Mailinglist Archive: opensuse-buildservice (182 mails)

< Previous Next >
Re: [opensuse-buildservice] digital signatures for published packages?
  • From: Carsten Hoeger <choeger@xxxxxxxxxxxx>
  • Date: Mon, 1 Feb 2010 17:07:55 +0100
  • Message-id: <20100201160755.GG15376@xxxxxxxxxxxx>
On Mon, Feb 01, Adrian Schröter wrote:

Am Montag, 1. Februar 2010 16:40:37 schrieb Marcus Meissner:
On Mon, Feb 01, 2010 at 09:37:30AM -0600, Paul Elliott wrote:

How do we digitally sign the packages, (both debian and rpm), published
by the buildservice?

The RPMs are already signed.

Support for DEBs is however not built in AFAIK.

The repos are sign for debian. debs can't be signed at all afaik.

Exactly, but the apt repo can use gpg to sign the Package list.

http://wiki.debian.org/SecureApt

That's what the patch does, which I sent you, which is already included now in
=1.7.

The Release files are now signed with the OBS buildkey.
See e.g.

http://download.opensuse.org/repositories/server:/OX:/ox6/xUbuntu_9.10/

--
With best regards,

Carsten Hoeger
< Previous Next >