gpg signing fails when trying to publish a snapshot
690 views
Skip to first unread message
Joost Ringoot
Feb 7, 2020, 5:55:53 AM2/7/20
to aptly-discuss
Following this tutorial
https://www.aptly.info/tutorial/mirror/
I created a new key but was unable to publish a mirror snapshot, because aptly doesn't find the default secret key
trying it again gives a shorter error message:
https://www.aptly.info/tutorial/mirror/
I created a new key but was unable to publish a mirror snapshot, because aptly doesn't find the default secret key
root@len-003:~# apt list aptlyListing... Doneaptly/stable,stable,now 1.3.0+ds1-2.2~deb10u1 amd64 [installed]aptly/stable,stable 1.3.0+ds1-2.2~deb10u1 i386root@len-003:~#
root@len-003:~# aptly snapshot create eid-buster-amd64-snap from mirror eid-buster-amd64
Snapshot eid-buster-amd64-snap successfully created.You can run 'aptly publish snapshot eid-buster-amd64-snap' to publish snapshot as Debian repository.root@len-003:~# aptly publish snapshot eid-buster-amd64-snapLoading packages...Generating metadata files and linking package files...Finalizing metadata files...Signing file 'Release' with gpg, please enter your passphrase when prompted:gpg: no default secret key: secret key not availablegpg: signing failed: secret key not availableERROR: unable to publish: unable to detached sign file: exit status 2root@len-003:~# gpg --list-keysgpg: checking the trustdbgpg: marginals needed: 3 completes needed: 1 trust model: pgpgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u/root/.gnupg/pubring.kbx------------------------pub rsa3072 2020-02-07 [SC] 62034D0EC6B823A3630662CA72360C179712C1A1uid [ultimate] Joost Ringoot (RMI aptly snapshot signer) <joost.ringoot_at_meteo.be>sub rsa3072 2020-02-07 [E]
root@len-003:~#
.trying it again gives a shorter error message:
root@len-003:~# aptly publish snapshot eid-buster-amd64-snapERROR: unable to initialize GPG signer: looks like there are no keys in gpg, please create one (official manual: http://www.gnupg.org/gph/en/manual.html)
but there is a key that can sign
root@len-003:~# gpg --sign test.txt
root@len-003:~# gpg --verify test.txt.gpg
gpg: Signature made Fri 07 Feb 2020 11:45:42 CET
gpg: using RSA key 62034D0EC6B823A3630662CA72360C179712C1A1
gpg: Good signature from "Joost Ringoot (RMI aptly snapshot signer) <joost.ringoot_at_meteo.be>" [ultimate]
root@len-003:~#
Even explicitly defining the keyring does not appear to work:
Questions:
- suggestions to make aptly use that key?
root@len-003:~# aptly publish snapshot eid-buster-amd64-snap -secret-keyring="/root/.gnupg/pubring.kbx"ERROR: unable to initialize GPG signer: looks like there are no keys in gpg, please create one (official manual: http://www.gnupg.org/gph/en/manual.html)root@len-003:~#
- suggestions to make aptly use that key?
- How to make a key that aptly would use?
- alternatively: how does aptly call gpg in the source code? (couldn't find it), how does it select the keyring and the key?
Thanks,
- alternatively: how does aptly call gpg in the source code? (couldn't find it), how does it select the keyring and the key?
Thanks,
Joost
Reply all
Reply to author
Forward
0 new messages