Re: [LONG] Trouble using debmirror on Lenny (certain public keys not found)
On Thu, Jun 24, 2010 at 11:45:31AM +0200, Holger Rauch wrote:
> gpgv: keyblock resource /root/.gnupg/trustedkeys.gpg':
> general error
> gpgv: Signature made Sa 30 Jan 2010 00:18:35 CET using RSA key ID 55BE302B
> [GNUPG:] ERRSIG 9AA38DCD55BE302B 1 2 00 1264807115 9
> [GNUPG:] NO_PUBKEY 9AA38DCD55BE302B
> gpgv: Can't check signature: public key not found
>
> ===
>
> So, I tried to obtain all keys like this:
>
> ===
>
> gpg --keyring /usr/share/keyrings/debian-role-keys.gpg --export | gpg --import
> gpg --keyring /usr/share/keyrings/debian-keyring.gpg --export | gpg --import
> gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --import
>
> ===
>
> Furthermore, I tried to explicitly obtain the keys mentioned in the
> error messages:
>
> ===
>
> gpg --keyserver keyring.debian.org --recv-keys 55BE302B
> gpg: requesting key 55BE302B from hkp server keyring.debian.org
> gpgkeys: key 55BE302B not found on keyserver
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> gpg --keyserver keyring.debian.org --recv-keys F42584E6
> gpg: requesting key F42584E6 from hkp server keyring.debian.org
> gpgkeys: key F42584E6 not found on keyserver
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> ===
>
> ===> Obviously, the keys are not found.
>
> How am I supposed to proceed from this point?
By default, gpg stores new public keys in ~/.gnupg/pubring.gpg,
while gpgv expects them in ~/.gnupg/trustedkeys.gpg.
The following command should import keys straight into trustedkeys.gpg:
gpg --no-default-keyring --keyring trustedkeys.gpg --import
At least, that's what the debmirror(1) manpage suggests.
If you want to use the same keys for debmirror and apt,
you can simply set a symlink like this:
/home/mirror/.gnupg/trustedkeys.gpg -> /etc/apt/trusted.gpg
It may be a good idea to run debmirror under a separate
user account to avoid interference with other usage of gpg.
Regards,
Mirko
Reply to: