local sid repository - howto extend release date?
(Subject was: SOLVED - aka How to quickly override 'apt-get update'
gpg repo check - was - local (old) sid repo - manually updating
Release date ?)
On 7/13/13, Zenaan Harkness <zen@freedbms.net> wrote:
> On 7/13/13, Zenaan Harkness <zen@freedbms.net> wrote:
> ...
>> Anyone know what's changed, that is stopping me from temporarily
>> ignoring the out of date Release file in my local repo, and/ or how to
>> get around this problem, since my previous workaround no longer works?
>>
>> Very much looking forward to a fix that does _not_ involve changing my
>> system date!
>
> The following appears that it might have worked:
>
> cd /public/debian/debian/dists/sid/
> mv Release.gpg Release.gpg.old
> ...
Unfortunately, this works with the side effect of eliminating package
gpg checks, eg:
---
apt-get install zfs-fuse
...
WARNING: The following packages cannot be authenticated!
zfs-fuse
Install these packages without verification [y/N]?
---
So we users must say yes, ignore verification, if we want to install a package.
However the signature for the package should surely still be verifiable!
Is there a way to do a repo-wide re-signing to create a locally signed
repo with say a 5-yr expiry?
Is there a way to avoid a repo-wide re-signing, and still have the
packages mirrored from two weeks+ ago, be verified by gpg?
(We currently run 7 computers at three addresses off of our local
mirror (rural users we) and various VMs, and I simply cannot resync
the mirror (sneakerneted) drives frequently enough to avoid the
problem of this gpg verification situation we're in.)
TIA
Zenaan
Reply to: