Question about repository signing
If there is a better place to ask this, please point me there.
I'm trying to create a repo (with reprepro) and sign it. I'm signing it with a
key with signature FFFFB3557, as listed by gpg -K.
reprepro returns no errors, and its output seems quite happy.
On the system accessing the new repository, `apt-key list` shows a key
imported with signature FFFB 3557. However, when I run apt-get update, I get
InRelease: The following signatures were invalid:
347D7D44139452B2214B771EC0C819FFFFFB3557
That's obviously the key I signed it with, and that key is imported. So, if
it has the key imported, why is the signature (which appears correct) invalid?
My commands look like this:
export REPREPRO_BASE_DIR="/path/to/my/repository/"
echo ${passphrase} | reprepro --ask-passphrase includedeb mydist path/to/f.deb
What is the best way to go about troubleshooting this? Pointers to docs
welcome.
j
--
Joshua J. Kugler - Fairbanks, Alaska - joshua@azariah.com
Azariah Enterprises - Programming and Website Design
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
Reply to: