[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How PGP-key update



Am Samstag, 7. Januar 2006 15:21 schrieb Artur R. Czechowski:
> Hi,
>
> On Sat, Jan 07, 2006 at 01:49:21PM +0100, Hans wrote:
> > are there no pgp keys for testing or unstable ? Why will apt-get update
> > do not update the keys ? Any clue ?

Hi Artur, that help was great !

It is working now ! Thank you very much !

> apt-get update should never ever update the keys automagically.
> There is you (The Administrator) who declare trusted sites.
> apt-get update can only refetch the {Release,Package,Source}.gpg and check
> signatures.
>
> Warnings you got from apt-get update just says that those repositories
> are not trusted.
> To trust declare the repository as trusted just should fetch a key
> for the repository, make sure it is a valid key then run apt-key add.
> For example, to make an official Debian repository trusted you should run:
> wget http://ftp-master.debian.org/ziyi_key_2006.asc
> apt-key add ziyi_key_2006.asc
>
> If you just want to declare a repository as trusted just run:
>
> gpg --recv-key KEY_ID && gpg -a --export KEY_ID | apt-key add -

I did so !

> where KEY_ID is a string after NO_PUBKEY. For example for Blackdown
> at ftp.gwdg.de you should replace KEY_ID with BB5E459A529B8BDA.

Yes, I understand now the mechanismen.

> And last but not least.
> To be precise: by adding a key to apt-get keyring you will trust
> _all_ repositories signed with this key.
>
> > W: GPG error: ftp://debian.tu-bs.de testing Release: The following
> > signatures couldn't be verified because the public key is not available:
> > NO_PUBKEY 010908312D230C5F
>
> pub   1024D/2D230C5F 2006-01-03 [expires: 2007-02-07]
> uid                  Debian Archive Automatic Signing Key (2006)
> <ftpmaster@debian.org>
>
> Well, you have a 32bit Debian on your box, isn't it?

I have both on different computers: desktop is 32-bit (still) and notebook is 
64-bit (AMD)

> Only officially released architecures are signed with
> Debian Archive Automatic Signing Key. This key is change every year and you
> should check http://ftp-master.debian.org/ for updates.
>
> AMD64 is not yet a part of official Debian release and it is
> signed with different key you can fetch from:
> ftp://debian.tu-bs.de:/debian-amd64/archive.key

Yes, this works, too !

> Best regards
> 	Artur


Thanks a lot !

Best regards

Hans



Reply to: