dk at star.sr.bham.ac.uk
Mon Jul 4 17:31:57 CEST 2005
You can fix this by importing the correct gpg keys for the Debian archive (if that is what you're using) with the following command:
gpg --recv-keys 38C6029A 4F368D5D
This grabs the Debian main and non-us keys and enables the gpg problem to be avoided. You might also need the debian-keyring package for the command to work if gpg doesn't automatically grab them off the net.
If you run this command from a script on a newly installed system, be warned, the first run of gpg sets up its user files and does nothing.
Admittedly, the error should be bypassed by adding --ignore-relase-gpg as that's how I've got around it in the past so if you have it in there I'm a little confused as to why it's not working. I do remember getting this error when getting the source I was copying from wrong (i.e. the relase files weren't where it thought they were so of course they didn't verify!) and in which case --ignore-missing-release should get you past that error onto others that might be more helpful, although I think it should complain about a missing packages file then aswell.
Here's a link to a working version of a file we use to sync off a local department mirror (which syncs off uk.debian.org) which was based off the 2.7 mkdebmirror script just in case that helps you:
Sorry I can't be more helpful,
> Hi all,
> I've been working on this most of today, trying different mirroring
> programs and not having much luck, so I thought i'd go back to
> mkdebmirror and try and get some help. Hopefully it's user error and
> easily fixed ;-)
> I've installed debmirror via apt, version "20050207", and i've modified
> mkdebmirror to this:
> update_from mirror.aarnet.edu.au
> update_from ftp.au.debian.org
> I've also added a '-v' in allopt=" because I was getting an error, namely:
> [0%] Getting: dists/sarge/Release
> [0%] Getting: dists/sarge/Release.gpg
> gpg: Signature made Mon Jun 6 12:22:54 2005 EST using DSA key ID 4F368D5D
> gpg: Can't check signature: public key not found
> Release signature does not verify.
> ..and then it jumps to the next update site and gives the same error
> without downloading anything.
> I've put up the full error msg (to save your mailbox from excessive
> spam) at http://www.uow.edu.au/~nick/mkdebmirror.txt
> mkdebmirror is straight from
> http://www.informatik.uni-koeln.de/fai/download/mkdebmirror, so the
> allopt= line does contain --ignore-release-gpg so I can't see why this
> is occuring.
More information about the linux-fai