[buildd-tools-devel] Bug#843137: Bug#843137: sbuild: fails to deal with sid chroots (missing gpg)
Cyril Brulebois
kibi at debian.org
Fri Nov 4 10:29:06 UTC 2016
Raphael Hertzog <hertzog at debian.org> (2016-11-04):
> On Fri, 04 Nov 2016, Cyril Brulebois wrote:
> > a brand new unstable chroot isn't usable for a build with default (as
> > far as I can remember) sbuild configuration. Full log follows:
>
> It's not a "default" sbuild configuration, it's one where you created
> a signing key.
Pretty sure that doesn't make it a non-default configuration. That was
even advertised in changelog:
| sbuild (0.62.0-1) unstable; urgency=low
| […]
| * sbuild:
| - Resolvers:
| + 'apt' is now the default build dependency resolver. Users should
| not see any significant changes compared with the old 'internal'
| resolver. Please note that you may need to generate a GPG key
| for the local archive created for dependency package
| installation, if one does not already exist; see sbuild-update
| (--keygen) for further details.
| […]
| -- Roger Leigh <rleigh at debian.org> Wed, 16 Mar 2011 16:10:31 +0000
I think it was even mandatory on new installs in the past, which Helmut
seems to agree with in this message:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801798#10
(I seem to vaguely recall some versions trying to generate the key upon
install which didn't work on all systems due to possible lack of
entropy.)
> Get rid of /var/lib/sbuild/apt-keys and it should work (at least on a
> recent sbuild, I saw you reported it on an old version, not sure if
> that version already has the fallback mentioned below).
If you call what's in jessie an “old version”, sure. I call that a
version that needs to be supported. And that's what matters.
> When a key is present there, sbuild wants to use it to sign the
> internal repository and then your chroot needs to have gpg installed
> (and unstable chroot no longer have it since apt dropped the
> dependency).
I don't have any internal repository in this chroot anyway.
> That said, it would be nice if sbuild was smarter, it could check
> gpg's availability before deciding to sign the repository and then
> fallback to using the "[trusted=yes]" sources.list attribute instead.
sbuilds in stable needs to support building for unstable. With or
without local repositories.
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20161104/405b1780/attachment.sig>
More information about the Buildd-tools-devel
mailing list