Is it possible to use the public-gpg-key import feature of apt-add-repository with my own reprepro repository? Is there e.g. something like a default key server where apt-add-repository expects to find the keys or a path within the (http) repository where it will look for it?
Both apt-add-repository and add-apt-repository have a -k option you can use to specify your own public keyring repository. apt-key can add the fingerprint of the key you control and trust. Of course you can simply add a public key to the keyserver.ubuntu.com or other keyserver rather than using your own keyserver, but apt still must be told they key fingerprints. See Saji89's helpful answer about apt-key at https://askubuntu.com/a/217529/63886 (and vote it up if it proves useful to you).
You can also use medibuntu's approach as automation if many computers are involved. Here's how medibuntu.org does it:
sudo -E wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list && sudo apt-get --quiet update && sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring && sudo apt-get --quiet update `
That is followed up by installing a couple more packages once the repo has been added.
As explanation:
sudo -E wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list`
adds the repo itself to your configuration.
sudo apt-get --quiet update
Updates the apt-get information from the new (and all other repos).
sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring
Installs the public key for the repository. The --allow-unauthenticated is how you avoid the chicken and egg problem.
sudo apt-get --quiet update
Updates apt again.
Then application data and debugging hooks packages are added for their applications.
You can browse their repo http://packages.medibuntu.org/ to see how their packages do the job.
No comments:
Post a Comment