how to authenticate my local repository

Paul S paulatgm at
Tue Apr 29 19:56:19 UTC 2008

I'm collected a few Gb of packages during my install and would like to 
store them on another partition in case I have to reinstall.

I've created a "trivial" repository .. just a directory with all the 
packages in it.  Used apt-ftparchive to create a Packages.gz, added a 
md5sum.txt file, and added it to my sources.list.

After aptitude updating, the local repository gets included in the 
archive lists (in /var/lib/apt/lists).

But, when I go to install from it, aptitude wants to download from the 
net rather than pull from the local repository.

I think the problem is that aptitude prefers authenticated repositories 
to unauthenticated ones.

So, I've created a gpg key and used "sudo apt-key add <>" to add it and 
"apt-key list" to confirm it's there.

Next, I used apt-ftparchive to create a Release file in the repository.

Next, I used "gpg -abs -o Release.gpg Release" to authenticate the 

Next, I use aptitude update to update the repository lists.  But, now, 
for some reason this repository Packages.gz is being excluded from the 
/var/lib/apt/lists/ .  However the Release and Release.gpg do get into 

I must be doing something wrong with the gpg authentication.  I've been 
unable to find any info googling so far.  Everything refers to earlier 
versions where aptitude was not picky about authentication.  But, in 
hardy, this is a change.

Anyone succeed with this?


More information about the kubuntu-users mailing list