Re: creating asc key files
i'm not 100% sure that this will be helpful, but somewhere in here you might find something useful (apt version 1.2.19)... if you already have the desired key in some form you should be able to either use a gpg command directly (per earlier replies) or `apt-key export` and redirect the output to a .asc file. this can be included in the fai configuration space under package_config/. i can confirm that with this approach the key is loaded early in the build process, used during the install, and available in the built system. it's worth noting that the resultant keyring is stored with the same name and an additional .gpg extension in /etc/apt/trusted.gpg.d, and that further actions (e.g., renewal) on it need to use the --keyring option to apt-key. if you don't have the desired key you should be able to add it to your personal keyring for later export via something like: gpg --keyserver pgp.mit.edu --recv-key 2BF8D9FE074BCDE4 i believe (but have not tested) that if you have an fai script that ran `$ROOTCMD apt-key adv --recv-keys` (as described in your initial email) you would also end up with the key in the built system, but as part of the default keyring. anyway, hth... andy -- andrew bezellaInternet Archive
Re: creating asc key files
Huh... I guess what I didn't get were a couple of things ... The apt-key command is a sort of shell on top of root's gpg keyring. After you use apt-key, you can run regular gpg commands as root to manipulate the apt keys. (I think). Second, the key identification is pretty open-ended. I just said, "gpg --armor --export ubuntuzilla" and it did something. I am not saying that's what I want but if I deliberately spell ubuntuzilla wrong, it says there is nothing to export. So if I get that to work during the fai install, will that apt key be on the new system? In other words, if I get my install to install firefox and thunberbird from ubuntuzilla, will I be able to update them on the new system or will I have to import those keys again? What I am doing right now is putting a commentin the sources.list file that says how to import the key and then I have a script that finds those comments and runs the command. So the comments start #key# and then after that is the wget or apt-key command. On 04/12/2017 03:07 PM, Thomas Lange wrote: IIRC, I did it using this command gpg -a --export --export-options export-clean la...@debian.org > my.asc Maye use export-minimal instead of export-clean
Re: creating asc key files
Am 12.04.2017 um 22:07 schrieb Thomas Lange: > IIRC, I did it using this command > > gpg -a --export --export-options export-clean la...@debian.org > my.asc > > Maye use export-minimal instead of export-clean This will export the key from your personal keyring; the OP wants to export from apt's keyring. So it should be: gpg -a --keyring /etc/apt/trusted.gpg --export --export-options export-clean la...@debian.org > my.asc Bye, Andreas
Re: creating asc key files
IIRC, I did it using this command gpg -a --export --export-options export-clean la...@debian.org > my.asc Maye use export-minimal instead of export-clean -- regards Thomas