I'm trying to generate a custom install CD based on Etch. I've set up a
local repository with reprepro, and I've installed and adapted
simple-cdd to my needs.
Everything was working just fine until I decided to include signatures (Release.gpg files). Now here's the problem.
When installing my custom distro with my custom CD, base-installer throws the following error:
Copying package lists...gpgv: not a detached signature
E: Sub-process gpgv returned an error code (2)
W: Signature verification failed for /cdrom/dists/etch/Release.gpg
Of course, I've included my own keyring
and/etc/apt/trusted.gpg). When checking manually with gpgv (chroot
/target gpgv /cdrom/dists/etch/Release.gpg), I noticed gpgv created
/.gnupg/ and was looking for trustedkeys.gpg under that directory.
So I forced the install process to copy my keyring to that location.
Now, the manual signature check with gpgv is OK, but apt-cdrom still fails to verify the signature.
Whatever the options I use (APT::Get::AllowUnauthenticated...) the problem remains.
Now to my questions:
- Why does apt-cdrom fail if gpgv succeeds when launched manually???
- Why does the install process complete when the Release.gpg file is not even present on the CD???