debootstrap fails if ubuntu-keyring installed and release signed by other

Bug #878481 reported by Kyle Nitzsche on 2011-10-19
This bug affects 2 people
Affects Status Importance Assigned to Milestone
germinate (Ubuntu)

Bug Description

In OEM group. I am no longer able to run a meta package update script.

It appears that if ubuntu-keyring is installed, debootstrap requires a Release.gpg file that is signed by a key in ubuntu-keyring.

However, OEM releases are signed by another key, so we can no longer update meta packages.

$ apt-cache policy debootstrap
  Installed: 1.0.37
  Candidate: 1.0.37
  Version table:
 *** 1.0.37 0
        500 oneiric/main amd64 Packages
        100 /var/lib/dpkg/status
$ apt-cache policy germinate
  Installed: 1.27
  Candidate: 1.27
  Version table:
 *** 1.27 0
        500 oneiric/main amd64 Packages
        100 /var/lib/dpkg/status

Colin Watson (cjwatson) wrote :

Checking signatures is intentional, but can't you use debootstrap --no-check-gpg?

Perhaps the real bug here is that germinate-update-metapackage doesn't offer a way to pass either custom options or this particular option through to debootstrap?

affects: debootstrap (Ubuntu) → germinate (Ubuntu)
Kyle Nitzsche (knitzsche) wrote :

I added --no-check-gpg to the debootstrap command in germinate-update-metapackage, and yes, it now completes.

So if you can provide such a pass-through argument for germinate-update-metapackage, we can update our meta package driver script to use it.


Colin Watson (cjwatson) on 2011-10-20
Changed in germinate (Ubuntu):
status: New → Triaged
importance: Undecided → High
Kyle Nitzsche (knitzsche) wrote :

Still exists in precise germinate 2.7.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers