Open Stack

use a pgp signing key with pass phrase and sign the release / packages
files.  ubuntu already does this.

On Wed, Mar 4, 2015 at 12:39 PM, Mathieu Gagné <mgagne at iweb.com> wrote:

> On 2015-03-04 12:18 PM, Clint Byrum wrote:
>
>> Excerpts from Mathieu Gagné's message of 2015-03-04 08:31:45 -0800:
>>
>>>
>>> I really like APT repositories and would like to continue using them for
>>> the time being.
>>>
>>
>> I'm impressed you took the time to setup dput!
>>
>
> It's super simple to setup and use. Create a basic dput.cf and you are
> good to go.
>
>
> > You can also use reprepro, which is somewhat handy for combining a
> > remote repo with locally built debs:
> >
>
> I use reprepro too. Super simple to setup and use, would recommend.
>
>
> > You really only need to run apt-ftparchive on a directory full of debs:
> >
> > apt-ftparchive packages path/to/your/debs | gzip > Packages.gz
> >
>
> This is something I would like to avoid as I might not always have full
> shell access to the repository from where the package is built.
>
> Furthermore, I don't have access to all the packages in the repository in
> the same folder to manually generate Packages.gz. (reprepro can do it for
> me)
>
> Ideally, I would like to upload a signed .changes control file to ensure
> the package wasn't tampered with or got corrupted during the transfer.
> (since .changes contains checksums)
>
> --
> Mathieu
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150304/f8a208a3/attachment-0001.html>