[elbe-devel] Private debian repo
Ralf Schlatterbeck
rsc at runtux.com
Tue Nov 22 14:50:48 CET 2016
On Mon, Nov 21, 2016 at 08:00:47AM +0100, Manuel Traut wrote:
> <url>
> <binary>http...</binary>
> <source>http...</source>
> <key>http://bla.com/my.pubkey</key>
> </url>
I added this (in both url stanzas in the project and mirror sections
for my own repo):
<key>http://bee.priv.zoo/debian-local/debkey.asc</key>
(priv.zoo is my local domain)
% wget http://bee.priv.zoo/debian-local/debkey.asc
[...]
Saving to: ‘debkey.asc’
[...]
% gpg debkey.asc
pub 2048R/1F46F7B6 2009-03-30
uid Ralf Schlatterbeck (Debian-Package-Key) <rsc at runtux.com>
(see below for the key-id in the error-message, it ends with the same
hash value indicating that the key could not be found)
but a pbuilder call using one of the packages from that repo in the
build dependencies fails with:
<dump of pbuilder output>
[...]
Reading package lists...
W: GPG error: http://127.0.0.1:8080 jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F89C8B94CEA4E82F
W: GPG error: http://debian.linutronix.de jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 36AA35FF22BB8F84
W: GPG error: http://debian.linutronix.de jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 36AA35FF22BB8F84
W: GPG error: http://bee.priv.zoo jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E428B3091F46F7B6
I: user script //tmp/hooks/D10elbe_apt_sources finished
-> Attempting to satisfy build-dependencies
-> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture: armel
[...]
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.
python-rsclib
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Abort.
[...]
Package fails to build.
Please make sure, that the submitted package builds in pbuilder
</dump of pbuilder output>
Does the added key in the XML apply to pbuilder, too? Or do I need a
separate mechanism for specifying trusted repos for pbuilder?
It seems I can install the same package in the <buildimage> section in
<project> without problems.
I have latest 1.9.15 elbe debian package with a new initvm built today.
Interesting for me is that I'm getting key-errors on the elbe repos and
on my own one but only the latter leads to a failure later on.
Should I add a key for the elbe repo to the xml file? Why does it work
without one?
Thanks
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office at runtux.com
More information about the elbe-devel
mailing list