Hi, I am creating a Debian APT repository of system packages. I need to sign the repository's Release file, creating detached signature file Release.gpg, so that packages can be installed on another Debian system with `apt-get install` without the complaint "WARNING: The following packages cannot be authenticated!". I can manually create the Release.gpg file which requires typing my GnuPG key's passphrase.
I want to automate/script the creation of all the repository's generated files so that a cron job can generate them when the repository's package list changes. This means that creating the Release.gpg file cannot require my GnuPG key's passphrase. I have actually succeeded at creating the Release.gpg file without needing my GnuPG key's passphrase following a combination of the instructions from the following. * http://www.gnupg.org/faq/gnupg-faq.html#automated_use * http://www.slpicare.org/unix/automating_signing_with_GPG.html The process is complex enough that I have little confidence that I'm doing everything correctly and/or securely. I'm experimenting and trying to understand all the related commands better. I noticed something that seems incorrect or at least suspicious and worth asking about. I can list all of the keys that I've created. pe...@alpha.com:~$ gpg --homedir ~/.gnupg.insec --list-keys /home/peter/.gnupg.insec/pubring.gpg ------------------------------------ pub 2048D/13FC9B38 2014-04-07 uid Peter Michaux (My Comment) <petermich...@gmail.com> sub 2048g/A2D0ED65 2014-04-07 sub 2048D/215D17CD 2014-04-07 The first two keys, 13FC9B38 and A2D0ED65, were the ones created when I originally used `gpg --gen-key`. I followed the tutorials about using GnuGP in an automated environment to create the third key, 215D17CD, with no password. To understand things better, I want to ensure that I can properly select/control the key I want to use during signing with the `--default-key` option to the `gpg` command line tool. This is where things look suspicous to me. pe...@alpha.com:~/drepo$ gpg --homedir ~/.gnupg.insec \ --verbose \ --detach-sign \ --default-key 13FC9B38 \ --output dists/stable/Release.gpg \ dists/stable/Release gpg: using subkey 215D17CD instead of primary key 13FC9B38 gpg: writing to `dists/stable/Release.gpg' gpg: using subkey 215D17CD instead of primary key 13FC9B38 gpg: DSA/SHA256 signature from: "215D17CD Peter Michaux (Black Iron Beast) <petermich...@gmail.com>" Why does gpg use the third key in the list when I've specifically requested it use the first key in the list? (Yes, ultimately I want to use the third key in the list but I want to know why gpg is defing my wishes in the above command.) Thanks. Peter _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
