GPG signing built-in Debian .deb package Registry

Install/Maintain/Configure

ausserirdischegesund December 11, 2023, 12:16pm 1

Hi everybody, first post here:

I want to use the built in .deb repository function, and uploading my first .deb worked just fine.

But: Is there a way to GPG sign the Debian registry/repository, so I don’t get this warning everytime:

root@pi:~# apt update
Get:1 https://redacted.at/api/packages/ralph/debian bookworm InRelease [1,922 B]
Hit:2 http://ftp.debian.org/debian bookworm InRelease      
Err:1 https://redacted.at/api/packages/ralph/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E40426EAA2ECD3C9
Reading package lists... Done
W: GPG error: https://redacted.at/api/packages/ralph/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E40426EAA2ECD3C9
E: The repository 'https://redacted.at/api/packages/ralph/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

TIA Ralph

1 Like

jake December 11, 2023, 6:53pm 2

How are you uploading .deb package? Is it just over API or via actions? If actions, can you show script used to generate .deb?

ausserirdischegesund December 12, 2023, 12:31pm 3

Thanks, Jake for your reply. I uploaded the package via HTTP put according to
this:

docs.gitea.com

Debian Package Registry | Gitea Documentation

Publish Debian packages for your user or organization.

What I did not realize was, that the Debian package repository/registry has UI in the webinterface, and that there are instructions in this web interface how to add the repository keys. It works fine for me now, after I have found this interface to the registry.

Thanks,
Ralph

2 Likes