forked from NetBSD/pkgsrc
-
Notifications
You must be signed in to change notification settings - Fork 51
pkgdev:signing
Jonathan Perkin edited this page Aug 9, 2015
·
8 revisions
Create a PGP key:
$ gpg --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: My Package Key
Email address: [email protected]
Comment:
You selected this USER-ID:
"My Package Key <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
gpg: key DEADBEEF marked as ultimately trusted
Configure .gnupg/gpg-agent.conf
:
daemon
use-standard-socket
max-cache-ttl 315360000
default-cache-ttl 315360000
pinentry-program /path/to/pinentry-tty
Configure .gnupg/gpg.conf
:
lock-never
no-tty
keyserver hkp://keys.gnupg.net
Launch the agent and cache the password
$ gpg-agent
$ echo "hi" >f
$ gpg --sign f
: Test that subsequent runs do not prompt for the password
$ rm -f f.gpg
$ gpg --sign f
: Check the signature
$ gpg --verify f.gpg
$ rm -f f{,.gpg}
Add to mk.conf.local
:
SIGN_PACKAGES= gpg
Add to pkgbuild.conf.local
PKGSRC_GPG_SIGN_AS=DEADBEEF
pkgsrc is a registered trademark of The NetBSD Foundation, Inc.
About
Usage Guides
Package Development
External Links