[Freedombox-discuss] Freedom-maker build questions
dww
dworthem at msn.com
Fri Feb 22 03:00:29 UTC 2013
I tried the gpg calls before and again just a few minutes ago and they
did not work. Andreas Doerr also did a similar attempt on a Squeeze
system.
It seems to have something to do with attempting to verify a wheezy
package on squeeze system.
Dennis
On Thu, 2013-02-21 at 18:38 -0600, Nick M. Daly wrote:
> dww writes:
>
> > What did I need to do to not get the "signatures couldn't be verified"
> > error? I doubt setting noauth=true is the best thing to do...
> >
> > W: GPG error: http://http.debian.net wheezy Release: The following
> > signatures couldn't be verified because the public key is not
> > available: NO_PUBKEY AED4B06F473041FA
>
> You're right, and I think I've figured it out. You need to add the
> Wheezy package signing key to your keyring. You don't have the key, so
> there's no way to authenticate packages signed by that key. It'll also
> fail when package downloads are incomplete or corrupted, even when you
> have the key: I'm not able to build images while connected to any
> wireless network but my own, for that reason; the 16 MiB of package
> lists never download correctly.
>
> The way I added that key to my keyring was:
>
> : gpg --keyserver subkeys.pgp.net --recv-keys AED4B06F473041FA
>
> : gpg -a --export AED4B06F473041FA | sudo apt-key add -
>
> This probably isn't the best way to do this, because I don't have a good
> way of verifying that the key actually came from Debian (there's no good
> trust-chain here). Adding this to the F-M README sounds like a good
> idea. Explaining what it means sounds even better.
>
> Nick
More information about the Freedombox-discuss
mailing list