Ubuntu – Can I use a Debian package build environment to build Ubuntu packages

debianpackage-managementpackagingpbuilder

I have a Debian wheezy server that I use to build packages using pbuilder and git-buildpackage. I can currently build packages for Debian sid, wheezy, and squeeze.

I would like to use this same server to build packages for Ubuntu distributions. I have tried to do this by creating a trusty config file in /etc/pbuilder/trusty, but I get errors from debootstrap:

 -> Invoking pbuilder
  forking: pbuilder create --configfile /etc/pbuilder/trusty --buildplace /var/cache/pbuilder/base-trusty.cow --mirror http://debian.stanford.edu/ubuntu --distribution trusty --no-targz --extrapackages cowdancer 
W: /root/.pbuilderrc does not exist
I: Running in no-targz mode
I: Distribution is trusty.
I: Current time: Thu Oct  2 14:24:21 PDT 2014
I: pbuilder-time-stamp: 1412285061
I: Building the build environment
I: running debootstrap
/usr/sbin/debootstrap
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
E: Release signed by unknown key (key id 3B4FE6ACC0B21F32)
E: debootstrap failed
W: Aborting with an error
pbuilder create failed
  forking: rm -rf /var/cache/pbuilder/base-trusty.cow 

Here is the output of apt-key list:

/etc/apt/trusted.gpg
--------------------
pub   4096R/C0B21F32 2012-05-11
uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

/etc/apt/trusted.gpg.d//debian-archive-squeeze-automatic.gpg
------------------------------------------------------------
pub   4096R/473041FA 2010-08-27 [expires: 2018-03-05]
uid                  Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d//debian-archive-squeeze-stable.gpg
---------------------------------------------------------
pub   4096R/B98321F9 2010-08-07 [expires: 2017-08-05]
uid                  Squeeze Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d//debian-archive-wheezy-automatic.gpg
-----------------------------------------------------------
pub   4096R/46925553 2012-04-27 [expires: 2020-04-25]
uid                  Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d//debian-archive-wheezy-stable.gpg
--------------------------------------------------------
pub   4096R/65FFB764 2012-05-08 [expires: 2019-05-07]
uid                  Wheezy Stable Release Key <debian-release@lists.debian.org>

Maybe someone knows the proper configuration that will allow me to do this. Or should I just give up and build a separate build server based on Ubuntu itself?

Best Answer

  • The issue is that debootstrap doesn't use your local keyrings in /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d/, but only uses the keyrings under /usr/share/keyrings/.

    From Debian 8 Jessie onwards, you can simply install the (official Debian) package ubuntu-archive-keyring and it should fix your issue.

    On earlier Debian releases, you could make pbuilder pass --keyring=/etc/apt/trusted.gpg to debootstrap as you have the correct key already in that file. Adding --debootstrapopts --keyring=/etc/apt/trusted.gpg to the pbuilder call should do that according to its man page.