Hi, (Sorry, overlooked your email.)
Am 2019-08-12 21:31, schrieb Thomas Lange:
I think we cannot fix it in this way. gpg --export 2BF8D9FE074BCDE4 may not work, if the key is not already downloaded and available for gpg. I also do not want to force to install the package debian-keyring on the fai server. And we should not create a file when calling fai-make-nfsroot under /etc which is normally a config file. The idea is to ship the gpg key directly in the fai-server package. So I would add the file /etc/fai/apt/trusted.gpg.d/fai-project.gpg to the package fai-server. What do you think?
Sorry if I wasn't clearer in my bugreport. Yes, I did mean that you should simply add the fai-project.gpg to the package. The gpg --export was just a demonstration how to work around this issue with the current version of FAI. So yes, if you added the file to the package and removed the [trusted=yes] in the /etc/fai/apt/sources.list, that would be perfect. Thanks! Best regards, Christian
