Your message dated Tue, 17 Apr 2018 02:53:56 +0000 with message-id <e1f8gkm-000dld...@fasolo.debian.org> and subject line Bug#698677: fixed in debootstrap 1.0.97 has caused the Debian Bug report #698677, regarding debootstrap: 'Release signed by unknown key' should report keyring used to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698677: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698677 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: debootstrap Version: 1.0.44 Running debootstrap on Gentoo (where the latest version available is 1.0.44) via 'lxc-create' (to generate an LXC guest environment) I receive the unhelpful error: E: Release signed by unknown key (key id 64481591B98321F9) I believe that this is possibly/probably because the key validity has expired, and the Gentoo package's included keyring is no longer fresh. That's fine and a reported bug at https://bugs.gentoo.org/show_bug.cgi?id=387565 The issue I am reporting here is that *the error itself is not very helpful*, specifically at identifying the keyring that requires maintenance. Given that: (a) There are multiple potential keyring paths acknowledged within the debootstrap source (b) This tool is largely useful on other distributions that, like gentoo, may understandable modify the keyring path (c) This tool is often going to be executed deep within automated processes (eg. for continuous integration / automated testing, etc.) It makes sense to extend the output of the error to something more verbose that includes the keyring path and saves people wasted time digging. Two pieces of information should ideally be made available: 1. The path to the keyring itself 2. A debian (security/release team?) URL that may be used in third party distro scripts to validate/update the current/expected signing key IDs (I suppose, on a per-release basis), which as far as I can tell does not presently exist in a simple list/automateable fashion (though data is available in a not-well-documented form @ 'active-keys/' in the tarball at http://packages.debian.org/source/squeeze/debian-archive-keyring). For the moment the URL could be http://www.debian.org/doc/manuals/securing-debian-howto/ch7#s7.5.3.6 ... to allow users to resolve the issue without relying on (probably out of date) third-party distros' packages. That URL should probably be updated with a more useful line for people without debian (and therefore apt-key installed), like: gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --keyserver pgpkeys.mit.edu --recv-key 64481591B98321F9 (Acknowledgement: command line built from post @ https://groups.google.com/forum/?fromgroups=#!topic/linux.debian.bugs.dist/tKv7EYb1HkE ) 3. In addition, that URL's year-based-path solution appears no longer valid (at least for 2013). For reference purposes, the MD5 checksum of my Gentoo-debootstrap-package-installed keyring prior to manual addition of the key in question was d091e2e61800b3e5d65f956e05a42f36 PS. Apologies for the verbosity and not splitting the bugs (re: points 2 and 3 above) -- I am not normally a Debian/Ubuntu user and don't have enough familiarity with project structure to do this efficiently. Hopefully someone can deal with this on my behalf.
--- End Message ---
