diff --git a/pb_utils/README.md b/pb_utils/README.md
index 2090bc6e881aa3e8ea7c7cc8119344240a964dc1..42fd5c4aba1037a792b7e22563e1e0563fd8b00b 100644
--- a/pb_utils/README.md
+++ b/pb_utils/README.md
@@ -57,3 +57,41 @@ gdb vmlinux \
 look for gdb `add-auto-load-safe-path` warning and follow instruction to enable loading of kernel gdb scripts
 
 use hardware breakpoints instead of software breaks
+
+# Troubleshooting
+
+## `GPG error: ... KEYEXPIRED` on `apt update`
+
+In case the `apt update` throws an error due to an error like this:
+```shell
+GPG error: http://archive.debian.org lenny/updates Release: The following signatures were invalid: KEYEXPIRED 1356982504
+```
+
+The problem is most probably an OS version (in this case an old debian) with expired keys.
+The keys can not be updated (as far as i know/tried) but the issue can be circumvented:
+
+### Solution
+
+[source](https://stackoverflow.com/questions/29070471/gpg-error-http-archive-debian-org-lenny-updates-release-the-following-signat/43259335#43259335)
+
+Just change the system date
+```shell
+date --set 2008-01-01
+```
+then try to update
+```shell
+apt update
+```
+After that, do not forget to reset/sync the current date! [source](https://askubuntu.com/questions/81293/what-is-the-command-to-update-time-and-date-from-internet/998449#998449)
+```shell
+sudo timedatectl set-ntp off
+sudo timedatectl set-ntp on
+
+```
+
+## How to read debootstrap logs if e.g. chroot failed?
+
+1. Mount the created image (e.g. on Fedora: right mouse button > open with > mount)
+2. Use your favourite file manager to access the mounted image
+3. Go to and read debootstrap/debootstrap.log
+
diff --git a/pb_utils/create_image.sh b/pb_utils/create_image.sh
index 13d8242be42fef9c71f86dba06cde7d924214061..a0327cc959fc7a1b93b9da7d5d4635148febca9b 100755
--- a/pb_utils/create_image.sh
+++ b/pb_utils/create_image.sh
@@ -1,21 +1,26 @@
 #!/bin/bash
 IMG=build/qemu-image.img
 DIR=build/mount-point.dir
+KEYRING=build/debian-keyring.gpg
 DEBIAN_VERSION=jessie
 DEBOOTSTRAP_FOLDER=$PWD/build/debootstrap
-
+DEBOOTSTRAP_SOURCE=https://deb.debian.org/debian/pool/main/d/debootstrap
+MIRROR=https://archive.debian.org/debian-archive/debian
 
 # get dbootstrap
-if [ ! -d $DEBOOTSTRAP_FOLDER ]
-then
+if [ ! -d $DEBOOTSTRAP_FOLDER ]; then
     mkdir -p $DEBOOTSTRAP_FOLDER
-    cd $DEBOOTSTRAP_FOLDER
-    currentVersion="`wget -O- https://deb.debian.org/debian/pool/main/d/debootstrap/ 2> /dev/null | \
-        egrep -o 'debootstrap_[0-9\.]+_all.deb' | sort -V | tail -1`";
-    wget https://deb.debian.org/debian/pool/main/d/debootstrap/$currentVersion 2> /dev/null -O $currentVersion
-    ar -xf $currentVersion
-    tar xzf data.tar.gz
-    tar xzf control.tar.gz
+    # get versions sorted ascendingly by last modification (?C=M;O=A supported by apache servers
+    # which makes something like sort -V unnecessary which also can not take the modification date
+    # into account but just the filename) and just take the last/latest entry
+    currentVersion=$(wget -O- $DEBOOTSTRAP_SOURCE/?C=M\;O=A 2> /dev/null | \
+        egrep -o 'debootstrap_[0-9\.]+[^_]*_all.deb' | tail -1)
+    wget -O $DEBOOTSTRAP_FOLDER/$currentVersion $DEBOOTSTRAP_SOURCE/$currentVersion 2> /dev/null
+    ar -xf --output $DEBOOTSTRAP_FOLDER $DEBOOTSTRAP_FOLDER/$currentVersion
+    # unpack into target dir (see https://wiki.ubuntuusers.de/tar/#Extrahieren)
+    tar xzf $DEBOOTSTRAP_FOLDER/data.tar.gz -C $DEBOOTSTRAP_FOLDER --strip-components=1
+    tar xzf $DEBOOTSTRAP_FOLDER/control.tar.gz -C $DEBOOTSTRAP_FOLDER --strip-components=1
+    rm $DEBOOTSTRAP_FOLDER/data.tar.gz $DEBOOTSTRAP_FOLDER/control.tar.gz
 fi
 
 mkdir -p $DIR
@@ -25,7 +30,14 @@ mkfs.ext2 $IMG
 
 sudo mount -o loop $IMG $DIR
 
-sudo DEBOOTSTRAP_DIR="$DEBOOTSTRAP_FOLDER/usr/share/debootstrap" $DEBOOTSTRAP_FOLDER/usr/sbin/debootstrap --arch amd64 "$DEBIAN_VERSION" $DIR
+# download (retired) old debian jessie key (see https://ftp-master.debian.org/keys.html)
+KEY=release-8.asc
+wget -O $DEBOOTSTRAP_FOLDER/$KEY https://ftp-master.debian.org/keys/$KEY 2> /dev/null
+#rsync -az --progress keyring.debian.org::keyrings/keyrings/debian-keyring.gpg "$DEBOOTSTRAP_FOLDER/debian-keyring.gpg"
+# actually download and build the debian image using debootstrap (the mirror is required since
+# debian 8 is not listed in the main repo anymore but only in the archive)
+sudo DEBOOTSTRAP_DIR="$DEBOOTSTRAP_FOLDER/usr/share/debootstrap" $DEBOOTSTRAP_FOLDER/usr/sbin/debootstrap --verbose --keyring $DEBOOTSTRAP_FOLDER/$KEY --arch amd64 "$DEBIAN_VERSION" $DIR $MIRROR
 
 sudo umount $DIR
 rmdir $DIR
+
diff --git a/setup_build.sh b/setup_build.sh
new file mode 100755
index 0000000000000000000000000000000000000000..c3d28b0677f076262b0343b31b9144925e1a0c71
--- /dev/null
+++ b/setup_build.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# update and install without authentication checking since the old certificates
+# have run out anyways and it would otherwise prevent the update process from working.
+# BEWARE: I KNOW THIS IS DANGEROUS AND UGLY BUT I DID NOT FIND A BETTER SOLUTION!
+# (idea: https://unix.stackexchange.com/questions/317695/is-it-possible-to-have-apt-accept-an-invalid-certificate/698834#698834)
+apt -o "Acquire::https::Verify-Peer=false" update
+apt-get install -y \
+	--force-yes -o "Acquire::https::Verify-Peer=false" `# ignore authentication problems` \
+	fakeroot \
+	build-essential \
+	ncurses-dev \
+	xz-utils \
+	libssl-dev \
+	bc \
+	flex \
+	libelf-dev bison \
+	`# install MPI` \
+	openmpi-bin \
+	libopenmpi-dev \
+	ssh `# ssh is needed for OMPI (see https://serverfault.com/questions/609894/run-an-mpi-application-in-docker/699846#699846)`
+
+cd /mnt
+./build_kernel.sh