summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Woodward2007-10-06 04:24:10 +0000
committerJason Woodward2007-10-06 04:24:10 +0000
commitbc2d35c10bb7158a713b2dd8669f59fc947ea2c9 (patch)
tree453000efdccfe0d4bbed706ac72d3743a7b3e4f8
parentbef14bf9bdaf22e06a64b41bb06b107f1e4f4914 (diff)
downloadslapt-get-bc2d35c10bb7158a713b2dd8669f59fc947ea2c9.tar.gz
added faq " How do I support GPG signature verification in my package repository?"
-rw-r--r--FAQ15
-rw-r--r--FAQ.html13
2 files changed, 28 insertions, 0 deletions
diff --git a/FAQ b/FAQ
index 9625343..430d746 100644
--- a/FAQ
+++ b/FAQ
@@ -55,6 +55,7 @@ Frequently Asked Questions:
52. What are the relationships of CHECKSUMS.md5, PACKAGES.TXT and package_data?
53. Does slapt-get support the GPG/PGP signature verification?
54. Why am I getting "GPGME: Invalid crypto engine"?
+55. How do I support GPG signature verification in my package repository?
@@ -1189,3 +1190,17 @@ Frequently Asked Questions:
gnupg 1.x can be installed side by side with gnupg2.
+55. How do I support GPG signature verification in my package repository?
+
+ Simply add your GPG key as GPG-KEY in the same directory as your PACKAGES.TXT
+ and CHECKSUMS.md5 files. This is created with the following command template:
+
+ gpg --export --armor your_key_id > GPG-KEY
+
+ CHECKSUMS.md5.asc (or optionally CHECKSUMS.md5.gz.asc) are downloaded along
+ with the checksums file. If the signature is verified, the package source is
+ downloaded. The signature file is generated with the following command template:
+
+ gpg -bas CHECKSUMS.md5
+
+
diff --git a/FAQ.html b/FAQ.html
index 65b25d3..11a39d5 100644
--- a/FAQ.html
+++ b/FAQ.html
@@ -69,6 +69,7 @@
<a href="#slgFAQ52">52. What are the relationships of CHECKSUMS.md5, PACKAGES.TXT and package_data?</a>
<a href="#slgFAQ53">53. Does slapt-get support the GPG/PGP signature verification?</a>
<a href="#slgFAQ54">54. Why am I getting "GPGME: Invalid crypto engine"?</a>
+<a href="#slgFAQ55">55. How do I support GPG signature verification in my package repository?</a>
@@ -1203,6 +1204,18 @@
gnupg 1.x can be installed side by side with gnupg2.
+<a name="slgFAQ55"><b>55. How do I support GPG signature verification in my package repository?</b></a>
+
+ Simply add your GPG key as GPG-KEY in the same directory as your PACKAGES.TXT
+ and CHECKSUMS.md5 files. This is created with the following command template:
+
+ gpg --export --armor your_key_id > GPG-KEY
+
+ CHECKSUMS.md5.asc (or optionally CHECKSUMS.md5.gz.asc) are downloaded along
+ with the checksums file. If the signature is verified, the package source is
+ downloaded. The signature file is generated with the following command template:
+
+ gpg -bas CHECKSUMS.md5
</pre>