documentation/assets/js/404ec107.287591fd.js

"use strict";(self.webpackChunkdocuments=self.webpackChunkdocuments||[]).push([[5473],{60:(e,n,r)=>{r.r(n),r.d(n,{assets:()=>o,contentTitle:()=>l,default:()=>g,frontMatter:()=>a,metadata:()=>t,toc:()=>c});var s=r(4848),i=r(8453);const a={sidebar_position:4},l="Install Keyrings",t={id:"dev_guide/install_keyring",title:"Install Keyrings",description:"\ud83d\udd11 Installing and Packaging Your Own Keyring on Arch Linux",source:"@site/docs/dev_guide/install_keyring.md",sourceDirName:"dev_guide",slug:"/dev_guide/install_keyring",permalink:"/documentation/dev_guide/install_keyring",draft:!1,unlisted:!1,editUrl:"https://github.com/Snigdha-OS/documentation/tree/master/docs/dev_guide/install_keyring.md",tags:[],version:"current",sidebarPosition:4,frontMatter:{sidebar_position:4},sidebar:"tutorialSidebar",previous:{title:"Upload Key => Server",permalink:"/documentation/dev_guide/upload_gpg_key"},next:{title:"Upload & Deploy Packages",permalink:"/documentation/dev_guide/deploy_packages"}},o={},c=[{value:"\ud83d\udd11 Installing and Packaging Your Own Keyring on Arch Linux",id:"-installing-and-packaging-your-own-keyring-on-arch-linux",level:3},{value:"1\ufe0f\u20e3 <strong>Generate Your GPG Key</strong>",id:"1\ufe0f\u20e3-generate-your-gpg-key",level:3},{value:"2\ufe0f\u20e3 <strong>Export Your GPG Public Key</strong>",id:"2\ufe0f\u20e3-export-your-gpg-public-key",level:3},{value:"3\ufe0f\u20e3 <strong>Create a Keyring Directory</strong>",id:"3\ufe0f\u20e3-create-a-keyring-directory",level:3},{value:"4\ufe0f\u20e3 <strong>Package the Keyring for Installation</strong>",id:"4\ufe0f\u20e3-package-the-keyring-for-installation",level:3},{value:"A. <strong>Create a PKGBUILD</strong>",id:"a-create-a-pkgbuild",level:4},{value:"B. <strong>Build the Package</strong>",id:"b-build-the-package",level:4},{value:"5\ufe0f\u20e3 <strong>Verify the Installed Keyring</strong>",id:"5\ufe0f\u20e3-verify-the-installed-keyring",level:3},{value:"6\ufe0f\u20e3 <strong>Use Your Keyring for Custom Repositories</strong>",id:"6\ufe0f\u20e3-use-your-keyring-for-custom-repositories",level:3},{value:"7\ufe0f\u20e3 <strong>Testing Your Setup</strong>",id:"7\ufe0f\u20e3-testing-your-setup",level:3},{value:"\u2705 Tips and Best Practices",id:"-tips-and-best-practices",level:3}];function d(e){const n={br:"br",code:"code",h1:"h1",h3:"h3",h4:"h4",hr:"hr",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,i.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.h1,{id:"install-keyrings",children:"Install Keyrings"}),"\n",(0,s.jsx)(n.h3,{id:"-installing-and-packaging-your-own-keyring-on-arch-linux",children:"\ud83d\udd11 Installing and Packaging Your Own Keyring on Arch Linux"}),"\n",(0,s.jsxs)(n.p,{children:["When creating custom repositories or maintaining your own set of signed packages, you may need to create and package your own ",(0,s.jsx)(n.strong,{children:"GPG keyring"})," for secure verification. This guide walks you through the process of creating, installing, and packaging a custom keyring for Arch Linux."]}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"1\ufe0f\u20e3-generate-your-gpg-key",children:["1\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Generate Your GPG Key"})]}),"\n",(0,s.jsx)(n.p,{children:"First, create a GPG key to sign packages or repositories if you don\u2019t already have one."}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"gpg --full-generate-key\n"})}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["Select the type: ",(0,s.jsx)(n.code,{children:"RSA and RSA (default)"}),"."]}),"\n",(0,s.jsxs)(n.li,{children:["Set the key size: ",(0,s.jsx)(n.code,{children:"4096"}),"."]}),"\n",(0,s.jsxs)(n.li,{children:["Set expiration: ",(0,s.jsx)(n.code,{children:"0"})," (no expiration) or specify a validity period."]}),"\n",(0,s.jsx)(n.li,{children:"Provide your name, email, and a strong passphrase."}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"To verify your key:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"gpg --list-keys\n"})}),"\n",(0,s.jsx)(n.p,{children:"You\u2019ll see something like:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-plaintext",children:"pub   rsa4096 2023-12-05 [SC]\n      A41886F639658CA1A5519426E1415F19F21171F2\nuid           [ultimate] Eshan Roy <eshanized@example.com>\nsub   rsa4096 2023-12-05 [E]\n"})}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"2\ufe0f\u20e3-export-your-gpg-public-key",children:["2\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Export Your GPG Public Key"})]}),"\n",(0,s.jsx)(n.p,{children:"Export your public key so it can be included in the keyring:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'gpg --export --armor "Eshan Roy" > eshanized.gpg\n'})}),"\n",(0,s.jsxs)(n.p,{children:["This will create an ASCII-armored file, ",(0,s.jsx)(n.code,{children:"eshanized.gpg"}),", containing your public key."]}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"3\ufe0f\u20e3-create-a-keyring-directory",children:["3\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Create a Keyring Directory"})]}),"\n",(0,s.jsx)(n.p,{children:"Create a directory structure for the keyring:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"mkdir -p eshanized-keyring\ncd eshanized-keyring\n"})}),"\n",(0,s.jsx)(n.p,{children:"Place the exported public key in the directory:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cp ../eshanized.gpg .\n"})}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"4\ufe0f\u20e3-package-the-keyring-for-installation",children:["4\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Package the Keyring for Installation"})]}),"\n",(0,s.jsxs)(n.h4,{id:"a-create-a-pkgbuild",children:["A. ",(0,s.jsx)(n.strong,{children:"Create a PKGBUILD"})]}),"\n",(0,s.jsxs)(n.p,{children:["Arch packages use a ",(0,s.jsx)(n.code,{children:"PKGBUILD"})," script for building. Create a ",(0,s.jsx)(n.code,{children:"PKGBUILD"})," file in the ",(0,s.jsx)(n.code,{children:"eshanized-keyring"})," directory:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"nano PKGBUILD\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Here\u2019s an example ",(0,s.jsx)(n.code,{children:"PKGBUILD"})," for your keyring:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'pkgname=eshanized-keyring\npkgver=1.0\npkgrel=1\npkgdesc="GPG keyring for Eshan Roy\'s repository"\narch=(\'any\')\nurl="https://example.com"\nlicense=(\'GPL\')\nsource=(\'eshanized.gpg\')\nsha256sums=(\'SKIP\')  # Replace SKIP with the actual SHA-256 checksum if desired\n\npackage() {\n  install -Dm644 "$srcdir/eshanized.gpg" "$pkgdir/usr/share/pacman/keyrings/eshanized.gpg"\n  install -Dm644 "$srcdir/eshanized.gpg" "$pkgdir/usr/share/pacman/keyrings/eshanized-trusted.gpg"\n}\n'})}),"\n",(0,s.jsxs)(n.h4,{id:"b-build-the-package",children:["B. ",(0,s.jsx)(n.strong,{children:"Build the Package"})]}),"\n",(0,s.jsx)(n.p,{children:"Run the following command to build the package:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"makepkg -si\n"})}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:(0,s.jsx)(n.code,{children:"makepkg"})})," creates the package (",(0,s.jsx)(n.code,{children:".pkg.tar.zst"}),") file."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:(0,s.jsx)(n.code,{children:"-si"})})," installs the package after building."]}),"\n"]}),"\n",(0,s.jsxs)(n.p,{children:["This will install your keyring to ",(0,s.jsx)(n.code,{children:"/usr/share/pacman/keyrings/"}),"."]}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"5\ufe0f\u20e3-verify-the-installed-keyring",children:["5\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Verify the Installed Keyring"})]}),"\n",(0,s.jsx)(n.p,{children:"After installing the keyring package, check the directory to ensure your keyring files are correctly placed:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"ls /usr/share/pacman/keyrings/\n"})}),"\n",(0,s.jsx)(n.p,{children:"You should see:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-plaintext",children:"eshanized.gpg\neshanized-trusted.gpg\n"})}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"6\ufe0f\u20e3-use-your-keyring-for-custom-repositories",children:["6\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Use Your Keyring for Custom Repositories"})]}),"\n",(0,s.jsxs)(n.p,{children:["If you're hosting your own repository, update the ",(0,s.jsx)(n.code,{children:"pacman.conf"})," file to use your keyring:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sudo nano /etc/pacman.conf\n"})}),"\n",(0,s.jsx)(n.p,{children:"Add your repository:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-plaintext",children:"[eshanized-repo]\nSigLevel = Required\nServer = https://example.com/$arch\n"})}),"\n",(0,s.jsx)(n.p,{children:"Your keyring will now be used to verify packages from your custom repository."}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsxs)(n.h3,{id:"7\ufe0f\u20e3-testing-your-setup",children:["7\ufe0f\u20e3 ",(0,s.jsx)(n.strong,{children:"Testing Your Setup"})]}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Add a package to your repository"}),":",(0,s.jsx)(n.br,{}),"\n","Sign your package using your private GPG key:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"gpg --detach-sign --armor your-package.pkg.tar.zst\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Place both the ",(0,s.jsx)(n.code,{children:".pkg.tar.zst"})," file and its ",(0,s.jsx)(n.code,{children:".sig"})," file in your repository."]}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Test the repository with pacman"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sudo pacman -Syu\nsudo pacman -Ss your-package\n"})}),"\n",(0,s.jsx)(n.p,{children:"Ensure the signature is verified using your keyring."}),"\n"]}),"\n"]}),"\n",(0,s.jsx)(n.hr,{}),"\n",(0,s.jsx)(n.h3,{id:"-tips-and-best-practices",children:"\u2705 Tips and Best Practices"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Key Security"}),":",(0,s.jsx)(n.br,{}),"\n","Keep your private key safe and secure. Avoid placing it on shared servers."]}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Regular Updates"}),":",(0,s.jsx)(n.br,{}),"\n","Update and repackage your keyring if you add new GPG keys."]}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Checksum Validation"}),":",(0,s.jsx)(n.br,{}),"\n","Use tools like ",(0,s.jsx)(n.code,{children:"sha256sum"})," to ensure your ",(0,s.jsx)(n.code,{children:"PKGBUILD"})," file includes valid checksums."]}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Documentation"}),":",(0,s.jsx)(n.br,{}),"\n","Document your keyring package details for users who may need to add your repository."]}),"\n"]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"By following these steps, you'll have a fully functional custom keyring integrated into your Arch Linux setup. \ud83c\udf89"})]})}function g(e={}){const{wrapper:n}={...(0,i.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,r)=>{r.d(n,{R:()=>l,x:()=>t});var s=r(6540);const i={},a=s.createContext(i);function l(e){const n=s.useContext(a);return s.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function t(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:l(e.components),s.createElement(a.Provider,{value:n},e.children)}}}]);