Drab as a fool, aloof as a bard

Sometimes something unusual can happen in Debian’s archive which can stop you from installing the packages you’d like. The most likely reason is that you want to install a package you shouldn’t, but Debian is about Freedom, even the Freedom to do something stupid. I found myself in a situation where I wanted to install the Ubuntu package plasma-widget-adjustableclock which depended on a package which wasn’t in Debian (kdebase-workspace-libs4+5), or rather, existed in Debian but under a different name (libkworkspace4). To make the installation possible I ended up creating a dummy package for kdebase-workspace-libs4+5 and installing that, then trying the clock package again. Here I will explain the steps I took to solve the problem, and any issues I encountered along the way.

Signing people’s keys is one problem, but when people sign your key that requires its own procedure with its own set of potential issues. You will likely receive several emails, one from each person with whom you exchanged keyslips, and these emails will each include an attachment or message body that contains encrypted data for you to decrypt. The plaintext you get from decrypting should be a copy of your public key that has been signed by someone’s private key. It is this signature that you’re looking for, and GPG can extract it and add it to your key. Once you have collected the signatures, you can upload your key to a keyserver where the information about who has signed your key can be publicly stored. That’s the principle, but the steps to do all this can be quite cumbersome, so I used some console one-liners to speed some of the steps up, and I include them below with an explanation of what they do.