Differences

This shows you the differences between two versions of the page.

Link to this comparison view

devuan-vua-expert1-devuan-repositorios [2017/05/28 18:03] (current)
mckaygerhard created apt and repository management related tips page
Line 1: Line 1:
 +====== Devuan VUA: Repository APT and DEB tricks and tips ======
  
 +===== APT auto GPG checks updates =====
 +
 +Repositories for Devuan are signed with GPG keys that verify integrity.
 +
 +The main repository archive when has to be signed by a new key, which your system does not know about, this behavior are management and notified by updating and upgrading the **devuan-keyring** and the **debian-archive-keyring** packages, and any warning will go away.
 +
 +===== APT bypass GPG checks =====
 +
 +Since secure apt was introduced, the gpg must not be bypassed due implicts a security risk, gpg check for integrity of files related, but some cases are special, so there two ambits for do that:
 +
 +==== 1) FOR REPOSIRORIES AS COMMON CASES: ====
 +
 +The repository pgp sign its the most used, the keys used to sign the main repository archive have changed a couple of times, so there'​s a option to bypass that checks if some gpg are still older, failed or missing:
 +
 +Add this to the command:
 +
 +  -o Acquire::​Check-Valid-Until=false
 +
 +For example:
 +
 +  sudo apt-get -o Acquire::​Check-Valid-Until=false update
 +
 +This will allow to bypass the gpg if are expired or older, and still yet not refreshed.
 +
 +==== 2) FOR PACKAGES ONLY: ====
 +
 +There are **package signatures**,​ but are not widely used (we use secure apt instead for complete repositories),​ and there'​s a package called **debsig-verify** that checks for signatures embedded inside individual Debian packages.
 +
 +Pass the --allow-unauthenticated option to apt-get as in:
 +
 +  sudo apt-get --allow-unauthenticated upgrade
 +
 +From that manual page of apt-get:
 +
 +  --allow-unauthenticated
 +  Ignore if packages can't be authenticated and don't prompt about it. This is useful for tools like pbuilder. Configuration Item: APT::​Get::​AllowUnauthenticated.
 +
 +You can make this setting permanent by using your own config file at /​etc/​apt/​apt.conf.d/​ dir. The filename can be 99myown and it may contain this line:
 +
 +  APT::​Get::​AllowUnauthenticated "​true";​
 +
 +This will permit install from repository that you not have the gpg for verify yet!.