While running “sudo make iso” I get:
W: GPG error: hXXp://repo.saltstack.com jessie InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 0E08A149DE57BFBE
W: GPG error: hXXp://repo.powerdns.com jessie-rec-41 InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 1B0C6205FD380FBB
W: GPG error: hXXp://dev.packages.vyos.net current InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 32C249BD0DF04B5C
W: GPG error: hXXp://dev.packages.vyos.net current InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 32C249BD0DF04B5C
I tried to add the manually by 'sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys and indeed they are listed with ‘sudo apt key-list’, but the build script does not find them.
The docker container is pulled from the official repo and docker is running on a debian 10 buster vm.
I am not able to solve issue with missing vyos key
Err:5 http://dev.packages.vyos.net/repositories/equuleus equuleus InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B2BDCEDE2EBF9C06
I only found this key https://dev.packages.vyos.net/vyos_dev_public.key but this is not the right one unfortunately. Checked some keyservers, google and vyos forums and issue tracker but no chance.
Could someone please hint me where I can get the missing pub key B2BDCEDE2EBF9C06?
Okay, keys are actually all included and put under data/live-build-config/archives. In the build process they are copied to build/config/archives where they are picked up by lb (live-build) tool that is used when sudo make iso is run.
Issue can be reproduced by having a umask that restricts access to others (on my system I had umask 077). In the build process build/config/archives is accessed not by root but user _apt which has not access to these files.
My workaround to fix this is this:
Another workaround would be to set a less restrictive umask before cloning vyos-build and running the make process.
Not sure if this should be fixed in vyos or in live-build. For these custom packages they don’t but in source_debian script they run chown _apt:root to prevent such an issue (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953957)
Less convinient would be just to mention this in the build documentation for vyos so affected users could change their umask before following the build process.
I don’t know much more about vyos or live-build. Someone has an idea how this issue should be solved properly?
Above mentioned first workaround is unfortunately not enough. Build completes but when booting the iso
vyos-config[1162]: Configuration error
(among other errors) is logged and you cannot even login. So looks like some other files apart from this apt things are affected as well.
Second workaround by running umask 000 before even cloning the repo and proceeding from there results in a image that does not log any errors and lets you log in as expected