debootstrap "Release signed by unknown key"
Solution 1:
-
Where to get the release key? The debian archive keyring server:
https://ftp-master.debian.org/keys.html
-
How to make debootstrap trust this release key:
Make a new keyring, and inform deboostrap to use it:
wget https://ftp-master.debian.org/keys/release-10.asc -qO- | gpg --import --no-default-keyring --keyring ./debian-release-10.gpg debootstrap --keyring=./debian-release-10.gpg buster /srv/busterCompatibility Note:
I found that using a gpg2 keyring would not work due to debootstrap using
gpgvunder the hood, which uses a gpg1 database version. I recreated by gpg database like so from the , note thatgpgis gpg 1.x.x not gpg 2.x.x or newer at time of writing:
If
deboostrap were updated to use gpg --verify instead of gpgv, I would imagine gpg2 could be used as a drop-in replacement - But I cannot be certain.