Using gpg-authenticated debian-archives

From FAIWiki
Revision as of 18:31, 14 October 2007 by Lazyboy (talk | contribs) (add keyserver - by default none is set in the config, and without it the command fails)
Jump to navigation Jump to search

read http://wiki.debian.org/SecureApt

do this inside the nfsroot if needed: 

apt-get install gnupg debian-keyring 
gpg --keyserver hkp://subkeys.pgp.net --recv-keys 4F368D5D

(adjust the key ID and keyserver as needed)

Adding 

FAI_DEBOOTSTRAP_OPTS="--include=gnupg"

to make-fai-nfsroot.conf then you don't need to install gnupkg manually.


For people running an archive repository

(taken from http://wiki.debian.org/apt06 - go to that page and read it!)

If you run a archive make sure that you have a toplevel Release file (create it with apt-ftparchive release) and sign it a key (with gpg -abs -o Release.gpg Release). Then tell your users what key they need to import.

howto create a local mirror incl. security.debian.org

http://www.psycast.de/blog/?postid=30 (german, will do a translation soon)

Retrieved from "https://wiki.fai-project.org/index.php?title=Using_gpg-authenticated_debian-archives&oldid=2556"