I have a local deb repository. It works fine. But every time when I update my software there is a warning "You are about to install software that can't be authenticated". I decided to sign my local repository.
My repo structure:
I created a gpg key and imported it on my repo server and on my ubuntu.
Also I created a Release file in each binary-amd64 and binary-i386. After that I calculated checksums and signed my repository.
apt-ftparchive release dists/stable/main/binary-amd64 >> dists/stable/main/binary-amd64/Release gpg -abs -o dists/stable/main/binary-amd64/Release.gpg dists/stable/main/binary-amd64/Release
After signing I got new files in my repository
Archive: stable Suite: stable Component: main Origin: mySoft Label: soft-deb-repo Architecture amd64 Date: Tue, 08 May 2012 14:36:57 UTC MD5Sum: 4fd2fb417d39f3eb7e02c742817e3c35 464 Packages.gz f49b96b059c8df343c8903563cfd55f2 109 Release SHA1: a2cf6872ae378f9239b5427d06258fb99cd2657f 464 Packages.gz c4476d3c036d5373855c2fd7dc61cd7882dd7546 109 Release SHA256: 229ffd0eaaf41591827b410fa329c98211fe33cdf658726645f6f25e09edce07 464 Packages.gz 5b446e696c9bb94515d97f345bc96a231fa8bc9e9f213e6aa15e4431d2f2e160 109 Release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iJwEAAECAAYFAk+pL5IACgkQ7SiVqDm0LdIIdAP/VNdCZc+y6ZBDR3NKUbYR5mmz EE1hkKlKyumHBbYipgoEES5+iSAoq83Pr7TWH3/kCm19Z6DoMYdQd2tD10NdJxPo CQ3QOEezPUbWzKUELujhpnL/ljUnbJBe5dv8/tHPlLizt2r5OmJct+GVUvWviFMY pA7CS7wlLIhTNE3q/7I= =lURJ -----END PGP SIGNATURE-----
But problem won't disappear – when I check update by Package Manager it says that my software can't be authenticated. Aptitude says WARNING: untrusted version of the following packages will be installed. What do I do wrong?