[pkg-lxc-devel] Bug#1073132: LXC debian template can't find gpg pub keys on Bookworm without network
Eppii
eppii at gandi.net
Thu Jun 13 08:54:47 BST 2024
Package: lxc-templates
Version: 3.0.4.48.g4765da8-1
||/ Name Version Architecture Description
+++-==============-===================-============-============================================
ii lxc-templates 3.0.4.48.g4765da8-1 amd64 Linux Containers userspace tools (templates)
Hello !
Context: we want to create a lxc with the lxc-debian template on a bookworm server without any access to internet.
We identified three issues preventing to achieve our goal and had to edit the /usr/share/lxc/templates/lxc-debian to succeed.
Description:
The download_debian() function states that it must verify signatures using /etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg but since bookworm, debian-archive-keyring install gpg files into the /usr/share/keyrings folder only. See https://packages.debian.org/bookworm/all/debian-archive-keyring/filelist versus bullseye version.
Path lreleasekeyring=/etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg does not exist hence it always tries to download from http://ftp-master.debian.org <http://ftp-master.debian.org/>. Which fails on a no internet access server.
A workaround is to add the --keyring /usr/share/keyrings/debian-archive-$release-stable.gpg args to the command as followed:
lxc-create -n test -t debian -- --mirror http://mymirror/debian --security-mirror http://mymirror/debian-security --release bookworm --keyring /usr/share/keyrings/debian-archive-buster-stable.gpg
A solution would be to modify the line 436 from:
- lreleasekeyring=/etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg
+ lreleasekeyring=/usr/share/keyrings/debian-archive-$release-stable.gpg
OR install the gpg keys back to etc/apt/trusted.gpg.d/ folder or whatever you see as a better fit ;).
Regards,
Eppii
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20240613/0f5280b0/attachment.htm>
More information about the Pkg-lxc-devel
mailing list