[Madlug] creating local debian mirror

John Heim jheim at math.wisc.edu
Tue Jun 12 16:30:30 CDT 2007

I'm trying to set up a local debian mirror.  I've been googling for howtos 
and I've found plenty. Problem is they all seem to give different advice. 
First I tried apt-mirror. But i believe that to mirror several different 
architectures, I would have had to add a lot of lines to the config. So then 
I tried debmirror. That seems to have worked better.

What  I did is install debmirror. Then I edited 
/usr/share/doc/debmirror/debmirror.conf to add my preferred options. Then I 
wrote a shell script to run debmirror and put it in /etc/cron.daily.

According to /usr/share/doc/debmirror/debmirror.conf itself, you should be 
able to create a file named /etc/debmirror.conf and that should over-ride 
the options in /usr/share/doc/debmirror/debmirror.conf. But that didn't 
work. It seems funny to have a config file in /usr/share/doc. Am I missing 
something there?

How does one usually update the mirror? Do ye approve of my use of 

Lastly, I had to use an option to debmirror  --ignore-realese-gpg or i got 
an error that the public key was not found.   It worked if I added 
the --ignore-release-gpg option:even though I think I've imported the key. I 
see the second line with a key ID but I don't know what to do with it. I get 
an error if i try to import it the way I did the other one.

#gpg --keyserver keyring.debian.org --recv-keys 6070D3A1
 #debmirror  -v /mirror/debian
Mirroring to /mirror/debian from 
Arches: i386,amd64
Dists: etch
Sections: main,main/debian-installer,contrib,non-free
Including source.
Will clean up AFTER mirroring.
Pdiff mode: use.
Attempting to get lock, this might take 2 minutes before it fails.
Get Release files.
[0%] Keeping: dists/etch/Release
[0%] Keeping: dists/etch/Release.gpg
gpg: Signature made Sun 08 Apr 2007 05:42:00 AM CDT using DSA key ID 
gpg: Good signature from "Debian Archive Automatic Signing Key (4.0/etch) 
<ftpmaster at d
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the 
Primary key fingerprint: A999 51DA F9BB 569B DB50  AD90 A70D AF53 6070 D3A1
gpg: Signature made Sun 08 Apr 2007 04:38:40 AM CDT using DSA key ID 
gpg: Can't check signature: public key not found
Release signature does not verify.
 Release signature does not verify.
Failed to download some Release or Release.gpg files!
WARNING: releasing 1 pending lock...
root at boole:~#
John Heim
jheim at math.wisc.edu / 608-263-4189
If you are blind and you use linux, please subscribe to 
blinux-list at redhat.com

More information about the Madlug mailing list