So I had a mirror up and running beautifully, and then after running the update scripts I lost the GPG authentication.

I was getting the following errors:
WARNING: The following packages cannot be authenticated!
foo bar baz
Install these packages without verification [y/N]?

I struggled for a while to get this to work, and then gave up, but I finally got this sorted out :)

Firstly as the user running the mirror script:
gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --keyserver hkp://subkeys.pgp.net --recv-keys

I needed to add the following keys:
16BA136C – Backports.org Archive Key
55BE302B – Debian Archive Automatic Signing Key (5.0/lenny)
F42584E6 – Lenny Stable Release Key
55BE302B – Debian Archive Automatic Signing Key (5.0/lenny)
0C5A2783 – Medibuntu Packaging Team
1F41B907 – Christian Marillat
437D05B5 – Ubuntu Archive Automatic Signing Key
6DFBCBAE – Sun Microsystems, Inc. (xVM VirtualBox archive signing key)
BBE55AB3 – Debian-Volatile Archive Automatic Signing Key (4.0/etch)

The Medibuntu key was a little strange to get as noted on this post: How To: Make Your Own Ubuntu Repository DVDs

Also removed the “–ignore-release-gpg” option from the scripts, this will at least warn me the next time something like this happens… ;)

And then run the mirror scripts again and voila