[pkg-lxc-devel] Bug#885427: lxc: Debian template hardcodes regular keyring even for -ports

Adam Borowski kilobyte at angband.pl
Wed Dec 27 00:55:08 UTC 2017 

Package: lxc
Version: 1:2.0.9-5
Severity: normal

Hi!
When trying to install a second class (ie, -ports) architecture, the Debian
template fails with:
[/srv/lxc]# lxc-create -t debian -B btrfs -n harad --dir /srv/lxc/harad -- -a x32 -r sid --packages=sysvinit-core,sysv-rc --mirror=http://apt.angband.pl:3142/ftp.debian-ports.org/debian
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-sid-x32 ... 
Downloading debian minimal ...
I: Retrieving InRelease 
I: Checking Release signature
E: Release signed by unknown key (key id 8BC3A7D46F930576)
Failed to download the rootfs, aborting.
Failed to download 'debian base'
failed to install debian
lxc-create: lxccontainer.c: create_run_template: 1427 container creation template for harad failed
lxc-create: tools/lxc_create.c: main: 326 Error creating container harad

This is somewhat expected, as debootstrap (being a low-level tool) doesn't
handle custom keyrings without being told
(--keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg).  However,
the Debian template:
* knows about keyrings, and has logic to pick and/or download one
* provides no way to override

Requiring the user to provide a path to the keyring would be acceptable.
If you'd want to be nice, though, it'd be good to detect if we're installing
one of -ports archs (Linux ones are: alpha hppa m68k powerpc powerpcspe
ppc64 sh4 sparc64 x32) and look for the keyring in
/usr/share/keyrings/debian-ports-archive-keyring.gpg.  It might be also good
to default the mirror to http://ftp.ports.debian.org/debian-ports/

(Note: to run x32 on an amd64 kernel, append syscall.x32=y to kernel's
cmdline and reboot -- CONFIG_X86_X32 is on in Debian kernels but is disabled
other than as a boot-time option.  Such kernels then work normally, exactly
same as i386 support on an amd64 kernel.)


Meow!
-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (150, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-rc5-debug-00024-g65228756e20f (SMP w/6 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages lxc depends on:
ii  libapparmor1  2.11.1-4
ii  libc6         2.25-5
ii  libcap2       1:2.25-1.2
ii  libgnutls30   3.5.16-1
ii  liblxc1       1:2.0.9-5
ii  libseccomp2   2.3.1-2.1
ii  libselinux1   2.7-2
ii  lsb-base      9.20170808
ii  python3       3.6.4~rc1-2
ii  python3-lxc   1:2.0.9-5

Versions of packages lxc recommends:
ii  bridge-utils  1.5-14
ii  debootstrap   1.0.93
ii  dirmngr       2.2.3-1
pn  dnsmasq-base  <none>
ii  gnupg         2.2.3-1
ii  iptables      1.6.1-2+b1
ii  libpam-cgfs   2.0.8-1
ii  lxcfs         2.0.8-1
ii  openssl       1.1.0g-2
ii  rsync         3.1.2-2.1
ii  uidmap        1:4.5-1

Versions of packages lxc suggests:
pn  apparmor     <none>
ii  btrfs-progs  4.13.3-1
pn  lvm2         <none>

-- no debconf information

More information about the Pkg-lxc-devel mailing list