-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add GnuPG based signing for Arch, Fedora, Manjaro and OpenSUSE * Add OpenSSL based signing for Void Linux * Ignore Debian/Ubuntu which don't meaningfully support signing except at a repository level.
- Loading branch information
Showing
46 changed files
with
1,222 additions
and
111 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -122,3 +122,5 @@ ENV/ | |
# Generated | ||
docs/source/history.rst | ||
docs/source/schema.rst | ||
|
||
tests/gpg-home/.#* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
.. _gpg_signing: | ||
|
||
============= | ||
GnuPG Signing | ||
============= | ||
|
||
Some distributions, namely Arch, Fedora, Manjaro and OpenSUSE, optionally use | ||
GnuPG_ to sign their packages. Other distributions either use their own wrappers | ||
around OpenSSL, for which the signing process is documented under :ref:`each | ||
distribution's quirks page <building for>`, or don't meaningfully support | ||
signing. | ||
|
||
.. note:: | ||
|
||
Before embarking on signing, bear in mind that, without a web of trust based | ||
or in-person public key verification, a signature is more or less a | ||
meaningless exercise, providing less security than HTTPS. | ||
|
||
To sign your packages: | ||
|
||
* Generate an RSA signing key for yourself or your organisation using ``gpg | ||
--generate-key``. | ||
|
||
* Run ``gpg --list-secret-keys`` to find the key key ID (a 40 character | ||
hexadecimal string) of the key you just generated. | ||
|
||
* Pass that key ID to the ``--gpg-signing-id`` flag when building (replace | ||
``arch`` with whatever distribution you're building for):: | ||
|
||
polycotylus arch --gpg-signing-id 3CB69E1833270B714034B7558CA85BF8D96DB4E9 | ||
|
||
If your GnuPG key has a password, you will be prompted to enter it during the | ||
build. There is currently no automation friendly way to pass the password through | ||
`polycotylus` to GnuPG_. | ||
|
||
**To consume** your signed package, downstream users will need to install your | ||
public key into their package manager's key stores. The process is different on | ||
each distribution – see :ref:`each distribution's quirks page <building for>`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,6 +12,7 @@ | |
requirements | ||
example-library | ||
example-gui/index | ||
gpg | ||
|
||
.. _`building for`: | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.