Source: simple-cdd Version: 0.6.5 Severity: important In /usr/share/simple-cdd/tools/mirror/reprepro, a repository is initialized to mirror your target distributions, and its "distributions" configuration file contains lines like:
VerifyRelease: ${verify_release_keys} This basically tells reprepro to *verify* the Release files when assembling the mirror, using the key listed in ${verify_release_keys}; that variable is constructed by dynamically extracting keys from simple-cdd's keyring, which defaults to: /usr/share/keyrings/debian-archive-keyring.gpg On Stretch, this file contains the following expired wheezy key: pub rsa4096 2012-05-08 [SC] [expired: 2019-05-07] ED6D 6527 1AAC F0FF 15D1 2303 6FB2 A1C2 65FF B764 uid [ expired] Wheezy Stable Release Key <debian-rele...@lists.debian.org> Since a single expired key in a VerifyRelease line is enough for reprepro to refuse to perform any verification, any image creation fails; it doesn't matter what distribution your image targets: ERROR reprepro: updating package lists: VerifyRelease condition '6FB2A1C265FFB764|8B48AD6246925553|...' ERROR reprepro: updating package lists: (To use it anyway, append it with a '!' to force usage). ERROR reprepro: updating package lists: There have been errors! ERROR reprepro failed with exit code: 255 Removing the key from /usr/share/keyrings/debian-archive-keyring.gpg of course fixes the issue, but a more proper workaround involves passing simple-cdd a dedicated, pruned keyring: cp /usr/share/keyrings/debian-archive-keyring.gpg ~/ apt-key --keyring ~/debian-archive-keyring.gpg del ED6D65271AACF0FF15D123036FB2A1C265FFB764 simple-cdd [...] --keyring ~/debian-archive-keyring.gpg [...] A proper patch to /usr/share/simple-cdd/tools/mirror/reprepro would probably involve checking each key's expiration date, and appending "!" to it if necessary. Cheers, -- Seb -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-3-amd64 (SMP w/36 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_DIE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled