| Autor |
Nachricht |
|
|
Titel: Authenticate my local Debian repository.
 Verfasst am: 30.05.2006, 06:09 Uhr
|
|
Anmeldung: 03. Dez 2004
Beiträge: 21
Wohnort: Brisbane AU
|
|
Hi.
How do I set up my existing local repository with my gpg signature so that synaptic won't complain about authentication?
I don't want the authentication dialogue to pop up each time I install a package offline from the local repository. I use the local repository in my common data partition, to install the packages of a new Kanotix release candidate installed in it's own partition, or on another computer.
Another reason for my interest is.. In the future I want to use a Debian based distribution in a commercial environment. Authentication dialogs might scare the beginner people I am helping unnecessarily.
I believe I would also have to investigate "commercial" security ethics ie.. investigate circumstances where this practice would be unacceptable.
In preparation for this; I used KGpg (as root) to add my public key to root's /root/.gnupg/pubring.gpg .
By the way.. I suggest you make a back-up of your hidden folder /root/.gnupg/ before you run KGpg (as root) for the first time, (and not creating a key-pair). The wizard may replace the files that might be there. If that happens I just copy my backup files over the new files, if there is no usefull information in them.
I copy my /root/.gnupg/ files from release candidate to new release candidate.
I'm on dial-up; so might not be able to answer questions quickly.
Bye
Ivan |
|
|
| |
|
|
|
 |
|
|
|
Titel: Authenticate my local Debian repository.
Verfasst am: 30.05.2006, 07:00 Uhr
|
|
Team Member
Anmeldung: 06. Mai 2005
Beiträge: 3087
Wohnort: berlin
|
|
ivan,
apt-get update && apt-get install kanotix-keyrings is all you need.
just tell your customers, that the internet is bad and that they better want to make sure, the repo they got is really from debian and not someone elses undermining their security.
the customer that dont understand that, is a very stupid customer.
he should stick ti windows, where unsafety is built in as a feature.
greetz
devil |
_________________
<<We are Xorg - resistance is futile - you will be axximilated>>
Host/Kernel/OS "devilsbox" running[2.6.19-rc1-git5-kanotix-1KANOTIX-2006-01-RC4 ]
CPU Info AMD Athlon 64 3000+ clocked at [ 803.744 MHz ]
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 30.05.2006, 09:03 Uhr
|
|
Anmeldung: 03. Dez 2004
Beiträge: 21
Wohnort: Brisbane AU
|
|
LOL
Thanks devil
I didn't realise there was a 'kanotix-keyrings' package. My package (as part of Kanotix-2006-easter-rc4) is still up-to-date. I had been wondering why I didn't have to use wwwkeys.eu.pgp.net to authenticate the main debian site for a clean install. Smooth.. very smooth sailing with Kanotix.
I also was recently surprised that having the keys in the /root/.gnupg/ wasn't good enough. Some other configuration file must be changed as well. I will be investigating why.
The result of getting the key after a I copied a key from an earlier Kanotix:
Code:
gpg: requesting key XXXXXXXX from hkp server wwwkeys.eu.pgp.net
gpg: key XXXXXXXX: "Xxxxxxxxx Xxxxxxxx <xxxxxxx@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
OK
Note.. I x'ed out the detail.
I am more interested in a way to imitate the Debian repositories with my local repository.
The people that help create the Debian repositories some-how add a file (which I want to know how to create) to their repository to allow the keys in 'kanotix-keyrings' to automatically authenticate packages from their repository site.
I have a lovely experience with Kanotix on the net with my trusty local repository. Anything that might possibly drop in unannounced, presently needs a tourist guide-book to cause havoc.
When your security is breached often enough.. you will try anything else. That is why I am researching solutions that corporations would also be interested. Once the employees see how good the work experience with Linux is compared to their home system, they will venture forth into Linux with confidence.
Bye
Ivan |
|
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 30.05.2006, 09:35 Uhr
|
|
Anmeldung: 05. Okt 2004
Beiträge: 2069
Wohnort: w3
|
|
How to set up a local (or simple public) repository:
http://www.debian.org/doc/manuals/repository-howto/repository-howto.en.html
All the Release files in your repository need to be signed with your private key, and your public key needs to be accessable for everybody who is using your repository. They simply need to import your public key into the apt keyring once.by calling:
Code:
wget -qO - http://path.to/your.key | apt-key add -
That's it - no big miracle. 
Greetings,
Chris |
_________________
"An operating system must operate."
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 31.05.2006, 02:19 Uhr
|
|
Anmeldung: 03. Dez 2004
Beiträge: 21
Wohnort: Brisbane AU
|
|
Wow slam
A treasure trove of information.
I had not included a Release file in every directory containing my index file of my "Trivial Repository" (as they name and describe my repository type in the howto).
The release file will allow pinning. So very good.
I always wondered about the function of the release file.
Thank-you so very much.
Bye
Ivan |
|
|
| |
|
|
|
|
|
|
