attempting to create a new Debian lxc container using "buster" or "bullseye" results in an abort due to an incorrect or out of date keyring. # lxc-create -n deb -t debian -- -r buster debootstrap is /usr/sbin/debootstrap Checking cache download in /var/lib/cache/lxc/debian/rootfs-buster-amd64 ... gpg: key 7638D0442B90D010: 4 signatures not checked due to missing keys gpg: key 7638D0442B90D010: "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 Downloading debian minimal ... I: Retrieving InRelease I: Checking Release signature E: Release signed by unknown key (key id DCC9EFBF77E11517) The specified keyring /var/lib/cache/lxc/debian/archive-key.gpg may be incorrect or out of date. You can find the latest Debian release key at https://ftp-master.debian.org/keys.html Failed to download the rootfs, aborting. # lxc-create -n deb -t debian -- -r bullseye debootstrap is /usr/sbin/debootstrap Checking cache download in /var/lib/cache/lxc/debian/rootfs-bullseye-amd64 ... gpg: key 7638D0442B90D010: 4 signatures not checked due to missing keys gpg: key 7638D0442B90D010: "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 Downloading debian minimal ... I: Retrieving InRelease I: Checking Release signature E: Release signed by unknown key (key id 648ACFD622F3D138) The specified keyring /var/lib/cache/lxc/debian/archive-key.gpg may be incorrect or out of date. You can find the latest Debian release key at https://ftp-master.debian.org/keys.html Failed to download the rootfs, aborting. Older releases seem to work: lxc-create -n deb -t debian -- -r stretch debootstrap is /usr/sbin/debootstrap Checking cache download in /var/lib/cache/lxc/debian/rootfs-stretch-amd64 ... gpg: key 7638D0442B90D010: 4 signatures not checked due to missing keys gpg: key 7638D0442B90D010: "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 Downloading debian minimal ... I: Retrieving InRelease I: Retrieving Release I: Retrieving Release.gpg I: Checking Release signature I: Valid Release signature (key id 126C0D24BD8A2942CC7DF8AC7638D0442B90D010) I: Retrieving Packages I: Validating Packages
using app-emulation/lxc-4.0.4 and app-emulation/lxc-templates-3.0.4
This may be related to the SKS server hack... Few things to try: You can try to import the new PGP keys they use to sign those those releases. For buster, they seem to be available here: https://lists.debian.org/debian-devel-announce/2019/04/msg00008.html cd /tmp wget https://ftp-master.debian.org/keys/archive-key-10.asc https://ftp-master.debian.org/keys/archive-key-10-security.asc gpg --import archive-key-10.asc gpg --import archive-key-10-security.asc lxc-create -n deb -t debian -- -r buster Also "lxc-create -n deb -t download -- -r buster" may work better for you too. (I'm currently not around my lxc machine)
(In reply to Joonas Niilola from comment #2) > > Also "lxc-create -n deb -t download -- -r buster" may work better for you > too. > Yes, that works. Thanks!
