[MacPorts] howto/ShareArchives2 modified

MacPorts noreply at macports.org
Wed Aug 3 01:39:43 PDT 2011 

Changed page "howto/ShareArchives2" by arno+macports at alum.wpi.edu from 98.179.180.192*
Page URL: <https://trac.macports.org/wiki/howto/ShareArchives2>
Diff URL: <https://trac.macports.org/wiki/howto/ShareArchives2?action=diff&version=5>
Revision 5
Comment: Altered key naming to specifically identify as local keys.

-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: howto/ShareArchives2
=========================================================================
--- howto/ShareArchives2 (version: 4)
+++ howto/ShareArchives2 (version: 5)
@@ -17,8 +17,8 @@
 
 The public and private keys are generated as described below.
 {{{
-openssl genrsa -des3 -out privkey.pem 2048
-openssl rsa -in privkey.pem -pubout -out pubkey.pem
+openssl genrsa -des3 -out local-privkey.pem 2048
+openssl rsa -in local-privkey.pem -pubout -out local-pubkey.pem
 }}}
 
 You will be prompted to enter a passphrase to protect the private key. It is up to you to decide how complex this protection should be. Note that it is possible to store this key in your Keychain.app (using /usr/bin/ssh-add). This has the advantage of passing the key security on to the OS, though it may not be an acceptable option for automating package signing.
@@ -26,12 +26,12 @@
 It is also possible to create a key without a passphrase. If you are not distributing packages outside of a home network, this is likely not a problem. An unprotected private key is generated as below; the command to generate the public key is unchanged.
 
 {{{
-openssl genrsa -out privkey.pem 2048
+openssl genrsa -out local-privkey.pem 2048
 }}}
 
 The passphrase can also be stripped from an existing private key using the following:
 {{{
-openssl rsa -in privkey.pem -out newprivkey.pem
+openssl rsa -in local-privkey.pem -out newlocal-privkey.pem
 }}}
 
 The public and private keys can be stored anywhere as long as they are accessible to the following steps. This tutorial has them placed on the build system at '''/opt/local/share/macports/'''.
@@ -43,19 +43,19 @@
 Now that the keys are generated, we can test signing a package. Any archive will do; the following example uses '''archive.tbz'''. Your example should specify the full path to the private key, the archive, and the archive signature that should be named identically to the input archive and suffixed with '''.rmd160'''.
 
 {{{
-openssl dgst -ripemd160 -sign privkey.pem -out archive.tbz2.rmd160 archive.tbz2
+openssl dgst -ripemd160 -sign local-privkey.pem -out archive.tbz2.rmd160 archive.tbz2
 }}}
 
 You can verify the signature as well:
 {{{
-openssl dgst -ripemd160 -verify pubkey.pem -signature archive.tbz2.rmd160 archive.tbz2
+openssl dgst -ripemd160 -verify local-pubkey.pem -signature archive.tbz2.rmd160 archive.tbz2
 }}}
 
 Signing an archive for the '''lighttpd''' port might look something like this:
 
 {{{
 openssl dgst -ripemd160 \
-    -sign /opt/local/share/macports/privkey.pem \
+    -sign /opt/local/share/macports/local-privkey.pem \
     -out /opt/local/var/macports/software/lighttpd/lighttpd-1.4.28_0+ssl+universal.darwin_10.i386-x86_64.tbz2.rmd160 \
     /opt/local/var/macports/software/lighttpd/lighttpd-1.4.28_0+ssl+universal.darwin_10.i386-x86_64.tbz2
 }}}
@@ -65,8 +65,8 @@
 {{{
 #!/bin/sh
 
-PRIVKEY="/opt/local/share/macports/privkey.pem"
-PUBKEY="/opt/local/share/macports/pubkey.pem"
+PRIVKEY="/opt/local/share/macports/local-privkey.pem"
+PUBKEY="/opt/local/share/macports/local-pubkey.pem"
 SOFTWARE="/opt/local/var/macports/software"
 
 # First, clear out any outdated signatures
@@ -193,7 +193,7 @@
 
 A line indicating the location of the public key must also be added to '''${prefix}/etc/macports/pubkeys.conf'''. Something like:
 {{{
-/opt/local/share/macports/pubkey.pem
+/opt/local/share/macports/local-pubkey.pem
 }}}
 
 

-------8<------8<------8<------8<------8<------8<------8<------8<--------

* The IP shown here might not mean anything if the user or the server is
behind a proxy.

--
MacPorts <http://www.macports.org/>
Ports system for Mac OS

This is an automated message. Someone at http://www.macports.org/ added your email
address to be notified of changes on howto/ShareArchives2. If it was not you, please
report to .

More information about the macports-changes mailing list