[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mini-dinstall, repository signing and apt-get authentication

I demand that Neil Williams may or may not have written...

> I'm now trying a brute force method:

> $ cp /home/neil/Release.amd64 ./Release
> $ md5sum Packages >> Release
> $ md5sum Packages.gz >> Release
> $ echo "SHA1:" >> ./Release
> $ sha1sum Packages >> ./Release
> $ sha1sum Packages.gz >> ./Release

> then signing the Release file to create Release.gpg

What I use for my repository is attached. (Licence is GPL >= v2.)

| Darren Salt    | linux or ds at              | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
|   Say NO to UK ID cards. http://www.no2id.net/

I will never lie to me.
#! /bin/sh


exec >Release

cat <<EOF
Archive: $i
Origin: www.youmustbejoking.demon.co.uk
Label: ymbj
Suite: $i
Codename: $i-ds

echo Date: `date --rfc-822 --utc`

cat <<EOF
Architectures: $ARCH
Components: main contrib non-free
Description: ymbj Debian packages archive ($i)

find * -name Packages -o -name Packages.gz -o -name Packages.bz2 \
    -o -name Sources  -o -name Sources.gz  -o -name Sources.bz2  | sort |
  perl -we '
	use Digest::MD5;
	use Digest::SHA1;

	sub write_sum ($@)
	  my $hashclass = shift @_;
	  $hashclass = eval "Digest::$hashclass";
	  foreach my $file (@_)
	    my $fd;
	    open $fd, "<$file" or die $^E;
	    my $hash = $hashclass->new;
	    $hash->addfile ($fd);
	    my @stat = stat ($file) or die $^E;
	    printf " %s %8s %s\n", $hash->hexdigest, $stat[7], $file;
	    undef $hash;
	    close $fd;

	my @args;
	while (<>) { chomp; push @args, $_; }
	exit 0 unless @args;
	print "MD5Sum:\n";
	write_sum ("MD5", @args);
	print "SHA1:\n";
	write_sum ("SHA1", @args);'

Attachment: signature.asc
Description: PGP signature

Reply to: