Quantcast
Channel: CodeSection,代码区,Linux操作系统:Ubuntu_Centos_Debian - CodeSec
Viewing all articles
Browse latest Browse all 11063

Sign pkgsrc packages manually

$
0
0

Starting a post with "this is only a workaround and you should only use it if you sure what you're doing" is maybe not the best start but anyway: This is only a workaround if you missed to sign your package or would like todo it for your home environment!

Please have a look at pkgbuild from Jonathan which provides most features to have a nice build environment for pkgsrc .

To sign a package manually and not during the build process you could use the pkg_admin tool. The tool provides an argument gpg-sign-package which allow you to sign packages with GPG based on your mk.conf file.

It's required to have your GPG environment ready and working. So you need an public/private key pair in your trust store which you could use for signing the package. It's not required to have gpg-agent or anything running but if not you need so insert your password on each package you like to sign.

The following variables need to be configured in your mk.conf :

# Set your gpg key ID to the following variable GPG_SIGN_AS=your_gpg_id # Set the path to the GPG binary GPG=/opt/pkg/bin/gpg

After this is done you could use the pkg_admin command to sign you package:

$ pkg_admin gpg-sign-package unsigned/vim-nox-8.0.0086.tgz signed/vim-nox-8.0.0086.tgz

Because I'm a little bit lazy and only need to variables in the mk.conf I've created the following script which use a temporary mk.conf file for signing:

#!/usr/bin/env bash GPG_SIGN_AS=your_gpg_id MK_CONF=$(mktemp -q /tmp/mk-conf.XXXXXXXX) cat <<EOF >> ${MK_CONF} GPG_SIGN_AS=${GPG_SIGN_AS} GPG=$(which gpg) EOF pkg_admin -C ${MK_CONF} gpg-sign-package $@ rm "${MK_CONF}"


Viewing all articles
Browse latest Browse all 11063

Latest Images

Trending Articles