kanotix.com
General Support - Authenticate my local Debian repository.
LifesWaverider - 30.05.2006, 06:09 Uhr
Titel: Authenticate my local Debian repository.
Hi.
How do I set up my existing local repository with my gpg signature so that synaptic won't complain about authentication?
I don't want the authentication dialogue to pop up each time I install a package offline from the local repository. I use the local repository in my common data partition, to install the packages of a new Kanotix release candidate installed in it's own partition, or on another computer.
Another reason for my interest is.. In the future I want to use a Debian based distribution in a commercial environment. Authentication dialogs might scare the beginner people I am helping unnecessarily.
I believe I would also have to investigate "commercial" security ethics ie.. investigate circumstances where this practice would be unacceptable.
In preparation for this; I used KGpg (as root) to add my public key to root's /root/.gnupg/pubring.gpg .
By the way.. I suggest you make a back-up of your hidden folder /root/.gnupg/ before you run KGpg (as root) for the first time, (and not creating a key-pair). The wizard may replace the files that might be there. If that happens I just copy my backup files over the new files, if there is no usefull information in them.
I copy my /root/.gnupg/ files from release candidate to new release candidate.
I'm on dial-up; so might not be able to answer questions quickly.
Bye
Ivan
devil - 30.05.2006, 07:00 Uhr
Titel: Authenticate my local Debian repository.
ivan,
apt-get update && apt-get install kanotix-keyrings is all you need.
just tell your customers, that the internet is bad and that they better want to make sure, the repo they got is really from debian and not someone elses undermining their security.
the customer that dont understand that, is a very stupid customer.
he should stick ti windows, where unsafety is built in as a feature.
greetz
devil
LifesWaverider - 30.05.2006, 09:03 Uhr
Titel:
LOL
Thanks devil
I didn't realise there was a 'kanotix-keyrings' package. My package (as part of Kanotix-2006-easter-rc4) is still up-to-date. I had been wondering why I didn't have to use wwwkeys.eu.pgp.net to authenticate the main debian site for a clean install. Smooth.. very smooth sailing with Kanotix.
I also was recently surprised that having the keys in the /root/.gnupg/ wasn't good enough. Some other configuration file must be changed as well. I will be investigating why.
The result of getting the key after a I copied a key from an earlier Kanotix:
Code:
gpg: requesting key XXXXXXXX from hkp server wwwkeys.eu.pgp.net
gpg: key XXXXXXXX: "Xxxxxxxxx Xxxxxxxx <xxxxxxx@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
OK
Note.. I x'ed out the detail.
I am more interested in a way to imitate the Debian repositories with my local repository.
The people that help create the Debian repositories some-how add a file (which I want to know how to create) to their repository to allow the keys in 'kanotix-keyrings' to automatically authenticate packages from their repository site.
I have a lovely experience with Kanotix on the net with my trusty local repository. Anything that might possibly drop in unannounced, presently needs a tourist guide-book to cause havoc.
When your security is breached often enough.. you will try anything else. That is why I am researching solutions that corporations would also be interested. Once the employees see how good the work experience with Linux is compared to their home system, they will venture forth into Linux with confidence.
Bye
Ivan
slam - 30.05.2006, 09:35 Uhr
Titel:
How to set up a local (or simple public) repository:
http://www.debian.org/doc/manuals/repository-howto/repository-howto.en.html
All the Release files in your repository need to be signed with your private key, and your public key needs to be accessable for everybody who is using your repository. They simply need to import your public key into the apt keyring once.by calling:
Code:
wget -qO - http://path.to/your.key | apt-key add -
That's it - no big miracle. 
Greetings,
Chris
LifesWaverider - 31.05.2006, 02:19 Uhr
Titel:
Wow slam
A treasure trove of information.
I had not included a Release file in every directory containing my index file of my "Trivial Repository" (as they name and describe my repository type in the howto).
The release file will allow pinning. So very good.
I always wondered about the function of the release file.
Thank-you so very much.
Bye
Ivan
Alle Zeiten sind GMT + 1 Stunde
PNphpBB2 © 2003-2007