Tuesday, September 16, 2008

Zero length trustdb.gpg on FAI Debian installs

So...

We had this issue where Debian clients installed with FAI had zero length apt trust databases (/etc/apt/trustdb.gpg). The reason turned out to be the permissions on /etc/apt/trustdb.gpg (0600) in the FAI nfsroot combined with the lack of the no_root_squash option in the FAI nfsroot's /etc/exports line.

In the FAI install, you will notice that your repository is "untrusted." The installed client will have the same issue. When you try to cat or copy /etc/apt/trustdb.gpg from within the installation process, like the FAI process does, you will get an INPUT/OUTPUT error, of course. The root user of the installation has been remapped by the nfs server to nobody.

DOH. Where's Bill Engvall?

Cheers,

Adam