Using gpg-authenticated debian-archives: Difference between revisions
mNo edit summary |
No edit summary |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
read http://wiki.debian.org/SecureApt | read http://wiki.debian.org/SecureApt | ||
do this inside the nfsroot if needed: | |||
<pre> | |||
apt-get install gnupg debian-keyring | |||
gpg --keyserver hkp://subkeys.pgp.net --recv-keys 4F368D5D | |||
</pre> | |||
(adjust the key ID and keyserver as needed) | |||
Adding | |||
<pre> | |||
FAI_DEBOOTSTRAP_OPTS="--include=gnupg" | |||
</pre> | |||
to make-fai-nfsroot.conf then you don't need to install gnupkg manually. | |||
hmm. I checked this again. I removed my previpus comment before, because I thought it's stupid from me to say this doesn't work because of the wron key ID. But there's something else wrong: | |||
You don't need these keys in the nfsroot! You need them in the install target. Therefore, you must do these things either in the base.tgz, (or whatever image you are using when having multiple base images), or you have to import the keys with some hook before the actual package installation. | |||
--[[User:Lazyboy|lazyboy]] 22:30, 14 October 2007 (CEST) | |||
Line 15: | Line 26: | ||
If you run a archive make sure that you have a toplevel Release file (create it with apt-ftparchive release) and sign it a key (with gpg -abs -o Release.gpg Release). Then tell your users what key they need to import. | If you run a archive make sure that you have a toplevel Release file (create it with apt-ftparchive release) and sign it a key (with gpg -abs -o Release.gpg Release). Then tell your users what key they need to import. | ||
[[Category:Howto]] |
Latest revision as of 22:24, 30 January 2019
read http://wiki.debian.org/SecureApt
do this inside the nfsroot if needed:
apt-get install gnupg debian-keyring gpg --keyserver hkp://subkeys.pgp.net --recv-keys 4F368D5D
(adjust the key ID and keyserver as needed)
Adding
FAI_DEBOOTSTRAP_OPTS="--include=gnupg"
to make-fai-nfsroot.conf then you don't need to install gnupkg manually.
hmm. I checked this again. I removed my previpus comment before, because I thought it's stupid from me to say this doesn't work because of the wron key ID. But there's something else wrong: You don't need these keys in the nfsroot! You need them in the install target. Therefore, you must do these things either in the base.tgz, (or whatever image you are using when having multiple base images), or you have to import the keys with some hook before the actual package installation. --lazyboy 22:30, 14 October 2007 (CEST)
For people running an archive repository
(taken from http://wiki.debian.org/apt06 - go to that page and read it!)
If you run a archive make sure that you have a toplevel Release file (create it with apt-ftparchive release) and sign it a key (with gpg -abs -o Release.gpg Release). Then tell your users what key they need to import.