PPA repository key being ignored

[Mark Gardner]

I am attempting to set up a PPA for Wheezy. I configured pbuilder and
was able to build a library package by executing  pdebuild in the top
level of the package directory (i.e., in the directory containing the
debian directory). I added the .deb to the repository using reprepro.
I am able to apt-get install the library without a problem.

Now I am trying to use pbuilder to create a package the depends up the
library above. When I execute pdebuild in the top level of the app
package directory, I get the following error:

    WARNING: untrusted versions of the following packages will be installed!

    Untrusted packages could compromise your system's security.
    You should only proceed with the installation if you are certain that
    this is what you want to do.

and pbuilder terminates.

I tried adding the GPG key I used to sign the packages explicitly using a hook:

    apt-key add <<EOF
    ...
    EOF

Either I don't know what kind of hook (D,A,C,B,E,G,F) or that won't
work. Next I tried adding it manually:

    pbuilder --login --save-after-login
       gpg --keyserver <keyserver> --recv-key <key-id>
       gpg --armor --export <key-id> | apt-key add -
       apt-key list  # should see <key-id>

That didn't seem to help. I next suspected that the key wasn't being trusted...:

    pbuilder --login --save-after-login
       gpg --keyserver <keyserver> --recv-key <key-id>
       gpg --edit-key <key-id>  # trust, 5, yes, quit
       gpg --armor --export <key-id> | apt-key add -
       apt-key list  # should see <key-id>

That doesn't solve the problem either. There has to be a way to get
authentication to work for packages pulled down from a PPA. What am I
doing wrong?

-mkg