Re: Checking Release.gpg
On Mon, 12 Jan 2004, Adrian 'Dagurashibanipal' von Bidder wrote:
>
> Yo!
>
> Apparently there are some Release files only signed with the old Release
> key (38C6029A):
>
> My keyring is
> =====
> $ gpg --no-default-keyring --keyring trustedkeys.gpg --list-key
> /home/avbidder/.gnupg/trustedkeys.gpg
> -------------------------------------
> pub 1024D/38C6029A 2002-12-20 Debian Archive Automatic Signing Key (2003) <ftpmaster@debian.org>
I did:
~> gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyring.debian.org --recv-keys 38C6029A
gpg: key 38C6029A: "Debian Archive Automatic Signing Key (2003) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
> pub 1024D/30B34DD5 2003-12-03 Debian Archive Automatic Signing Key (2003 v2) <ftpmaster@debian.org>
and
~> gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyring.debian.org --recv-keys 30B34DD5
gpg: key 30B34DD5: "Debian Archive Automatic Signing Key (2003 v2) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
as well as I imported the ziyi_key_2002.asc from the docs which leads to:
~> gpg --no-default-keyring --keyring trustedkeys.gpg --list-key | grep ftpmaster
pub 1024D/30B34DD5 2003-12-03 Debian Archive Automatic Signing Key (2003 v2) <ftpmaster@debian.org>
pub 1024D/38C6029A 2002-12-20 Debian Archive Automatic Signing Key (2003) <ftpmaster@debian.org>
pub 1024D/722F1AED 2002-01-11 Debian Archive
so this all should be fine.
I do a private mirror from the mirror next to me (debian.tu-bs.de) on an
internal server sars.rki.ivbb.bund.de.
Then I get:
Source: deb http://sars.rki.ivbb.bund.de/debian/ testing main non-free contrib
o Origin: Debian/Debian
o Suite: testing/sarge
o Date: Sun, 11 Jan 2004 20:54:59 UTC
o Description: Debian Testing distribution - Not Released
* COULDN'T CHECK SIGNATURE BY KEYID: 2DB1C72530B34DD5
* NO VALID SIGNATURE
* PROBLEMS WITH main (NOCHECK, NOCHECK)
* PROBLEMS WITH non-free (NOCHECK, NOCHECK)
* PROBLEMS WITH contrib (NOCHECK, NOCHECK)
Source: deb http://sars.rki.ivbb.bund.de/debian/non-US testing/non-US main non-free
o Origin: Debian/Debian
o Suite: testing/sarge
o Date: Thu, 20 Nov 2003 19:52:24 UTC
o Description: Debian Testing distribution - Not Released
* COULDN'T CHECK SIGNATURE BY KEYID: B629A24C38C6029A
* NO VALID SIGNATURE
* PROBLEMS WITH main (NOCHECK, NOCHECK)
* PROBLEMS WITH non-free (NOCHECK, NOCHECK)
As you can see, both od the used keys are in my trustedkeys, but it fails ... :-(
> The contents of the following files in /var/lib/apt/lists does not
> match what was expected. This may mean these sources are out of date,
> that the archive is having problems, or that someone is actively using
> your mirror to distribute trojans.
>
> security.debian.org_dists_stable_updates_main_binary-i386_Packages
> =====
>
> which is what I should except according to the Manual.
Yes, for sure, this is normal as well as for my other inofficial apt-sources.
But these two I mentioned should work
Kind regards
Andreas.
Reply to: