Arch teams, please test and mark stable: =dev-util/cdebootstrap-0.5.8 Target KEYWORDS="amd64 x86"
Something happened recently that is causing a failure, I was thinking of masking it... % sudo cdebootstrap lenny /tmp/test P: Retrieving Release P: Retrieving Release.gpg P: Validating Release E: Couldn't validate Release!
Looks like it requires app-crypt/gnupg-1.
wieneke ~ # debootstrap lenny debootstrap-test/ I: Retrieving Release I: Retrieving Release.gpg I: Checking Release signature E: Release signed by unknown key (key id AED4B06F473041FA) wieneke ~ # cdebootstrap lenny cdebootstrap-test/ P: Retrieving Release P: Retrieving Release.gpg P: Validating Release E: Couldn't validate Release! Ouch.
OK, let's fix that first.
--no-check-gpg works around the issue.
(In reply to comment #5) > --no-check-gpg works around the issue. Er, that's for debootstrap only of course, so the workaround for cdebootstrap would be to use debootstrap instead for the time being. ;-)
I'll just mask it for removal, no sense in having two of the same purpose app.
+ 29 Nov 2011; Jeremy Olexa <darkside@gentoo.org> package.mask: + mask cdebootstrap, libdebian-installer for removal in 30 days, bug 387565
(In reply to comment #8) > + 29 Nov 2011; Jeremy Olexa <darkside@gentoo.org> package.mask: > + mask cdebootstrap, libdebian-installer for removal in 30 days, bug 387565 gone, your bug now
Hi. Not sure of solution status. This bug affects app-emulation/lxc. It doesn't explicitly declare a dependency, though: ... ewarn "will need sys-apps/yum or dev-util/debootstrap." I have separately added a bug for that now (a USE flag with the dep explicitly declared would be nicer: https://bugs.gentoo.org/show_bug.cgi?id=453468). What I learned: - debootstrap itself is not explicit about the path it has been passed for its keyring when dying on error (creating a bug for that shortly, will link to this URL, then post its debian URL as a comment) .. it took me a timely CTRL+Z, a manual execution of debootstrap, strace + grep to figure out the path it was hitting, see next point...) - Gentoo's debootstrap understandably uses a non-default path for the keyring: /usr/share/keyrings/debian-archive-keyring.gpg - The following temporary workaround may be used to resolve the issue: gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --keyserver pgpkeys.mit.edu --recv-key 64481591B98321F9 (Acknowledgement: command line built from post @ https://groups.google.com/forum/?fromgroups=#!topic/linux.debian.bugs.dist/tKv7EYb1HkE ) - In future, it could be useful to include an optional cron script that periodically polls for updates to the debian keyring, an einfo/ewarn line about how to enable it, and/or the standard 'ebuild configure ...' mechanism to execute it once-off (maybe emitting an error if there is no valid trust anchor for the desired key, from either (1) ebuild itself; or (2) the previous key known to the keyring). Since debian keyring updates are supposed to be signed by the last key, they are theoretically a non-issue to run on a regular basis. For details, on this process, see http://www.debian.org/doc/manuals/securing-debian-howto/ch7#s7.5.3.6
For reference, that debootstrap bug (re: insufficiently verbose error, bad docs, resulting in wasted time; particularly bad since debootstrap is the type of tool often run by non-debian-users in non-debian environments) posted @ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698677
Fixed. # git cherry -v git-gentoo-org/master + 3a41bd6a493dc5fedff61fa82301d1fb6ce9ab39 app-crypt/jetring: new package (bug #387565 related) + d5ab799a071a89a7660cd7ace8602e7b2b631ebc app-crypt/debian-archive-keyring: new package (bug #387565 related) + 991fc300c1b952b69fc2f208c5ad59b600a25c4b app-crypt/ubuntu-keyring: new package (bug #387565 related) + cd7afb1b02aa60f6c8c1544034aa6e31c5c9b32c dev-util/debootstrap: Depend on keyrings (bug #387565) Please see bug #575320 for keywords dropped for -r1. Closing...
(In reply to Sebastian Pipping from comment #12) > Fixed. I don't see what you fixed. You added an ebuild which pulls in dependencies you /might/ need at run time or you might not. Having those dependencies is nice, but should not be forced.
https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-util/debootstrap?id=95855bfcf682766a32bc369d3efc7daf8b113f8f Reverted.
I suggest we no further "debianise" debootstrap. 1. Put a USE flag in place that pulls these new dependencies in. 2. Add a small and simple patch that: 2a. Defaults to --no-check-gpg 2b. Suggests switching on that USE flag for validating the packages.
We already had a nice blurb suggesting Release validation requires gnupg, so I just tacked on an additional message about the keyring packages for Debian and Ubuntu. Good to have those packages in the tree now. Thanks everyone!