Re: creating asc key files

2017-04-12 Diskussionsfäden andrew bezella 
i'm not 100% sure that this will be helpful, but somewhere in here you
might find something useful (apt version 1.2.19)...  

if you already have the desired key in some form you should be able to
either use a gpg command directly (per earlier replies) or `apt-key
export` and redirect the output to a .asc file.  this can be included in
the fai configuration space under package_config/.  i can confirm that
with this approach the key is loaded early in the build process, used
during the install, and available in the built system.  it's worth
noting that the resultant keyring is stored with the same name and an
additional .gpg extension in /etc/apt/trusted.gpg.d, and that further
actions (e.g., renewal) on it need to use the --keyring option to
apt-key.

if you don't have the desired key you should be able to add it to your
personal keyring for later export via something like: 
gpg --keyserver pgp.mit.edu --recv-key 2BF8D9FE074BCDE4

i believe (but have not tested) that if you have an fai script that ran
`$ROOTCMD apt-key adv --recv-keys` (as described in your initial email)
you would also end up with the key in the built system, but as part of
the default keyring.

anyway, hth...

andy

-- 
andrew bezella 
Internet Archive

Re: creating asc key files

2017-04-12 Diskussionsfäden John G Heim 
Huh... I guess what I didn't get were a couple of things ... The apt-key 
command is a sort of shell on top of root's gpg keyring. After you use 
apt-key, you can run regular gpg commands as root to manipulate the apt 
keys. (I think). Second, the key identification is pretty open-ended. I 
just said, "gpg --armor --export ubuntuzilla" and it did something. I am 
not saying that's what I want but if I deliberately spell ubuntuzilla 
wrong, it says there is nothing to export.


So if I get that to work during the fai install, will that apt key be on 
the new system? In other words, if I get my install to install firefox 
and thunberbird from ubuntuzilla, will I be able to update them on the 
new system or will I have to import those keys again?


What I am doing right now is putting a commentin the sources.list file 
that says how to import the key and then I have a script that finds 
those comments and runs the command. So the comments start #key# and 
then after that is the wget or apt-key command.





On 04/12/2017 03:07 PM, Thomas Lange wrote:

IIRC, I did it using this command

gpg -a --export --export-options export-clean la...@debian.org > my.asc

Maye use export-minimal instead of export-clean

Re: creating asc key files

2017-04-12 Diskussionsfäden Andreas Heinlein 
Am 12.04.2017 um 22:07 schrieb Thomas Lange:
> IIRC, I did it using this command
>
> gpg -a --export --export-options export-clean la...@debian.org > my.asc
>
> Maye use export-minimal instead of export-clean

This will export the key from your personal keyring; the OP wants to
export from apt's keyring. So it should be:

gpg -a --keyring /etc/apt/trusted.gpg --export --export-options export-clean 
la...@debian.org > my.asc

Bye,
Andreas

Re: creating asc key files

2017-04-12 Diskussionsfäden Thomas Lange 
IIRC, I did it using this command

gpg -a --export --export-options export-clean la...@debian.org > my.asc

Maye use export-minimal instead of export-clean
-- 
regards Thomas