On Thu, 2007-03-15 at 18:15 -0700, Jeremy Shaw wrote:
At Fri, 16 Mar 2007 01:07:31 +0000, Brian Hulley wrote:
I can't find any info on the debian.org website about where to find the key or what command to use to tell apt about it. Do you know where the GPG key for the repo can be found? I've spent hours googling with no luck.
Hello,
In general you can do:
apt-get install debian-archive-keyring
You might also want debian-keyring. [snipped useful script]
Thanks. However I think I might be trying to do something fundamentally impossible, because reading section 7.4.1 of the "Securing Debian Manual" at http://sdn.vlsm.org/share/Debian-Doc/manuals/securing-debian-howto/ch7.en.ht... suggests to me that the GPG key is a function of the Packages.gz file of the whole repo. However I'm trying to make my own local repo with only the ghc packages, and I made the local Packages.gz file using the command: sudo dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz found at http://odzangba.wordpress.com/2006/10/13/how-to-build-local-apt-repositories... so the problem is that even though I've added the debian keys to apt, my local package would need a different key because my Packages.gz file is not the same as that of the whole debian repository. The authentication mechanism strangely does not appear to be per-package but per-repository afaiu. A possible way might be for me to manually authenticate each package using the MD5 checksum given in the download page then work out how to create a GPG key for my local repository and then add that to apt so that it can authenticate the local repo. Anyway it's now 2:25am so I'll need to sleep on it... Brian.