use a pgp signing key with pass phrase and sign the release / packages files. ubuntu already does this.
On Wed, Mar 4, 2015 at 12:39 PM, Mathieu Gagné <[email protected]> wrote: > On 2015-03-04 12:18 PM, Clint Byrum wrote: > >> Excerpts from Mathieu Gagné's message of 2015-03-04 08:31:45 -0800: >> >>> >>> I really like APT repositories and would like to continue using them for >>> the time being. >>> >> >> I'm impressed you took the time to setup dput! >> > > It's super simple to setup and use. Create a basic dput.cf and you are > good to go. > > > > You can also use reprepro, which is somewhat handy for combining a > > remote repo with locally built debs: > > > > I use reprepro too. Super simple to setup and use, would recommend. > > > > You really only need to run apt-ftparchive on a directory full of debs: > > > > apt-ftparchive packages path/to/your/debs | gzip > Packages.gz > > > > This is something I would like to avoid as I might not always have full > shell access to the repository from where the package is built. > > Furthermore, I don't have access to all the packages in the repository in > the same folder to manually generate Packages.gz. (reprepro can do it for > me) > > Ideally, I would like to upload a signed .changes control file to ensure > the package wasn't tampered with or got corrupted during the transfer. > (since .changes contains checksums) > > -- > Mathieu > > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
