Re: creating a local mirror and package authentication
On Sun, Jul 08, 2007 at 17:07:02 +0530, Bhasker C V wrote:
> Questions by Florian Kulzer
>
> > How did you add the mounted DVD image to your sources.list? Did you
> > use
> > "file:" URIs?
>
> man sources.list | egrep 'deb(-src)? file'
>
> I have an apache httpd server running on the remote system and i have
> added http address of the server
>
> this is my sources.list
> deb http://s1/ETCH4_1/ stable main
> deb http://s1/ETCH4_2/ stable main
>
> where s1 is my local network server.
I think the easiest solution for your problem is to mount the DVD
directories locally on the Debian client, for example by using sshfs to
connect to your s1 server. Then you can use the file: syntax in your
sources.list, e.g.
deb file:/path/to/mountpoint/ETCH4_1 stable main
deb file:/path/to/mountpoint/ETCH4_2 stable main
AFAIK, Release.gpg signatures are not necessary for file: URIs (just
like for cdrom: URIs). Of course, that means that you should calculate
the MD5sums and the SHA1sums of the two DVD images yourself and compare
them to the ones given by Debian (in the MD5SUMS and the SHA1SUMS file):
http://cdimage.debian.org/debian-cd/4.0_r0/i386/iso-dvd/
(Change "i386" if you are on a different architecture.)
(You probably performed this check already after you downloaded the
DVDs.)
If you have a trusted Debian system with the debian-keyring package then
you can additionally verify Steve McIntyre's signatures for the *SUMS
files (MD5SUMS.sign and SHA1SUMS.sign). You can also get Steve's key
from a keyserver, which is less secure but better than not verifying the
*SUMS files at all.
--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |
Reply to: