[conspire] Debian-Multimedia key

John Andrews jla1000 at comcast.net
Tue Nov 28 20:22:39 PST 2006 

I'm trying to find a key for the debian-mulitimedia etch main repo. I
ran across this how to at Debian and imported that key 2D230C5F. It
ended up in my software preferences key authentication box but I don't
think it's the right key.Here's the instruction from Debian.

7.4.3.6 Finding the key for a repository
There is not yet a standard location where you can find the key for a
given apt repository. There's a rough standard of putting the key up on
the web page for the repository or as a file in the repository itself,
but no real standard, so you might have to hunt for it.

The Debian archive signing key is available at
http://ftp-master.debian.org/ziyi_key_2006.asc (replace 2006 with
current year).[54]

gpg itself has a standard way to distribute keys, using a keyserver that
gpg can download a key from and add it to its keyring. For example:

     $ gpg --keyserver pgpkeys.mit.edu --recv-key 2D230C5F
     gpg: requesting key 2D230C5F from hkp server pgpkeys.mit.edu
     gpg: key 2D230C5F: public key "Debian Archive Automatic Signing Key (2006) <ftpm
     aster at debian.org>" imported
     gpg: Total number processed: 1
     gpg:               imported: 1

You can then export that key from your own keyring and feed it to
apt-key:

     $ gpg -a --export 2D230C5F | sudo apt-key add -
     gpg: no ultimately trusted keys found
     OK

The "gpg: no ultimately trusted keys found" warning means that gpg was
not configured to ultimately trust a specific key. Trust settings are
part of OpenPGPs Web-of-Trust which does not apply here. So there is no
problem with this warning. In typical setups the user's own key is
ultimately trusted.

jla at jla-desktop:~/.gnupg$   gpg --keyserver pgpkeys.mit.edu --recv-key
2D230C5F gpg: requesting key 2D230C5F from hkp server pgpkeys.mit.edu
gpg: /home/jla/.gnupg/trustdb.gpg: trustdb created
gpg: key 2D230C5F: public key "Debian Archive Automatic Signing Key
(2006) <ftpmaster at debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 

jla at jla-desktop:~/.gnupg$  gpg -a --export 2D230C5F | sudo apt-key add -
gpg: no ultimately trusted keys found

I imported this key to my computer and then did apt-get update.It did
import some kind of key but It's not the right key for debian-multimedia
etch main. See below.Public key is not available. but what is that
number in the error message below?


OK: GPG error: http://www.debian-multimedia.org etch Release: The
following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 07 DC563D1F41B907
W: You may want to run apt-get update to correct these problems
jla at jla-desktop:~$   gpg --keyserver pgpkeys.mit.edu --recv-key  07
DC563D1F41B907
gpg: "DC563D1F41B907" not a key ID: skipping
gpg: "07" not a key ID: skipping
jla at jla-desktop:~$
: GPG error: http://www.debian-multimedia.org etch Release: The
following signa tures couldn't be verified because the public key is not
available: NO_PUBKEY 07 DC563D1F41B907
W: You may want to run apt-get update to correct these problems
jla at jla-desktop:~$   gpg --keyserver pgpkeys.mit.edu --recv-key  07
DC563D1F41B907
gpg: "DC563D1F41B907" not a key ID: skipping
gpg: "07" not a key ID: skipping
jla at jla-desktop:~$

Is there any way to get a key for that repo?

More information about the conspire mailing list