Enhancement #407

Sign deb package

Added by Samer - almost 6 years ago. Updated over 5 years ago.

Status:NewStart date:11/10/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:OthersEstimated time:0.00 hour
Target version:-
Resolution: Tags:

Description

The deb package is distributed unsigned. The APT repository and the Debian packages should be signed.

Ref:
http://blog.mycrot.ch/2011/04/26/creating-your-own-signed-apt-repository-and-debian-packages/

History

#1 Updated by Samer - almost 6 years ago

I tried to approach this but I got stuck. I thought we should sign the packages with a generic key for Kune (like Ubuntu does) so I created a GPG RSA key for [email protected] just for signing (not for encrypting). However, later the instructions say that, in order to do it automatically:
"your packages will be automatically signed as long as the name and email address in your package’s changelog file are the same as that of the GPG key you created"
As the changelog usually has vjrj's name and email, then I wonder that, to avoid complications and being able to do it automatically, we should sign the package with his key.
  • If we do, then I'd discard the created Kune key and wait till vjrj does it.
  • If we don't, then i'd continue working on this with the Kune key I created (uploading it to the key repository, signing, etc).

#2 Updated by Vicente J. Ruiz Jurado almost 6 years ago

  • Estimated time set to 0.00

I think is a good path to follow, but, the goal is that ci.comunes.org do this task automatically (now the deb is generated there) and should copy the packages to the repo. The package is manual signed with my key (see the kune deb install howto to import it), because I didn't put the necessary effort to finish all the path and configure ci.comunes.org end task.

#3 Updated by Vicente J. Ruiz Jurado over 5 years ago

  • Tracker changed from Defect to Enhancement

Also available in: Atom PDF