Difference between revisions of "Talk:Pacman/Package signing"
From ArchWiki
AlexanderR (talk | contribs) (→Custom Built Pacakges Using ABS) |
AlexanderR (talk | contribs) (moved recently added discussion to the bottom) |
||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Debian Keyring == | == Debian Keyring == | ||
| Line 21: | Line 10: | ||
I've tried to make this page more accessible for people who are setting up package signing. If anyone who is super-familiar with pacman-key could double-check the facts, I'd appreciate it. --[[User:DJPohly|DJPohly]] 18:08, 18 January 2012 (EST) | I've tried to make this page more accessible for people who are setting up package signing. If anyone who is super-familiar with pacman-key could double-check the facts, I'd appreciate it. --[[User:DJPohly|DJPohly]] 18:08, 18 January 2012 (EST) | ||
| + | |||
| + | == Custom Built Pacakges Using ABS == | ||
| + | |||
| + | Can someone add info on how to sign AND trust custom built packages, e.g. a package I've built using ABS? --[[User:sjnims|sjnims]] 06:05, 12 April 2012 (EST) | ||
| + | : {{Note|This should actually be placed in [[Package signing]] instead of current useless redirect to outdated developers' article}} | ||
| + | # Create personal key with gnupg (it will be located in user's default keychain independantly from stuff in pacman's {{Ic|/etc/pacman.d/gnupg/}}): {{bc|gpg --gen-key}}. | ||
| + | # Import generated key into pacman's keychain ({{Ic|pacman-key --import}}) from your {{Ic|~/.gnupg}}. | ||
| + | # Add your signing key to trusted ones, like you did with developers' keys (again {Ic|pacman-key}}). | ||
| + | # '''Optional''': configure {{Ic|gpg-agent}} and other such stuff (see {{Ic|~/.gnupg/gpg.conf}}). | ||
| + | : For exact instructions and explanations see {{Ic|man pacman-key}}, {{Ic|man gpg}} and [[GnuPG]]. | ||
| + | : --[[User:AlexanderR|AlexanderR]] 10:07, 12 April 2012 (EDT) | ||
Revision as of 14:09, 12 April 2012
Debian Keyring
Could some key developers sign /developers and /trustedusers or create something like debian-keyring package? That would allow a transition from implicit trust to [core]+[extra] to gpg-based trust model.
Currently there is no way to verify if /developers and /trustedusers are correct, and to build a trusted initial keyring...
Srg 07:08, 17 January 2012 (EST)
Cleaning up
I've tried to make this page more accessible for people who are setting up package signing. If anyone who is super-familiar with pacman-key could double-check the facts, I'd appreciate it. --DJPohly 18:08, 18 January 2012 (EST)
Custom Built Pacakges Using ABS
Can someone add info on how to sign AND trust custom built packages, e.g. a package I've built using ABS? --sjnims 06:05, 12 April 2012 (EST)
- Create personal key with gnupg (it will be located in user's default keychain independantly from stuff in pacman's
/etc/pacman.d/gnupg/):gpg --gen-key
. - Import generated key into pacman's keychain (
pacman-key --import) from your~/.gnupg. - Add your signing key to trusted ones, like you did with developers' keys (again {Ic|pacman-key}}).
- Optional: configure
gpg-agentand other such stuff (see~/.gnupg/gpg.conf).
- For exact instructions and explanations see
man pacman-key,man gpgand GnuPG. - --AlexanderR 10:07, 12 April 2012 (EDT)