trusting keys for apt repositories

as of debian etch, apt provides cryptographic verification of the packages you download. This requires you to tell apt which keys you trust to sign the package repositories you pull from.

CMRG repositories are all signed by dkg's key. You can tell apt to trust this key (if you like) by doing the following:

gpg --fetch-keys
gpg --fingerprint --list-key | grep fingerprint

This should show you the proper fingerprint:

      Key fingerprint = 0EE5 BE97 9282 D80B 9F75  40F1 CCD2 ED94 D217 39E9

If it matches, you can tell apt to trust it. First export the key to a file:

gpg --armor --export > dkg.gpg

Then as root, add the key to apt key ring:

apt-key add dkg.gpg

(note: in June of 2007, dkg changed keys. This page has been updated to reflect the new key)

Last modified 10 years ago Last modified on Aug 15, 2007, 8:10:38 PM