[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-move and pgp signing



On Sat, Sep 24, 2005 at 12:28:04PM -0700, James Vahn wrote:
> I read with interest about dfsbuild and would like to try it, but it
> wants a Packages.pgp file from my local mirror. Setting apt-move and
> gpg up for this is proving to be difficult.
> 
>         short:~# gpg -K
>         /root/.gnupg/secring.gpg
>         ------------------------
>         sec   1024D/C633A12A 2005-09-24
>         uid                  James Vahn <root@short.circuit.com>
>         ssb   1024g/14633FD3 2005-09-24
> 
> In /etc/apt-move.conf is this line:
> 
>         # Set this to key name to be used for signing Release files.
>         SIGNINGKEY=
>                    ^^^^^^^^
> What is it wanting me to put there? What does "key name" refer to?
> This is the command that apt-move uses:
> 
>         [ -z "$SIGNINGKEY" ] || gpg --detach-sign -ao Release.gpg
>         --default-key "$SIGNINGKEY" --batch --yes --sign Release
> 
> This is from the apt-move manpage:
> 
>     SIGNINGKEY=
>            If this is set to non-empty string, then packages will sign gen-
>            erated Release files  with  specified  signing  key.   You  must
>            install gnupg before enabling this option.  With current apt you
>            should list compression none in PKGCOMP directive, otherwise apt
>            will complain about missing files.
> 
> And this from the gpg manpage:
> 
>     --default-key name
>              Use  name as the default key to sign with.  If this option is
>              not used, the default key is  the  first  key  found  in  the
>              secret  keyring.  Note that -u or --local-user overrides this
>              option.
> 
> I can't make sense of it, all clues appreciated.  thanks!
> 

Hi,

I haven't used apt-move, but from the gpg point of view the name is
either the name of the user or the key-id. In your case C633A12A or
"James Vahn".

The problem here is that apt-move uses gpg in batch mode and in batch
mode it cannot ask you your passphrase. In that case you shoudn't use
passphrase with your signing key.

Have a look at http://www.gnupg.org/documentation/faqs.html#q4.14

HTH
Simo
-- 
:r ~/.signature

Attachment: signature.asc
Description: Digital signature


Reply to: