Release signed by unknown key (key id 40976EAF437D05B5)

Are you trying to do that on a chroot?

On Mon, 2010-06-28 at 15:46 +0000, Lorenzo De Liso wrote:

> Are you trying to do that on a chroot?
>
> ** Changed in: pbuilder (Ubuntu)
> Importance: Undecided => Medium
>

attempting to create one yes ...

Here is the content in my /etc/pbuilderrc file

# Codenames for Debian suites according to their alias. Update these
when
# needed.
UNSTABLE_CODENAME="sid"
TESTING_CODENAME="squeeze"
STABLE_CODENAME="lenny"
STABLE_BACKPORTS_SUITE="$STABLE_CODENAME-backports"

# List of Debian suites.
DEBIAN_SUITES=($UNSTABLE_CODENAME $TESTING_CODENAME $STABLE_CODENAME
    "unstable" "testing" "stable")

# List of Ubuntu suites. Update these when needed.
UBUNTU_SUITES=("maverick" "lucid" "karmic" "jaunty" "hardy")

# Mirrors to use. Update these to your preferred mirror.
DEBIAN_MIRROR="mirror.internode.on.net/pub/debian"
UBUNTU_MIRROR="mirror.internode.on.net/pub/ubuntu/ubuntu"

# Optionally use the changelog of a package to determine the suite to
use if
# none set.
if [ -z "${DIST}" ] && [ -r "debian/changelog" ]; then
    DIST=$(dpkg-parsechangelog | awk '/^Distribution: / {print $2}')
    # Use the unstable suite for certain suite values.
    if $(echo "experimental UNRELEASED" | grep -q $DIST); then
        DIST="$UNSTABLE_CODENAME"
    fi
fi

# Optionally set a default distribution if none is used. Note that you
can set
# your own default (i.e. ${DIST:="unstable"}).
: ${DIST:="$(lsb_release --short --codename)"}

# Optionally change Debian release states in $DIST to their names.
case "$DIST" in
    unstable)
        DIST="$UNSTABLE_CODENAME"
        ;;
    testing)
        DIST="$TESTING_CODENAME"
        ;;
    stable)
        DIST="$STABLE_CODENAME"
        ;;
esac

# Optionally set the architecture to the host architecture if none set.
Note
# that you can set your own default (i.e. ${ARCH:="i386"}).
: ${ARCH:="$(dpkg --print-architecture)"}

NAME="$DIST"
if [ -n "${ARCH}" ]; then
    NAME="$NAME-$ARCH"
    DEBOOTSTRAPOPTS=("--arch" "$ARCH" "${DEBOOTSTRAPOPTS[@]}")
fi
BASETGZ="/var/cache/pbuilder/$NAME-base.tgz"
# Optionally, set BASEPATH (and not BASETGZ) if using cowbuilder
# BASEPATH="/var/cache/pbuilder/$NAME/base.cow/"
DISTRIBUTION="$DIST"
BUILDRESULT="/var/cache/pbuilder/$NAME/result/"
APTCACHE="/var/cache/pbuilder/$NAME/aptcache/"
BUILDPLACE="/var/cache/pbuilder/build/"

if $(echo ${DEBIAN_SUITES[@]} | grep -q $DIST); then
    # Debian configuration
    MIRRORSITE="http://$DEBIAN_MIRROR/debian/"
    COMPONENTS="main contrib non-free"
    # This is for enabling backports for the Debian stable suite.
    if $(echo "$STABLE_CODENAME stable" | grep -q $DIST); then
        EXTRAPACKAGES="$EXTRAPACKAGES debian-backports-keyring"
        OTHERMIRROR="$OTHERMIRROR | deb http://www.backports.org/debian
$STABLE_BACKPORTS_SUITE $COMPONENTS"
    fi
elif $(echo ${UBUNTU_SUITES[@]} | grep -q $DIST); then
    # Ubuntu configuration
    MIRRORSITE="http://$UBUNTU_MIRROR/ubuntu/"
    COMPONENTS="main restricted universe multiverse"
else
    echo "Unknown distribution: $DIST"
    exit 1
fi

# ccache
sudo mkdir -p /var/cache/pbuilder/ccache
sudo chmod a+w /var/cache/pbuilder/ccache
export CCACHE_DIR="/var/cache/pbuilder/ccache"
export PATH="/usr/lib/ccach...

I can reproduce that on a maverick chroot.

This is due to the default debootstrap args which now include --keyring.

This bug was fixed in the package pbuilder - 0.198ubuntu2

---------------
pbuilder (0.198ubuntu2) maverick; urgency=low

  * pbuilderrc: Use /usr/share/keyrings/ubuntu-archive-keyring.gpg by default
    instead of debian-archive-keyring.gpg; this should really be set on a
    per-distro way since it breaks creation of Debian chroots from Ubuntu and
    vice-versa; LP: #599394.
 -- Loic Minier <email address hidden> Mon, 28 Jun 2010 21:56:54 +0200

On Mon, 2010-06-28 at 19:55 +0000, Loïc Minier wrote:
> This is due to the default debootstrap args which now include --keyring.
>

as this update will take around 6 hours before it it built I grabbed the
new source via dget and built it here. I can confirm that this is not
fixed :-)

Thank you so much!
--
Scott Evans <email address hidden>

On Mon, 2010-06-28 at 19:55 +0000, Loïc Minier wrote:

> This is due to the default debootstrap args which now include --keyring.
>

OMG! my fingers have let me down! this should have read...

As this update will take around 6 hours before it is built I grabbed the
new source via dget and built it here. I can confirm that this is now
fixed :-)
--
Scott Evans <email address hidden>

I'm having the same problem creating a Debian chroot on Maverick. My workaround:

sudo DIST=sid pbuilder create --debootstrapopts --keyring=/usr/share/keyrings/debian-archive-keyring.gpg

For posterity: I believe this to be a bug in debootstrap that was caused by an update to the ubuntu-keyring package [1] that received no corresponding update to the debootstrap 'configuration' files [2].

To summarize:

- This affects Ubuntu <= 12.04 chroots on Ubuntu >= 17.04 hosts.
- The best workaround that I know of is the following command:

sudo debootstrap --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg precise /tmp/precise http://old-releases.ubuntu.com/ubuntu/

The important bit is the non-default --keyring argument.

[1] https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1363482
[2] https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1363482/comments/7

It's a shame I can't edit comments on Launchpad: Please disregard my previous comment, I seem to have misread the issue, sorry for the noise.

The error message noted in the title of this issue exactly matches the problem that I ran into last weekend, which explains how this issue popped up rather prominently in the search results I got when I searched for the error message. The cause is different though.

Hopefully my pointer to the ubuntu-keyring issue will help some folks arriving here via Google :-).