Home / ubuntu / Questions / 436537
Accepted
Stephen RC
Asked: 2014-03-20 11:44:24 +0800 CST

Custom Server ISO cannot find kernel to install

  • 772

I'm trying to build a custom Ubuntu Server ISO, and am hitting a weird problem I'm hoping someone here can help with. I'm using UCK and these instructions.

When I do the minimum possible to build a "custom" ISO, it spits out an ISO which installs and works without any issues.

uck-remaster-unpack-iso ./ubuntu_trusty-server-amd64.iso 
uck-remaster-pack-iso

However, I want to be able to include custom packages on my ISO too. UCK sets up the environment for you and then takes your GPG key and automatically signs everything for you:

uck-remaster-clean
uck-remaster-unpack-iso ubuntu_trusty-server-amd64.iso 
uck-remaster-prepare-alternate 
gpg --list-keys
uck-remaster-finalize-alternate 60FB276F
uck-remaster-pack-iso

It generates an ISO without any errors, however the ISO those this wonderful error:

No kernel found

Syslog shows these (full):

Mar 19 19:37:28 base-installer: Using CD-ROM mount point /media/cdrom/
Mar 19 19:37:28 base-installer: Identifying.. 
Mar 19 19:37:28 base-installer: [53fed41586d1f78a456ce051a5c87264-2]
Mar 19 19:37:28 base-installer: Scanning disc for index files..
Mar 19 19:37:29 base-installer: Found 3 package indexes, 0 source indexes, 0 translation indexes and 1 signatures
Mar 19 19:37:29 base-installer: Found label 'Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Alpha amd64 (20140306)'
Mar 19 19:37:29 base-installer: This disc is called: 
Mar 19 19:37:29 base-installer: 'Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Alpha amd64 (20140306)'
Mar 19 19:37:29 base-installer: Copying package lists...
Mar 19 19:37:29 base-installer: gpgv: Signature made Fri 14 Mar 2014 01:18:54 AM UTC using RSA key ID 60FB276F
Mar 19 19:37:29 base-installer: gpgv: Can't check signature: public key not found
Mar 19 19:37:29 base-installer: E: Sub-process gpgv returned an error code (2)
Mar 19 19:37:29 base-installer: W: Signature verification failed for: /media/cdrom/dists/trusty/Release.gpg
Mar 19 19:37:29 base-installer: E: No CD-ROM could be auto-detected or found using the default mount point.
Mar 19 19:37:29 base-installer: You may try the --cdrom option to set the CD-ROM mount point. See 'man apt-cdrom' for more information about the CD-ROM auto-detection and mount point.
Mar 19 19:37:29 base-installer: error: error while running apt-cdrom

I also tried following the instructions here but it had the same result - UCK seems to follow those instructions from looking at the source.

Any ideas or suggestions would be appreciated.

Updates after more investigation:

Breaking out to a shell after the 'bad kernel' message: When examining the keys found in /usr/share/keyrings with gpg --list-keys --keyring ./ubuntu-archive-keyring.gpg the signing key injected by UCK or manually through a ubuntu-keyring rebuild are NOT installed prior to the apt-cdrom call in the installer. As such, dists/trusty/Release.gpg fails gpg verification.

Manually running dpkg -i on the rebuilt ubuntu-keyring package installs the replacement keys correctly; both in /usr/share/keyrings and into the appropriate gpg envelope - however, exiting the shell, and reinstating the software installation at that point from the installation menu, does not fix the apt-cdrom gpg validation process - it looks as though gpg keys are getting injected from some other udeb, and ubuntu-keyring is not installed prior to the apt-cdrom check.

Unfortunately, the error message displayed, is not reflective of the underlying problem. The problem is that that apt-cdrom cannot verify the gpg signature, therefore doesn't recognise the CDRom as a valid package source. That means that there are no kernels available to install.

server

3 Answers

  1. Best Answer

    [cdrom]/install/filesystem.squashfs contains a pre-installed version of ubuntu-keyring, and the ubuntu-keyring package within /pool/ on the CD is not installed prior to apt-cdrom being executed by debian-installer - therefore apt-cdrom fails to verify the modified Release file, and apt won't touch the packages on the CD.

    Something like this is required, in order to replace the baseline keys with your modified version:

    mkdir /tmp/CDRom
mount -o loop /path/to/trusty.iso /tmp/CDRom

mkdir /tmp/SquashFS
cd /tmp/SquashFS

unsquashfs /tmp/CDRom/install/filesystem.squashfs
cd squashfs-root
cp /path/to/modified/ubuntu-archive-keyring.gpg usr/share/keyrings/ubuntu-archive-keyring.gpg
rm /path/to/FinalCD/install/filesystem.size /path/to/FinalCD/install/filesystem.squashfs
du -sx --block-size=1 ./ | cut -f1 > /path/to/FinalCD/install/filesystem.size
mksquashfs ./ /path/to/FinalCD/install/filesystem.squashfs

    apt-cdrom will then work correctly.

    • 3

  2. It seems that you don't have to sign customized installs now. In fact if you try it fails to install.

    I was also trying to create a custom install of the 14.04 server 64 bit and was getting the same problem with the signature verification of the Release.gpg. (public key not found). I have done this with many past releases, including the 12.04 64 bit server release. I was using the https://help.ubuntu.com/community/InstallCDCustomization guide. Have recreated the ubuntu-keyring debs adding my keys and replaced the pool/main/u/ubuntu-keyring debs.

    Turns out the if I just don't sign the Release, the install no longer cares that I am creating my extras directory, using a customized preseed and tweaking and installing everything I want.

    • 2

  3. RedPhoenix's answer worked for me after I added two additional keyring files:

    cp /path/to/modified/ubuntu-archive-keyring.gpg usr/share/keyrings/ubuntu-archive-keyring.gpg
cp /path/to/modified/ubuntu-archive-keyring.gpg etc/apt/trusted.gpg
cp /path/to/modified/ubuntu-archive-keyring.gpg var/lib/apt/keyrings/ubuntu-archive-keyring.gpg
    • 2