Hi; I did some work on Trac ticket 57 "add gpg signing of packages", and like to discuss, what I've done so far.
1) we do need gpgv (currently packaged as gnupg.lrp and the only binary in this package) 2) gpgv depends on libiconv - I don't like it cause it adds another 600kb, but as I wrote a few days ago, I haven't found a way to get rid of it. For the time being, I'll add libiconv as dependsOn. 3) I created a new gpg key for "kap...@users.sourceforge.net" and imported the public key to trustedkeys.gpg. Note, that key has not been signed by anyone, so you have to trust me. While we will not have a "keysigning party" any time soon, probably never, ideas how to improve the keychain will be welcome. 4) I'll intend to add trustedkeys.gpg to config.lrp as /root/.gnupg/trustedkeys.gpg (and in the git repository) 5) There is no other way yet to add a new key than to modify the trustedkeys.gpg via git. 6) I've added code to apkg to verify a lrp file, if the lrp file has a gpg companion (i.e. dnsmasq.lrp and dnsmasq.gpg) apkg -v /dnsmasq.lrp gpgv: Signature made Sat Dec 15 17:39:46 2012 MET using RSA key ID 005AF762 gpgv: Good signature from "kp Kirchdoerfer<kap...@users.sourceforge.net>" 7) I've written a replacement for genpage in NetRexx (http://netrexx.org) that creates a Packages page which also adds the gpg signature for this file that can be downloaded along with the lrp Package. (Additionally it will take care of potentially upcoming architectures like arm-versatile, X86_64) At least it'll be a start, with a lot of room for improvements. kp ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
