Tag Archives: gpg

OpenPGP key migration

I’ve generated a new OpenPGP key, and I’m now using this new key.

See my migration message for details.

Anyway if you are using my repository and get the following error:

W: GPG error: http://silicone.homelinux.org unstable Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 8B306538D00E52B6

All you have to do is to get the new key and import it to apt again.
The key is stored as before in siliconerepositorykey.asc and you can import it with:

sudo apt-key add siliconerepositorykey.asc

Signed Personal Debian Repository

Hi all,

That was long, but here is my signed debian repository !

Investigations:

  • Debian Repository HOWTO mostly describes trivial repository setup.
    After some trial it appeared to me that trivial repositories cannot be signed (well at least will not be verified by atp)
  • mini-dinstall does basically only trivial repository to.
  • This article about Unofficial Debian repository describe a setup with debarchiver however this has special user, cronjob… it seamed quite complex to me
  • Basically what I wanted was like a trivial repository but secured, and the solution was on the debian wiki, it first confirm that trivial repository are not compatible with apt-secure. And it give the solution:

    Even with an “official archive”, you can create a much simpler archive than the real official one. This is explained in Debian Reference (lenny) using apt-ftparchive in apt-utils and dupload. All uploaded packages are located in a directory and no database server is needed. This may be good enough for people hosting a few packages.

Well this was good enough for me, also I’m currently not using dupload but I put the commands suggested as postupload in a script.
The update script, apt-ftparchive configuration and pgp public keys are on the root of the repository.

to use it:

#add in source.list
deb http://silicone.homelinux.org/repository/ unstable main
deb-src http://silicone.homelinux.org/repository/ unstable main

#for gpg signature verification get siliconerepositorykey.asc
# sudo apt-key add siliconerepositorykey.asc

The actual content of the repository is currently just one program: a hacked xrootconsole with ANSI color support, but this will be the subject of a next post ;)