MEPIS Community Forum

Wondered if the gap plays a role, but no difference when I removed it and added a comment line above it.

Seems strange, since Synaptic picks up the repos and the lack of a key.

Maybe we should have a warning line in the output such as "Some repositories may not respond to checkaptgpg and will require manual intervention to acquire a key."

REQUEST: can the checkaptgpg script be modified to use alternative key sources when the first source does not find the key for a repo?

Explanation: I finally followed up on my two repos that did not come up in the checkaptgpg report, using the alternative key sources listed in the Wiki entry. I got the virtualbox key from subkeys.pgp.net, and the QGIS key from wwwkeys.pgp.net.

So I guess there are two questions: why doesn't the current script report that it found no keys for those two repos, and how can the script be modified to try other sources when the primary one is unsuccessful?

It shouldn't be too hard, you see this line:


I think it can be modified to something like


So, if the first one fails run the apt-key with a $SECONDARYKEYSERVER (which needs to be defined somewhere before this line)

However ideally would be to have a list of key servers and take the next on in the list and if it fails go to the next one and so on, but using a secondary server should probably be enough.

I have some changes to checkaptgpg that I've been sitting on. {kind of got sidetracked by the plymouth theme stuff}.

One change I made was to try to download and install the key up to five times, each time from a different keyserver.

I also made some other changes that eliminate most of the "No GPG Release signature found." messages that the script puts out.

With the changes I'm able to retrieve a higher percentage of keys than before. For instance it now will get the keys for that QGIS repo and for Opera. It's also able to retrieve keys for Virtualbox, dl.google.com (for Chrome, Googleearth, Google Talk Plugin), Warren's repo, etc.

I still had some keys I needed to install manually, linux.wuertz.org (an aptosid repo) and a repo I use for my samsung printer driver.

I'll try to post an updated checkaptgpg package later today.

kmathern, can you please push the changes on Github repo? And just post the link it that?

I will if I can figure out how to use Github.

If I do use Github won't just the source changes end up there, not the resulting package?

You would start by doing the steps here: http://www.mepis.org/docs/en/index.php? ... om_Account

Then you would run:to download the current version (April 12)

Then follow these steps in editing: http://www.mepis.org/docs/en/index.php? ... ub#Editing

Both revision history and current version download are available on the project page: https://github.com/MEPIS-Community/checkaptgpg

It's only the source there, not the resulting binary. Let me or Jerry know if you have question (you probably will) and we'll be happy to help. In my opinion it's better to get all these tools on Github, it's easier to follow changes.

Kent pushed the changes to checkaptgpg, we just need to make sure that whoever packages for community repo (Stevo?) follows the Github repo: https://github.com/MEPIS-Community/checkaptgpg

You can get the source without having a ssh key set up on Github with this command (this is only read only, you'll not be able to push, for that you need to set up ssh key on Github). That's only first time, then you can use to get changes.

What I 'pushed' were actually changes for a package I posted last week. Those changes were labeled 'mcr110+2' to match the checkaptgpg_0.1mcr110+2_all.deb package from post # viewtopic.php?p=268990#p268990).

I did it mainly as a exercise in learning how to use Github and to get those changes on record & included in checkatpgpg.

I haven't yet 'pushed' the changes I mentioned a day or two ago.