Ubuntu
debian-archive-keyring package

Installing debian-archive-keyring does not activate the Debian keyring

Bug #838299 reported by Daniel Hahler
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Invalid
Undecided
Unassigned
debian-archive-keyring (Ubuntu)
Won't Fix
Undecided
Unassigned
ubuntu-keyring (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Installing the debian-archive-keyring package should add the appropriate keys to the apt keychain, but it does not.

I have debugged this a while ago and if I remember correctly, it is caused by ubuntu-keyring interfering here.

From what I can see /etc/apt/trusted.gpg.d/ should be a good place to put both the Debian and Ubuntu keyrings.

I have added Debian's unstable and testing sources, and am getting the following error, although debian-archive-keyring is installed:
Reading package lists... Done
W: GPG error: http://ftp.de.debian.org unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA
W: GPG error: http://ftp.de.debian.org testing InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: debian-archive-keyring 2010.08.28
ProcVersionSignature: Ubuntu 2.6.38-11.48-generic-pae 2.6.38.8
Uname: Linux 2.6.38-11-generic-pae i686
Architecture: i386
Date: Wed Aug 31 20:11:38 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/usr/bin/zsh
SourcePackage: debian-archive-keyring
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Daniel Hahler (blueyed) wrote :
Revision history for this message
Daniel Hahler (blueyed) wrote :

Marking the apt/apt-key task as invalid: it's filed in bug 445903 already, which refers to the wrong documentation in the apt-key man page.

Changed in apt (Ubuntu):
status: New → Invalid
Changed in ubuntu-keyring (Ubuntu):
status: New → Invalid
Revision history for this message
Daniel Hahler (blueyed) wrote :

I suggest adding the Debian keyring as follows via the package's postinst:
    ln -s /usr/share/keyrings/debian-archive-keyring.gpg /etc/apt/trusted.gpg.d

Does this make sense?

Revision history for this message
Philipp Kern (pkern) wrote :

Should be fixed with version 2012.1 in quetzal, please test.

Changed in debian-archive-keyring (Ubuntu):
status: New → Fix Released
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

@ Daniel

No, they should not. Most of the time, debian-archive-keyring is not installed to access debian repositories directly, but to have access to /usr/share/keyrings/debian-archive-keyring.gpg to validate repositories when debootstraping debian releases in schroots/containers/etc. For example, mk-sbuild uses /usr/share/keyrings/debian-archive-keyring.gpg to validate chroots when creating build environments for the Debian releases.

The host system apt, should not be trusting debian repositories, as installing debian binaries on ubuntu may result in broken and incompatible sets of packages. (e.g. due to toolchain differences packages may effectively have incompatible ABIs).

Changed in debian-archive-keyring (Ubuntu):
status: Fix Released → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.