我无法找到有关构建自定义 Ubuntu ISO 的明确说明。许多资料都说我必须先生成一个自定义版本,然后ubuntu-keyring
使用它来验证 ISO 上的软件包。但我找到的所有有关制作自定义版本的说明都没有实际作用。
例子:https://help.ubuntu.com/community/InstallCDCustomization#Generating_a_new_ubuntu-keyring_.deb_to_sign_your_CD https://help.ubuntu.com/community/InstallCDCustomization/Scripts
到目前为止,这似乎是有效的,但我真的无法判断我做的是否正确:
apt-get source ubuntu-keyring
cd ubuntu-keyring-*/keyrings
cat >gpg.gen <<GEN
%no-protection
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Rich Remer
Name-Email: [email protected]
Expire-Date: 0
%pubring my.gpg
%commit
GEN
gpg --batch --gen-key gpg.gen
gpg --import < my.gpg 2>/dev/null
gpg --import < ubuntu-archive-keyring.gpg 2>/dev/null
my=$(gpg my.gpg | grep -A1 ^pub | grep ^\\s)
ubuntu=$(gpg ubuntu-archive-keyring.gpg | grep -A1 ^pub | grep ^\\s)
keys="$my $ubuntu"
gpg --yes --output=ubuntu-archive-keyring.gpg --export $keys
cd .. # into ubuntu-keyring source directory
此时,我尝试使用以下推荐的命令用我的密钥重建包:
dpkg-buildpackage -rfakeroot -m"Rich Remer <[email protected]>" -k$key
这会导致构建错误:
dpkg-buildpackage: info: source package ubuntu-keyring
dpkg-buildpackage: info: source version 2016.10.27
dpkg-buildpackage: info: source distribution zesty
dpkg-buildpackage: info: host architecture amd64
dpkg-source --before-build ubuntu-keyring-2016.10.27
fakeroot debian/rules clean
test -f keyrings/ubuntu-archive-keyring.gpg
rm -f foo foo.asc *.bak *~ */*~ debian/files* debian/*substvars
rm -rf debian/tmp debian/ubuntu-keyring-udeb
dpkg-source -b ubuntu-keyring-2016.10.27
dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1)
dpkg-source: info: using source format '1.0'
dpkg-source: info: building ubuntu-keyring in ubuntu-keyring_2016.10.27.tar.gz
dpkg-source: info: building ubuntu-keyring in ubuntu-keyring_2016.10.27.dsc
debian/rules build
make: Nothing to be done for 'build'.
fakeroot debian/rules binary
test -f keyrings/ubuntu-archive-keyring.gpg
test root = "`whoami`"
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c -
keyrings/ubuntu-archive-keyring.gpg: FAILED
gpg: Signature made Thu 27 Oct 2016 07:31:05 AM PDT
gpg: using RSA key CAC2D8B9CD2CA5F9
keyrings/ubuntu-archive-removed-keys.gpg: OK
keyrings/ubuntu-keyring-2012-archive.gpg: OK
keyrings/ubuntu-keyring-2012-cdimage.gpg: OK
keyrings/ubuntu-master-keyring.gpg: OK
gpg: Good signature from "Dimitri John Ledkov <[email protected]>" [unknown]
gpg: aka "Dimitri John Ledkov <[email protected]>" [unknown]
gpg: aka "Dimitri John Ledkov (Member, Board of Directors) <[email protected]>" [unknown]
gpg: aka "Dimitri John Ledkov (2015) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D764 F6CC 2AB5 9A38 B114 7D73 887B 6061 8B3C 16AE
Subkey fingerprint: 773C 99EB D0A1 1172 217A 7C3F CAC2 D8B9 CD2C A5F9
sha512sum: WARNING: 1 computed checksum did NOT match
debian/rules:88: recipe for target 'checkkeyrings' failed
make: *** [checkkeyrings] Error 1
dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2
我不确定我还需要做什么才能ubuntu-keyring
构建包。如果这很重要,则必须在无人值守且没有用户交互的情况下执行此操作。我注意到的一件事是,我正在运行 Artful Aardvark,但构建报告:info: source distribution zesty
。可能是转移注意力的借口,也可能很重要。
答案1
这对我有用:
cat ubuntu-archive-keyring.gpg | sha512sum
复制并替换:在 ubuntu-keyring-*/SHA512SUMS.txt.asc 中的“keyrings/ubuntu-archive-keyring.gpg”之前