[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is there a way to verify packages with already expired GPG keyring?

I don't have any experience with VyOS specifically, but at least have
some interest to try it at some point.
For your situation I suggest to upgrade your installation to latest
release, which is based on jessie, according to official FAQ:
Updating to latest VyOS release is a good thing for at least getting all
up-to-date security updates.

If you want to build packets with more recent environments like stretch
or buster, I recommend creating chrooted jessie environment specifically
for that purpose.
You can create chrooted x86 environment on AMD64 host and it won't break
or conflict with your host OS when you install packages from jessie.
You can use "debootstrap" tool and "schroot" for more simple setup.

On 16.10.2017 11:56, Hideki Yamane wrote:
> Hi,
> I've been asked that "can we verify old archive - e.g. squeeze? Since
> VyOS is based on squeeze and want to build packages with squeeze
> environment, and also want to ensure package is sane with GPG".
> I have no idea - can someone tell me your idea, please?

With kindest regards, Alexander.

⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org

Reply to: