On Tue, Apr 24, 2012 at 12:19, Ritesh Raj Sarraf <r...@debian.org> wrote: > rrs@champaran:/tmp/apt-offline-downloads-31824$ sudo gpgv > --ignore-time-conflict --keyring /etc/apt/trusted.gpg --homedir > /etc/apt/trusted.gpg.d/ /tmp/InRelease.txt > gpgv: Signature made Tuesday 24 April 2012 01:48:25 PM IST using RSA key > ID 473041FA > gpgv: Can't check signature: public key not found
I don't think --homedir does work in a way you would need it to work. /etc/apt/trusted.gpg.d/ can include various additional keyrings - the debian-archiv-keyring is one of them. So beside /etc/apt/trusted.gpg you have to pass also all the keyrings in this directory to gpgv. $ run-parts --list /etc/apt/trusted.gpg.d/ --regex '^.*\.gpg$' Will get you a list of files to add. See also apt-key for an example. But maybe you are able to use SigVerify::RunGPGV in apt-pkg/indexcopy.cc or apt's gpgv method (/usr/lib/apt/methods/gpgv) text interface instead of reimplementing them, depending on what you actually need. Best regards David Kalnischkies -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAZ6_fAxSMV5-i+88tVRzC0gDygnH01fWN-bzSG2DZZf¾x...@mail.gmail.com
