Bug#614029: pbuilder: Hard to avoid debootstrap failure, Release signed by unknown key (key id AED4B06F473041FA)
Jack Bates
ms419 at freezone.co.uk
Sat Feb 19 03:34:46 UTC 2011
Package: pbuilder
Version: 0.199+nmu1
Severity: wishlist
My situation is that I'm trying to build some packages for Debian unstable, on
an Ubuntu system, using cowbuilder
To create base.cow image, I first tried,
$ sudo cowbuilder --create --distribution unstable --mirror http://mirrors.kernel.org/debian/
[...]
E: Release signed by unknown key (key id AED4B06F473041FA)
Guessing that I was missing the debian-archive-keyring package, I installed it
and tried again, with same result. I double checked that the
debian-archive-keyring package includes key id AED4B06F473041FA
By studying the debootstrap manpage I learned that, "By default, Release file
signatures are not checked". I used the cowbuilder "--debug" option to find the
"--keyring" option passed to debootstrap, and configured in
/usr/share/pbuilder/pbuilderrc
Next I tried to omit the debootstrap "--keyring" option using the cowbuilder
"--debootstrapopts" option, without success - it's apparently appended to value
from /usr/share/pbuilder/pbuilderrc, in pbuilder-checkparams
Next I tried to omit the debootstrap "--keyring" option using a ~/.pbuilderrc
file,
DEBOOTSTRAPOPTS=--variant=buildd
This failed because sudo resets the environment ($HOME),
W: /root/.pbuilderrc does not exist
Next I tried,
$ sudo sh -c "HOME=$HOME cowbuilder --create --distribution unstable --mirror http://mirrors.kernel.org/debian/"
[...]
E: Release signed by unknown key (key id AED4B06F473041FA)
This failed to omit the "--keyring" option. My bash knowledge isn't strong -
maybe it's possible to have two variables with same name, one a scalar and one
a "list"? I tried,
DEBOOTSTRAP=(--variant=buildd)
This worked! It omitted the "--keyring" option and the base.cow image built
successfully. However it's prohibitively difficult to figure out
If the "--debootstrapopts" option overrode DEBOOTSTRAPOPTS in
/usr/share/pbuilder/pbuilderrc, then it would be little easier to figure out.
If installing debian-archive-keyring was all that was required, I'd be done
after my first guess - maybe debootstrap could look in both keyrings? or in
some merged keyring? I dunno...
As I write this I found Ubuntu bug,
https://bugs.launchpad.net/ubuntu/+source/pbuilder/+bug/599695. Unfortunately I
didn't check the Ubuntu bug tracker before trying to debug my issue - I did
check the Debian bug tracker but didn't find my issue mentioned
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii coreutils 8.5-1 GNU core utilities
ii debconf [debconf-2.0] 1.5.38 Debian configuration management sy
ii debianutils 3.4.3 Miscellaneous utilities specific t
ii debootstrap 1.0.26 Bootstrap a basic Debian system
ii wget 1.12-2.1 retrieves files from the web
Versions of packages pbuilder recommends:
ii devscripts 2.10.69 scripts to make the life of a Debi
ii fakeroot 1.14.5-1 Gives a fake root environment
ii sudo 1.7.4p4-6 Provide limited super user privile
Versions of packages pbuilder suggests:
ii cowdancer 0.62+nmu2 Copy-on-write directory tree utili
ii gdebi-core 0.6.4 Simple tool to install deb files
pn pbuilder-uml <none> (no description available)
-- debconf information:
pbuilder/mirrorsite: http://mirrors.kernel.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
More information about the Pbuilder-maint
mailing list