[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mini-dinstall, repository signing and apt-get authentication

On Tue, Jul 25, 2006 at 02:33:04PM +0100, Neil Williams wrote:
> I've generated a gpg key to sign the Release files and I'm using
> mini-dinstall on the server. It appears to be working, Release and
> Release.gpg are created and gpg can verify that the signature is good.
> Yet apt-get update doesn't seem to locate Release.gpg correctly:
> Ign http://www.linux.codehelp.co.uk packages/unstable/all/ Release.gpg

Looks like it's trying to retrieve:


...when you instead provide:


I just use a dirty shell script with apt-ftparchive to generate a
little mini-repository of my projects like so:

cd debian
rm -f Contents.bz2 Contents.gz Packages.bz2 Packages.gz Release \
 Release.gpg Sources.bz2 Sources.gz
apt-ftparchive contents . > Contents
bzip2 -k Contents
gzip -9 Contents
apt-ftparchive packages . > Packages
bzip2 -k Packages
gzip -9c Packages > Packages.gz
apt-ftparchive sources . > Sources
bzip2 -k Sources
gzip -9c Sources > Sources.gz
apt-ftparchive release . > Release
rm Packages Sources
gpg --armor --default-key ="Jeremy Stanley <fungi@yuggoth.org>" \
 --detach-sign --output Release.gpg Release

This has been working fine for me with apt-get/apt-key so far.
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }

Reply to: