Your message dated Thu, 30 May 2019 04:48:28 +0000 with message-id <[email protected]> and subject line Bug#928703: fixed in simple-cdd 0.6.7 has caused the Debian Bug report #928703, regarding simple-cdd: Wheezy expired key in debian-archive-keyring.gpg causes simple-cdd to fail with reprepro to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 928703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928703 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: simple-cdd Version: 0.6.5 Severity: important In /usr/share/simple-cdd/tools/mirror/reprepro, a repository is initialized to mirror your target distributions, and its "distributions" configuration file contains lines like: VerifyRelease: ${verify_release_keys} This basically tells reprepro to *verify* the Release files when assembling the mirror, using the key listed in ${verify_release_keys}; that variable is constructed by dynamically extracting keys from simple-cdd's keyring, which defaults to: /usr/share/keyrings/debian-archive-keyring.gpg On Stretch, this file contains the following expired wheezy key: pub rsa4096 2012-05-08 [SC] [expired: 2019-05-07] ED6D 6527 1AAC F0FF 15D1 2303 6FB2 A1C2 65FF B764 uid [ expired] Wheezy Stable Release Key <[email protected]> Since a single expired key in a VerifyRelease line is enough for reprepro to refuse to perform any verification, any image creation fails; it doesn't matter what distribution your image targets: ERROR reprepro: updating package lists: VerifyRelease condition '6FB2A1C265FFB764|8B48AD6246925553|...' ERROR reprepro: updating package lists: (To use it anyway, append it with a '!' to force usage). ERROR reprepro: updating package lists: There have been errors! ERROR reprepro failed with exit code: 255 Removing the key from /usr/share/keyrings/debian-archive-keyring.gpg of course fixes the issue, but a more proper workaround involves passing simple-cdd a dedicated, pruned keyring: cp /usr/share/keyrings/debian-archive-keyring.gpg ~/ apt-key --keyring ~/debian-archive-keyring.gpg del ED6D65271AACF0FF15D123036FB2A1C265FFB764 simple-cdd [...] --keyring ~/debian-archive-keyring.gpg [...] A proper patch to /usr/share/simple-cdd/tools/mirror/reprepro would probably involve checking each key's expiration date, and appending "!" to it if necessary. Cheers, -- Seb -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-3-amd64 (SMP w/36 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_DIE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: simple-cdd Source-Version: 0.6.7 We believe that the bug you reported is fixed in the latest version of simple-cdd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vagrant Cascadian <[email protected]> (supplier of updated simple-cdd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 May 2019 21:29:45 -0700 Source: simple-cdd Architecture: source Version: 0.6.7 Distribution: unstable Urgency: medium Maintainer: Simple-CDD Developers <[email protected]> Changed-By: Vagrant Cascadian <[email protected]> Closes: 909561 918102 919572 928703 929193 929636 929651 929660 Changes: simple-cdd (0.6.7) unstable; urgency=medium . [ Vagrant Cascadian ] * Remove invalid contact information from README. * Output command run on gpg verification failure rather than passing an undefined variable. (Closes: #919572, #929651). Thanks to Vladislav Tsendrovskii and Marc Fargas for the reports. * Do not fail when expired keys are present in the keyring. (Closes: #928703, #929193). Thanks to Sebastien Delafond and Pradeep Nambiar. . [ Vagrant Cascadian ] * Add back support for qemu_opts (Closes: #929660, #929636). * Update qemu configuration from -std-vga to -vga std. * Update example simple-cdd.conf and simple-cdd.conf.detailed, removing obsolete options and adjusting options requiring variables. (Closes: #909561). . [ Dirk Mayer ] * added --batch param to gpg calls (Closes: #918102). . [ Vagrant Cascadian ] * Update ltsp profile: - Use defaults for ltsp-client-builder. - Do not configure NFS, no longer used by default. - Use "ltsp-config dnsmasq" as it is the preferred DHCP server. * Update test profile: - Add preseeding to avoid asking to set up another CD. - Use preseeding to select default boot device. - Update arguments for non-graphical console. - Allow rebooting for initial boot test. * Update default profile: - Update question to avoid asking to set up another CD. * Update router profile: - Update default example ethernet interface. Checksums-Sha1: 3325132a3eab89b1d5e2e377b2f2a143b4541cb3 1246 simple-cdd_0.6.7.dsc 79b68d83268e9fc852bd44b244d140b024c115c8 43420 simple-cdd_0.6.7.tar.xz 05fb40aa795a52715ac6bcf1aea113fac5c0b923 5967 simple-cdd_0.6.7_amd64.buildinfo Checksums-Sha256: 73650eaa7a0db55688d4cacf23b03ede8e94e39e6b2f0f3fd2e6c75c9159011b 1246 simple-cdd_0.6.7.dsc c8311c726d3ec28cb00ab916a44c67c16e07e8a62c5af6a6aaa5d6d13562308b 43420 simple-cdd_0.6.7.tar.xz bfd4e8f7456357e80c9fcde5564745210a1988587b63a9e9531da3b769a362e8 5967 simple-cdd_0.6.7_amd64.buildinfo Files: 4db3414fef9183a5376684b95b7c64b1 1246 misc optional simple-cdd_0.6.7.dsc 9007a862368439e96b901995d3974477 43420 misc optional simple-cdd_0.6.7.tar.xz 226f84eaf0137bbca74a8d3690077e28 5967 misc optional simple-cdd_0.6.7_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iIkEARYKADEWIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXO9dKRMcdmFncmFudEBk ZWJpYW4ub3JnAAoJENxRj8h/lxaqbd0BAMvqYBjFVjOaUM9BeBJE2oUs9jLbDKl5 AeszhHIogPTyAP0Y28oE6XwmqOpzsdZa0B5ApyQsQBNqJNCbdO6tV2wyCQ== =Z2M/ -----END PGP SIGNATURE-----
--- End Message ---
