I have been unable to find clear instructions on building a customized Ubuntu ISO. Many sources say that I must first generate a custom build of ubuntu-keyring
which I will use to verify the packages on the ISO. But none of the instructions I’ve found for making a custom build have actually worked.
So far, this is what seems to be working, but I really have no way to tell if I’m doing this much correct:
apt-get source ubuntu-keyring cd ubuntu-keyring-*/keyrings cat >gpg.gen <<GEN %no-protection Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: Rich Remer Name-Email: rich.remer@example.com Expire-Date: 0 %pubring my.gpg %commit GEN gpg --batch --gen-key gpg.gen gpg --import < my.gpg 2>/dev/null gpg --import < ubuntu-archive-keyring.gpg 2>/dev/null my=$ (gpg my.gpg | grep -A1 ^pub | grep ^\s) ubuntu=$ (gpg ubuntu-archive-keyring.gpg | grep -A1 ^pub | grep ^\s) keys="$ my $ ubuntu" gpg --yes --output=ubuntu-archive-keyring.gpg --export $ keys cd .. # into ubuntu-keyring source directory
At this point, I attempt to use the following recommended command to rebuild the package with my key:
dpkg-buildpackage -rfakeroot -m"Rich Remer <rich.remer@example.com>" -k$ key
This results in a build error:
dpkg-buildpackage: info: source package ubuntu-keyring dpkg-buildpackage: info: source version 2016.10.27 dpkg-buildpackage: info: source distribution zesty dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build ubuntu-keyring-2016.10.27 fakeroot debian/rules clean test -f keyrings/ubuntu-archive-keyring.gpg rm -f foo foo.asc *.bak *~ */*~ debian/files* debian/*substvars rm -rf debian/tmp debian/ubuntu-keyring-udeb dpkg-source -b ubuntu-keyring-2016.10.27 dpkg-source: warning: no source format specified in debian/source/format, see dpkg-source(1) dpkg-source: info: using source format '1.0' dpkg-source: info: building ubuntu-keyring in ubuntu-keyring_2016.10.27.tar.gz dpkg-source: info: building ubuntu-keyring in ubuntu-keyring_2016.10.27.dsc debian/rules build make: Nothing to be done for 'build'. fakeroot debian/rules binary test -f keyrings/ubuntu-archive-keyring.gpg test root = "`whoami`" gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c - keyrings/ubuntu-archive-keyring.gpg: FAILED gpg: Signature made Thu 27 Oct 2016 07:31:05 AM PDT gpg: using RSA key CAC2D8B9CD2CA5F9 keyrings/ubuntu-archive-removed-keys.gpg: OK keyrings/ubuntu-keyring-2012-archive.gpg: OK keyrings/ubuntu-keyring-2012-cdimage.gpg: OK keyrings/ubuntu-master-keyring.gpg: OK gpg: Good signature from "Dimitri John Ledkov <xnox@ubuntu.com>" [unknown] gpg: aka "Dimitri John Ledkov <xnox@debian.org>" [unknown] gpg: aka "Dimitri John Ledkov (Member, Board of Directors) <xnox@spi-inc.org>" [unknown] gpg: aka "Dimitri John Ledkov (2015) <dimitri.ledkov@canonical.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D764 F6CC 2AB5 9A38 B114 7D73 887B 6061 8B3C 16AE Subkey fingerprint: 773C 99EB D0A1 1172 217A 7C3F CAC2 D8B9 CD2C A5F9 sha512sum: WARNING: 1 computed checksum did NOT match debian/rules:88: recipe for target 'checkkeyrings' failed make: *** [checkkeyrings] Error 1 dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2
I’m not sure what else I should be doing to get the ubuntu-keyring
package to build. This must be performed unattended with no user interaction, if that’s important. One thing I noticed is I’m running Artful Aardvark, but the build is reporting: info: source distribution zesty
. Could be a red herring, or it might be important.