Release signed by unknown key (key id 40976EAF437D05B5)

Bug #599394 reported by Scott Evans on 2010-06-28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
pbuilder (Ubuntu)

Bug Description

Binary package hint: pbuilder

scott@scott-desktop:~$ sudo pbuilder create --debug
++ shift
++ '[' -n '' ']'
++ BUILDPLACE=/var/cache/pbuilder/build/
++ BASEBUILDPLACE=/var/cache/pbuilder/build/
++ '[' '' '!=' yes -a no '!=' yes ']'
++ BUILDPLACE=/var/cache/pbuilder/build//2087
++ '[' -z '' ']'
++ CHROOTEXEC='chroot /var/cache/pbuilder/build//2087 '
++ '[' maverick = experimental ']'
++ '[' noninteractive = noninteractive -o noninteractive = Noninteractive ']'
++ exec
++ FORCE_CONFNEW[1]=DPkg::Options::=--force-confnew
++ '[' -n /var/cache/pbuilder/ccache ']'
++ '[' -d /var/cache/pbuilder/ccache ']'
++ BINDMOUNTS='/var/cache/pbuilder/ccache /var/cache/pbuilder/ccache'
++ export PATH=/usr/lib/ccache:/usr/lib/ccache:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
++ PATH=/usr/lib/ccache:/usr/lib/ccache:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
+++ sort -u
+++ for i in '$BINDMOUNTS'
+++ echo /var/cache/pbuilder/ccache
+++ for i in '$BINDMOUNTS'
+++ echo /var/cache/pbuilder/ccache
++ BINDMOUNTS=/var/cache/pbuilder/ccache
+ . /usr/lib/pbuilder/pbuilder-runhooks
++ hooks=tmp/hooks
+ '[' -z maverick ']'
+ log 'I: Distribution is maverick.'
+ case "$*" in
+ echo 'I: Distribution is maverick.'
I: Distribution is maverick.
+ '[' yes = yes ']'
+ TRAP='echo ignoring trap '
+ cleanbuildplace
+ '[' 0 -ne 0 ']'
+ '[' '' '!=' yes ']'
+ '[' -d /var/cache/pbuilder/build//2087 ']'
+ log 'I: Building the build environment'
+ case "$*" in
+ echo 'I: Building the build environment'
I: Building the build environment
+ mkdir -p /var/cache/pbuilder/build//2087
+ '[' '!' -d /var/cache/pbuilder/build//2087 ']'
+ echo ignoring trap cleanbuildplace exit
ignoring trap cleanbuildplace exit
+ log 'I: running debootstrap'
+ case "$*" in
+ echo 'I: running debootstrap'
I: running debootstrap
+ '[' -n '' ']'
+ which debootstrap
+ :
+ cd /var/cache/pbuilder/build//2087
+ debootstrap --include=apt --arch amd64 --arch amd64 --variant=buildd --keyring /usr/share/keyrings/debian-archive-keyring.gpg maverick .
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
E: Release signed by unknown key (key id 40976EAF437D05B5)
+ log 'E: debootstrap failed'
+ case "$*" in
+ echo 'E: debootstrap failed'
E: debootstrap failed
+ exit 1

The md5sum of /usr/share/keyrings/debian-archive-keyring.gpg is ...

b79bfb9bbbff2a4fbff58bfad3813085 debian-archive-keyring.gpg

I am using my ISP as the debian/ubuntu mirror and this has never given any trouble prior.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: pbuilder 0.198ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-6.7-generic 2.6.35-rc3
Uname: Linux 2.6.35-6-generic x86_64
Architecture: amd64
Date: Tue Jun 29 00:37:26 2010
InstallationMedia: Kubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
PackageArchitecture: all
SourcePackage: pbuilder

Related branches

Scott Evans (vk7hse) wrote :
Lorenzo De Liso (blackz) wrote :

Are you trying to do that on a chroot?

Changed in pbuilder (Ubuntu):
importance: Undecided → Medium
Download full text (3.2 KiB)

On Mon, 2010-06-28 at 15:46 +0000, Lorenzo De Liso wrote:

> Are you trying to do that on a chroot?
> ** Changed in: pbuilder (Ubuntu)
> Importance: Undecided => Medium

attempting to create one yes ...

