[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Package signatures tools



I'm releasing these things now... have them in development and use for
a couple weeks/months now.

A Python module for doing debsigs-type package signatures and
verification thereof.  Uses and included module for GnuPG file
signatures and verification.

It also includes a miniscript that, given a .changes file, signs the
.deb, the .dsc and the .changes file (with the md5s in .changes
adjusted).

   jerhard.org/files/python-debsigs-snapshot.tar.gz

This one is infrastructure for verification of packages based on
Release/Release.gpg.

   jerhard.org/files/verifydebs-snapshot.tar.gz

Both are a bit underdocumented (meaning: no docs at all), so Use the
Source, Luke.

Hope someone will like it.  I do ;-)

I'm also *very* much interested in finding out what is insecurely
done.  It could be improved by using the Python gpgme wrapper.  Any
patches are *very* welcome!

Bye, J

PS: Yes, a crosspost, but both packages are linked (verifydebs uses
python-debsigs), and both have stuff for developers and users.  Flame
me anyway, if you must ;-)

-- 
                            Jürgen A. Erhard
                 Invasion!  http://invasion.jerhard.org
                     I'm a FIG (http://www.fig.org)
           Ach, wir Paranoiker sind schon irgendwie verrückt.

Attachment: pgpjVMjO9DAKR.pgp
Description: PGP signature


Reply to: