Closed russmac closed 6 years ago
@russmac - Thanks for this. Thanks too for your hint on gpg conf. FWIW I didn't need to regenerate keys, changing those settings seemed to be enough to resolve my issues with a Stretch repo?!
@JedMeister Thanks for pointing that out, I think I had two seperate issues. My key was a SHA type considered sufficiently weak enough that it did need to be redone for apt-secure to consider it acceptable, It also wasn't being used to sign. Yours was probably one it accepted.
@krobertson Any comments on this? It resolves a significant issue.
Shouldn't this an option from the command line in addition of the automatic guessing ?
I'm running a repo not tied to a specific distribution (as it only provide an executable), and I would like to provide the InRelease too.
InRelease is only signed for Xenial due the logic on line 106.
This change causes it to also be signed for Debian Jessie & Stretch.
Its not the most elegant fix, An array of release names that require InRelease signing should probably be set somewhere and
if release_array.include? "self.codename"
used.I also had to regenerate the signing key to sign with SHA-256 by adding these lines to
~/.gnupg/gpg.conf
After this my apt updates worked with 0 errors.