On 14/7/25 14:00, Scott Ferguson wrote:
Debian Bookworm fai-server running latest fai-project packages, creating installation .iso images for Debian Bookworm clients.I have put the .gpg keys in $NFSROOT/etc/apt/trusted.gpg.d (per 2010 instructions on this mailing list as I failed to find another guide)"sudo chroot /srv/fai/nfsroot apt-key list" shows them there. However when I create the .iso image only the default .gpg keys are there (not the ones I added).I used: sudo fai-make-nfsroot -fscl=DEBIAN,DHCPC,DEMO,FAIBASE,BOOKWORM,ONE,BACKPORTS,SSH_SERVER,STANDARD,NONFREE,RECOMMENDS,FAIME,GRUB_PC,GRUB_EFI,AMD64sudo fai-mirror -C /etc/fai -m1 -c$cl /srv/fai/mirrorsudo fai-cd -C /etc/fai -g grub.cfg.install-only -m/srv/fai/mirror /media/host/test.isoKind regards
Some more information:- root@fai:/srv/fai/nfsroot/etc/apt/trusted.gpg.d# ls -al total 124 drwxr-xr-x 2 root root 4096 Jul 12 22:18 . drwxr-xr-x 8 root root 4096 Jul 12 17:29 .. -rw-r--r-- 1 root root 2484 Mar 25 02:22 brave-browser-archive-keyring.gpg-rw-r--r-- 1 root root 11861 Apr 10 09:04 debian-archive-bookworm-automatic.asc -rw-r--r-- 1 root root 11873 Apr 10 09:04 debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root 461 Apr 10 09:04 debian-archive-bookworm-stable.asc-rw-r--r-- 1 root root 11861 Apr 10 09:04 debian-archive-bullseye-automatic.asc -rw-r--r-- 1 root root 11873 Apr 10 09:04 debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root 3403 Apr 10 09:04 debian-archive-bullseye-stable.asc-rw-r--r-- 1 root root 11861 Apr 10 09:04 debian-archive-trixie-automatic.asc -rw-r--r-- 1 root root 11873 Apr 10 09:04 debian-archive-trixie-security-automatic.asc
-rw-r--r-- 1 root root 1384 Apr 10 09:04 debian-archive-trixie-stable.asc -rw-r--r-- 1 root root 2824 May 17 07:01 fai-project.gpg -rw-r--r-- 1 root root 12775 Jul 12 07:36 google-chrome.gpg -rw-r--r-- 1 root root 2223 Aug 12 2024 signal-desktop-keyring.gpg -rw-r--r-- 1 root root 2288 May 16 14:14 tailscale-archive-keyring.gpg On the machine built from the generated .iso root@t490s:/etc/apt/trusted.gpg.d# ls -al total 96 drwxr-xr-x 2 root root 4096 Jul 17 14:17 . drwxr-xr-x 9 root root 4096 Jul 17 14:21 ..-rw-r--r-- 1 root root 11861 Apr 10 09:04 debian-archive-bookworm-automatic.asc -rw-r--r-- 1 root root 11873 Apr 10 09:04 debian-archive-bookworm-security-automatic.asc
-rw-r--r-- 1 root root 461 Apr 10 09:04 debian-archive-bookworm-stable.asc-rw-r--r-- 1 root root 11861 Apr 10 09:04 debian-archive-bullseye-automatic.asc -rw-r--r-- 1 root root 11873 Apr 10 09:04 debian-archive-bullseye-security-automatic.asc
-rw-r--r-- 1 root root 3403 Apr 10 09:04 debian-archive-bullseye-stable.asc-rw-r--r-- 1 root root 11861 Apr 10 09:04 debian-archive-trixie-automatic.asc -rw-r--r-- 1 root root 11873 Apr 10 09:04 debian-archive-trixie-security-automatic.asc
-rw-r--r-- 1 root root 1384 Apr 10 09:04 debian-archive-trixie-stable.asc -rw-r--r-x 1 root root 2824 Nov 8 2019 DEBIAN.gpgI understand how the DEBIAN.gpg key gets there, and 'could' include my three third-party keys by creating a new class for each of the keys and then including those keys in $FAI_CONFIGDIR/package_config
e.g. classes SIGNAL, TAILSCALE, GCHROME and SIGNAL.gpg, TAILSCALE.gpg and GCHROME.gpg - which 'seems' right, but doesn't explain by fai-project.gpg ends up in $NFSROOT/etc/apt/trusted.gpg in the first place even though it doesn't wind up in the created .iso. I suspect that is just lint from earlier versions of fai, but would appreciate a more educated opinion.
I am using fai-quickstart 6.4.1
Kind regards
--
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: The lost context.
Q: What makes top-posted replies harder to read than bottom-posted?
A: Yes.
Q: Should I trim down the quoted part of an email to which I'm replying?
OpenPGP_0x58C71E4E256ECDFE.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
