You can fix this by importing the correct gpg keys for the Debian archive (if that is what you're using) with the following command:
gpg --recv-keys 38C6029A 4F368D5D This grabs the Debian main and non-us keys and enables the gpg problem to be avoided. You might also need the debian-keyring package for the command to work if gpg doesn't automatically grab them off the net. If you run this command from a script on a newly installed system, be warned, the first run of gpg sets up its user files and does nothing. Admittedly, the error should be bypassed by adding --ignore-relase-gpg as that's how I've got around it in the past so if you have it in there I'm a little confused as to why it's not working. I do remember getting this error when getting the source I was copying from wrong (i.e. the relase files weren't where it thought they were so of course they didn't verify!) and in which case --ignore-missing-release should get you past that error onto others that might be more helpful, although I think it should complain about a missing packages file then aswell. Here's a link to a working version of a file we use to sync off a local department mirror (which syncs off uk.debian.org) which was based off the 2.7 mkdebmirror script just in case that helps you: http://www.sr.bham.ac.uk/~dk/files/mkdebmirror Sorry I can't be more helpful, Dominik. > Hi all, > > I've been working on this most of today, trying different mirroring > programs and not having much luck, so I thought i'd go back to > mkdebmirror and try and get some help. Hopefully it's user error and > easily fixed ;-) > > I've installed debmirror via apt, version "20050207", and i've modified > mkdebmirror to this: > > debug="$@" > arch=i386 > dist=sarge,sarge-proposed-updates > destdir=/mirror > update_from mirror.aarnet.edu.au > update_from ftp.au.debian.org > > I've also added a '-v' in allopt=" because I was getting an error, namely: > > <snip> > [0%] Getting: dists/sarge/Release > [0%] Getting: dists/sarge/Release.gpg > gpg: Signature made Mon Jun 6 12:22:54 2005 EST using DSA key ID 4F368D5D > gpg: Can't check signature: public key not found > Release signature does not verify. > </snip> > > ..and then it jumps to the next update site and gives the same error > without downloading anything. > > I've put up the full error msg (to save your mailbox from excessive > spam) at http://www.uow.edu.au/~nick/mkdebmirror.txt > > mkdebmirror is straight from > http://www.informatik.uni-koeln.de/fai/download/mkdebmirror, so the > allopt= line does contain --ignore-release-gpg so I can't see why this > is occuring.
