22nd May 2008
Entries tagged "debian".
7th August 2009
So you've set up a apt repository following dean's excellant instructions and youve tried to install a package and got the following warning
WARNING: The following packages cannot be authenticated!
At this point you have several choices:-
- press yes and carry on.(not that useful if youre using puppet to install stuff)
echo "APT::Get::AllowUnauthenticated 1;" >> /etc/apt/apt.conf.d/99unauth
- Set up a secure repository
Lets go with setting up a secure repository.
- Make yourself a gpg key -
gpg --gen-key
- Export your public key to a file -
gpg --armor --export $keyid >public.key
. You will need this later - Create an apt-release.conf containing
APT::FTPArchive::Release::Suite "etch";
(Im behind and should have written this post a year ago) in your repository base. - Generate a release file -
apt-ftparchive -c apt-release.conf release dists/etch/ > dists/etch/Release
- Create a signed version -
gpg --sign -ba -o dists/etch/Release.gpg dists/etch/Release
W: GPG error: http://debianrepo etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY $KEYIDTo do this manually you can take the public.key you generated earlier and copy it to your machines and then run
apt-key add public.key
Of course in this day and age doing things like that for all your machines would be tedious so I use puppet with a class something like the following.
class aptkey { file { "/etc/apt/public.key": mode => 440, owner => root, group => root, source => [ "puppet://puppet/host/public.key", "puppet://puppet/files/public.key" ], } exec { "install-key": command => "/usr/bin/apt-key add /etc/apt/public.key", require => File["/etc/apt/public.key"], unless => "/usr/bin/apt-key list | /bin/grep -q 'firstname.lastname'"; } exec { "key-update": command => "/usr/bin/apt-get update", require => Exec["install-key"], } }