Package signing as implemented in certification

Introduction

A general overview of package signing could be found here and in the references therein. This document is to describe how package signing is implemented in certification.

Generating the key

For site administrators

This section describes various procedure for site administrators for several package manager.

The RPM package manager

Importing the public key to keystore

In order to import the public key, do the followings, as root:
  1. Download the key: =wget http://certif-website/certpub.gpg=
  2. Set your GPGHOME enviromental variable to point to your gpg home: export GPGHOME=/root/.mygpg
  3. Import the public key to the keyring: gpg --import certifkey.key
  4. Check that the key has been imported with : rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

Verifying packages

In order to check the signature of a package, do the following:
  1. Check that the key is imported.
  2. Execute: rpm -K package.rpm

Removing the public key from key store

The YUM package manager

Importing the public key to keystore

Verifying packages

Removing the public key from key store

The APT package manager

---++++ Importing the public key to keystore

Verifying packages

Removing the public key from key store

-- GergelyDebreczeni - 04 Feb 2009

Edit | Attach | Watch | Print version | History: r5 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2009-02-04 - GergelyDebreczeni
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback