[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How PGP-key update


On Sat, Jan 07, 2006 at 01:49:21PM +0100, Hans wrote:
> are there no pgp keys for testing or unstable ? Why will apt-get update do
> not update the keys ? Any clue ?
apt-get update should never ever update the keys automagically.
There is you (The Administrator) who declare trusted sites.
apt-get update can only refetch the {Release,Package,Source}.gpg and check

Warnings you got from apt-get update just says that those repositories
are not trusted.
To trust declare the repository as trusted just should fetch a key
for the repository, make sure it is a valid key then run apt-key add.
For example, to make an official Debian repository trusted you should run:
wget http://ftp-master.debian.org/ziyi_key_2006.asc
apt-key add ziyi_key_2006.asc

If you just want to declare a repository as trusted just run:

gpg --recv-key KEY_ID && gpg -a --export KEY_ID | apt-key add -

where KEY_ID is a string after NO_PUBKEY. For example for Blackdown
at ftp.gwdg.de you should replace KEY_ID with BB5E459A529B8BDA.

And last but not least.
To be precise: by adding a key to apt-get keyring you will trust
_all_ repositories signed with this key.

> W: GPG error: ftp://debian.tu-bs.de testing Release: The following signatures 
> couldn't be verified because the public key is not available: NO_PUBKEY 
> 010908312D230C5F
pub   1024D/2D230C5F 2006-01-03 [expires: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>

Well, you have a 32bit Debian on your box, isn't it?
Only officially released architecures are signed with
Debian Archive Automatic Signing Key. This key is change every year and you
should check http://ftp-master.debian.org/ for updates.

AMD64 is not yet a part of official Debian release and it is
signed with different key you can fetch from:

Best regards
Tata: Jak się nazywasz?
Synek: Igor spacja Sapijaszko.

Attachment: signature.asc
Description: Digital signature

Reply to: