Snigdha-OS/documentation
2
0
Fork 0
mirror of https://github.com/Snigdha-OS/documentation.git synced 2025-09-05 19:06:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
63bcd553a8a93ed026470e4525286ad8270895ee
documentation/docs/dev_guide/install_keyring.md
Eshan Roy 63bcd553a8 📝 docs(_update): guide to install keyring
2024-12-05 12:44:57 +05:30

189 lines
4.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
sidebar_position: 4
---
# Install Keyrings
### 🔑 Installing and Packaging Your Own Keyring on Arch Linux
When creating custom repositories or maintaining your own set of signed packages, you may need to create and package your own **GPG keyring** for secure verification. This guide walks you through the process of creating, installing, and packaging a custom keyring for Arch Linux.
---
### 1⃣ **Generate Your GPG Key**
First, create a GPG key to sign packages or repositories if you dont already have one.
```bash
gpg --full-generate-key
```
- Select the type: `RSA and RSA (default)`.
- Set the key size: `4096`.
- Set expiration: `0` (no expiration) or specify a validity period.
- Provide your name, email, and a strong passphrase.
To verify your key:
```bash
gpg --list-keys
```
Youll see something like:
```plaintext
pub rsa4096 2023-12-05 [SC]
A41886F639658CA1A5519426E1415F19F21171F2
uid [ultimate] Eshan Roy <eshanized@example.com>
sub rsa4096 2023-12-05 [E]
```
---
### 2⃣ **Export Your GPG Public Key**
Export your public key so it can be included in the keyring:
```bash
gpg --export --armor "Eshan Roy" > eshanized.gpg
```
This will create an ASCII-armored file, `eshanized.gpg`, containing your public key.
---
### 3⃣ **Create a Keyring Directory**
Create a directory structure for the keyring:
```bash
mkdir -p eshanized-keyring
cd eshanized-keyring
```
Place the exported public key in the directory:
```bash
cp ../eshanized.gpg .
```
---
### 4⃣ **Package the Keyring for Installation**
#### A. **Create a PKGBUILD**
Arch packages use a `PKGBUILD` script for building. Create a `PKGBUILD` file in the `eshanized-keyring` directory:
```bash
nano PKGBUILD
```
Heres an example `PKGBUILD` for your keyring:
```bash
pkgname=eshanized-keyring
pkgver=1.0
pkgrel=1
pkgdesc="GPG keyring for Eshan Roy's repository"
arch=('any')
url="https://example.com"
license=('GPL')
source=('eshanized.gpg')
sha256sums=('SKIP') # Replace SKIP with the actual SHA-256 checksum if desired
package() {
install -Dm644 "$srcdir/eshanized.gpg" "$pkgdir/usr/share/pacman/keyrings/eshanized.gpg"
install -Dm644 "$srcdir/eshanized.gpg" "$pkgdir/usr/share/pacman/keyrings/eshanized-trusted.gpg"
}
```
#### B. **Build the Package**
Run the following command to build the package:
```bash
makepkg -si
```
- **`makepkg`** creates the package (`.pkg.tar.zst`) file.
- **`-si`** installs the package after building.
This will install your keyring to `/usr/share/pacman/keyrings/`.
---
### 5⃣ **Verify the Installed Keyring**
After installing the keyring package, check the directory to ensure your keyring files are correctly placed:
```bash
ls /usr/share/pacman/keyrings/
```
You should see:
```plaintext
eshanized.gpg
eshanized-trusted.gpg
```
---
### 6⃣ **Use Your Keyring for Custom Repositories**
If you're hosting your own repository, update the `pacman.conf` file to use your keyring:
```bash
sudo nano /etc/pacman.conf
```
Add your repository:
```plaintext
[eshanized-repo]
SigLevel = Required
Server = https://example.com/$arch
```
Your keyring will now be used to verify packages from your custom repository.
---
### 7⃣ **Testing Your Setup**
1. **Add a package to your repository**:
Sign your package using your private GPG key:
```bash
gpg --detach-sign --armor your-package.pkg.tar.zst
```
Place both the `.pkg.tar.zst` file and its `.sig` file in your repository.
2. **Test the repository with pacman**:
```bash
sudo pacman -Syu
sudo pacman -Ss your-package
```
Ensure the signature is verified using your keyring.
---
### ✅ Tips and Best Practices
1. **Key Security**:
Keep your private key safe and secure. Avoid placing it on shared servers.
2. **Regular Updates**:
Update and repackage your keyring if you add new GPG keys.
3. **Checksum Validation**:
Use tools like `sha256sum` to ensure your `PKGBUILD` file includes valid checksums.
4. **Documentation**:
Document your keyring package details for users who may need to add your repository.
By following these steps, you'll have a fully functional custom keyring integrated into your Arch Linux setup. 🎉
Reference in New Issue View Git Blame Copy Permalink