Add support for Debian package signing #1357
Conversation
adrianabedon
force-pushed
the
package-signing
branch
from
dcc1e45 to
342e764
Compare
adrianabedon
force-pushed
the
package-signing
branch
from
342e764 to
6300c8e
Compare
|
Sounds interesting! We have seen the tech preview in pulp_rpm. I don't know the details of how exactly package signing in the APT ecosystem works. If you have some docs you can point us at, that would help us once we get around to start reviewing. |
|
@quba42 here are the Debian docs on signing packages: https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html#check-pkg-sign Here's our own docs about how to manually verify package signatures: This doc has a bit more info including how to configure dpkg to verify signatures: https://blog.packagecloud.io/how-to-gpg-sign-and-verify-deb-packages-and-apt-repositories/ I think it's worth mentioning that there's another way to sign with packages (dpkg-sig) but it's been removed from Debian: |
adrianabedon
force-pushed
the
package-signing
branch
from
6300c8e to
b8ebf37
Compare
adrianabedon
force-pushed
the
package-signing
branch
from
b8ebf37 to
392ca28
Compare
3 participants
This change aims to add support for signing Debian packages upon direct upload to a repository. Matches current package signing support in pulp_rpm and also adds the ability to override the signing key fingerprint per release.
TODO
closes #1300