Page 1 of 1

Image Bakery failure with Stretch: keyring issues ??

Posted: 16 Aug 2020, 17:59
by KoenW
Hi everyone,

I've been trying to make some custom RevPi images using the imagebakery script from Github (https://github.com/RevolutionPi/imagebakery), with only partial success.

Basically, while the script is running, I can see a number of error messages, mostly related to key-ring issues:
W: http://raspbian.raspberrypi.org/raspbian/dists/stretch/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/revpi.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.raspberrypi.org/debian/dists/stretch/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/revpi.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://packages.revolutionpi.de/dists/stretch/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/revpi.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://packages.revolutionpi.de stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A217345D3B70E7CE
W: The repository 'http://packages.revolutionpi.de stretch InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
I tried fixing the key-ring issue afterwards from the RevPi, following this: https://askubuntu.com/questions/719865/ ... n-imported but no luck... I keep getting similar errors when running 'sudo apt update'.

There is also a warning about unauthenticated packages:
WARNING: The following packages cannot be authenticated!
libssl1.1 logi-rts gyp libbrotli1 libicu63 libjs-psl libmodbus5 libssl-dev libuv1 libuv1-dev libnode64 libnode-dev nodejs node-abbrev node-ajv node-ansi node-clone node-ansi-regex node-strip-ansi
node-string-width node-ansi-align node-color-name node-color-convert node-ansi-styles node-ansistyles node-aproba node-archy node-delegates node-are-we-there-yet node-asap node-asn1 node-assert-plus
node-asynckit node-aws-sign2 node-aws4 node-tweetnacl node-bcrypt-pbkdf node-safe-buffer node-string-decoder node-process-nextick-args node-isarray node-readable-stream node-bl node-bluebird node-camelcase
node-supports-color node-chalk node-cli-boxes node-yallist node-lru-cache node-isexe node-which node-cross-spawn node-npm-run-path node-p-finally node-signal-exit node-execa node-term-size node-widest-line
node-boxen node-builtin-modules node-builtins node-chownr node-brace-expansion node-minimatch node-once node-glob node-concat-stream node-end-of-stream node-duplexify node-flush-write-stream node-cyclist
node-parallel-transform node-pump node-pumpify node-stream-each node-xtend node-through2 node-mississippi node-mkdirp node-run-queue node-rimraf node-imurmurhash node-iferr node-fs-write-stream-atomic
node-copy-concurrently node-move-concurrently node-promise-inflight node-ssri node-unique-filename node-cacache node-call-limit node-caseless node-ci-info node-wrap-ansi node-cliui node-colors node-columnify
node-combined-stream node-commander node-proto-list node-ini node-config-chain node-is-obj node-dot-prop node-semver node-make-dir node-crypto-random-string node-unique-string node-write-file-atomic
node-xdg-basedir node-configstore node-console-control-strings node-dashdash node-debbundle-es-to-primitive node-ms node-debug node-mimic-response node-decompress-response node-deep-extend
node-lodash-packages node-define-properties node-duplexer3 node-jsbn node-ecc-jsbn node-editor node-err-code node-es6-promise node-extend node-extsprintf node-fast-deep-equal node-p-limit node-p-locate
node-locate-path node-find-up node-forever-agent node-mime-types node-form-data node-path-is-inside node-fs-vacuum node-function-bind node-object-assign node-has-unicode node-wide-align node-gauge
node-genfun node-getpass node-is-retry-allowed node-p-cancelable node-p-timeout node-is-plain-obj node-url-to-options node-timed-out node-lowercase-keys node-is-object node-has-symbol-support-x
node-has-to-string-tag-x node-isurl node-prepend-http node-url-parse-lax node-got node-npmlog node-osenv node-har-schema node-har-validator node-json-schema node-verror node-jsprim node-sshpk
node-http-signature node-json-stringify-safe node-oauth-sign node-performance-now node-qs node-punycode node-tough-cookie node-tunnel-agent node-uuid node-node-uuid node-request node-tar node-gyp
node-hosted-git-info node-import-lazy node-ip node-ip-regex node-is-builtin-module node-is-npm node-is-path-inside node-json-parse-better-errors node-json-schema-traverse node-jsonparse node-jsonstream
node-strip-json-comments node-registry-url node-registry-auth-token node-package-json node-latest-version node-lazy-property node-validate-npm-package-name node-npm-package-arg node-which-module
node-yargs-parser node-yargs node-libnpx node-lockfile node-lodash node-mime node-mute-stream node-normalize-package-data node-npm-bundled node-number-is-nan node-opener node-os-tmpdir node-p-is-promise
node-pify node-retry node-promise-retry node-promzard node-psl node-qw node-read-package-json node-resolve-from node-semver-diff node-sha node-slide node-spdx-exceptions node-stream-iterate
node-strict-uri-encode node-text-table node-tinycolor node-ws node-prr node-errno npm nodered python3-revpimodio2 noderedrevpinodes-server libsnap71 python3-snap7 revpipycontrol revpipyload piserial
revpi-webstatus pitest pictory logiclab node-red-contrib-revpi-nodes pimodbus-master pimodbus-slave raspberrypi-kernel revpi-firmware revpi-repo revpi-tools revpi7
E: There were unauthenticated packages and -y was used without --allow-unauthenticated
The full CLI feedback is attached in a zip file, if that helps.

I tried it both with the 'full' Stretch and Stretch_Lite (image downloaded per github instruction).

As a result, when I burn the custom image to a RevPi (a Core3 in my case), I find that:
- ssh is not enabled, so I have to connect a HDMI monitor and keyboard and then enable it (eg. through raspi-config)
- pictory not installed
- the image does not expand to full disk size - particularly problematic for Lite
- ... probably more issues, but I haven't gone further

It seems the broken keyring is preventing apt from installing the Revolution Pi packages.... Is this a new issue, am I doing something wrong ?



Regards
Koen

Re: Image Bakery failure with Stretch: keyring issues ??

Posted: 17 Aug 2020, 12:23
by p.rosenberger
Hi Koen,
you are pointing in the right direction. The revpi.gpg key is ignored, because the permissions are wrong. I tried a build here and can't reproduce this problem. Can you post the permissions of this file:

Code: Select all

imagebakery/templates/revpi.gpg
As the script copies the key from the imagebakery repo to the mounted image.

What does the following command print out?

Code: Select all

umask
Best regards
Philipp

Re: Image Bakery failure with Stretch: keyring issues ??

Posted: 23 Aug 2020, 06:30
by KoenW
Hi Phillip,

Many thanks. So I modified the whole imagebakery folder as well as the folder where the image is kept with

Code: Select all

sudo chmod -R 777 <myFolderName>
and then ran the baking script again.

That worked ! I am now the proud owner of a Core3 with only 1.1 GB (33%) of eMMC used. Plenty of room for extra stuff.

Just out of curiosity: I checked before and can confirm that all folders and files had permissions -wxr-xr-x . I guess that wasn't enough? What account is being used by the baking script?

Regards
Koen

Re: Image Bakery failure with Stretch: keyring issues ??

Posted: 24 Aug 2020, 15:15
by dirk
Hi just have a look at the Readme file in the ImageBakery Git HUB repository - you have to run it as root.

Re: Image Bakery failure with Stretch: keyring issues ??

Posted: 27 Aug 2020, 04:01
by KoenW
Thank you Dirk,

I thought I did run it as root... but now I think that just executing with 'sudo' isn't enough. I will try it next time with properly logging in a root.

Sometimes i just miss Windows.... :-/

Koen