We just installed an Ubuntu 18.04 Server VM to see if our Chef configuration would work on this new distro.
On a separate VM, we have a local apt mirror for this release:
# tree
.
├── extra
│ ├── binary-amd64
│ │ ├── Packages
│ │ └── Packages.gz
│ └── binary-i386
│ ├── Packages
│ └── Packages.gz
├── Release
└── Release.gpg
3 directories, 6 files
We signed the Release file using this command:
/usr/bin/gpg -abs -o Release.gpg Release
The signature seems to be ok after this:
# LANG=C gpg --verify /var/www/html/ubuntu-local/dists/bionic/Release.gpg /var/www/html/ubuntu-local/dists/bionic/Release
gpg: Signature made mar 29 may 2018 13:03:12 WEST using RSA key ID 271AFAF4
gpg: Good signature from "... <...@...>"
On the client side, we've imported the 271AFAF4 key:
# LANG=C apt-key list
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2014-10-27 [SC]
0F11 1A77 EE05 C406 2691 FC74 1794 5F7F 271A FAF4
uid [ unknown] ... <...@...>
The repo definition file on the client side is:
deb "http://localrepo/ubuntu-local" bionic extra
However, each time I run apt-get update I get:
W: GPG error: http://localrepo/ubuntu-local bionic Release: The following signatures were invalid: 0F111A77EE05C4062691FC7417945F7F271AFAF4
E: The repository 'http://localrepo/ubuntu-local bionic Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
However, as you can see above the signature is correct. As a side note, the very same configuration worked on xenial (replacing bionic by xenial in the repo config file), and I also tried to add the xenial repo on the bionic VM with the same result.
I have seen other answers but this seems not to be a duplicate of them.
What am I missing?
