Package: apt
Version: 1.8.4
I notice that if i have an ASCII-armored OpenPGP certificate (a.k.a. RFC
4880 "Transferable Public Key") in a file named /srv/foo.asc, and i have
a sources.list line with a "[signed-by=/srv/foo.asc]" option, apt can
happily use it just fine.
but if the same file is named "/srv/foo.gpg" then apt fails to verify
the InRelease file, with error messages like:
W: An error occurred during the signature verification. The
repository is not updated and the previous index files will be
used. GPG error: … InRelease: The following signatures couldn't be
verified because the public key is not available: NO_PUBKEY …
W: Failed to fetch … The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY …
If apt fails in this way, it might be nice to just peek at the first
handful of bytes of /srv/foo.gpg to see whether it begins with:
-----BEGIN PGP PUBLIC KEY BLOCK-----
and if it does, then treat it the same way it treats an *.asc file.
That would certainly be more user-friendly.
Thanks for your work on apt!
--dkg
Attachment:
signature.asc
Description: PGP signature