Package: mmdebstrap Version: 1.5.7-3 Severity: wishlist If you mmdebstrap --keyring=/path/to/somekeyring ... and that keyring happens to not be readable by your subuid range (e.g. when it is not world readable) the error message is not very helpful. The permission problem is not displayed at all. Instead, a missing key is reported:
| $ mmdebstrap --keyring=/home/helmut/ubuntu-archive-keyring.gpg --variant=apt resolute /dev/null 'deb http://archive.ubuntu.com/ubuntu resolute main' | I: automatically chosen mode: unshare | I: chroot architecture amd64 is equal to the host's architecture | I: finding correct signed-by value... | done | I: automatically chosen format: null | I: using /tmp/mmdebstrap.JCRAhtyKDG as tempdir | I: running apt-get update... | done | Get:1 http://archive.ubuntu.com/ubuntu resolute InRelease [136 kB] | Err:1 http://archive.ubuntu.com/ubuntu resolute InRelease | Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key F6ECB3762474EDA9D21B7022871920D1991BC93C, which is needed to verify signature. | Reading package lists... | W: http://archive.ubuntu.com/ubuntu/dists/resolute/InRelease: Loading /home/helmut/ubuntu-archive-keyring.gpg from deprecated option Dir::Etc::Trusted | W: OpenPGP signature verification failed: http://archive.ubuntu.com/ubuntu resolute InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key F6ECB3762474EDA9D21B7022871920D1991BC93C, which is needed to verify signature. | E: The repository 'http://archive.ubuntu.com/ubuntu resolute InRelease' is not signed. | E: apt-get update --error-on=any -oAPT::Status-Fd=<$fd> -oDpkg::Use-Pty=false failed: process exited with 100 and error in console output | W: hooklistener errored out: E: received eof on socket | | I: main() received signal PIPE: waiting for setup... | I: removing tempdir /tmp/mmdebstrap.JCRAhtyKDG... | E: mmdebstrap failed to run | $ Notably, if the key file is plain missing, mmdebstrap immediately quits with an error. Once making the key file world-readable, it just works. It would be nice if this failure were reported in way that's easier to understand. Helmut
