I have a public repo with 2 packages available. It's set up with reprepro and the thing is signed with a GPG key referenced by SignWith instruction in public/conf/distributions. Packages are added with reprepro -b public/ --ask-passphrase includedeb focal mypackage_amd64.deb.
As the GPG key has expired, I need now to set a new one. So I did the following steps :
Generate a new GPG key
gpg --gen-key.Export the key with
gpg --armor --export 9B5BBD0820B7326B > repo.ascwithing the repo folder, so that the users will be able towget -q http://repo.example.com/repo.asc -O- | sudo apt-key add -Changed every
SignWithlines inpublic/conf/distributionsto match that new gpg.
Now, when I get the files (http://repo.example.com/public/conf/distributions, http://repo.example.com/repo.asc), things seems right.
But apt update still complain :
Err:1 http://repo.example.com/public focal InRelease
The following signatures were invalid: EXPKEYSIG 8320586119BDB444 Author [email protected]
That 8320586119BDB444 corrersponds to the previous GPG.
What is missing in this procedure ?
Writing the question from beginning to end sometimes helps to figure out what was missing : )
I simply needed to re-generate repo files with the following commands :