[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS needs to be implemented for updating

Marc Haber wrote...

> On Wed, Dec 21, 2016 at 09:31:23AM +0100, Joerg Jaspert wrote:
> > Now, if you want to manually download a .deb and dpkg -i it - then you
> > have to manually do the same steps apt & co do: Get the corresponding
> > packages and (In)Release files, verify its signature validates against
> > the archive key, then verify the checksum of the Packages and then the
> > .deb file. If you don't follow this, you lost, but you asked for it.
> Do we have a tool that does this kind of verification of a locally
> present .deb automatically?

If it's about a package in the configured sources.list, you can just
apt-get download it. Else I'd set up a virtual environment for the
selected dist and arch, then apt-get download as above. There are
several tools for that, chdist (src:devscripts) worked fine for me.


Attachment: signature.asc
Description: Digital signature

Reply to: