There is a change you have own apt repository if you run Debian or Debian-like system (Ubuntu?) and doing own deb packaging. In order to make apt to not complain about not-signed packages you need create GPG key pair for the repository and push public key on every node. The Opscode Chef recipe should contain public part of GPG key in mykey.gpg file in files/default directory. The Chef recipe to push file looks like this: # # execute "add_my_apt_key" do command "/usr/bin/apt-key add /usr/share/keyrings/mykey.gpg" action :nothing end remote_file "/usr/share/keyrings/zmykey.gpg" do mode "644" owner "root" group "root" action :create backup false source "mykey.gpg" # sha256 # checksum "" notifies :run, resources(:execute => "add_my_apt_key") end Speaking about repository - this key is not being used to sign a package (i e package stays intact) but rather used to sign list of MD5 signatures which you generate by package indexing script: apt-ftparchive generate ./apt-ftparchive.conf apt-ftparchive -c ./apt-custom-release.conf release /var/www/myrepo/dists/custom > /var/www/myrepo/dists/custom/Releasegpg --sign -ba --default-key key@email.com -o /var/www/myrepo/dists/custom/Release.gpg /var/www/myrepo/dists/custom/Release Assuming private key with email key@email.com is in the keyring of current user executing this command. Sample apt-custom-release.conf: APT::FTPArchive::Release::Origin "Mycompany"; APT::FTPArchive::Release::Label "Myrepo"; APT::FTPArchive::Release::Suite "custom"; APT::FTPArchive::Release::Codename "custom"; APT::FTPArchive::Release::Architectures "i386 amd64 source"; APT::FTPArchive::Release::Components "main"; APT::FTPArchive::Release::Description "Custom debian packages for Mycompany.com"; Sample apt-ftparchive.conf: Dir { ArchiveDir "/var/www/myrepo"; }; BinDirectory "dists/custom/main/binary-i386" { Packages "dists/custom/main/binary-i386/Packages"; Contents "dists/custom/Contents-i386"; SrcPackages "dists/custom/main/source/Sources"; }; BinDirectory "dists/custom/main/binary-amd64" { Packages "dists/custom/main/binary-amd64/Packages"; Contents "dists/custom/Contents-amd64"; SrcPackages "dists/custom/main/source/Sources"; }; Tree "dists/custom" { Sections "main"; Architectures "i386 source amd64"; }; The packages go into /var/www/myrepo/dists/custom/main/<Platform>/<anysubdirectory> . |
Articles > Opscode Chef >