The aptitude manual has a little section on how add trusted keys to apt.
The list of keys that apt will trust is stored in the keyring file
/etc/apt/trusted.gpg. Once you have the GPG key, you can add it to this file by executing the command gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --importnewkey.asc. aptitude will then trust any archive that is signed with the key contained innewkey.asc.
It took forever but I finally got all of my Qemu networking working. My setup uses VDE, a TUN/TAP device to connect to my LAN, dnsmasq to give my QEMU hosts IP addresses and handle DNS requests, and IP Masquerading because apparently my wifi card can't spoof MAC addresses.
There follows a (probably incomplete) description of the setup
First thing to do is create the TAP device we will use to connect the VDE network to the LAN.
sudo modprobe tun
sudo chmod 666 /dev/net/tun # I'm all alone on this box so...
sudo tunctl # This should create a device called tap0
sudo ifconfig tap0 10.0.0.1 up # This is the IP for the VDE network
We're all done with TAP stuff.
Now we need to make sure that traffic coming through the TAP device gets sent out over the LAN.
sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward" # Enable IP forwarding
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE -v # wlan0 is my wifi card
OK, that's it for IP Masquerading.
This one was easy; just install the package and modify the conf where it says #interface= to say interface=tap0 (without the comment mark and substituting whatever you got back from tunctl above.
First we'll create a virtual switch
sudo vde -s /tmp/switch1
Then give everybody access to the VDE
sudo chmod -R a+rwx /tmp/vde.ctl
OK, that's it for VDE.
This was a trickier bit. The stumbling block for me was that if you specify a MAC address for the host (I'm using Debian Etch as the guest OS), a new eth device is created. So make sure you specify the right MAC address from the start. If you screw up, you can always edit /etc/udev/rules.d/z25_persistent-net.rules and remove the extra eth devices. The reason this happens is that udev figures out that you added a new card (because of the new MAC) and so it configures another device. There's probably a more elegant way around this, I just haven't figured it out yet.
After all of the above, booting should go smoothly; remember to specify -net nic,macaddr=XX:XX:XX:XX:XX:XX -net vde. If you don't get an IP automatically, just run dhclient ethX on the guest and you should be set.
