Bug#614029: pbuilder: Hard to avoid debootstrap failure, Release signed by unknown key (key id AED4B06F473041FA)

Jack Bates ms419 at freezone.co.uk
Sat Feb 19 03:34:46 UTC 2011 

Package: pbuilder
Version: 0.199+nmu1
Severity: wishlist

My situation is that I'm trying to build some packages for Debian unstable, on
an Ubuntu system, using cowbuilder

To create base.cow image, I first tried,

 $ sudo cowbuilder --create --distribution unstable --mirror http://mirrors.kernel.org/debian/
 [...]
 E: Release signed by unknown key (key id AED4B06F473041FA)

Guessing that I was missing the debian-archive-keyring package, I installed it
and tried again, with same result. I double checked that the
debian-archive-keyring package includes key id AED4B06F473041FA

By studying the debootstrap manpage I learned that, "By  default, Release file
signatures are not checked". I used the cowbuilder "--debug" option to find the
"--keyring" option passed to debootstrap, and configured in
/usr/share/pbuilder/pbuilderrc

Next I tried to omit the debootstrap "--keyring" option using the cowbuilder
"--debootstrapopts" option, without success - it's apparently appended to value
from /usr/share/pbuilder/pbuilderrc, in pbuilder-checkparams

Next I tried to omit the debootstrap "--keyring" option using a ~/.pbuilderrc
file,

 DEBOOTSTRAPOPTS=--variant=buildd

This failed because sudo resets the environment ($HOME),

 W: /root/.pbuilderrc does not exist

Next I tried,

 $ sudo sh -c "HOME=$HOME cowbuilder --create --distribution unstable --mirror http://mirrors.kernel.org/debian/"
 [...]
 E: Release signed by unknown key (key id AED4B06F473041FA)

This failed to omit the "--keyring" option. My bash knowledge isn't strong -
maybe it's possible to have two variables with same name, one a scalar and one
a "list"? I tried,

 DEBOOTSTRAP=(--variant=buildd)

This worked! It omitted the "--keyring" option and the base.cow image built
successfully. However it's prohibitively difficult to figure out

If the "--debootstrapopts" option overrode DEBOOTSTRAPOPTS in
/usr/share/pbuilder/pbuilderrc, then it would be little easier to figure out.
If installing debian-archive-keyring was all that was required, I'd be done
after my first guess - maybe debootstrap could look in both keyrings? or in
some merged keyring? I dunno...

As I write this I found Ubuntu bug,
https://bugs.launchpad.net/ubuntu/+source/pbuilder/+bug/599695. Unfortunately I
didn't check the Ubuntu bug tracker before trying to debug my issue - I did
check the Debian bug tracker but didn't find my issue mentioned

-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages pbuilder depends on:
ii  coreutils                     8.5-1      GNU core utilities
ii  debconf [debconf-2.0]         1.5.38     Debian configuration management sy
ii  debianutils                   3.4.3      Miscellaneous utilities specific t
ii  debootstrap                   1.0.26     Bootstrap a basic Debian system
ii  wget                          1.12-2.1   retrieves files from the web

Versions of packages pbuilder recommends:
ii  devscripts                    2.10.69    scripts to make the life of a Debi
ii  fakeroot                      1.14.5-1   Gives a fake root environment
ii  sudo                          1.7.4p4-6  Provide limited super user privile

Versions of packages pbuilder suggests:
ii  cowdancer                     0.62+nmu2  Copy-on-write directory tree utili
ii  gdebi-core                    0.6.4      Simple tool to install deb files
pn  pbuilder-uml                  <none>     (no description available)

-- debconf information:
  pbuilder/mirrorsite: http://mirrors.kernel.org/debian/
  pbuilder/nomirror:
  pbuilder/rewrite: false

More information about the Pbuilder-maint mailing list