Re: apt 0.6 in experimental

To: debian-devel@lists.debian.org
Subject: Re: apt 0.6 in experimental
From: Matt Zimmerman <mdz@debian.org>
Date: Sat, 27 Dec 2003 12:46:42 -0800
Message-id: <[🔎] 20031227204642.GW17472@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20031227164756.GC7060@kitenet.net>
References: <[🔎] 20031226234444.GN17472@alcor.net> <[🔎] 20031227164756.GC7060@kitenet.net>

On Sat, Dec 27, 2003 at 11:47:56AM -0500, Joey Hess wrote:

> I've updated my local repositories to use signed Release files.
> mini-dinstall makes this quite easy. They look ok, but apt-get just
> ignores them. For example: deb http://kitenet.net/~joey/debian/ unstable/
> The key is 025BC58F, on wwwkeys.us.pgp.net.
> 
> root@kite:~>apt-key list
> /etc/apt/trusted.gpg
> --------------------
> pub  1024D/30B34DD5 2003-12-03 Debian Archive Automatic Signing Key (2003 v2) <ftpmaster@debian.org>
> 
> pub  1024D/025BC58F 2003-12-27 Joey Hess (apt repository signing key) <joey+archive@kitenet.net>
> sub  1024g/CB0B34ED 2003-12-27
> root@kite:~>apt-get update
> Ign http://uqm.debian.net unstable/ Release.gpg
> Ign http://kitenet.net unstable/ Release.gpg                                  
> Ign http://uqm.debian.net unstable/ Release                                   
> Hit http://uqm.debian.net unstable/ Packages                                  
> Hit http://uqm.debian.net unstable/ Sources                                   
> Ign http://kitenet.net unstable/ Release                                      
> Hit http://kitenet.net unstable/ Packages                                     

Perhaps you should check the actual URL that apt is attempting to retrieve,
and make sure that you are placing the Release file in the correct place?

apt-get --print-uris update works as expected.

> apt-key add fails if there is no ~root/.gnupg. I don't habitually use gpg
> as root, so that was suprising.

Hmm...apt-key uses --no-options and --no-default-keyring to try to suppress
as much of that garbage as possible, but apparently it isn't enough.  I
happened to have a ~root/.gnupg, so I didn't notice this.

We want to operate on a public keyring, only, and have no secret keyring or
trustdb.  The current command line used is:

GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg"

--homedir /etc/apt might help a little, but it would complain about the
permissions, and we really don't want it to mess with any other files in the
first place.  It shouldn't need a ~/.gnupg in order to work, but I tested,
and you're correct, it complains, even though it wouldn't actually use any
of the files there.

Any suggestions?

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>

References:
- apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: Debian packages and freedesktop.org (Gnome, KDE, etc) menu entries
Next by Date: Re: apt 0.6 in experimental
Previous by thread: Re: apt 0.6 in experimental
Next by thread: Re: apt 0.6 in experimental
Index(es):
- Date
- Thread