How to override SignedBy in apt? #3022

ragazenta · 2024-09-13T11:21:35Z

ragazenta
Sep 13, 2024

Is there any workarounds to override SignedBy in apt?

I'm trying to use 32-bit armhf mirror of Raspbian. They use their own gpg key. Currently signedby is hardcoded based on the distro.

mkosi/mkosi/distributions/debian.py

Line 55 in f7fddc7

signedby = Path("/usr/share/keyrings/debian-archive-keyring.gpg")

I mean without disabling repository_key_check.

Answered by DaanDeMeyer

Sep 13, 2024

@ragazenta Write your own sources file to /etc/apt/sources.list.d using SandboxTrees= and disable the builtin sources file by writing an empty file to /etc/apt/sources.list.d/mkosi.sources also using SandboxTrees=

View full answer

DaanDeMeyer · 2024-09-13T11:40:42Z

DaanDeMeyer
Sep 13, 2024
Maintainer

@ragazenta Write your own sources file to /etc/apt/sources.list.d using SandboxTrees= and disable the builtin sources file by writing an empty file to /etc/apt/sources.list.d/mkosi.sources also using SandboxTrees=

0 replies

ragazenta · 2024-09-24T13:07:13Z

ragazenta
Sep 24, 2024
Author

Sorry I'm confused how to use SandboxTrees. Previously I was not using mkosi from latest git main so I used mkosi.skeleton instead of SandboxTrees.

mkosi.skeleton/
├── boot
│   └── firmware
│       ├── autoboot.txt
│       ├── cmdline.txt
│       └── config.txt
├── etc
│   └── apt
│       ├── auth.conf.d
│       └── sources.list.d
└── usr
    └── share
        └── keyrings

Now I use mkosi from latest git main, if I set SandboxTrees, error apt-get not found.

SandboxTrees=
	mkosi.skeleton/etc/apt:/etc/apt
	mkosi.skeleton/usr/share/keyrings:/usr/share/keyrings

4 replies

DaanDeMeyer Sep 24, 2024
Maintainer

@ragazenta I can't help without the full logs and the full contents of the sandbox tree. Either list them in an issue or put them in a github repository somewhere so I can take a look

