Okay I finally pinned it. By trying to run manually the GPG key import in the initramfs, I discovered that the issue was...
THAT THE RASPBERRY PI HAS NO REAL TIME CLOCK ! /tmp/mandosULI7OC # path=/usr/bin/gpg gpg --enable-special-filenames --batch --no-sk-comments --homedir /tmp/mandos* --charset utf8 --enable-progress-filter --exit-on-status-write-error --impor t -- < /conf/conf.d/mandos/seckey.txt gpg: WARNING: unsafe ownership on homedir '/tmp/mandosULI7OC' gpg: key 7590231119DA2D24 was created 17619 days in the future (time warp or clock problem) gpg: key 7590231119DA2D24 was created 17619 days in the future (time warp or clock problem) gpg: key 7590231119DA2D24 was created 17619 days in the future (time warp or clock problem) gpg: key 7590231119DA2D24 was created 17619 days in the future (time warp or clock problem) gpg: key 7590231119DA2D24: no valid user IDs gpg: this may be caused by a missing self-signature gpg: key 7590231119DA2D24: failed to re-lookup public key gpg: Total number processed: 1 gpg: w/o user IDs: 1 gpg: secret keys read: 1 /tmp/mandosULI7OC # date -s 2018-04-02 Mon Apr 2 00:00:00 UTC 2018 /tmp/mandosULI7OC # path=/usr/bin/gpg gpg --enable-special-filenames --batch --no-sk-comments --homedir /tmp/mandos* --charset utf8 --enable-progress-filter --exit-on-status-write-error --impor t -- < /conf/conf.d/mandos/seckey.txt gpg: WARNING: unsafe ownership on homedir '/tmp/mandosULI7OC' gpg: /tmp/mandosULI7OC/trustdb.gpg: trustdb created gpg: key 7590231119DA2D24: public key "tethys" imported gpg: key 7590231119DA2D24: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 So I did a quick & dirty hack by creating the following file in /etc/mandos/network-hooks.d/dateset #!/bin/sh date -s 2030-01-01 exit 0 ...Regenerated the initramfs. AND NOW IT WORKS PERFECTLY ! I just now have to figure out if I'm happy booting with this dummy date (that gets fixed later on), or if I should take the pain to put some ntp inside the initramfs. Thanks again Teddy for all your help. CASE CLOSED as far as I'm concerned. ॐ -- Michel Bouissou <mic...@bouissou.net> OpenPGP ID 0xEB04D09C
signature.asc
Description: OpenPGP digital signature