Package: mmdebstrap Version: 1.3.1-2 Severity: normal X-Debbugs-Cc: none, Dima Kogan <dko...@debian.org>
Hi. I'm using mmdebstrap to bootstrap an install that uses the normal Debian repos AND my own repo. My repo is signed with a key that lives in $PWD/keys/something.gpg. I pass --keyring=$PWD/keys as suggested in the docs, but this doesn't work for some mysterious reason. No clear diagnostics are avaible, with --verbose saying nothing extra. This is what I see: $ sudo mmdebstrap \ --architectures=arm64 \ --keyring=$PWD/keys \ --aptopt 'Acquire::https::MY_REPO_DOMAIN::Verify-Peer "false"' \ bookworm \ bookworm-tst \ http://deb.debian.org/debian \ http://MY_REPO_DOMAIN/public/debian/bookworm I: automatically chosen mode: root I: arm64 cannot be executed natively, but transparently using qemu-user binfmt emulation I: finding correct signed-by value... I: automatically chosen format: directory I: running apt-get update... Get:1 https://MY_REPO_DOMAIN/public/debian/bookworm bookworm InRelease [5136 B] Get:2 http://deb.debian.org/debian bookworm InRelease [177 kB] Err:1 https://MY_REPO_DOMAIN/public/debian/bookworm bookworm InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 221CA67104340B68 Get:3 http://deb.debian.org/debian bookworm/main arm64 Packages [8909 kB] Reading package lists... W: GPG error: https://MY_REPO_DOMAIN/public/debian/bookworm bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 221CA67104340B68 E: The repository 'http://MY_REPO_DOMAIN/public/debian/bookworm bookworm InRelease' is not signed. E: apt-get update --error-on=any -oAPT::Status-Fd=<$fd> -oDpkg::Use-Pty=false failed I: main() received signal PIPE: waiting for setup... E: mmdebstrap failed to run This should work, but it doesn't. I used sysdig to confirm that something is indeed looking in $PWD/keys/ and something is indeed calling read() on the relevant key. I have also confirmed that if I copy my keys to /etc/apt/trusted.gpg.d/ then it does work properly. But I don't want to do that. Ideally I'd like mmdebstrap to grab all the keys in $PWD/keys and add them to /etc/apt/trusted.gpg.d/ in the chroot, but NOT on the host machine. Any clear way to do that? Any debugging tricks I'm missing? Thanks! -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (800, 'unstable'), (700, 'testing'), (500, 'unstable-debug'), (500, 'stable') merged-usr: no Architecture: amd64 (x86_64) Foreign Architectures: armhf, armel Kernel: Linux 6.1.0-2-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mmdebstrap depends on: ii apt 2.5.2 ii perl 5.36.0-4 ii python3 3.10.6-1 Versions of packages mmdebstrap recommends: pn arch-test <none> pn fakechroot <none> ii fakeroot 1.29-1 ii gpg 2.2.35-3 ii libdistro-info-perl 1.1 ii libdpkg-perl 1.21.19 ii mount 2.38.1-1 pn uidmap <none> Versions of packages mmdebstrap suggests: pn apt-transport-tor <none> ii apt-utils 2.5.2 ii binfmt-support 2.2.2-1 ii ca-certificates 20211016 ii debootstrap 1.0.127 ii distro-info-data 0.54 ii dpkg-dev 1.21.19 pn genext2fs <none> ii perl-doc 5.36.0-4 pn qemu-user <none> ii qemu-user-static 1:7.0+dfsg-7+b1 pn squashfs-tools-ng <none> -- no debconf information