[MacPorts] archives added

MacPorts noreply at macports.org
Tue Jun 22 06:13:24 PDT 2010 

Added page "archives" by snc at macports.org from 98.216.103.178*
Page URL: <http://trac.macports.org/wiki/archives>
Comment: adding walkthrough on signing archives
Content:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
 = Using Your Own Archives =
MacPorts recently added the ability to verify archives when `archivemode` is enabled. Signing archives is basically a requirement now. This page will serve as a guide showing how to do this.

 = Create Keys =
The first step (also detailed in `[browser:trunk/base/doc/pubkeys.conf.in ${prefix}/etc/macports/pubkeys.conf]`) is to make keys to sign your archives.

To distribute archives of your own, you need a key pair generated like so:
{{{
openssl genrsa -des3 -out privkey.pem 2048
openssl rsa -in privkey.pem -pubout -out pubkey.pem
}}}
Then sign the archives like this:
{{{
openssl dgst -ripemd160 -sign privkey.pem -out archive.tbz2.rmd160 archive.tbz2
}}}

Be sure to add this key to your ssh keyring or you'll get asked for the password each time it's used. Another alternative is it save it as an unencrypted key, like so:
{{{
openssl rsa -in privkey.pem -out privkey.pem.bare
}}}

 = Sign Packages =
If you have lots of archives to sign, this can be done via a for loop in your shell. Here I use bash:
{{{
for i in *tbz2; do openssl dgst -ripemd160 -sign ~/.ssh/privkey.pem.bare -out $i.rmd160 $i; done
}}}
Note that this saves the signatures along side the archives, by simply using `.rmd160` as a suffix. This is what MacPorts presently expects.

 = Configure MacPorts =
Now we need to add your key to MacPorts. This is done in two places:
 * save copy of public key
 * add path to this copy in pubkeys.conf

I saved my key as `/opt/local/etc/macports/snc.pub` for simplicity. To avoid naming collisions I suggest adding all custom keys to just one file.

 = Try It =
Your archives are now signed and MacPorts should be configured to recognize your signature. Try it out!
-------8<------8<------8<------8<------8<------8<------8<------8<--------

* The IP shown here might not mean anything if the user or the server is
behind a proxy.

--
MacPorts <http://www.macports.org/>
Ports system for Mac OS

This is an automated message. Someone at http://www.macports.org/ added your email
address to be notified of changes on archives. If it was not you, please
report to .

More information about the macports-changes mailing list