Enhancement #407: Sign deb package - Kune - Comunes

Enhancement #407

Sign deb package

Added by Samer - over 11 years ago. Updated over 11 years ago.

Status:

New

Start date:

11/10/2012

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Others

Estimated time:

0.00 hour

Target version:

Resolution:

Tags:

Description

The deb package is distributed unsigned. The APT repository and the Debian packages should be signed.

Ref:
http://blog.mycrot.ch/2011/04/26/creating-your-own-signed-apt-repository-and-debian-packages/

History

#1 Updated by Samer - over 11 years ago

I tried to approach this but I got stuck. I thought we should sign the packages with a generic key for Kune (like Ubuntu does) so I created a GPG RSA key for kune@op just for signing (not for encrypting). However, later the instructions say that, in order to do it automatically:
"your packages will be automatically signed as long as the name and email address in your package’s changelog file are the same as that of the GPG key you created"
As the changelog usually has vjrj's name and email, then I wonder that, to avoid complications and being able to do it automatically, we should sign the package with his key.

If we do, then I'd discard the created Kune key and wait till vjrj does it.
If we don't, then i'd continue working on this with the Kune key I created (uploading it to the key repository, signing, etc).

#2 Updated by Vicente J. Ruiz Jurado over 11 years ago

Estimated time set to 0.00

I think is a good path to follow, but, the goal is that ci.comunes.org do this task automatically (now the deb is generated there) and should copy the packages to the repo. The package is manual signed with my key (see the kune deb install howto to import it), because I didn't put the necessary effort to finish all the path and configure ci.comunes.org end task.

#3 Updated by Vicente J. Ruiz Jurado over 11 years ago

Tracker changed from Defect to Enhancement

Also available in: Atom PDF

Kune