1 Jul
2009
1 Jul
'09
9:43 p.m.
Aaron Griffin schrieb: > I don't know if anyone really has a clear idea of how this should > work. So it's difficult to give a "high level" design here. > >> >From my point of view: > * Should be optional, possibly per repo (so we can use signed packages > from core and extra, and unsigned packages from mycustomrepo) > * Needs to get keys from some keychain somehow > * Should be rather transparent once turned on First of all, I wouldn't use GPG like was suggested in the past, but some real certificates (openssl or gnutls can do this). First we create an Arch Linux certificate authority. Then we generate certificates for all developers and trusted users. Now this is what's going to happen on the pacman end: Pacman has a list of trusted certificates. This would only have to include the Arch Linux CA certificate and certificates for all community repositories that are used on the machine in question. Other certificates can automatically be downloaded and verified. When installing a package with -S, during the "checking integrity" stage, pacman checks for a file "signature" in the db.tar.gz that contains a signature. If it is valid, the installation continues, otherwise aborts. If there is no "signature" file, pacman prints a warning (or aborts, depending on its configuration). Now all that has to be done is generate the signature when running makepkg, upload it with devtools and make repo-add support adding the signature file. This is not at as complicated as you put it :)