I have a whole bunch of remote locked down Debian boxes, I can not access them all ports are closed. They are quite numerous en spread all over the country, physical access would be a rather bothersome logistical operation.
These boxes are updated by local cron job that periodically runs apt-get upgrade -y against a dedicated repository.
I've found out that the singing key of the repository is about to expire. This would make it impossible to update these boxes any longer. I've updated the singing key on the publicly accessible key server but apt-get does not seem to update keys from the key server automatically if it finds them to be expired.
I can send out an update to add something to the update script to update the keys. But if a box is switched off until after the key expires the update to fix this can no longer be installed.
I've tried to re-upload all the packages in the repository to be unsigned, to get around this problem. But then the apt-get tells me:
WARNING: The following packages cannot be authenticated!
E: There are problems and -y was used without --force-yes
Which essentially gives me the same problem, I can only mend the update script by sending out an update through the repository that soon will be ignored because of a expired signing key. And any box that misses out to get the update before the key expires will no longer be updated.
I'm getting a bit anxious now. Is there any way I can dig myself out of this situation without physical access to all these remote boxes?
