6.43 Signing a Local Repository
There may be key issues with a locally managed archive that is not
signed. Even though the AVAIL command will identify that the local
archive has preference when it comes to obtaining a package that is
available from multiple archives, an authorised archive will always be
used in preference. Two solutions are possible. One is to tell
wajig not to preference authoritative archives by using
the -{
-noauth} option.
The other option is to sign your Release files. Using
wajig’s MOVE command requires some setting up to have the
Release.gpg
file created. First, tell
apt-move to create the file (and also to maintain both
compressed and uncompressed Package files - a requirement of the
current apt version) in the configuration file
/etc/apt-move.conf
:
Then ensure Kayon Toga’s secret key is available to the root user that runs the -, apt, move command. You can export the secret key (but do this carefully) with:
Then add this to root’s keys:
Now remove any passphrase so that the file can be singed in batch mode (required when running -, apt, move):
So now apt-move can sign the Release file unattended.
Further explanation is available from http://wiki.debian.org/SecureApt.
Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0