[Freedombox-discuss] Freedom-maker build questions
Nick M. Daly
nick.m.daly at gmail.com
Fri Feb 22 00:38:20 UTC 2013
dww writes:
> What did I need to do to not get the "signatures couldn't be verified"
> error? I doubt setting noauth=true is the best thing to do...
>
> W: GPG error: http://http.debian.net wheezy Release: The following
> signatures couldn't be verified because the public key is not
> available: NO_PUBKEY AED4B06F473041FA
You're right, and I think I've figured it out. You need to add the
Wheezy package signing key to your keyring. You don't have the key, so
there's no way to authenticate packages signed by that key. It'll also
fail when package downloads are incomplete or corrupted, even when you
have the key: I'm not able to build images while connected to any
wireless network but my own, for that reason; the 16 MiB of package
lists never download correctly.
The way I added that key to my keyring was:
: gpg --keyserver subkeys.pgp.net --recv-keys AED4B06F473041FA
: gpg -a --export AED4B06F473041FA | sudo apt-key add -
This probably isn't the best way to do this, because I don't have a good
way of verifying that the key actually came from Debian (there's no good
trust-chain here). Adding this to the F-M README sounds like a good
idea. Explaining what it means sounds even better.
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130221/be2c4661/attachment.pgp>
More information about the Freedombox-discuss
mailing list