debootstrap fails if ubuntu-keyring installed and release signed by other
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
germinate (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
In OEM group. I am no longer able to run a meta package update script.
It appears that if ubuntu-keyring is installed, debootstrap requires a Release.gpg file that is signed by a key in ubuntu-keyring.
However, OEM releases are signed by another key, so we can no longer update meta packages.
$ apt-cache policy debootstrap
debootstrap:
Installed: 1.0.37
Candidate: 1.0.37
Version table:
*** 1.0.37 0
500 http://
100 /var/lib/
$ apt-cache policy germinate
germinate:
Installed: 1.27
Candidate: 1.27
Version table:
*** 1.27 0
500 http://
100 /var/lib/
Changed in germinate (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Checking signatures is intentional, but can't you use debootstrap --no-check-gpg?
Perhaps the real bug here is that germinate- update- metapackage doesn't offer a way to pass either custom options or this particular option through to debootstrap?