Ubuntu
debootstrap package

debootstrap fails to create precise chroots: Release signed by unknown key

Bug #1851459 reported by You-Sheng Yang
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
debootstrap (Ubuntu)
In Progress
Undecided
Ken Sharp

Bug Description

Creating precise, and probably all other EOL-ed series, chroot fails with following error messages:

  $ sudo debootstrap precise target
  I: Retrieving InRelease
  I: Retrieving Release
  I: Retrieving Release.gpg
  I: Checking Release signature
  E: Release signed by unknown key (key id 40976EAF437D05B5)
     The specified keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg may be incorrect or out of date.
     You can find the latest Debian release key at https://ftp-master.debian.org/keys.html

Precise key 40976EAF437D05B5 was moved into /usr/share/keyrings/ubuntu-archive-removed-keys.gpg[1][2] since ubuntu-keyring >= 2016.10.27, and yet /usr/share/debootstrap/scripts/precise (symlinked to /usr/share/debootstrap/scripts/gusty) is still using /usr/share/keyrings/ubuntu-archive-keys.gpg, so it will certainly fail unless --keyring ... is specified.

[1]: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1363482

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: debootstrap 1.0.116ubuntu2
ProcVersionSignature: Ubuntu 5.3.0-21.22-generic 5.3.7
Uname: Linux 5.3.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair wl
ApportVersion: 2.20.11-0ubuntu10
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Nov 6 13:31:59 2019
InstallationDate: Installed on 2019-09-28 (38 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Alpha amd64 (20190923)
PackageArchitecture: all
SourcePackage: debootstrap
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
You-Sheng Yang (vicamo) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in debootstrap (Ubuntu):
status: New → Confirmed
Ken Sharp (kennybobs)
tags: added: jammy
Ken Sharp (kennybobs)
tags: added: noble
Revision history for this message
Ken Sharp (kennybobs) wrote :

This patch seems to work correctly in Noble.

Because the removed keys aren't in-sync with EOL releases a different patch may be needed for each release. This patch has issue in Trusty and Xenial, for example.

A fix is possible for those releases but I won't post them here, and I can't seem to push the commit to Launchpad (something I need to figure out).

tags: added: patch
Revision history for this message
Ken Sharp (kennybobs) wrote :

Tested further with Bionic, Focal and Jammy and the patch seems to work on all of them.

Ken Sharp (kennybobs)
tags: added: bionic
Ken Sharp (kennybobs)
Changed in debootstrap (Ubuntu):
assignee: nobody → Ken Sharp (kennybobs)
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Use correct keyring for old releases" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Ken Sharp (kennybobs)
Changed in debootstrap (Ubuntu):
status: Confirmed → In Progress
Ken Sharp (kennybobs)
tags: added: patch-accepted-debian
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.