Ubuntu
debian-archive-keyring package

Old keyring makes deboostrap Debian stable not possible in Bionic

Bug #1994013 reported by Lucas Kanashiro on 2022-10-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	debian-archive-keyring (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	New	Undecided	Unassigned

Bug Description

debian-archive-keyring/2017.7ubuntu1 does not allow one to debootstrap Debian stable in Bionic:

sudo debootstrap --variant=minbase stable /tmp/bla http://httpredir.debian.org/debian
I: Retrieving InRelease
I: Checking Release signature
E: Release signed by unknown key (key id 605C66F00D6C9793)

I found this out through the docker.io regression I got here:

https://autopkgtest.ubuntu.com/results/autopkgtest-bionic/bionic/amd64/d/docker.io/20221021_090029_9eab9@/log.gz

In a Bionic VM, after installing debian-archive-keyring from Focal (2019.1ubuntu2), I was able to deboostrap Debian stable again.

Related branches

~ubuntu-release/britney/+git/hints-ubuntu:bionic-docker.io-debian-keyring

Merged into ~ubuntu-release/britney/+git/hints-ubuntu:bionic at revision f0af3af6106e0b384679da8358eafe7511c19986

Ubuntu Release Team: Pending requested 2022-11-07

Lucas Kanashiro (lucaskanashiro) on 2022-10-24

Changed in debian-archive-keyring (Ubuntu):
status:	New → Invalid

Lucas Kanashiro (lucaskanashiro) on 2022-10-24

summary:

- Old keyring makes deboostrap Debian stable not possible
+ Old keyring makes deboostrap Debian stable not possible in Bionic

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-11-03:

https://bugs.launchpad.net/ubuntu/+source/debian-archive-keyring/+bug/1752656 contains a similar request, with an interesting consideration for the xenial and older cases.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-11-03:

oldstable also doesn't work:

# debootstrap --variant=minbase oldstable /oldstable http://httpredir.debian.org/debian
I: Retrieving InRelease
I: Checking Release signature
E: Release signed by unknown key (key id DCC9EFBF77E11517)

But oldoldstable does:

# debootstrap --variant=minbase oldoldstable /oldoldstable http://httpredir.debian.org/debian
I: Retrieving InRelease
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
I: Valid Release signature (key id 067E3C456BAE240ACEE88F6FEF0F382A1A7B6500)
I: Retrieving Packages
I: Validating Packages

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudebian-archive-keyring package