YaCy-Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000079YaCy[All Projects] Generalpublic2011-11-30 15:502014-02-18 01:11
ReporterLotus 
Assigned ToOrbiter 
PriorityhighSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
ETAnone 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0000079: debian.yacy.net GPG-key missing
Descriptionhttp://forum.yacy-websuche.de/viewtopic.php?f=18&t=3404 [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000165)
Orbiter (manager)
2011-12-05 23:15

just tell me how to sign that thing and I will do that
(0000195)
yayacy (reporter)
2011-12-16 11:12

Is it useful to read this ? --> http://scotbofh.wordpress.com/2011/04/26/creating-your-own-signed-apt-repository-and-debian-packages/ [^]
(0000215)
localghost (reporter)
2011-12-23 16:42
edited on: 2011-12-23 16:43

or this? (first hit on google search "howto sign a deb package")

http://purplefloyd.wordpress.com/2009/02/05/signing-deb-packages/ [^]

i would love to install yacy on my debian box, but i won't do so as long as there is no gpg-key. take this as my christmass wish.

kind regards
Lorenz

(0000229)
Orbiter (manager)
2012-01-07 15:05

well I made progress here but it still does not work. I can now sign the .deb files but they are still not acceted. I believe because my pgp key ist not in any keyring.
(0000230)
localghost (reporter)
2012-01-08 08:27

Happy new year, i am glad to read that there is progress :)

what do you mean by "not accepted"? by whom? could you post some output?

Perhaps you could put the generated key to be downloaded somewhere? maybe in the wiki? i would test it on my box.

Have fun
Lorenz
(0000233)
Orbiter (manager)
2012-01-09 03:17

When I signed the .deb file I get the line:
"Signed deb yacy_1.01.9134_all.deb"
which tells me that I did what I could do.

When I do apt-get upgrade then I get still:
"WARNUNG: Die folgenden Pakete k├Ânnen nicht authentifiziert werden!
  yacy
"
which means there is no authentification; most probably the key which was used to sign the .deb file is not yet authorized.
From here on I don't know what to do.
(0000234)
localghost (reporter)
2012-01-09 13:25

hello

> most probably the key which was used to sign the .deb file is not yet authorized.

Exactly! one has to make, that the package manangement system "knows" the key. this can be done by the line

apt-key add /path/to/your/public-key-file

after this it should work. This is why i asked you to put your public key somewhere people can download it.

Regards Lorenz
(0000235)
Orbiter (manager)
2012-01-09 14:18

Ok thank you, I now added a key. Please do:

wget http://debian.yacy.net/yacy_orbiter_key.asc [^]
sudo apt-key add yacy_orbiter_key.asc

I hope the naming scheme for the public key is ok. I added my nickname to the file name so other people can publish their own release too.

Please tell me if that works.
(0000236)
Lotus (developer)
2012-01-09 14:48

I can now remember, that some projects have an extra .deb package to download from their website that adds the key to the system and adds the repository, so no manual hacking has to be done anymore. Could also be good for YaCy, but I don't know how to make such a package. :)
(0000237)
localghost (reporter)
2012-01-09 19:43

hm ok, apt-key says "ok" to adding your key, and "apt-key list" lists your among others in my list of trusted keys.
Well done so far, but in aptitude the package yacy is still marked as from an untrusted source.

is the public key you let me download matching the privat key you signed the packages in the following repository with?

deb http://debian.yacy.net [^] ./

the fingerprint of the file i downloaded is

8BD7 5250 1CB6 2448 A30E A3EA 1F96 8B39 03D8 86E7

is that correct?

Regards Lorenz
(0000238)
Orbiter (manager)
2012-01-10 00:45

yes, the fingerprint is correct; its the same what i get when I run "gpg --fingerprint". That seems to prove that the set-up here is ok.

Is there any way to debug this? apt-get upgrade -v ?
(0000245)
localghost (reporter)
2012-01-15 19:52

Hello, its me again :) Unfortunately it still does not work. Maybe the following could bring success. It is about signing whole repositories, not just packages

http://wiki.debian.org/SecureApt [^]

Kind Regards
Lorenzo
(0000332)
srf21c (reporter)
2012-02-25 17:12

Ubuntu update manager is not able to update Yacy due to this issue. Any progress?
(0000407)
henningb (reporter)
2012-07-15 13:10

Hello,
the problem is, that there is missing the files release and release.gpg _on_ the server, where the deb-paket is. So i can't install correctly the yacy-pakets because my client has nothing to check.

Howtos:
http://michael.stapelberg.de/Artikel/Debian_Repository [^]
http://debiananwenderhandbuch.de/debianrepositories.html#release-dateien [^]

Thanks and regards
henning
(0000458)
Buster (reporter)
2013-02-28 13:00

Files Release and Release.gpg are still missing. Any news on this?
(0000533)
lloydsmart (reporter)
2013-07-16 22:25

Bump for this issue. Well done for generating a key, but any chance you could upload the Release and Release.gpg files so that we can access the software securely? Thanks.
(0000609)
edge731 (reporter)
2013-09-14 05:02

please, add the release, and release.gpg files, because of this im waiting to be able of install yacy in noob comuters...
(0000715)
Orbiter (manager)
2014-02-18 01:11

the key is finally there!
the wiki describes what to do:
http://www.yacy-websuche.de/wiki/index.php/En:DebianInstall [^]

- Issue History
Date Modified Username Field Change
2011-11-30 15:50 Lotus New Issue
2011-11-30 15:50 Lotus Assigned To => Orbiter
2011-11-30 15:50 Lotus Status new => assigned
2011-12-05 23:15 Orbiter Note Added: 0000165
2011-12-16 11:12 yayacy Note Added: 0000195
2011-12-23 16:42 localghost Note Added: 0000215
2011-12-23 16:43 localghost Note Edited: 0000215 View Revisions
2012-01-07 15:05 Orbiter Note Added: 0000229
2012-01-08 08:27 localghost Note Added: 0000230
2012-01-09 03:17 Orbiter Note Added: 0000233
2012-01-09 13:25 localghost Note Added: 0000234
2012-01-09 14:18 Orbiter Note Added: 0000235
2012-01-09 14:48 Lotus Note Added: 0000236
2012-01-09 19:43 localghost Note Added: 0000237
2012-01-10 00:45 Orbiter Note Added: 0000238
2012-01-15 19:52 localghost Note Added: 0000245
2012-02-25 17:12 srf21c Note Added: 0000332
2012-07-15 13:10 henningb Note Added: 0000407
2013-02-28 13:00 Buster Note Added: 0000458
2013-07-16 22:25 lloydsmart Note Added: 0000533
2013-09-14 05:02 edge731 Note Added: 0000609
2014-02-18 01:11 Orbiter Note Added: 0000715
2014-02-18 01:11 Orbiter Status assigned => resolved
2014-02-18 01:11 Orbiter Resolution open => fixed


Copyright © 2000 - 2021 MantisBT Team
Powered by Mantis Bugtracker