how to authenticate my local repository

Paul S paulatgm at gmail.com
Tue Apr 29 20:56:19 BST 2008


I'm collected a few Gb of packages during my install and would like to 
store them on another partition in case I have to reinstall.

I've created a "trivial" repository .. just a directory with all the 
packages in it.  Used apt-ftparchive to create a Packages.gz, added a 
md5sum.txt file, and added it to my sources.list.

After aptitude updating, the local repository gets included in the 
archive lists (in /var/lib/apt/lists).

But, when I go to install from it, aptitude wants to download from the 
net rather than pull from the local repository.

I think the problem is that aptitude prefers authenticated repositories 
to unauthenticated ones.

So, I've created a gpg key and used "sudo apt-key add <>" to add it and 
"apt-key list" to confirm it's there.

Next, I used apt-ftparchive to create a Release file in the repository.

Next, I used "gpg -abs -o Release.gpg Release" to authenticate the 
repository.

Next, I use aptitude update to update the repository lists.  But, now, 
for some reason this repository Packages.gz is being excluded from the 
/var/lib/apt/lists/ .  However the Release and Release.gpg do get into 
/var/lib/apt/lists/

I must be doing something wrong with the gpg authentication.  I've been 
unable to find any info googling so far.  Everything refers to earlier 
versions where aptitude was not picky about authentication.  But, in 
hardy, this is a change.

Anyone succeed with this?

TIA



More information about the kubuntu-users mailing list