[opensuse-buildservice] digital signatures for published packages?
How do we digitally sign the packages, (both debian and rpm), published by the buildservice? -- Paul Elliott 1(512)837-1096 pelliott@BlackPatchPanel.com PMB 181, 11900 Metric Blvd Suite J http://www.free.blackpatchpanel.com/pme/ Austin TX 78758-3117
On Mon, Feb 01, 2010 at 09:37:30AM -0600, Paul Elliott wrote:
How do we digitally sign the packages, (both debian and rpm), published by the buildservice?
The RPMs are already signed. Support for DEBs is however not built in AFAIK. Ciao, Marcu -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Montag, 1. Februar 2010 16:40:37 schrieb Marcus Meissner:
On Mon, Feb 01, 2010 at 09:37:30AM -0600, Paul Elliott wrote:
How do we digitally sign the packages, (both debian and rpm), published by the buildservice?
The RPMs are already signed.
Support for DEBs is however not built in AFAIK.
The repos are sign for debian. debs can't be signed at all afaik. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Mon, Feb 01, Adrian Schröter wrote:
Am Montag, 1. Februar 2010 16:40:37 schrieb Marcus Meissner:
On Mon, Feb 01, 2010 at 09:37:30AM -0600, Paul Elliott wrote:
How do we digitally sign the packages, (both debian and rpm), published by the buildservice?
The RPMs are already signed.
Support for DEBs is however not built in AFAIK.
The repos are sign for debian. debs can't be signed at all afaik.
Exactly, but the apt repo can use gpg to sign the Package list. http://wiki.debian.org/SecureApt That's what the patch does, which I sent you, which is already included now in
=1.7.
The Release files are now signed with the OBS buildkey. See e.g. http://download.opensuse.org/repositories/server:/OX:/ox6/xUbuntu_9.10/ -- With best regards, Carsten Hoeger
Am Montag, 1. Februar 2010 16:37:30 schrieb Paul Elliott:
How do we digitally sign the packages, (both debian and rpm), published by the buildservice?
the server is creating a keypair for your project by default and is signing with this one. You can download the public part via "osc signkey" and for example sign this one with your own private key on your workstation to state that you trust this one. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (4)
-
Adrian Schröter
-
Carsten Hoeger
-
Marcus Meissner
-
Paul Elliott