On Thu, 21 Mar 2019 23:40:21 +0900 Hideki Yamane <henr...@iijmio-mail.jp> wrote: > On Tue, 19 Mar 2019 21:08:42 +0530 "Veek.M" <vek.m1...@gmail.com> wrote: > > There's a problem with using --keyring=whatever.gpg > > No, it's just because you've specified wrong keyring... > For example, when I use ubuntu-archive-keyring that's not appropriate for > debian repository, debootstrap returns such error. > > > $ sudo debootstrap --download-only --force-check-gpg > > --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg stable stretch > > https://debian.ethz.ch/debian > > I: Retrieving InRelease > > I: Retrieving Release > > I: Checking Release signature > > E: Release signed by unknown key (key id EF0F382A1A7B6500) > > > As I said in previous mail, it's not appropriate step. > > > It seems that your procedure of specifying gpg key is bit strange. > > > > > dpkg-deb -R debian-archive-keyring_2017.5_all.deb /tmp/ > > > ls *.gpg|xargs -I{} debootstrap --download-only --force-check-gpg > > > --keyring={} --variant minbase --arch amd64 --make-tarball=debian_amd64 > > > stable /root/dbs_debian_amd64 https://debian.ethz.ch/debian > > debian-archive-keyring package has some gpg keys but you should > specify debian-archive-keyring.gpg. > > -- > Regards, > > Hideki Yamane henrich @ debian.org/iijmio-mail.jp > >
Please close - it's not a bug - sorry for the bother. (A Keyring file is different from a .gpg public key - though they share the same .gpg file extension - you have to manually create a keyring file gpg --no-default-keyring --keyring ./mykeyring.gpg --fingerprint and then add the downloaded/extracted .gpg file to this keyring file. gpg --no-default-keyring --keyring ./mykeyring.gpg --import debian-archive-stretch-stable.gpg Only then will debootstrap work - by passing the KEYRING FILE to it as part of --keyring=.)