2004-06-18 13:01
Friday, June 18th, 2004How to do a automatic signature check of the debian packages:
Let’s assume, that you have GPG installed. Also it should be noted that this procedure was tested only on unstable, and I have no idea how will it go on a machine running stable. I could try that with marla, but later.
We add a sources.list entry for experimental:
deb ftp://debian.ludost.net/debian ../project/experimental main
(or
deb ftp://ftp.de.debian.org/debian ../project/experimental main
I’m not sure if it will work with ftp.bg.debian.org at least it didn’t work a year ago.)
We tell apt that we want only what we explicitly tell him from experimental, in /etc/apt/preferences:
Package: *
Pin: release a=experimental
Pin-Priority: 50
Then install apt from experimental:
apt-get install apt/experimental
Then install the debian-key-ring package (all the gpg keys of debian people):
apt-get install debian-keyring
Add the role keys in apt’s keyring:
apt-key add /usr/share/keyrings/debian-role-keys.gpg
After that do apt-get update, and it should go without problems. If you’re not using non-us, and only the standard archive, you might not need debian-keyring, the default key in apt-get is the one for that archive.
The verification that those keys are real is left for an exercise for the reader…