gnupg.wml

Ralf S. Engelschall Sun, 30 Mar 2003 03:21:40 -0800

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   30-Mar-2003 13:23:34
  Branch: HEAD                             Handle: 2003033012233300

  Modified files:
    openpkg-web/pgp         gnupg.wml

  Log:
    polish GnuPG step-by-steps

  Summary:
    Revision    Changes     Path
    1.3         +42 -24     openpkg-web/pgp/gnupg.wml
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/pgp/gnupg.wml
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 gnupg.wml
  --- openpkg-web/pgp/gnupg.wml 30 Mar 2003 10:15:07 -0000      1.2
  +++ openpkg-web/pgp/gnupg.wml 30 Mar 2003 11:23:33 -0000      1.3
  @@ -7,30 +7,33 @@
   </box>
   </define-tag>
   
  -The <a href="http://www.openpkg.org/";>OpenPKG</a> project uses <a
  -href="http://www.ietf.org/rfc/rfc2440.txt";>OpenPGP</a>
  +The <a href="http://www.openpkg.org/";>OpenPKG</a> project uses
  +<a href="http://www.ietf.org/rfc/rfc2440.txt";>OpenPGP</a>
   (RFC 2440) public key cryptography for digitally
   signing <a href="http://www.rpm.org/";>RPM</a> <a
   href="ftp://ftp.openpkg.org/release/";>release</a> packages and <a
   href="http://www.openpkg.org/security.html";>Security Advisories</a> for
  -released packages.
  +released packages. To check the integrity of those RPM packages and
  +security advisories, you require <a href="http://www.gnupg.org/";>GNU
  +Privacy Guard</a> (GnuPG). The following is a short step-by-step summary
  +on how to setup and use GnuPG for OpenPKG.
   
   <ol>
   <li><b>Installing GnuPG</b>
   <p>
  -To check the integrity of OpenPKG RPM packages and security advisories you
  -first should install GnuPG (http://www.gnupg.org/). Usually you will do this
  -by installing the OpenPKG <b>GnuPG</b> package, of course.
  +Make sure you have the GnuPG command line tool "<tt>gpg</tt>" in your
  +<tt>$PATH</tt>. The easiest way, obviously is to install the OpenPKG
  +<b>gnupg</b> package, of course.
   
   <p>
   <screen>
   \#   install OpenPKG GnuPG package
   $ <font color="#666699">prefix</font>/bin/rpm --rebuild 
ftp://ftp.openpkg.org/release/1.2/SRC/gnupg-1.2.1-1.2.0.src.rpm
  -[...]
  +<font color="#858075">[...]</font>
   $ su -
   root# <font color="#666699">prefix</font>/bin/rpm -Uvh <font 
color="#666699">prefix</font>/RPM/PKG/gnupg-1.2.1-1.2.0.*.rpm
  -Preparing...                ########################################### [100%]
  -   1:gnupg                  ########################################### [100%]
  +<font color="#858075"><tt>Preparing...                
########################################### [100%]
  +   1:gnupg                  ########################################### 
[100%]</tt></font>
   root# exit
   $ PATH=<font color="#666699">prefix</font>/bin:$PATH
   </screen>
  @@ -39,35 +42,35 @@
   <li><b>Importing OpenPKG key into GnuPG</b>
   <p>
   Now you have to import the OpenPKG public key into GnuPG. You can either
  -fetch it directly from <b>pgp.openpkg.org</b> or (if you already have
  -an OpenPKG instance under <font color="#666699">prefix</font>) you
  -can import the copy from there.
  +fetch it directly from this key server <b>pgp.openpkg.org</b>, from
  +the website, or if you already have an OpenPKG instance under <font
  +color="#666699">prefix</font>, you can import the copy from there.
   
   <p>
   <screen>
   \#   alternative 1: import from key server
   $ gpg --recv-keys --keyserver hkp://pgp.openpkg.org 63C4CB9F
  -gpg: key 63C4CB9F: public key "OpenPKG <[EMAIL PROTECTED]>" imported
  +<font color="#858075"><tt>gpg: key 63C4CB9F: public key "OpenPKG <[EMAIL 
PROTECTED]>" imported
   gpg: Total number processed: 1
  -gpg:               imported: 1
  +gpg:               imported: 1</tt></font>
   </screen>
   