--- Begin Message ---Source: debootstrap Source-Version: 1.0.97 We believe that the bug you reported is fixed in the latest version of debootstrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hideki Yamane <henr...@debian.org> (supplier of updated debootstrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Apr 2018 11:06:32 +0900 Source: debootstrap Binary: debootstrap debootstrap-udeb Architecture: source all Version: 1.0.97 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team <debian-boot@lists.debian.org> Changed-By: Hideki Yamane <henr...@debian.org> Description: debootstrap - Bootstrap a basic Debian system debootstrap-udeb - Bootstrap the Debian system (udeb) Closes: 698677 826709 844118 866401 872059 872577 872948 890419 893954 895466 Changes: debootstrap (1.0.97) unstable; urgency=medium . [ Dan Nicholson ] * Handle existing /dev (Closes: #872577) . [ Hideki Yamane ] * Create /dev/console as same as previous (Closes: #872059) * Do not ignore HTTPS mirror setting (Closes: #893954) * Improve manpage "what is calls a Debian base system" (Closes: #872948) Thanks to Emmanuel Kasper <m...@debian.org> for the patch * Improve error message when download fails (Closes: #866401) Thanks to Raphaël Hertzog <hert...@debian.org> for the patch * Use wget --non-verbose option instead of --quiet * Improve error message on Release signed by unknown key (Closes: #698677) * Add --cache-dir feature (Closes: #844118) It is enabled by default and use /var/cache/apt/archives as default value . [ Adam Borowski ] * Use arch-test if installed to check whether second stage is possible. (Closes: #826709) . [ Lubomir Rintel ] * Fix boostrapping libvirt LXC containers (Closes: #890419) . [ Raphaël Hertzog ] * Use "command -v apt-config" to check for apt-config's presence (Closes: #895466) * Drop default value for --cache-dir parameter * Forbid the usage of non-empty directories with --print-debs and --make-tarball * Do not use HTTPS for Kali bootstrap script Checksums-Sha1: dec58e328c8ca5a62ed929cba1323a21d053c960 1991 debootstrap_1.0.97.dsc ff4d6b40efebbbf14c33445419e8e264cf4c04c8 71121 debootstrap_1.0.97.tar.gz c2d21436e905fc28eb141fd25542c1d1d748f003 20556 debootstrap-udeb_1.0.97_all.udeb 5eba09250171942f0b7483759285c85c24e82e74 69060 debootstrap_1.0.97_all.deb 5cf71f8a36c995632a5d7ae31320941c907b56fa 5766 debootstrap_1.0.97_amd64.buildinfo Checksums-Sha256: 9b0dc362f97976833c1f148d00933c85a0095525885ad1a6845e81671d4aabdd 1991 debootstrap_1.0.97.dsc d3e6bef403dbabade11d098214030d5063c6b238d3751b159f727af7556c5cf0 71121 debootstrap_1.0.97.tar.gz b4f377d7e40b5128271dca859d924e79c36fc7d1c86408f91a474ad2c669f6e9 20556 debootstrap-udeb_1.0.97_all.udeb 0177ffecea5cc1a42084ae02a44d8e902a086577cefc00194b983fd7f3d802a7 69060 debootstrap_1.0.97_all.deb c9d57dd2f298f41fd5d56badca0d88898b8797e7b5755db1b62e7b14cf99af02 5766 debootstrap_1.0.97_amd64.buildinfo Files: 355d536a46a764b9f798e977ffdf0acf 1991 admin optional debootstrap_1.0.97.dsc 856379c44f4cec4be4071a91e061aafd 71121 admin optional debootstrap_1.0.97.tar.gz 11ae2cd66f0ec42d94edda0a876fcb5a 20556 debian-installer optional debootstrap-udeb_1.0.97_all.udeb e1844d1cfb966c00101048bb9285f002 69060 admin optional debootstrap_1.0.97_all.deb e1d959b6ca11fbca1d18a15bb9403248 5766 admin optional debootstrap_1.0.97_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEWOEiL5aWyIWjzRBMXTKNCCqqsUAFAlrVWFQTHGhlbnJpY2hA ZGViaWFuLm9yZwAKCRBdMo0IKqqxQC1GD/9n8XmploJvPpi6CI0uFgBAwAHXOHZN VRfdq/LmZBisF1Dw3cg1sPTy3JltrjCQjeVXOdPC5syz0ap5mJVKi6CdO8Yo+21+ dKqvb9WZOCJjQFVRoS7l/Vzto1wXwI80ylH5CNCNOmJnw7WLiKZZ8cKN+mh3CA4S 6iXZymu6Wz7BRaQa2LWVrpq/ygJpmqyt/tdzsFh5s621vEcsTUnxEokHoW9abzVF FzWt9Dc8Ipn5iv+HeMdsQctwcWIbytfcchHLPlajeVP7alD7vFvQxan7jEFON4Tn RRzkCfl7UKZHMHwrxYhchGYFg/c9qGM4sNu4wi6Aqo7KfogGhM/yXiSAcm4x6KZh /nZ88IvuxRbqm7SfUOaw0eTby4d5L01PkMUopwFTLgg1YkaPe3eJhYnmzMHE1yEC pIo0cwZHB64I5UwK4/1EtG4sy27M4dSVyuHXAMMUKv39AxUiZShAM6kttmGzoDUc 8opGN6Ip1RiX62SExZFEQQUMoA0ByR96U8vZUFAcwHEPyI+iW4nnFkNEhasWtDBY u9EbhGNmVKUGbywoyuF//FYyrXPF2LuCNHIA/0zwhjd5U8Jytx+U+gfOa8DC6k5O tpej8BjuI+Ob/8Kr0+dg6uJ0MnU/7gtHjJCMQ+GMwRr8mPT2tsa+rftTOVVShQym czgQ2K/mIbhlFw== =caYw -----END PGP SIGNATURE-----
--- End Message ---
