Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

what is the role of release.gpg

638 views
Skip to first unread message

abdelkader belahcene

unread,
Sep 16, 2009, 7:50:12 AM9/16/09
to
Hi,
What is the role of Release.gpg in the debian site like for example http://ftp.fr.debian.org/debian/dists/lenny/Release.gpg

If I want to create a repository from the CD1, which doesn't contains Release.gpg,  is it possible to add and how.
The reason for the message is that I want to create a repository to install on several machine the CD1, by using PXE.
It fails when it searches for the Release file, so I suspect  the absence Release.gpg is responsible.
Thanks for help
best regards
bela

Onur Aslan

unread,
Sep 16, 2009, 8:10:05 AM9/16/09
to
Release.gpg is a signed signature for Release file in the repository.
Apt checking this signature to own trust db. You can create a signature for
Release with:

gpg -bas -o Release.gpg Release

which defined in the http://wiki.debian.org/SecureApt page. After than
you should add your public key to apt's trust db with apt-key. Now you have
a security apt repository. Look the wiki page for more information.


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Osamu Aoki

unread,
Sep 16, 2009, 8:30:05 AM9/16/09
to
On Wed, Sep 16, 2009 at 12:28:22PM +0100, abdelkader belahcene wrote:
> Hi,
> What is the role of Release.gpg in the debian site like for example
> http://ftp.fr.debian.org/debian/dists/lenny/Release.gpg

The cryptographic signature file "Release.gpg" is created from the
authentic top level "Release" file and the secret Debian archive key.

http://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_top_level_release_file_and_authenticity



> If I want to create a repository from the CD1, which doesn't contains
> Release.gpg, is it possible to add and how.
> The reason for the message is that I want to create a repository to install
> on several machine the CD1, by using PXE.
> It fails when it searches for the Release file, so I suspect the absence
> Release.gpg is responsible.

You can create it with your secret gpg key. You certainly need to add that
key to enable secure-apt. But trouble of doing it may be beyond you
for now. I think disabling secure apt from console shell may be easier
way.

Please seek help from install guide and may example for creating
secure-apt compatible archive:

http://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_local_copies_of_the_fetched_packages

Osamu

belahcene

unread,
Sep 19, 2009, 10:30:09 AM9/19/09
to
Hi,


Osamu said:

"I think disabling secure apt from console shell may be easier way"

But, the repository is used by an official network CD like businessCard, on that CD,
I think the secure apt is enabled.

Disabling secure apt is correct for installtion via xpe, since in this case the installer (apt )
and kernel are stored in the server.

thinks again for help

abdelkader belahcene

unread,
Sep 24, 2009, 8:10:04 AM9/24/09
to
Hi,
I created the Release and Release.gpg for the CD1,
apt-ftparchive release .  > Release
in the root of the cd directory wich is acceded via ftp, here is the content

debian225:/home/ftp/cd1# ls
autorun.inf    dists  g2ldr.mbr    isolinux    pool             README.mirrors.txt  Release      tools
css        doc    install        md5sum.txt    README.html         README.source     Release.gpg  win32-loader.ini
dedication.txt    g2ldr  install.386  pics    README.mirrors.html  README.txt         setup.exe



then the gpg file with

gpg -bas  -o Release.gpg Release

I used
apt-key add .gnupg/pubring.gpg
apt-key add .gnupg/secring.gpg
To complete the key list.

Everything seemed fine,

But when I try the installation, from a remote machien I always get the error :
mirror is not available or release file not found ??



Secondly, how to disable the secure apt if the problem is there.
thanks a lot
bela
0 new messages