ragazenta Sep 25, 2024
Author

Repo: https://github.com/ragazenta/mkpiosi

Log

‣ Loading configuration file /home/mkosi/mkpiosi/mkosi.conf
‣ Loading configuration file /home/mkosi/mkpiosi/mkosi.images/base/mkosi.conf
‣ Loading configuration file /home/mkosi/mkpiosi/mkosi.images/initrd/mkosi.conf
‣ + timedatectl show -p Timezone --value
‣ + timedatectl show -p Timezone --value
‣ Removing output files of base image…
‣ Acquiring lock on /home/mkosi/mkpiosi/mkosi.output/base_0.1.0
‣ Acquired lock on /home/mkosi/mkpiosi/mkosi.output/base_0.1.0
‣ + btrfs subvolume delete /work/home/mkosi/mkpiosi/mkosi.output/base_0.1.0
WARNING: cannot read default subvolume id: Operation not permitted
Delete subvolume 1866 (no-commit): '/work/home/mkosi/mkpiosi/mkosi.output/base_0.1.0'
ERROR: Could not destroy subvolume/snapshot: Operation not permitted
WARNING: deletion failed with EPERM, you don't have permissions or send may be in progress
‣ + rm -rf -- /work/home/mkosi/mkpiosi/mkosi.output/base_0.1.0
‣ Removing output files of initrd image…
‣ Acquiring lock on /home/mkosi/mkpiosi/mkosi.output/initrd_0.1.0
‣ Acquired lock on /home/mkosi/mkpiosi/mkosi.output/initrd_0.1.0
‣ + rm -rf -- /work/home/mkosi/mkpiosi/mkosi.output/initrd_0.1.0 /work/home/mkosi/mkpiosi/mkosi.output/initrd_0.1.0.cpio.zst
‣ + /usr/bin/systemd-repart --version
‣ Syncing package manager metadata
‣ Acquiring lock on /home/mkosi/.cache/mkosi/debian~bookworm~arm64/cache/apt
‣ Acquired lock on /home/mkosi/.cache/mkosi/debian~bookworm~arm64/cache/apt
‣ Acquiring lock on /home/mkosi/.cache/mkosi/debian~bookworm~arm64/lib/apt
‣ Acquired lock on /home/mkosi/.cache/mkosi/debian~bookworm~arm64/lib/apt
‣  Copying in sandbox trees…
‣ + cp --recursive --no-dereference --preserve=mode,links --reflink=auto --copy-contents /work/home/mkosi/mkpiosi/mkosi.skeleton/etc/apt /work/home/mkosi/.cache/mkosi/mkosi-workspace-yvzminet/sandbox/etc/apt --no-target-directory
‣ + cp --recursive --no-dereference --preserve=mode,links --reflink=auto --copy-contents /work/home/mkosi/mkpiosi/mkosi.skeleton/usr/share/keyrings /work/home/mkosi/.cache/mkosi/mkosi-workspace-yvzminet/sandbox/usr/share/keyrings --no-target-directory
‣ + apt-get -o APT::Architecture=arm64 -o APT::Architectures=arm64 -o APT::Install-Recommends=false -o APT::Immediate-Configure=off -o APT::Get::Assume-Yes=true -o APT::Get::AutomaticRemove=true -o APT::Get::Allow-Change-Held-Packages=true -o APT::Get::Allow-Remove-Essential=true -o APT::Sandbox::User=root -o Acquire::AllowReleaseInfoChange=true -o Dir::Cache=/var/cache/apt -o Dir::State=/var/lib/apt -o Dir::Log=/var/log/apt -o Dir::State::Status=/buildroot/var/lib/dpkg/status -o Dir::Bin::DPkg=/usr/bin/dpkg -o Debug::NoLocking=true -o DPkg::Options::=--root=/buildroot -o DPkg::Options::=--force-unsafe-io -o DPkg::Options::=--force-architecture -o DPkg::Options::=--force-depends -o DPkg::Options::=--no-debsig -o DPkg::Use-Pty=false -o DPkg::Install::Recursive::Minimum=1000 -o pkgCacheGen::ForceEssential=, update
‣ apt-get not found.
‣ + rm -rf -- /work/home/mkosi/.cache/mkosi/mkosi-workspace-yvzminet
‣ + tput cnorm
‣ + tput smam
Traceback (most recent call last):
  File "/home/mkosi/mkosi/mkosi/run.py", line 64, in uncaught_exception_handler
    yield
  File "/usr/lib/python3.11/contextlib.py", line 81, in inner
    return func(*args, **kwds)
           ^^^^^^^^^^^^^^^^^^^
  File "/home/mkosi/mkosi/mkosi/__main__.py", line 36, in main
    run_verb(args, images, resources=resources)
  File "/home/mkosi/mkosi/mkosi/__init__.py", line 4328, in run_verb
    sync_repository_metadata(args, images, resources=resources, dst=Path(metadata_dir))
  File "/home/mkosi/mkosi/mkosi/__init__.py", line 4060, in sync_repository_metadata
    context.config.distribution.package_manager(context.config).sync(
  File "/home/mkosi/mkosi/mkosi/installer/apt.py", line 230, in sync
    cls.invoke(context, "update")
  File "/home/mkosi/mkosi/mkosi/installer/apt.py", line 221, in invoke
    return run(
           ^^^^
  File "/home/mkosi/mkosi/mkosi/run.py", line 152, in run
    with spawn(
  File "/usr/lib/python3.11/contextlib.py", line 144, in __exit__
    next(self.gen)
  File "/home/mkosi/mkosi/mkosi/run.py", line 297, in spawn
    raise subprocess.CalledProcessError(returncode, cmdline)
subprocess.CalledProcessError: Command '['apt-get', '-o', 'APT::Architecture=arm64', '-o', 'APT::Architectures=arm64', '-o', 'APT::Install-Recommends=false', '-o', 'APT::Immediate-Configure=off', '-o', 'APT::Get::Assume-Yes=true', '-o', 'APT::Get::AutomaticRemove=true', '-o', 'APT::Get::Allow-Change-Held-Packages=true', '-o', 'APT::Get::Allow-Remove-Essential=true', '-o', 'APT::Sandbox::User=root', '-o', 'Acquire::AllowReleaseInfoChange=true', '-o', 'Dir::Cache=/var/cache/apt', '-o', 'Dir::State=/var/lib/apt', '-o', 'Dir::Log=/var/log/apt', '-o', 'Dir::State::Status=/buildroot/var/lib/dpkg/status', '-o', 'Dir::Bin::DPkg=/usr/bin/dpkg', '-o', 'Debug::NoLocking=true', '-o', 'DPkg::Options::=--root=/buildroot', '-o', 'DPkg::Options::=--force-unsafe-io', '-o', 'DPkg::Options::=--force-architecture', '-o', 'DPkg::Options::=--force-depends', '-o', 'DPkg::Options::=--no-debsig', '-o', 'DPkg::Use-Pty=false', '-o', 'DPkg::Install::Recursive::Minimum=1000', '-o', 'pkgCacheGen::ForceEssential=,', 'update']' returned non-zero exit status 127.

DaanDeMeyer Sep 25, 2024
Maintainer

@ragazenta #3066 will fix your issue

ragazenta Sep 25, 2024
Author

@ragazenta #3066 will fix your issue

Yes. Thank you.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

How to override SignedBy in apt? #3022

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 4 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

How to override SignedBy in apt? #3022

Uh oh!

Uh oh!

ragazenta Sep 13, 2024

Replies: 2 comments · 4 replies

Uh oh!

DaanDeMeyer Sep 13, 2024 Maintainer

Uh oh!

ragazenta Sep 24, 2024 Author

Uh oh!

DaanDeMeyer Sep 24, 2024 Maintainer

Uh oh!

ragazenta Sep 25, 2024 Author

Uh oh!

DaanDeMeyer Sep 25, 2024 Maintainer

Uh oh!

ragazenta Sep 25, 2024 Author

ragazenta
Sep 13, 2024

Replies: 2 comments 4 replies

DaanDeMeyer
Sep 13, 2024
Maintainer

ragazenta
Sep 24, 2024
Author

DaanDeMeyer Sep 24, 2024
Maintainer

ragazenta Sep 25, 2024
Author

DaanDeMeyer Sep 25, 2024
Maintainer

ragazenta Sep 25, 2024
Author