Talk:Pacman/Package signing

From ArchWiki
< Talk:Pacman
Revision as of 12:40, 19 May 2012 by Waynew (talk | contribs) (Cleaning up)
Jump to: navigation, search

Debian Keyring

Could some key developers sign /developers and /trustedusers or create something like debian-keyring package? That would allow a transition from implicit trust to [core]+[extra] to gpg-based trust model.

Currently there is no way to verify if /developers and /trustedusers are correct, and to build a trusted initial keyring...

Srg 07:08, 17 January 2012 (EST)

Cleaning up

I've tried to make this page more accessible for people who are setting up package signing. If anyone who is super-familiar with pacman-key could double-check the facts, I'd appreciate it. --DJPohly 18:08, 18 January 2012 (EST)

I'm not sure where it belongs (I'm new to Arch and the wiki), but I had trouble with I guess it's signing the trusted keys. It wasn't until I found this post: where it mentions pacman-key --populate archlinux. After running that command then I could update my packages.--Waynew (talk) 12:40, 19 May 2012 (UTC)

Custom Built Pacakges Using ABS

Can someone add info on how to sign AND trust custom built packages, e.g. a package I've built using ABS? --sjnims 06:05, 12 April 2012 (EST)

Note: This should actually be placed in Package signing instead of current useless redirect to outdated developers' article
  1. Create personal key with gnupg (it will be located in user's default keychain independantly from stuff in pacman's /etc/pacman.d/gnupg/):
    gpg --gen-key
  2. Import generated key into pacman's keychain (pacman-key --import) from your ~/.gnupg.
  3. Add your signing key to trusted ones, like you did with developers' keys (again {Ic|pacman-key}}).
  4. Optional: configure gpg-agent and other such stuff (see ~/.gnupg/gpg.conf).
For exact instructions and explanations see man pacman-key, man gpg and GnuPG.
--AlexanderR 10:07, 12 April 2012 (EDT)

Moveto Package signing?

As noted by AlexanderR above, this article's info is probably more useful to users than the current redirect of Package signing to DeveloperWiki:Package signing. I'd propose the following:

  1. This article is moved to Package signing, leaving a redirect at pacman-key.
  2. A note is added to the top of this article with a pointer to DeveloperWiki:Package signing.
  3. (Maybe) Remove the note at the top of DeveloperWiki:Package signing pointing to pacman-key.

--DJPohly 11:45, 12 April 2012 (EDT)

  1. I like pacman-key better as a title, and I'd support redirecting Package signing here instead of DeveloperWiki:Package signing
  2. The introduction of this article currently points to DeveloperWiki:Package Signing Proposal for Pacman (through a redirect), I agree it should be changed to DeveloperWiki:Package signing
  3. I wouldn't touch DeveloperWiki:Package signing wrt the note at the top
-- Kynikos 16:53, 14 April 2012 (EDT)
Sounds good to me. --DJPohly 16:56, 14 April 2012 (EDT)
In the end I've just redirected Package signing here, I haven't changed the link to DeveloperWiki:Package Signing Proposal for Pacman since it's linked in turn with DeveloperWiki:Package signing and the former is slightly more descriptive. Closing, ok? -- Kynikos 10:53, 15 April 2012 (EDT)