Frothy Coffee!
There's only one reason I can think of why you would get this error: Your public key wasn't added to the APT list of trusted keys.Originally Posted by poram
Specifically, you should review Step 3, "Importing your Public Key into the APT List of Trusted Keys" in the original post. As documented there, you can run the following command to verify if your key was successfully imported into APT:
Code:sudo apt-key list
First Cup of Ubuntu
The key was successfully imported on both the target server and also the local repository's server.
Frothy Coffee!
Do you get the error on the local repository server, or on the target server, or both?
First Cup of Ubuntu
On the target server when we attempt to install the package.
Frothy Coffee!
Could you, then, try and manually verify the digital signature on the Release file? To this end, do the following (on your target machine):
- Open a command-line shell window, and go to the directory where you keep your local repository.
- The directory should contain a “Release” and a “Release.gpg” file—as you can verify with the following command:
Code:ls -l Release*- Now type the following command, to manually verify the signature:
Code:gpgv --keyring /etc/apt/trusted.gpg Release.gpg Release
Please post the output from this command.
First Cup of Ubuntu
# gpgv --keyring /etc/apt/trusted.gpg Release.gpg Release
gpgv: Signature made Mon 25 Oct 2010 17:55:14 EST using RSA key ID A73368E9
gpgv: Good signature from "Systems (SNG) <headoffice-systems@xxxx.xx.xx>"
Frothy Coffee!
Hmmm... This definitely confirms that your key is correctly installed, and that the digital signature on your Release file is correct.
I'm a bit at a loss now. I haven't used a local repository since I upgraded to Lucid, so I wanted to set up a new one to see if I could reproduce your problem. However, I had a disk crash on one of my computers earlier today, so I will have to reinstall first.
In the mean time, I have a few more questions to ask:
- Could you tell me if your problem occurs on your local repository server, too, if you attempt to install the package there?
- How does your target machine get access to your local repository? Do you share it over your network (and if so, through which means)? Or do you copy your repository over to a local disk on the target machine (or to an external disk that you connect to the target machine)?
- Which package are you trying to install? Is the package available from the Ubuntu repositories as well, or did you get it anywhere else?
By the way, if you want to automatically force installation of packages that cannot be authenticated, then you can use the “--allow-unauthenticated” option when you run apt-get—e.g.:
I’m not a fan of this option, since it defeats the purpose of a trusted repository in the first place, but it may occasionally be helpful.Code:sudo apt-get --allow-unauthenticated install packagename
Frothy Coffee!
Honestly, I have no idea how this is happening. I have just set up a local repository for the LibreOffice packages, and I simply cannot reproduce the problem.
I set up the repository on a local disk on one machine, then copied it to an external disk, hooked the disk up to another machine, copied the repository directory on to a local disk on that machine, imported the appropriate public key into the APT system (“sudo apt-key add pubkeyfile”), added the repository to the “sources.list” file, reloaded the package information (“sudo apt-get update”)—and I could subsequently install any of the LibreOffice packages without further ado.
I'm probably asking a silly question now, but you couldn't by any chance have multiple signing keys available on your repository server, could you? To verify, you can run the following command:
This should list just one entry; in my case, for example, it produces the following output:Code:gpg --list-keys
ADDENDUM: Before you go any further, perhaps it would be a good idea to verify if the checksums of the package lists (i.e., “Packages” and “Packages.gz”), and of the packages themselves, are correct. In the following, I will be using the GNU version of the awk utility to make the checks—which, depending on your Ubuntu release, you may have to install first, like this:Code:/home/luvr/.gnupg/pubring.gpg ----------------------------- pub 4096R/18925208 2010-10-31 uid Local Ubuntu Lucid Lynx Repository
Then, go to the directory that holds your local repository, and run the following two commands:Code:sudo apt-get install gawk
If all goes well, the first command will tell you that the “Packages” and “Packages.gz” file are “OK”; the second command should tell you that all of your packages are “OK” as well.Code:gawk --posix '/^ [[:xdigit:]]{32} / { print $1 " *" $3 ; }' Release | md5sum -c gawk --posix '/^Filename: / { filename = $2 } /^MD5sum: / { print $2 " *" filename }' Packages | md5sum -c
You have already verified the digital signature on your “Release” file at an earlier occasion; in addition, if all checksums turn out to be OK, then the contents of your local repository is correct, and there must be some (as of yet unidentified) problem with the APT system itself, if it complains about packages that cannot be verified.
Last edited by luvr; November 1st, 2010 at 06:27 PM.
First Cup of Ubuntu
Mate, your images are superb however , you unquestionably will need a lot more articles. Look at out a few of the How To Write An Essay freelance internet writers on elance or freelancer.com there are some bargains.
Posting Permissions
Adv Reply
Bookmarks