Using gpg-authenticated debian-archives: Difference between revisions

From FAIWiki
Jump to navigation Jump to search
No edit summary
(nicer formatting)
Line 1: Line 1:
read http://wiki.debian.org/SecureApt
read http://wiki.debian.org/SecureApt


do this inside the nfsroot if needed:
do this inside the nfsroot if needed:


apt-get install gnupg debian-keyring gpg --recv-keys 4F368D5D
<pre>
 
apt-get install gnupg debian-keyring  
This info is wron in my opinion! The new key ID is: 2D230C5F, at least I just had a problem with this when making a mirror.
gpg --recv-keys 4F368D5D
</pre>
(adjust the key ID as needed)


FAI_DEBOOTSTRAP_OPTS="--include=gnupg" is half of whats needed.
Adding
<pre>
FAI_DEBOOTSTRAP_OPTS="--include=gnupg"  
</pre>
to make-fai-nfsroot.conf then you don't need to install gnupkg manually.





Revision as of 18:27, 14 October 2007

read http://wiki.debian.org/SecureApt

do this inside the nfsroot if needed:

apt-get install gnupg debian-keyring 
gpg --recv-keys 4F368D5D

(adjust the key ID as needed)

Adding

FAI_DEBOOTSTRAP_OPTS="--include=gnupg" 

to make-fai-nfsroot.conf then you don't need to install gnupkg manually.


For people running an archive repository

(taken from http://wiki.debian.org/apt06 - go to that page and read it!)

If you run a archive make sure that you have a toplevel Release file (create it with apt-ftparchive release) and sign it a key (with gpg -abs -o Release.gpg Release). Then tell your users what key they need to import.

howto create a local mirror incl. security.debian.org

http://www.psycast.de/blog/?postid=30 (german, will do a translation soon)