Apt signature verification fails on Debian Trixie #2069
Description
Description of Issue/Question
Salt bootstrap fails on Debian Trixie. (Trixie is not yet released, but is expected to be released as Debian 13 some time in 2025.)
The issue is that bootstrap sets Signed-By: /etc/apt/keyrings/salt-archive-keyring.pgp in /etc/apt/sources.list.d/salt.sources. That .pgp file is ascii-armored, but the latest version of apt used in Trixie only supports dearmoring keys if they're in .asc files. It assumes any other filenames contain binary keys. You can see the current apt key handling logic here.
Setup
No special configs, just trying to install stable salt on a fresh Debian Trixie install.
Steps to Reproduce Issue
Install log from an install attempt on trixie:
root@trixie:/tmp# ./bootstrap-salt.sh -D stable
* INFO: Running version: 2024.11.29
* INFO: Executed by: /bin/sh
* INFO: Command line: './bootstrap-salt.sh -D stable'
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 6.1.0-28-amd64
* INFO: Distribution: Debian 13.0
* DEBUG: Binaries will be searched using the following $PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/u
sr/bin:/sbin:/bin
* INFO: Installing minion
* DEBUG: install_debian_13_onedir_deps not found....
* DEBUG: install_debian_13_0_onedir_deps not found....
* DEBUG: install_debian_13_deps not found....
* DEBUG: install_debian_13_0_deps not found....
* INFO: Found function install_debian_onedir_deps
* DEBUG: DEPS_INSTALL_FUNC=install_debian_onedir_deps
* DEBUG: config_debian_13_onedir_salt not found....
* DEBUG: config_debian_13_0_onedir_salt not found....
* DEBUG: config_debian_13_salt not found....
* DEBUG: config_debian_13_0_salt not found....
* DEBUG: config_debian_onedir_salt not found....
* DEBUG: config_debian_salt not found....
* INFO: Found function config_salt
* DEBUG: CONFIG_SALT_FUNC=config_salt
* DEBUG: preseed_debian_13_onedir_master not found....
* DEBUG: preseed_debian_13_0_onedir_master not found....
* DEBUG: preseed_debian_13_master not found....
* DEBUG: preseed_debian_13_0_master not found.... [38/9851]
* DEBUG: preseed_debian_onedir_master not found....
* DEBUG: preseed_debian_master not found....
* INFO: Found function preseed_master
* DEBUG: PRESEED_MASTER_FUNC=preseed_master
* DEBUG: INSTALL_FUNC_NAMES=install_debian_13_onedir install_debian_13_0_onedir install_debian_onedir
* DEBUG: install_debian_13_onedir not found....
* DEBUG: install_debian_13_0_onedir not found....
* INFO: Found function install_debian_onedir
* DEBUG: INSTALL_FUNC=install_debian_onedir
* DEBUG: install_debian_13_onedir_post not found....
* DEBUG: install_debian_13_0_onedir_post not found....
* DEBUG: install_debian_13_post not found....
* DEBUG: install_debian_13_0_post not found....
* DEBUG: install_debian_onedir_post not found....
* DEBUG: install_debian_post not found....
* DEBUG: POST_INSTALL_FUNC=null
* DEBUG: install_debian_13_onedir_restart_daemons not found....
* DEBUG: install_debian_13_0_onedir_restart_daemons not found....
* DEBUG: install_debian_13_restart_daemons not found....
* DEBUG: install_debian_13_0_restart_daemons not found....
* DEBUG: install_debian_onedir_restart_daemons not found....
* INFO: Found function install_debian_restart_daemons
* DEBUG: STARTDAEMONS_INSTALL_FUNC=install_debian_restart_daemons
* DEBUG: daemons_running_debian_13_onedir not found....
* DEBUG: daemons_running_debian_13_0_onedir not found....
* DEBUG: daemons_running_debian_13 not found....
* DEBUG: daemons_running_debian_13_0 not found....
* DEBUG: daemons_running_debian_onedir not found....
* DEBUG: daemons_running_debian not found....
* INFO: Found function daemons_running_onedir
* DEBUG: DAEMONS_RUNNING_FUNC=daemons_running_onedir
* DEBUG: install_debian_13_onedir_check_services not found....
* DEBUG: install_debian_13_0_onedir_check_services not found....
* DEBUG: install_debian_13_check_services not found....
* DEBUG: install_debian_13_0_check_services not found....
* DEBUG: install_debian_onedir_check_services not found....
* INFO: Found function install_debian_check_services
* DEBUG: CHECK_SERVICES_FUNC=install_debian_check_services
* INFO: Running install_debian_onedir_deps()
* DEBUG: install_debian_onedir_git_deps() entry
Hit:1 http://deb.debian.org/debian trixie InRelease
Hit:2 http://deb.debian.org/debian trixie-updates InRelease
Hit:3 http://deb.debian.org/debian-security trixie-security InRelease
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
procps is already the newest version (2:4.0.4-6).
pciutils is already the newest version (1:3.13.0-1+b1).
python3-yaml is already the newest version (6.0.2-1+b1).
sudo is already the newest version (1.9.16p1-1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
* DEBUG: __install_saltstack_debian_onedir_repository() entry
Reading package lists...
Building dependency tree...
Reading state information...
wget is already the newest version (1.24.5-2+b1).
gnupg2 is already the newest version (2.2.45-2).
apt-transport-https is already the newest version (2.9.16).
ca-certificates is already the newest version (20240203).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Hit:1 http://deb.debian.org/debian trixie InRelease
Hit:2 http://deb.debian.org/debian trixie-updates InRelease
Hit:3 http://deb.debian.org/debian-security trixie-security InRelease
Get:4 https://packages.broadcom.com/artifactory/saltproject-deb stable InRelease [3,427 B]
Err:4 https://packages.broadcom.com/artifactory/saltproject-deb stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 64CBBC8
173D76B3F
Reading package lists...
* ERROR: Failed to run install_debian_onedir_deps()!!!
* DEBUG: Removing the logging pipe /tmp/bootstrap-salt.logpipe
* DEBUG: Removing the temporary apt error file /tmp/apt_error.sCCSPv
Versions and Systems
root@trixie:/tmp# apt policy apt
apt:
Installed: 2.9.16
Candidate: 2.9.16
Version table:
*** 2.9.16 500
500 http://deb.debian.org/debian trixie/main amd64 Packages
100 /var/lib/dpkg/status
root@trixie:/tmp# ./bootstrap-salt.sh -v
./bootstrap-salt.sh -- Version 2024.11.29
Metadata
Metadata
Assignees
Labels
No labels