From erichsen at te-systems.de Fri Jun 16 06:13:20 2017 From: erichsen at te-systems.de (Tobias Erichsen) Date: Fri, 16 Jun 2017 06:13:20 +0000 Subject: [Simple-cdd-devel] Issue with simple-cdd on Stretch RC5 Message-ID: <21603AF28BEB014F89BED60814E8E14E0CF1F8BC@exchange2010.wob.te-systems.de> Hi everyone... I have just tried to run simple-cdd for the first time on Stretch RC5 and encountered the following error: 2017-06-16 08:03:40 ERROR verify gpg signature exited with code 2 2017-06-16 08:03:40 ERROR Last 3 lines of standard error: 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Signature made Fri 16 Jun 2017 04:56:35 AM CEST 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: using RSA key AED4B06F473041FA 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Can't check signature: No public key Traceback (most recent call last): File "/usr/bin/build-simple-cdd", line 658, in scdd.build_mirror() File "/usr/bin/build-simple-cdd", line 270, in build_mirror self.run_tool("mirror", tool) File "/usr/bin/build-simple-cdd", line 367, in run_tool tool.run() File "/usr/lib/python3/dist-packages/simple_cdd/tools/mirror_wget.py", line 65, in run self.gnupg.verify_inline_sig(extrafiles_file_inlinesig) File "/usr/lib/python3/dist-packages/simple_cdd/gnupg.py", line 61, in verify_inline_sig return self.verify_gpg_sig("--verify", pathname) File "/usr/lib/python3/dist-packages/simple_cdd/gnupg.py", line 55, in verify_gpg_sig raise Fail("Signature verification failed on %s", pathname) NameError: name 'pathname' is not defined Is this something that still needs to be fixed before Stretch release or is it just my mistake? Tobias From vagrant at debian.org Fri Jun 16 17:27:10 2017 From: vagrant at debian.org (Vagrant Cascadian) Date: Fri, 16 Jun 2017 10:27:10 -0700 Subject: [Simple-cdd-devel] Bug#864896: extrafiles signed with deprecated squeeze key In-Reply-To: <21603AF28BEB014F89BED60814E8E14E0CF1F8BC@exchange2010.wob.te-systems.de> References: <21603AF28BEB014F89BED60814E8E14E0CF1F8BC@exchange2010.wob.te-systems.de> Message-ID: <87a8577si9.fsf@aikidev.net> Package: ftp.debian.org X-Debbugs-Cc: Tobias Erichsen , simple-cdd-devel at lists.alioth.debian.org Control: Affects -1 simple-cdd On 2017-06-15, Tobias Erichsen wrote: > I have just tried to run simple-cdd for the first time on Stretch RC5 and encountered the following error: > > 2017-06-16 08:03:40 ERROR verify gpg signature exited with code 2 > 2017-06-16 08:03:40 ERROR Last 3 lines of standard error: > 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Signature made Fri 16 Jun 2017 04:56:35 AM CEST > 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: using RSA key AED4B06F473041FA > 2017-06-16 08:03:40 ERROR verify gpg signature: gpg: Can't check signature: No public key Thanks for pointing the issue out, Tobias! Apparently, http://deb.debian.org/debian/extrafiles is still signed with the now deprecated squeeze release key, which is only present in debian-keyring's debian-archive-removed-keys.gpg. jcristau pointed out where this is happening: https://anonscm.debian.org/git/mirror/dak.git/tree/config/debian/dinstall.functions#n693 It would be really nice to get this fixed before stretch release! For simple-cdd, you can work around the issue by specifying both old and new keyrings: simple-cdd --keyring=/usr/share/keyrings/debian-archive-keyring.gpg,/usr/share/keyrings/debian-archive-removed-keys.gpg live well, vagrant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From vagrant at debian.org Fri Jun 16 17:52:57 2017 From: vagrant at debian.org (Vagrant Cascadian) Date: Fri, 16 Jun 2017 10:52:57 -0700 Subject: [Simple-cdd-devel] extrafiles signed with deprecated squeeze key In-Reply-To: <87a8577si9.fsf@aikidev.net> References: <21603AF28BEB014F89BED60814E8E14E0CF1F8BC@exchange2010.wob.te-systems.de> <87a8577si9.fsf@aikidev.net> Message-ID: <8760fv7rba.fsf@aikidev.net> On 2017-06-16, Vagrant Cascadian wrote: > For simple-cdd, you can work around the issue by specifying both old and > new keyrings: > > simple-cdd --keyring=/usr/share/keyrings/debian-archive-keyring.gpg,/usr/share/keyrings/debian-archive-removed-keys.gpg Apparently, this isn't sufficient for simple-cdd, as the removed-keys contains expired keys as well, and reprepro balks at that... so you need to export the individual key to a separate keyring first: keyring=$(pwd)/keyring gpg --no-default-keyring \ --keyring=/usr/share/keyrings/debian-archive-removed-keys.gpg \ --export AED4B06F473041FA > $keyring simple-cdd \ --keyring=/usr/share/keyrings/debian-archive-keyring.gpg,$keyring live well, vagrant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From holger at debian.org Sat Jun 24 10:45:26 2017 From: holger at debian.org (Holger Levsen) Date: Sat, 24 Jun 2017 12:45:26 +0200 Subject: [Simple-cdd-devel] Bug#865732: simple-cdd: should depend (or recommend) mtools? Message-ID: <20170624104526.GA30794@layer-acht.org> Package: simple-cdd Version: 0.6.5 Severity: normal Dear Maintainer, simple-cdd simply rocks. Thank you very much for this! I've just created a profile "scdd" which installs one package, simple-cdd and copies the configuration used on the medium, so that a freshly installed system is capable of creating simple-cdd's with the very same configuration. This works nicely, with one small issue: I also had to install mtools manually on the fresh installed system, somehow it doesnt get pulled in by simple-cdd? -- cheers, Holger -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 811 bytes Desc: Digital signature URL: From vagrant at debian.org Wed Jun 28 16:47:18 2017 From: vagrant at debian.org (Vagrant Cascadian) Date: Wed, 28 Jun 2017 09:47:18 -0700 Subject: [Simple-cdd-devel] Bug#865732: simple-cdd: should depend (or recommend) mtools? In-Reply-To: <20170624104526.GA30794@layer-acht.org> References: <20170624104526.GA30794@layer-acht.org> Message-ID: <87mv8sqctl.fsf@aikidev.net> On 2017-06-24, Holger Levsen wrote: > I've just created a profile "scdd" which installs one package, simple-cdd and > copies the configuration used on the medium, so that a freshly installed system > is capable of creating simple-cdd's with the very same configuration. I'd be interested in including this in the default/example profiles, if it's generalizable! > This works nicely, with one small issue: I also had to install mtools manually > on the fresh installed system, somehow it doesnt get pulled in by simple-cdd? Hmmm... debian-cd recommends mtools, not sure why it doesn't get included. Might be something in tmp/logs/ suggesting why. The dependency resolver for simple-cdd is kind of hacky, so it's not totally surprising... live well, vagrant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From holger at layer-acht.org Wed Jun 28 17:00:28 2017 From: holger at layer-acht.org (Holger Levsen) Date: Wed, 28 Jun 2017 17:00:28 +0000 Subject: [Simple-cdd-devel] Bug#865732: simple-cdd: should depend (or recommend) mtools? In-Reply-To: <87mv8sqctl.fsf@aikidev.net> References: <20170624104526.GA30794@layer-acht.org> <87mv8sqctl.fsf@aikidev.net> Message-ID: <20170628170028.GA11609@layer-acht.org> On Wed, Jun 28, 2017 at 09:47:18AM -0700, Vagrant Cascadian wrote: > On 2017-06-24, Holger Levsen wrote: > > I've just created a profile "scdd" which installs one package, simple-cdd and > > copies the configuration used on the medium, so that a freshly installed system > > is capable of creating simple-cdd's with the very same configuration. > I'd be interested in including this in the default/example profiles, if > it's generalizable! it probably is, it's basically this, which of course is a hack and should be done more nicely? (it's basically still a PoC.) some-vm:~/Projects/simple-cdd$ cat profiles/scdd.postinst #!/bin/bash set +e # configure simple-cdd so it's ready to use mkdir /home/user/Projects/simple-cdd mkdir -p /home/user/Projects/simple-cdd/profiles # a simple "cp -r" is probably more in order here? for i in sh conf postinst preseed packages xz ; do cp -r /media/cdrom/simple-cdd/*.$i /home/user/Projects/simple-cdd/profiles/ done mv /home/user/Projects/simple-cdd/profiles/build.sh /home/user/Projects/simple-cdd/ chown -R user:user /home/user/Projects/simple-cdd some-vm:~/Projects/simple-cdd$ cat profiles/scdd.packages simple-cdd mtools some-vm:~/Projects/simple-cdd$ > > This works nicely, with one small issue: I also had to install mtools manually > > on the fresh installed system, somehow it doesnt get pulled in by simple-cdd? > > Hmmm... debian-cd recommends mtools, not sure why it doesn't get > included. Might be something in tmp/logs/ suggesting why. > > The dependency resolver for simple-cdd is kind of hacky, so it's not > totally surprising... I see. I might investigate in a few weeks? ;-) (extremely short on time atm, sorry.) Til then, let's keep this bug report open(?!?), even if only to track the feature described at the top :-) -- cheers, Holger -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 811 bytes Desc: Digital signature URL: