Package: lxc-templates Version: 3.0.4.48.g4765da8-1
||/ Name Version Architecture Description +++-==============-===================-============-============================================ ii lxc-templates 3.0.4.48.g4765da8-1 amd64 Linux Containers userspace tools (templates) Hello ! Context: we want to create a lxc with the lxc-debian template on a bookworm server without any access to internet. We identified three issues preventing to achieve our goal and had to edit the /usr/share/lxc/templates/lxc-debian to succeed. Description: The download_debian() function states that it must verify signatures using /etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg but since bookworm, debian-archive-keyring install gpg files into the /usr/share/keyrings folder only. See https://packages.debian.org/bookworm/all/debian-archive-keyring/filelist versus bullseye version. Path lreleasekeyring=/etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg does not exist hence it always tries to download from http://ftp-master.debian.org <http://ftp-master.debian.org/>. Which fails on a no internet access server. A workaround is to add the --keyring /usr/share/keyrings/debian-archive-$release-stable.gpg args to the command as followed: lxc-create -n test -t debian -- --mirror http://mymirror/debian --security-mirror http://mymirror/debian-security --release bookworm --keyring /usr/share/keyrings/debian-archive-buster-stable.gpg A solution would be to modify the line 436 from: - lreleasekeyring=/etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg + lreleasekeyring=/usr/share/keyrings/debian-archive-$release-stable.gpg OR install the gpg keys back to etc/apt/trusted.gpg.d/ folder or whatever you see as a better fit ;). Regards, Eppii
