[elbe-devel] Private debian repo

Ralf Schlatterbeck rsc at runtux.com
Tue Nov 22 14:50:48 CET 2016 

On Mon, Nov 21, 2016 at 08:00:47AM +0100, Manuel Traut wrote:
> <url>
> 	<binary>http...</binary>
> 	<source>http...</source>
> 	<key>http://bla.com/my.pubkey</key>
> </url>

I added this (in both url stanzas in the project and mirror sections
for my own repo):

          <key>http://bee.priv.zoo/debian-local/debkey.asc</key>

(priv.zoo is my local domain)

% wget http://bee.priv.zoo/debian-local/debkey.asc
[...]
Saving to: ‘debkey.asc’
[...]
% gpg debkey.asc         
pub  2048R/1F46F7B6 2009-03-30
uid                            Ralf Schlatterbeck (Debian-Package-Key) <rsc at runtux.com>

(see below for the key-id in the error-message, it ends with the same
hash value indicating that the key could not be found)

but a pbuilder call using one of the packages from that repo in the
build dependencies fails with:

<dump of pbuilder output>
[...]
Reading package lists...
W: GPG error: http://127.0.0.1:8080 jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F89C8B94CEA4E82F
W: GPG error: http://debian.linutronix.de jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 36AA35FF22BB8F84
W: GPG error: http://debian.linutronix.de jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 36AA35FF22BB8F84
W: GPG error: http://bee.priv.zoo jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E428B3091F46F7B6
I: user script //tmp/hooks/D10elbe_apt_sources finished
 -> Attempting to satisfy build-dependencies
 -> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture: armel

[...]

WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

  python-rsclib 

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Abort.
[...]
Package fails to build.
Please make sure, that the submitted package builds in pbuilder
</dump of pbuilder output>

Does the added key in the XML apply to pbuilder, too? Or do I need a
separate mechanism for specifying trusted repos for pbuilder?
It seems I can install the same package in the <buildimage> section in
<project> without problems.

I have latest 1.9.15 elbe debian package with a new initvm built today.

Interesting for me is that I'm getting key-errors on the elbe repos and
on my own one but only the latter leads to a failure later on.

Should I add a key for the elbe repo to the xml file? Why does it work
without one?

Thanks
Ralf
-- 
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office at runtux.com

More information about the elbe-devel mailing list