--On March 2, 2007 10:36:13 AM -0500 Anthony DeRobertis <aderobertis@metrics.net> wrote:
On 03/02/2007 02:34 AM, Michael Loftis wrote:My biggest problem right now is apparently mini-dinstall can't produce *properly* signed Releases and thus etch basically refuses to use the repository.Works for me.
It doesn't work because mini-dinstall produces "broken" archives. A standard archive is layed out differently from mini-dinstall archives. the etch security stuff expects a signed release file in the binary-$(ARCH) dir that mini-dinstall doesn't create, instead each arch is in a dir named $(ARCH). You end up having to manually create Release files for each arch. this is with mini-dinstall Version: 0.6.21
The fact taht mini-dinstall can't/doesn't create a standard repo layout has always bugged me so since I have to (well need to) get signed repos working for etch it looked like a good time to ditch it and fix this.
(in .mini-dinstall.conf): release_signscript = /home/anthony/bin/sign-release (sign-release) rm -f Release.gpg gpg -b -o Release.gpg -u C3CC05DE1D573DA6BBA1C4E6C79BA4A6F9E13358 "$1" [ -e Release.gpg ] && exit 0 || exit 1 And, if you can't get it to work, I believe there is a way to turn off signature checking on a per-source basis...
-- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler