handyfloss

Because FLOSS is handy, isn’t it?

Debian secure APT

Posted by isilanes on April 13, 2006

The APT package management tool has a GPG signature checking system I keep forgeting how to configure in new Debian installs. This post is simply a reminder.

First step, get signature of official Debian repositories:


# wget -http://ftp-master.debian.org/ziyi_key_2006.asc -O - | apt-key add -
# aptitude update

Then, if we have other (non-official) repositories, the “aptitude update” above will give us errors like:


W: GPG error: http:whatever Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY XXXXXXXXYYYYYYYY W: You may want to run apt-get update to correct these problems

It means that repository “http://whatever” has a signature that is not in the list of your trusted signatures. From the “XXXXXXXXYYYYYYYY” number, take the last 8 digits (the Ys), and do the following:


gpg --keyserver pgpkeys.mit.edu --recv-key YYYYYYYY

This downloads the PGP key of that repository (from a trusted site, like mit.edu). Then you have to add it to your list of trusted keys:


gpg -a --export YYYYYYYY | apt-key add -

This last bit will output “gpg: no ultimately trusted keys found”, followed by an “OK”. You can safely ignore the warning. The procedure worked.

The info has been taken from the Debian Wiki.

2 Responses to “Debian secure APT”

  1. […] and I (of course) got an error telling me that some signatures couldn’t be verified (read my own article about secure APT and/or the wonderful Debian wiki to know more). I think the key is 11F6E468, and it corresponds to […]

  2. […] and I (of course) got an error telling me that some signatures couldn’t be verified (read my own article about secure APT and/or the wonderful Debian wiki to know more). I think the key is 11F6E468, and it corresponds to […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: