We have our own repository for local packages. It is gpg signed with our
own key, and the key is present in /etc/apt/trusted.gpg in the nfsroot,
which is copied to the installed client (verified with "apt-key list").
This works fine on the initial installation, but when I add more
packages and try to install them with a softudate, I get the following
error:
-----------------------------------------------------------------------
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.
lth-jdk-1.4.2 lth-jdk-1.5.0.12 lth-jdk-1.6.0.02
-----------------------------------------------------------------------
After an "aptitude update" the complaints are gone, and the packages are
installable with softupdate.
Never had this problem in sarge, but those packages weren't signed.
The same thing happens if i add component to sources.list and try a
softupdate. (Started out with "main" only, but needed some packages from
"non-free").
My fix was to add "aptitude update" to hooks/softupdate.LTHBASE (a hook
in our local base class which I use to fcopy sources.list).
Am I doing anything wrong to get this problem, or does updatebase need
some fixing?
/Per
