From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6658246660386193408 X-Received: by 2002:adf:822f:: with SMTP id 44mr1824106wrb.2.1550663358159; Wed, 20 Feb 2019 03:49:18 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:ea4e:: with SMTP id j14ls21824wrn.8.gmail; Wed, 20 Feb 2019 03:49:17 -0800 (PST) X-Google-Smtp-Source: AHgI3Ib0EdDTjz3j+FOY453QQhK/hCtsTM+ygEx9+1RS+eEARWRrBRW8aboSyf6Ir4eErgXWqJoL X-Received: by 2002:a5d:638b:: with SMTP id p11mr709351wru.6.1550663357809; Wed, 20 Feb 2019 03:49:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550663357; cv=none; d=google.com; s=arc-20160816; b=BYC15lNcsDLrh2itoqJ0H6n0pNJZOlUhXwHf0KI+rVqHT0+yVXyqV0BVCx5UFZHUWr hhvH4KV/k3JxTtYZ47wf/yzqn00YdjYmxMpbmJJ++TtWxgu8Lw6m1/4U2XSF6LV1GWQW DGPM9Eeqeu1N/oaxJFk1LONYZgFz1iDywbCR2xff4rbI5s/ZrrAv5bsX+cv92kuWszjq m4KFFBpRK3ENiMdSLqUO1tDYOWMX1hkpD8/uIw+IKV/SmBCJlaI2r30a7DtTAUeB0Ayw gqxiL4RS4Pa51Ws5Lge8uU1sSKKMTdUhCzt+EkcZJcwUjA8LEEZLZ/RV1p5G9U6hxoRj UUrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:content-description :mime-version:references:message-id:subject:cc:to:from:date; bh=jGgTn9JzZnQ9e5I9bZH5SWHjwx6Z21wEWlyPX0DZm1k=; b=e1d2C4djccYzYH9etGsYFKyUGfvuDFLzMsbc7DwQvgZWb3gz8LBbDa3nl2xkWoecQq jlW8Ob6pOtbTzjtqcjmasHIwUrY1nf6uBUhXBrn+UKu05op/IvDdDBthrDa8QCTa9t9B tdbcpFzyAaMhM/3KTDRqGkw/d8lJslFVIXBUqQUlhXP2/hpalWNPrw7GGKuhu4CaadeM m9i/O4gbcr/VJi6i3eS/rUQ0n2g5v2ou0tAL1zghWtTXFAUbJM3k//32rinmq56648pH 0Pb+/xkdtNJnvoPCEvgZx9RI+Gs3/N+2K82Ui/ZWhp2E0sTMivOpoYJefvxxiAT6dH3s IIEw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id t2si886060wrn.3.2019.02.20.03.49.17 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Feb 2019 03:49:17 -0800 (PST) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id x1KBnHwa025006 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Feb 2019 12:49:17 +0100 Received: from iiotirae (golem.ppmd.siemens.net [139.25.69.17]) by mail1.sbs.de (8.15.2/8.15.2) with SMTP id x1KBnHrZ014651; Wed, 20 Feb 2019 12:49:17 +0100 Date: Wed, 20 Feb 2019 12:47:45 +0100 From: Andreas Reichel To: Jan Kiszka Cc: isar-users@googlegroups.com, Baurzhan Ismagulov , Maksim Osipov Subject: Re: [PATCH 0/1] Fix remote key fetching apt keyring Message-ID: <20190220114745.GA760@iiotirae> References: <20190219162942.6bfb794b@md1za8fc.ad001.siemens.net> <20190220112133.23122-1-andreas.reichel.ext@siemens.com> <20190220113644.GA29247@iiotirae> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Description: message Content-Disposition: inline In-Reply-To: <20190220113644.GA29247@iiotirae> User-Agent: Mutt/1.11.3 (2019-02-01) X-TUID: EGK+Q1JwAYdH On Wed, Feb 20, 2019 at 12:36:44PM +0100, Andreas Reichel wrote: > > > > > > | I: Running command: debootstrap --arch arm64 --foreign --verbose --variant=minbase --include=locales --components=main,contrib,non-free --keyring /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg stretch /build/build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/rootfs http://ftp.debian.org/debian > > > | I: Retrieving InRelease > > > | I: Retrieving Release > > > | I: Retrieving Release.gpg > > > | I: Checking Release signature > > > | E: Release signed by unknown key (key id EF0F382A1A7B6500) > > > > > > So something additionally must be done. Since I am not an expert on > > > debian keyring/debootstrap and dpkg signing I will try to find a > > > solution but maybe somebody has a good idea already? > > > > > > > Baurzhan, Maxim, any idea? > > > I foudn a solution, one has to trust the key manually: > > The following snippet can do this: > > gpg --keyring build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg --list-keys --with-colons | \ > sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' | \ > gpg --import-ownertrust --keyring build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg > > I will try and write a patch for this. > Well the idea was good, but there is another problem... obviously the key debootstrap complains about is NOT the docker key... it is even not inside the keyring. It seems debootstrap only uses a keyring with only one key now which cannot work if we want to ADD a repo with a corresponding key. ---- builder@bdf0e3b84f79:/build$ gpg --keyring build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg --list-keys build/tmp/work/debian-stretch-arm64/isar-bootstrap-target/apt-keyring.gpg ------------------------------------------------------------------------- pub rsa4096 2017-02-22 [SCEA] 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 uid [ultimate] Docker Release (CE deb) sub rsa4096 2017-02-22 [S] ---- But at least we can see the change to ultimate trust worked ;) Andreas > Andreas > > Jan > > > > -- > > Siemens AG, Corporate Technology, CT RDA IOT SES-DE > > Corporate Competence Center Embedded Linux > > -- > Andreas Reichel > Dipl.-Phys. (Univ.) > Software Consultant > > Andreas.Reichel@tngtech.com, +49-174-3180074 > TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring > Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller > Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082 > -- Andreas Reichel Dipl.-Phys. (Univ.) Software Consultant Andreas.Reichel@tngtech.com, +49-174-3180074 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082