   <p>
   <screen>
   \#   alternative 2: import from website
   $ lynx -source http://www.openpkg.org/openpkg.pgp | gpg --import
  -gpg: key 63C4CB9F: public key "OpenPKG <[EMAIL PROTECTED]>" imported
  +<font color="#858075"><tt>gpg: key 63C4CB9F: public key "OpenPKG <[EMAIL 
PROTECTED]>" imported
   gpg: Total number processed: 1
  -gpg:               imported: 1
  +gpg:               imported: 1</tt></font>
   </screen>
   
   <p>
   <screen>
   \#   alternative 3: import from local copy
   $ gpg --import <font color="#666699">prefix</font>/etc/openpkg/openpkg.pgp
  -gpg: key 63C4CB9F: public key "OpenPKG <[EMAIL PROTECTED]>" imported
  +<font color="#858075"><tt>gpg: key 63C4CB9F: public key "OpenPKG <[EMAIL 
PROTECTED]>" imported
   gpg: Total number processed: 1
  -gpg:               imported: 1
  +gpg:               imported: 1</tt></font>
   </screen>
   
   <p>
  @@ -80,9 +83,11 @@
   <p>
   <screen>
   $ gpg --fingerprint 63C4CB9F
  +<font color="#858075"><tt>\
   pub  1024D/63C4CB9F 2002-01-31 OpenPKG <[EMAIL PROTECTED]>
        Key fingerprint = 6D96 EFCF CF75 3288 10DB  40C2 8075 93E0 63C4 CB9F
  -sub  2048g/DCC7EF11 2002-01-31
  +sub  2048g/DCC7EF11 2002-01-31\
  +</tt></font>
   </screen>
   
   <p>
  @@ -97,6 +102,7 @@
   <screen>
   \#   alternative 1: sign the OpenPKG public key with own private secret key
   $ gpg --sign-key 63C4CB9F
  +<font color="#858075"><tt>\
   gpg: checking the trustdb
   gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1
   pub  1024D/63C4CB9F  created: 2002-01-31 expires: never      trust: -/-
  @@ -111,25 +117,33 @@
      (0) I will not answer. (default)
      (1) I have not checked at all.
      (2) I have done casual checking.
  -   (3) I have done very careful checking.
  +   (3) I have done very careful checking.\
  +</tt></font>
  +
   Your selection? 2
  +<font color="#858075"><tt>\
   Are you really sure that you want to sign this key
   with your key: "Your Name <[EMAIL PROTECTED]>"
   
  -I have checked this key casually.
  +I have checked this key casually.\
  +</tt></font>
   Really sign? y
  +<font color="#858075"><tt>\
                 
   You need a passphrase to unlock the secret key for
   user: "Your name &lt;[EMAIL PROTECTED]&gt;"
  -1024-bit DSA key, ID XXXXXXXX, created 200X-XX-XX
  +1024-bit DSA key, ID XXXXXXXX, created 200X-XX-XX\
  +</tt></font>
   </screen>
   
   <P>
   <screen>
   \#   alternative 2: mark the OpenPKG public key as trusted
   gpg --update-trustdb --trusted-key 807593E063C4CB9F
  +<font color="#858075"><tt>\
   gpg: key 63C4CB9F marked as ultimately trusted
   gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1
  +</tt></font>
   </screen>
   
   <p>
  @@ -142,14 +156,18 @@
   <screen>
   \#   verify digital signature on a security advisory
   $ w3m -dump http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.txt | gpg 
--verify
  +<font color="#858075"><tt>\
   gpg: Signature made Thu Mar 20 21:20:49 2003 CET using DSA key ID 63C4CB9F
  -gpg: Good signature from "OpenPKG <[EMAIL PROTECTED]>"
  +gpg: Good signature from "OpenPKG <[EMAIL PROTECTED]>"\
  +</tt></font>
   
   \#   verify digital signature on an RPM (release) package
   $ rpm --checksig ftp://ftp.openpkg.org/release/1.2/SRC/gnupg-1.2.1-1.2.0.src.rpm
  +<font color="#858075"><tt>\
   MD5 sum OK: 572ae1ff2a18b789b13ada544db40fad
   gpg: Signature made Tue Jan 21 15:54:41 2003 CET using DSA key ID 63C4CB9F
  -gpg: Good signature from "OpenPKG <[EMAIL PROTECTED]>"
  +gpg: Good signature from "OpenPKG <[EMAIL PROTECTED]>"\
  +</tt></font>
   </screen>
   </ol>
   
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

[CVS] OpenPKG: openpkg-web/pgp/ gnupg.wml

Reply via email to