
This brings me one step further. Now i can build the ubuntu-keyring packages. But the installation fails i copy the results to cd: cp ./ubuntu-keyring_2016.09.19_all.deb cd/pool/main/u/ubuntu-keyring/ubuntu-keyring_2016.09.19_all.deb cp ./ubuntu-keyring-udeb_2016.09.19_all.udeb cd/pool/main/u/ubuntu-keyring/ubuntu-keyring-udeb_2016.09.19_all.udeb apt_ftparchive -c config-rel release cd/dists/yakkety > cd/dists/yakkety/Release gpg --yes --no-default-keyring --keyring ./ubuntu-archive-keyring.gpg -a --default-key <mykey> --output cd/dists/yakkety/Release.gpg --detach-sig cd/dists/yakkety/Release cd cd; md5sum `find ! -name "md5sum.txt" ! -path "./isolinux/*" -follow -type f` > md5sum.txt; cd .. genisoimage -o output.iso -r -J -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat ./cd The cd installation will abort with apt configuration problem An attempt to configure apt to install additional packages from CD failed. The debug output on vt4 show me gpgv: Signature made Tue .... gpgv: using RSA key gpgv: Can't check signature: No public key . . apt-setup: W: Signature verification failed for /media/cdrom/diss/yakkety/Release.gpg I verified the install ubuntu-archive-keyring.gpg on my build host with gpgv --keyring ./ubuntu-archive-keyring.gpg cd/dists/yakkety/Release.gpg cd/dists/yakkety/Release gpgv: Signature made Tue Oct 25 14:55:11 2016 CEST gpgv: using RSA key gpgv: Good signature from "Signing Key Namexx <x...@yyy.com>" So it looks good for me. Any idea? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
