Custom Debian CD - Problem with APT-CDROM and GPGV
 

Hi,





I'm trying to generate a custom install CD based on Etch. I've set up a
local repository with reprepro, and I've installed and adapted
simple-cdd to my needs.





Everything was working just fine until I decided to include signatures (Release.gpg files). Now here's the problem.





When installing my custom distro with my custom CD, base-installer throws the following error:

[...]

Copying package lists...gpgv: not a detached signature



E: Sub-process gpgv returned an error code (2)



W: Signature verification failed for /cdrom/dists/etch/Release.gpg


[...]

Of course, I've included my own keyring
(/usr/share/keyrings/debian-archive-keyring.gpg
and/etc/apt/trusted.gpg). When checking manually with gpgv (chroot
/target gpgv /cdrom/dists/etch/Release.gpg), I noticed gpgv created
/.gnupg/ and was looking for trustedkeys.gpg under that directory.





So I forced the install process to copy my keyring to that location.


Now, the manual signature check with gpgv is OK, but apt-cdrom still fails to verify the signature.


Whatever the options I use (APT::Get::AllowUnauthenticated...) the problem remains.





Now to my questions:


- Why does apt-cdrom fail if gpgv succeeds when launched manually???


- Why does the install process complete when the Release.gpg file is not even present on the CD???








Thanks...




Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail