为自定义 ISO 构建 ubuntu-keyring

我无法找到有关构建自定义 Ubuntu ISO 的明确说明。许多资料都说我必须先生成一个自定义版本，然后ubuntu-keyring使用它来验证 ISO 上的软件包。但我找到的所有有关制作自定义版本的说明都没有实际作用。

例子：https://help.ubuntu.com/community/InstallCDCustomization#Generating_a_new_ubuntu-keyring_.deb_to_sign_your_CD https://help.ubuntu.com/community/InstallCDCustomization/Scripts

到目前为止，这似乎是有效的，但我真的无法判断我做的是否正确：

apt-get source ubuntu-keyring
cd ubuntu-keyring-*/keyrings

cat >gpg.gen <<GEN
%no-protection
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Rich Remer
Name-Email: [email protected]
Expire-Date: 0
%pubring my.gpg
%commit
GEN

gpg --batch --gen-key gpg.gen
gpg --import < my.gpg 2>/dev/null
gpg --import < ubuntu-archive-keyring.gpg 2>/dev/null

my=$(gpg my.gpg | grep -A1 ^pub | grep ^\\s)
ubuntu=$(gpg ubuntu-archive-keyring.gpg | grep -A1 ^pub | grep ^\\s)
keys="$my $ubuntu"

gpg --yes --output=ubuntu-archive-keyring.gpg --export $keys

cd ..    # into ubuntu-keyring source directory

此时，我尝试使用以下推荐的命令用我的密钥重建包：

dpkg-buildpackage -rfakeroot -m"Rich Remer <[email protected]>" -k$key

这会导致构建错误：

dpkg-buildpackage: info: source package ubuntu-keyring
dpkg-buildpackage: info: source version 2016.10.27
dpkg-buildpackage: info: source distribution zesty
dpkg-buildpackage: info: host architecture amd64
 dpkg-source --before-build ubuntu-keyring-2016.10.27
 fakeroot debian/rules clean
test -f keyrings/ubuntu-archive-keyring.gpg
rm -f foo foo.asc *.bak *~ */*~ debian/files* debian/*substvars
rm -rf debian/tmp debian/ubuntu-keyring-udeb
 dpkg-source -b ubuntu-keyring-2016.10.27
dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1)
dpkg-source: info: using source format '1.0'
dpkg-source: info: building ubuntu-keyring in ubuntu-keyring_2016.10.27.tar.gz
dpkg-source: info: building ubuntu-keyring in ubuntu-keyring_2016.10.27.dsc
 debian/rules build
make: Nothing to be done for 'build'.
 fakeroot debian/rules binary
test -f keyrings/ubuntu-archive-keyring.gpg
test root = "`whoami`"
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c -
keyrings/ubuntu-archive-keyring.gpg: FAILED
gpg: Signature made Thu 27 Oct 2016 07:31:05 AM PDT
gpg:                using RSA key CAC2D8B9CD2CA5F9
keyrings/ubuntu-archive-removed-keys.gpg: OK
keyrings/ubuntu-keyring-2012-archive.gpg: OK
keyrings/ubuntu-keyring-2012-cdimage.gpg: OK
keyrings/ubuntu-master-keyring.gpg: OK
gpg: Good signature from "Dimitri John Ledkov <[email protected]>" [unknown]
gpg:                 aka "Dimitri John Ledkov <[email protected]>" [unknown]
gpg:                 aka "Dimitri John Ledkov (Member, Board of Directors) <[email protected]>" [unknown]
gpg:                 aka "Dimitri John Ledkov (2015) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D764 F6CC 2AB5 9A38 B114  7D73 887B 6061 8B3C 16AE
     Subkey fingerprint: 773C 99EB D0A1 1172 217A  7C3F CAC2 D8B9 CD2C A5F9
sha512sum: WARNING: 1 computed checksum did NOT match
debian/rules:88: recipe for target 'checkkeyrings' failed
make: *** [checkkeyrings] Error 1
dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2

我不确定我还需要做什么才能ubuntu-keyring构建包。如果这很重要，则必须在无人值守且没有用户交互的情况下执行此操作。我注意到的一件事是，我正在运行 Artful Aardvark，但构建报告：info: source distribution zesty。可能是转移注意力的借口，也可能很重要。