Here is the content in my /etc/pbuilderrc file

# Codenames for Debian suites according to their alias. Update these
# needed.

# List of Debian suites.
    "unstable" "testing" "stable")

# List of Ubuntu suites. Update these when needed.
UBUNTU_SUITES=("maverick" "lucid" "karmic" "jaunty" "hardy")

# Mirrors to use. Update these to your preferred mirror.

# Optionally use the changelog of a package to determine the suite to
use if
# none set.
if [ -z "${DIST}" ] && [ -r "debian/changelog" ]; then
    DIST=$(dpkg-parsechangelog | awk '/^Distribution: / {print $2}')
    # Use the unstable suite for certain suite values.
    if $(echo "experimental UNRELEASED" | grep -q $DIST); then

# Optionally set a default distribution if none is used. Note that you
can set
# your own default (i.e. ${DIST:="unstable"}).
: ${DIST:="$(lsb_release --short --codename)"}

# Optionally change Debian release states in $DIST to their names.
case "$DIST" in

# Optionally set the architecture to the host architecture if none set.
# that you can set your own default (i.e. ${ARCH:="i386"}).
: ${ARCH:="$(dpkg --print-architecture)"}

if [ -n "${ARCH}" ]; then
# Optionally, set BASEPATH (and not BASETGZ) if using cowbuilder
# BASEPATH="/var/cache/pbuilder/$NAME/base.cow/"

if $(echo ${DEBIAN_SUITES[@]} | grep -q $DIST); then
    # Debian configuration
    COMPONENTS="main contrib non-free"
    # This is for enabling backports for the Debian stable suite.
    if $(echo "$STABLE_CODENAME stable" | grep -q $DIST); then
        EXTRAPACKAGES="$EXTRAPACKAGES debian-backports-keyring"
elif $(echo ${UBUNTU_SUITES[@]} | grep -q $DIST); then
    # Ubuntu configuration
    COMPONENTS="main restricted universe multiverse"
    echo "Unknown distribution: $DIST"
    exit 1

# ccache
sudo mkdir -p /var/cache/pbuilder/ccache
sudo chmod a+w /var/cache/pbuilder/ccache
export CCACHE_DIR="/var/cache/pbuilder/ccache"
export PATH="/usr/lib/ccach...


Lorenzo De Liso (blackz) wrote :

I can reproduce that on a maverick chroot.

Changed in pbuilder (Ubuntu):
status: New → Confirmed
Loïc Minier (lool) wrote :

This is due to the default debootstrap args which now include --keyring.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pbuilder - 0.198ubuntu2

pbuilder (0.198ubuntu2) maverick; urgency=low

  * pbuilderrc: Use /usr/share/keyrings/ubuntu-archive-keyring.gpg by default
    instead of debian-archive-keyring.gpg; this should really be set on a
    per-distro way since it breaks creation of Debian chroots from Ubuntu and
    vice-versa; LP: #599394.
 -- Loic Minier <email address hidden> Mon, 28 Jun 2010 21:56:54 +0200

Changed in pbuilder (Ubuntu):
status: Confirmed → Fix Released
Scott Evans (vk7hse) wrote :

On Mon, 2010-06-28 at 19:55 +0000, Loïc Minier wrote:
> This is due to the default debootstrap args which now include --keyring.

as this update will take around 6 hours before it it built I grabbed the
new source via dget and built it here. I can confirm that this is not
fixed :-)

Thank you so much!
Scott Evans <email address hidden>

Scott Evans (vk7hse) wrote :

On Mon, 2010-06-28 at 19:55 +0000, Loïc Minier wrote:

> This is due to the default debootstrap args which now include --keyring.

OMG! my fingers have let me down! this should have read...

As this update will take around 6 hours before it is built I grabbed the
new source via dget and built it here. I can confirm that this is now
fixed :-)
Scott Evans <email address hidden>

Pirmin Kalberer (pi-deb) wrote :

I'm having the same problem creating a Debian chroot on Maverick. My workaround:

sudo DIST=sid pbuilder create --debootstrapopts --keyring=/usr/share/keyrings/debian-archive-keyring.gpg

Peter Odding (peterodding) wrote :

For posterity: I believe this to be a bug in debootstrap that was caused by an update to the ubuntu-keyring package [1] that received no corresponding update to the debootstrap 'configuration' files [2].

To summarize:

- This affects Ubuntu <= 12.04 chroots on Ubuntu >= 17.04 hosts.
- The best workaround that I know of is the following command:

sudo debootstrap --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg precise /tmp/precise

The important bit is the non-default --keyring argument.


Peter Odding (peterodding) wrote :

It's a shame I can't edit comments on Launchpad: Please disregard my previous comment, I seem to have misread the issue, sorry for the noise.

The error message noted in the title of this issue exactly matches the problem that I ran into last weekend, which explains how this issue popped up rather prominently in the search results I got when I searched for the error message. The cause is different though.

Hopefully my pointer to the ubuntu-keyring issue will help some folks arriving here via Google :-).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers