Using gpg-authenticated debian-archives: Difference between revisions
(nicer formatting) |
m (+ category) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 5: | Line 5: | ||
<pre> | <pre> | ||
apt-get install gnupg debian-keyring | apt-get install gnupg debian-keyring | ||
gpg --recv-keys 4F368D5D | gpg --keyserver hkp://subkeys.pgp.net --recv-keys 4F368D5D | ||
</pre> | </pre> | ||
(adjust the key ID as needed) | (adjust the key ID and keyserver as needed) | ||
Adding | Adding | ||
| Line 14: | Line 14: | ||
</pre> | </pre> | ||
to make-fai-nfsroot.conf then you don't need to install gnupkg manually. | to make-fai-nfsroot.conf then you don't need to install gnupkg manually. | ||
hmm. I checked this again. I removed my previpus comment before, because I thought it's stupid from me to say this doesn't work because of the wron key ID. But there's something else wrong: | |||
You don't need these keys in the nfsroot! You need them in the install target. Therefore, you must do these things either in the base.tgz, (or whatever image you are using when having multiple base images), or you have to import the keys with some hook before the actual package installation. | |||
--[[User:Lazyboy|lazyboy]] 22:30, 14 October 2007 (CEST) | |||
| Line 25: | Line 29: | ||
http://www.psycast.de/blog/?postid=30 (german, will do a translation soon) | http://www.psycast.de/blog/?postid=30 (german, will do a translation soon) | ||
[[Category:Howto]] | |||
Revision as of 07:55, 4 October 2010
read http://wiki.debian.org/SecureApt
do this inside the nfsroot if needed:
apt-get install gnupg debian-keyring gpg --keyserver hkp://subkeys.pgp.net --recv-keys 4F368D5D
(adjust the key ID and keyserver as needed)
Adding
FAI_DEBOOTSTRAP_OPTS="--include=gnupg"
to make-fai-nfsroot.conf then you don't need to install gnupkg manually.
hmm. I checked this again. I removed my previpus comment before, because I thought it's stupid from me to say this doesn't work because of the wron key ID. But there's something else wrong: You don't need these keys in the nfsroot! You need them in the install target. Therefore, you must do these things either in the base.tgz, (or whatever image you are using when having multiple base images), or you have to import the keys with some hook before the actual package installation. --lazyboy 22:30, 14 October 2007 (CEST)
For people running an archive repository
(taken from http://wiki.debian.org/apt06 - go to that page and read it!)
If you run a archive make sure that you have a toplevel Release file (create it with apt-ftparchive release) and sign it a key (with gpg -abs -o Release.gpg Release). Then tell your users what key they need to import.
howto create a local mirror incl. security.debian.org
http://www.psycast.de/blog/?postid=30 (german, will do a translation soon)