4

Before releasing packages to Debian (and later sync them to Ubuntu) I need to test them in a sid chroot, but I get this error on a clean 14.04 system:

$ sudo DIST=sid ARCH=i386 pbuilder create
[sudo] password for u: 
I: Distribution is unstable.
I: Current time: Mon Mar 17 09:37:53 EDT 2014
I: pbuilder-time-stamp: 1395063473
I: Building the build environment
I: running debootstrap
/usr/sbin/debootstrap
I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
E: Release signed by unknown key (key id 8B48AD6246925553)
E: debootstrap failed
W: Aborting with an error
I: cleaning the build env 
I: removing directory /var/cache/pbuilder/build//8688 and its subdirectories

What type of keys do I have to install to avoid such failure?

muru
  • 207,228
Sylvain Pineau
  • 63,229

2 Answers2

5

In order to get it fixed I had to install:

sudo apt-get install debian-archive-keyring

And then create the chroot with

sudo DIST=sid ARCH=i386 pbuilder create --debootstrapopts \
--keyring=/usr/share/keyrings/debian-archive-keyring.gpg
Sylvain Pineau
  • 63,229
1

With Ubuntu 12.04 Precise you might want to check the comment #18 at https://bugs.launchpad.net/ubuntu/+source/pbuilder/+bug/599695

In short:

  1. The key ID 8B48AD6246925553 in the error message is for Debian 7.0 Wheezy, so...
  2. ... find the corresponding key 46925553 from http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=debian+archive&fingerprint=on
  3. Save the key to <file>
  4. Add it with
sudo apt-key add <file>

Now you can do

pbuilder-dist sid create --debootstrapopts --keyring=/etc/apt/trusted.gpg

and after this you can build stuff without having to give the keyring option anymore.

Even better would be to add the key directly to /usr/share/keyrings/debian-archive-keyring.gpg.

Hekkup
  • 11