It appears that the debian-archive-keyring.gpg does not contain the current key used by Debian to sign!
Most probably the change of new stable distribution in Debian resulted in a new key that it is not yet included in the package.
I had the same problem (I use pbuilder in Ubuntu Karmic, with the configuration outlined at the pbuilder howto wiki) and I did the following:
1. I got the key from the Ubuntu keyserver with gpg2. Procedure:
In the search box of page http://keyserver.ubuntu.com:11371/ enter 'debian archive' and select the key with data:
pub 4096R/473041FA 2010-08-27 uid Debian Archive Automatic Signing Key (6.0/squeeze) <email address hidden>
Write down the key id (473041FA)
2. I added the key to /etc/apt/trusted.gpg, with apt-key, Procedure (note the hyphen at the end for apt-key to use stdin):
gpg2 -a --export 473041FA | sudo apt-key add -
3. I modified my ~/.pbuilderrc to use --keyring=/etc/apt/trusted.gpg for DEBOOTSTRAPOPTS when building with a Debian target.
It appears that the debian- archive- keyring. gpg does not contain the current key used by Debian to sign!
Most probably the change of new stable distribution in Debian resulted in a new key that it is not yet included in the package.
I had the same problem (I use pbuilder in Ubuntu Karmic, with the configuration outlined at the pbuilder howto wiki) and I did the following:
1. I got the key from the Ubuntu keyserver with gpg2. Procedure:
In the search box of page http:// keyserver. ubuntu. com:11371/ enter 'debian archive' and select the key with data:
pub 4096R/473041FA 2010-08-27
uid Debian Archive Automatic Signing Key (6.0/squeeze) <email address hidden>
Write down the key id (473041FA)
2. I added the key to /etc/apt/ trusted. gpg, with apt-key, Procedure (note the hyphen at the end for apt-key to use stdin):
gpg2 -a --export 473041FA | sudo apt-key add -
3. I modified my ~/.pbuilderrc to use --keyring= /etc/apt/ trusted. gpg for DEBOOTSTRAPOPTS when building with a Debian target.