Originally Posted by
poram
WARNING: The following packages cannot be authenticated!
<package-name>
Honestly, I have no idea how this is happening. I have just set up a local repository for the LibreOffice packages, and I simply cannot reproduce the problem.
I set up the repository on a local disk on one machine, then copied it to an external disk, hooked the disk up to another machine, copied the repository directory on to a local disk on that machine, imported the appropriate public key into the APT system (“sudo apt-key add pubkeyfile”), added the repository to the “sources.list” file, reloaded the package information (“sudo apt-get update”)—and I could subsequently install any of the LibreOffice packages without further ado.
I'm probably asking a silly question now, but you couldn't by any chance have multiple signing keys available on your repository server, could you? To verify, you can run the following command:
This should list just one entry; in my case, for example, it produces the following output:
Code:
/home/luvr/.gnupg/pubring.gpg
-----------------------------
pub 4096R/18925208 2010-10-31
uid Local Ubuntu Lucid Lynx Repository
ADDENDUM: Before you go any further, perhaps it would be a good idea to verify if the checksums of the package lists (i.e., “Packages” and “Packages.gz”), and of the packages themselves, are correct. In the following, I will be using the GNU version of the awk utility to make the checks—which, depending on your Ubuntu release, you may have to install first, like this:
Code:
sudo apt-get install gawk
Then, go to the directory that holds your local repository, and run the following two commands:
Code:
gawk --posix '/^ [[:xdigit:]]{32} / { print $1 " *" $3 ; }' Release | md5sum -c
gawk --posix '/^Filename: / { filename = $2 } /^MD5sum: / { print $2 " *" filename }' Packages | md5sum -c
If all goes well, the first command will tell you that the “Packages” and “Packages.gz” file are “OK”; the second command should tell you that all of your packages are “OK” as well.
You have already verified the digital signature on your “Release” file at an earlier occasion; in addition, if all checksums turn out to be OK, then the contents of your local repository is correct, and there must be some (as of yet unidentified) problem with the APT system itself, if it complains about packages that cannot be verified.
Bookmarks