0

I've been packaging some proprietary software that runs on Raspbian into .deb files and hosting them in a private S3 bucket using a program called deb-s3. I also use a program called apt-transport-s3 which allows the individual devices to download the packages that I've published. But when I run sudo apt-get update I see the following warning:

W: GPG error: s3://bucket.s3.amazonaws.com stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY my-key-id

I could install the GPG manually but I'd rather host it, so that I can just run sudo apt-key add and import it using the ID. Ideally, I'd love to just host that on S3 as well. The trouble is I have never set up a keyserver before so I don't know what sorts of files I'd need or what format they'd need to be in.

If I were to have a barebones keyserver with my GPG key in it, what would the file structure look like? And do you think I could replicate that on S3 and it would still work?

soapergem
  • 719
  • 4
  • 13
  • 29

1 Answers1

0

Put the key on a static website bucket, download it, and add the file with apt-key add. A couple lines of scripting, or use the Ansible apt_key module.

Or, submit the key to your favorite keyserver, and import with apt-key adv --recv-key

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • But that gets to the heart of my question: what exactly is "the file"? What does it look like / how is it formatted? – soapergem Aug 04 '17 at 03:39
  • ASCII armored PGP key export. Debian documentation mentions them, and many repos will have signing keys on their mirrors. https://wiki.debian.org/DebianRepository/SetupWithReprepro – John Mahowald Aug 04 '17 at 06:54