diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-dev-guide-install-keyring-md-404.json b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-dev-guide-install-keyring-md-404.json index 3ec35138..b1c3fc7f 100644 --- a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-dev-guide-install-keyring-md-404.json +++ b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-dev-guide-install-keyring-md-404.json @@ -1,7 +1,7 @@ { "id": "dev_guide/install_keyring", "title": "Install Keyrings", - "description": "", + "description": "🔑 Installing and Packaging Your Own Keyring on Arch Linux", "source": "@site/docs/dev_guide/install_keyring.md", "sourceDirName": "dev_guide", "slug": "/dev_guide/install_keyring", diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json b/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json index c938e6de..8c9eb821 100644 --- a/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json +++ b/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json @@ -405,7 +405,7 @@ "dev_guide/install_keyring": { "id": "dev_guide/install_keyring", "title": "Install Keyrings", - "description": "", + "description": "🔑 Installing and Packaging Your Own Keyring on Arch Linux", "sidebar": "tutorialSidebar" }, "dev_guide/pkgbuild": { diff --git a/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json b/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json index a44e3388..3eb8e0ef 100644 --- a/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json +++ b/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json @@ -184,7 +184,7 @@ { "id": "dev_guide/install_keyring", "title": "Install Keyrings", - "description": "", + "description": "🔑 Installing and Packaging Your Own Keyring on Arch Linux", "source": "@site/docs/dev_guide/install_keyring.md", "sourceDirName": "dev_guide", "slug": "/dev_guide/install_keyring", diff --git a/docs/dev_guide/install_keyring.md b/docs/dev_guide/install_keyring.md index d771ae6f..8cea1fa0 100644 --- a/docs/dev_guide/install_keyring.md +++ b/docs/dev_guide/install_keyring.md @@ -2,4 +2,188 @@ sidebar_position: 4 --- -# Install Keyrings \ No newline at end of file +# Install Keyrings + +### 🔑 Installing and Packaging Your Own Keyring on Arch Linux + +When creating custom repositories or maintaining your own set of signed packages, you may need to create and package your own **GPG keyring** for secure verification. This guide walks you through the process of creating, installing, and packaging a custom keyring for Arch Linux. + +--- + +### 1️⃣ **Generate Your GPG Key** + +First, create a GPG key to sign packages or repositories if you don’t already have one. + +```bash +gpg --full-generate-key +``` + +- Select the type: `RSA and RSA (default)`. +- Set the key size: `4096`. +- Set expiration: `0` (no expiration) or specify a validity period. +- Provide your name, email, and a strong passphrase. + +To verify your key: + +```bash +gpg --list-keys +``` + +You’ll see something like: + +```plaintext +pub rsa4096 2023-12-05 [SC] + A41886F639658CA1A5519426E1415F19F21171F2 +uid [ultimate] Eshan Roy +sub rsa4096 2023-12-05 [E] +``` + +--- + +### 2️⃣ **Export Your GPG Public Key** + +Export your public key so it can be included in the keyring: + +```bash +gpg --export --armor "Eshan Roy" > eshanized.gpg +``` + +This will create an ASCII-armored file, `eshanized.gpg`, containing your public key. + +--- + +### 3️⃣ **Create a Keyring Directory** + +Create a directory structure for the keyring: + +```bash +mkdir -p eshanized-keyring +cd eshanized-keyring +``` + +Place the exported public key in the directory: + +```bash +cp ../eshanized.gpg . +``` + +--- + +### 4️⃣ **Package the Keyring for Installation** + +#### A. **Create a PKGBUILD** + +Arch packages use a `PKGBUILD` script for building. Create a `PKGBUILD` file in the `eshanized-keyring` directory: + +```bash +nano PKGBUILD +``` + +Here’s an example `PKGBUILD` for your keyring: + +```bash +pkgname=eshanized-keyring +pkgver=1.0 +pkgrel=1 +pkgdesc="GPG keyring for Eshan Roy's repository" +arch=('any') +url="https://example.com" +license=('GPL') +source=('eshanized.gpg') +sha256sums=('SKIP') # Replace SKIP with the actual SHA-256 checksum if desired + +package() { + install -Dm644 "$srcdir/eshanized.gpg" "$pkgdir/usr/share/pacman/keyrings/eshanized.gpg" + install -Dm644 "$srcdir/eshanized.gpg" "$pkgdir/usr/share/pacman/keyrings/eshanized-trusted.gpg" +} +``` + +#### B. **Build the Package** + +Run the following command to build the package: + +```bash +makepkg -si +``` + +- **`makepkg`** creates the package (`.pkg.tar.zst`) file. +- **`-si`** installs the package after building. + +This will install your keyring to `/usr/share/pacman/keyrings/`. + +--- + +### 5️⃣ **Verify the Installed Keyring** + +After installing the keyring package, check the directory to ensure your keyring files are correctly placed: + +```bash +ls /usr/share/pacman/keyrings/ +``` + +You should see: + +```plaintext +eshanized.gpg +eshanized-trusted.gpg +``` + +--- + +### 6️⃣ **Use Your Keyring for Custom Repositories** + +If you're hosting your own repository, update the `pacman.conf` file to use your keyring: + +```bash +sudo nano /etc/pacman.conf +``` + +Add your repository: + +```plaintext +[eshanized-repo] +SigLevel = Required +Server = https://example.com/$arch +``` + +Your keyring will now be used to verify packages from your custom repository. + +--- + +### 7️⃣ **Testing Your Setup** + +1. **Add a package to your repository**: + Sign your package using your private GPG key: + + ```bash + gpg --detach-sign --armor your-package.pkg.tar.zst + ``` + + Place both the `.pkg.tar.zst` file and its `.sig` file in your repository. + +2. **Test the repository with pacman**: + + ```bash + sudo pacman -Syu + sudo pacman -Ss your-package + ``` + + Ensure the signature is verified using your keyring. + +--- + +### ✅ Tips and Best Practices + +1. **Key Security**: + Keep your private key safe and secure. Avoid placing it on shared servers. + +2. **Regular Updates**: + Update and repackage your keyring if you add new GPG keys. + +3. **Checksum Validation**: + Use tools like `sha256sum` to ensure your `PKGBUILD` file includes valid checksums. + +4. **Documentation**: + Document your keyring package details for users who may need to add your repository. + +By following these steps, you'll have a fully functional custom keyring integrated into your Arch Linux setup. 🎉 \ No newline at end of file