dww writes: > What did I need to do to not get the "signatures couldn't be verified" > error? I doubt setting noauth=true is the best thing to do... > > W: GPG error: http://http.debian.net wheezy Release: The following > signatures couldn't be verified because the public key is not > available: NO_PUBKEY AED4B06F473041FA
You're right, and I think I've figured it out. You need to add the Wheezy package signing key to your keyring. You don't have the key, so there's no way to authenticate packages signed by that key. It'll also fail when package downloads are incomplete or corrupted, even when you have the key: I'm not able to build images while connected to any wireless network but my own, for that reason; the 16 MiB of package lists never download correctly. The way I added that key to my keyring was: : gpg --keyserver subkeys.pgp.net --recv-keys AED4B06F473041FA : gpg -a --export AED4B06F473041FA | sudo apt-key add - This probably isn't the best way to do this, because I don't have a good way of verifying that the key actually came from Debian (there's no good trust-chain here). Adding this to the F-M README sounds like a good idea. Explaining what it means sounds even better. Nick
pgpekOdqnI982.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
