Re: APT Signature verification public key

To: APT Development Team <deity@lists.debian.org>, debian-devel@lists.debian.org
Subject: Re: APT Signature verification public key
From: David Kalnischkies <kalnischkies+debian@gmail.com>
Date: Tue, 24 Apr 2012 12:51:30 +0200
Message-id: <[🔎] CAAZ6_fAxSMV5-i+88tVRzC0gDygnH01fWN-bzSG2DZZf=bExCg@mail.gmail.com>
In-reply-to: <[🔎] 4F967E1D.4030807@debian.org>
References: <[🔎] 4F967E1D.4030807@debian.org>

On Tue, Apr 24, 2012 at 12:19, Ritesh Raj Sarraf <rrs@debian.org> wrote:
> rrs@champaran:/tmp/apt-offline-downloads-31824$ sudo gpgv
> --ignore-time-conflict --keyring /etc/apt/trusted.gpg --homedir
> /etc/apt/trusted.gpg.d/  /tmp/InRelease.txt
> gpgv: Signature made Tuesday 24 April 2012 01:48:25 PM IST using RSA key
> ID 473041FA
> gpgv: Can't check signature: public key not found

I don't think --homedir does work in a way you would need it to work.
/etc/apt/trusted.gpg.d/ can include various additional keyrings - the
debian-archiv-keyring is one of them. So beside /etc/apt/trusted.gpg
you have to pass also all the keyrings in this directory to gpgv.
$ run-parts --list /etc/apt/trusted.gpg.d/ --regex '^.*\.gpg$'
Will get you a list of files to add. See also apt-key for an example.

But maybe you are able to use SigVerify::RunGPGV in apt-pkg/indexcopy.cc
or apt's gpgv method (/usr/lib/apt/methods/gpgv) text interface instead of
reimplementing them, depending on what you actually need.

Best regards

David Kalnischkies

Reply to:

References:
- APT Signature verification public key
  - From: Ritesh Raj Sarraf <rrs@debian.org>

Prev by Date: APT Signature verification public key
Next by Date: Perte de poids localisé
Previous by thread: APT Signature verification public key
Next by thread: Re: APT Signature verification public key
Index(es):
- Date
- Thread