I'm trying to sort out my trivial apt repository properly so that my sponsor can obtain my packages more easily. I've generated a gpg key to sign the Release files and I'm using mini-dinstall on the server. It appears to be working, Release and Release.gpg are created and gpg can verify that the signature is good. $ gpg --verify Release.gpg Release gpg: Signature made Tue Jul 25 14:04:53 2006 BST using DSA key ID 6C7D3C63 gpg: Good signature from "Data Freedom Repository Signing Key (www.data-freedom.org/packages/) <linux@codehelp.co.uk>" I've added that key to apt using sudo apt-key add and it's listed OK. Yet apt-get update doesn't seem to locate Release.gpg correctly: Ign http://www.linux.codehelp.co.uk packages/unstable/all/ Release.gpg and trying to install a package from the repository still gives authentication errors. $ sudo apt-get install pilot-qof Reading package lists... Done Building dependency tree... Done The following NEW packages will be installed pilot-qof 0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded. Need to get 94.4kB of archives. After unpacking 516kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! pilot-qof Install these packages without verification [y/N]? E: Some packages could not be authenticated Repository: deb http://www.linux.codehelp.co.uk/ packages/unstable/$(ARCH)/ deb http://www.linux.codehelp.co.uk/ packages/unstable/all/ deb-src http://www.linux.codehelp.co.uk/ packages/unstable/source/ Signing key: http://www.linux.codehelp.co.uk/packages/0x6c7d3c63.txt (not on keyservers yet in case this doesn't work out.) mini-dinstall conf: [DEFAULT] archivedir=<private path removed from message to list> mailto=linux@codehelp.co.uk architectures=all, i386, amd64, powerpc archive_style=simple-subdir generate_release=1 release_codename="data-freedom" release_description="Data Freedom demo packages" release_label="Data Freedom demo packages" release_origin="Neil Williams <linux@codehelp.co.uk>" release_signscript=<private path removed from message to list> extra_keyrings=<private path removed from message to list> I'm not getting mail from mini-dinstall either. Any idea what I've done wrong? I've read that Release needs to be present in the subdirectories but mini-dinstall normally looks after everything in those subdirectories. It deletes "Release" files that I create in the top level directory. The generated Release file looks OK: Origin: "Neil Williams <linux@codehelp.co.uk>" Label: "Data Freedom demo packages" Suite: unstable Codename: "data-freedom" Date: Tue, 25 Jul 2006 13:04:51 UTC Architectures: all i386 amd64 powerpc Description: "Data Freedom demo packages" MD5Sum: 3de6c35bd94e74a41459b728a2d925f4 900 all/Packages .... etc. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
signature.asc
Description: OpenPGP digital signature