<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Greetings.<br>
<br>
While building install kernel, apt is configured to ignore failure
of validation against gpg keys.<br>
I presume the setting is a convenience, not a workaround for an apt
bug.<br>
No -- I have not been hurt by the setting, the build seems secure
without passing validation.<br>
But -- I worked a while to provide keys for validation anyway.
Without success.<br>
<br>
OK -- a short explanation:<br>
I provided a FAI Project repo to
faiserver/etc/fai/apt/sources.list.d/fai.list and it works.<br>
I provided a FAI Project key to faiserver/etc/fai/apt/trusted.gpg
too.<br>
I also provided a key to
faiserver/etc/fai/apt/trusted.gpg.d/fai.gpg just for fun.<br>
<br>
apt-key list shows the key:<br>
<blockquote>pub 4096R/074BCDE4 2013-07-30<br>
uid Thomas Lange
<a class="moz-txt-link-rfc2396E" href="mailto:lange@informatik.uni-koeln.de"><lange@informatik.uni-koeln.de></a><br>
uid Thomas Lange <a class="moz-txt-link-rfc2396E" href="mailto:lange@debian.org"><lange@debian.org></a><br>
sub 4096R/517A03DA 2013-07-30<br>
</blockquote>
in both files it was loaded into. I have validated that the key
does appear in /srv/fai/nfsroot/etc/apt/trusted.gpg.<br>
<br>
But -- /var/log/fai/fai-setup.log shows the following:<br>
<blockquote>WARNING: untrusted versions of the following packages
will be installed!<br>
<br>
Untrusted packages could compromise your system's security.<br>
You should only proceed with the installation if you are certain
that<br>
this is what you want to do.<br>
<br>
fai-nfsroot fai-client fai-setup-storage liblinux-lvm-perl<br>
</blockquote>
SO -- what am I missing? Apt in the chroot is configured to
specifically do the work of validation, but fails. Is there any
hope that validation might be made to work for both install kernel
and client?<br>
<br>
It is not a hot issue, but thanks in advance for any insight.<br>
Skip<br>
</body>
</html>