[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

mini-dinstall, repository signing and apt-get authentication

I'm trying to sort out my trivial apt repository properly so that my
sponsor can obtain my packages more easily.

I've generated a gpg key to sign the Release files and I'm using
mini-dinstall on the server. It appears to be working, Release and
Release.gpg are created and gpg can verify that the signature is good.

$ gpg --verify Release.gpg Release
gpg: Signature made Tue Jul 25 14:04:53 2006 BST using DSA key ID 6C7D3C63
gpg: Good signature from "Data Freedom Repository Signing Key
(www.data-freedom.org/packages/) <linux@codehelp.co.uk>"

I've added that key to apt using sudo apt-key add and it's listed OK.

Yet apt-get update doesn't seem to locate Release.gpg correctly:

Ign http://www.linux.codehelp.co.uk packages/unstable/all/ Release.gpg

and trying to install a package from the repository still gives
authentication errors.

$ sudo apt-get install pilot-qof
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 94.4kB of archives.
After unpacking 516kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]?
E: Some packages could not be authenticated

deb http://www.linux.codehelp.co.uk/ packages/unstable/$(ARCH)/
deb http://www.linux.codehelp.co.uk/ packages/unstable/all/
deb-src http://www.linux.codehelp.co.uk/ packages/unstable/source/

Signing key:
(not on keyservers yet in case this doesn't work out.)

mini-dinstall conf:
archivedir=<private path removed from message to list>
architectures=all, i386, amd64, powerpc
release_description="Data Freedom demo packages"
release_label="Data Freedom demo packages"
release_origin="Neil Williams <linux@codehelp.co.uk>"
release_signscript=<private path removed from message to list>
extra_keyrings=<private path removed from message to list>

I'm not getting mail from mini-dinstall either.

Any idea what I've done wrong?

I've read that Release needs to be present in the subdirectories but
mini-dinstall normally looks after everything in those subdirectories.
It deletes "Release" files that I create in the top level directory.

The generated Release file looks OK:
Origin: "Neil Williams <linux@codehelp.co.uk>"
Label: "Data Freedom demo packages"
Suite: unstable
Codename: "data-freedom"
Date: Tue, 25 Jul 2006 13:04:51 UTC
Architectures: all i386 amd64 powerpc
Description: "Data Freedom demo packages"
 3de6c35bd94e74a41459b728a2d925f4             900 all/Packages


Neil Williams

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: