Difference between revisions of "Include:Abuild-keygen"

From Alpine Linux
Jump to: navigation, search
m (added to Development Category)
(Fold in manual method from "Creating keys for package signing")
Line 10: Line 10:
 
* '''-n'''  Non-interactive. Use defaults
 
* '''-n'''  Non-interactive. Use defaults
 
* '''-q'''  Quiet mode
 
* '''-q'''  Quiet mode
 +
 +
 +
=== Creating keys manually ===
 +
 +
In older versions of Alpine, we had to manually create keys for signing packages and indexes. This explains how. Nowadays you can just use <code>abuild-keygen</code>.
 +
 +
Since the public key needs to be unique for each developer, the email address should be used as name for the public key.
 +
 +
Create the private key:
 +
{{cmd|openssl genrsa -out ''emailaddress.priv'' 2048}}
 +
 +
{{tip|Append ''-aes256'' if you want it encrypted, but then you'll need to enter the password for every package you sign}}
 +
 +
Create the public key:
 +
{{cmd|openssl rsa -in ''emailaddress.priv'' -pubout -out /etc/apk/keys/''emailaddress''}}
 +
 +
The public key should be distributed and installed into {{Path|/etc/apk/keys}} on the alpine box that will install the packages. This basically means that the main developer's public keys should be in {{Path|/etc/apk/keys}} on all Alpine boxes.
  
 
[[Category:Development]]
 
[[Category:Development]]

Revision as of 12:13, 22 October 2012

For abuild a public/private rsa key pair is needed. abuild-keygen does the generation of those keys for you.

abuild-keygen -a -i

abuild-keygen options

  • -a Set PACKAGER_PRIVKEY=<generated key> in abuild.conf
  • -i Install public key into /etc/apk/keys using sudo
  • -h Show this help
  • -n Non-interactive. Use defaults
  • -q Quiet mode


Creating keys manually

In older versions of Alpine, we had to manually create keys for signing packages and indexes. This explains how. Nowadays you can just use abuild-keygen.

Since the public key needs to be unique for each developer, the email address should be used as name for the public key.

Create the private key:

openssl genrsa -out emailaddress.priv 2048

Tip: Append -aes256 if you want it encrypted, but then you'll need to enter the password for every package you sign

Create the public key:

openssl rsa -in emailaddress.priv -pubout -out /etc/apk/keys/emailaddress

The public key should be distributed and installed into /etc/apk/keys on the alpine box that will install the packages. This basically means that the main developer's public keys should be in /etc/apk/keys on all Alpine boxes.