[pkg-lxc-devel] Bug#885427: lxc: Debian template hardcodes regular keyring even for -ports
Adam Borowski
kilobyte at angband.pl
Wed Dec 27 00:55:08 UTC 2017
Package: lxc
Version: 1:2.0.9-5
Severity: normal
Hi!
When trying to install a second class (ie, -ports) architecture, the Debian
template fails with:
[/srv/lxc]# lxc-create -t debian -B btrfs -n harad --dir /srv/lxc/harad -- -a x32 -r sid --packages=sysvinit-core,sysv-rc --mirror=http://apt.angband.pl:3142/ftp.debian-ports.org/debian
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-sid-x32 ...
Downloading debian minimal ...
I: Retrieving InRelease
I: Checking Release signature
E: Release signed by unknown key (key id 8BC3A7D46F930576)
Failed to download the rootfs, aborting.
Failed to download 'debian base'
failed to install debian
lxc-create: lxccontainer.c: create_run_template: 1427 container creation template for harad failed
lxc-create: tools/lxc_create.c: main: 326 Error creating container harad
This is somewhat expected, as debootstrap (being a low-level tool) doesn't
handle custom keyrings without being told
(--keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg). However,
the Debian template:
* knows about keyrings, and has logic to pick and/or download one
* provides no way to override
Requiring the user to provide a path to the keyring would be acceptable.
If you'd want to be nice, though, it'd be good to detect if we're installing
one of -ports archs (Linux ones are: alpha hppa m68k powerpc powerpcspe
ppc64 sh4 sparc64 x32) and look for the keyring in
/usr/share/keyrings/debian-ports-archive-keyring.gpg. It might be also good
to default the mirror to http://ftp.ports.debian.org/debian-ports/
(Note: to run x32 on an amd64 kernel, append syscall.x32=y to kernel's
cmdline and reboot -- CONFIG_X86_X32 is on in Debian kernels but is disabled
other than as a boot-time option. Such kernels then work normally, exactly
same as i386 support on an amd64 kernel.)
Meow!
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (150, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-rc5-debug-00024-g65228756e20f (SMP w/6 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages lxc depends on:
ii libapparmor1 2.11.1-4
ii libc6 2.25-5
ii libcap2 1:2.25-1.2
ii libgnutls30 3.5.16-1
ii liblxc1 1:2.0.9-5
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.7-2
ii lsb-base 9.20170808
ii python3 3.6.4~rc1-2
ii python3-lxc 1:2.0.9-5
Versions of packages lxc recommends:
ii bridge-utils 1.5-14
ii debootstrap 1.0.93
ii dirmngr 2.2.3-1
pn dnsmasq-base <none>
ii gnupg 2.2.3-1
ii iptables 1.6.1-2+b1
ii libpam-cgfs 2.0.8-1
ii lxcfs 2.0.8-1
ii openssl 1.1.0g-2
ii rsync 3.1.2-2.1
ii uidmap 1:4.5-1
Versions of packages lxc suggests:
pn apparmor <none>
ii btrfs-progs 4.13.3-1
pn lvm2 <none>
-- no debconf information
More information about the Pkg-lxc-devel
mailing list