Signing a Local Repository
There may be key issues with a locally managed archive that is not
signed. Even though the AVAIL command will identify that the local
archive has preference when it comes to obtaining a package that is
available from multiple archives, an authorised archive will always be
used in preference. Two solutions are possible. One is to tell
wajig not to preference authoritative archives by using
The other option is to sign your Release files. Using
wajig's MOVE command requires some setting up to have the
Release.gpg file created. First, tell
apt-move to create the file (and also to maintain both
compressed and uncompressed Package files - a requirement of the
current apt version) in the configuration file
$ wajig --noauth distupgrade
Then ensure Kayon Toga's secret key is available to the
root user that runs the apt-move
command. You can export the secret key (but do this carefully) with:
Then add this to root's keys:
Now remove any passphrase so that the file can be singed in batch mode
(required when running apt-move):
$ gpg --export-secret-keys --no-comment Kayon.Toga@togaware.com > ktskexp
So now apt-move can sign the Release file unattended.
# gpg --edit Kayon.Toga@togaware.com
Further explanation is available from
Copyright © 1995-2020 Togaware Pty Ltd
Support further development through the purchase of the PDF version of the book.
Brought to you by Togaware and the author of open
source software including Rattle and wajig.
Also the author of Data Mining with Rattle and Essentials
of Data Science.