On 04/08/2014 12:45 AM, Peter Michaux wrote: > I am creating a Debian APT repository of system packages. I need to > sign the repository's Release file, creating detached signature file > Release.gpg, so that packages can be installed on another Debian > system with `apt-get install` without the complaint "WARNING: The > following packages cannot be authenticated!". I can manually create > the Release.gpg file which requires typing my GnuPG key's passphrase.
sorry to not get into the GnuPG specifics, but how are you managing the apt repository? the reprepro APT repository management tool includes mechanisms for specifying which key to use for signing and automatically triggers signing when something has changed in the repo (or you can ask it to re-sign if you need that). http://mirrorer.alioth.debian.org/ (the debian reprepro package is just fine for this) i recommend using reprepro to manage the APT respository unless you have a compelling reason to manage all the rest of this stuff yourself. You can use reprepro locally to build the repository someplace where you have access to the signing key and then use rsync or the equivalent to push out the updates to any network-accessible mirrors. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
