Instructions for creating a signed repo
Alexander Larsson
alexl at redhat.com
Wed Jun 26 07:26:01 UTC 2019
On Wed, Jun 26, 2019 at 9:16 AM Daniel Kasak <d.j.kasak.dk at gmail.com> wrote:
>
> Hi all. I'd like to create a signed repo, so users don't have to run flatpak via sudo. What documentation is available for this? I've found:
>
> http://docs.flatpak.org/en/latest/hosting-a-repository.html
>
> ".flatpakrepo files should include the base64-encoded version of the GPG key that was used to sign the repository."
>
> ... but it doesn't say *how* exactly it should be included. Also I can't find any docs on the actual signing process.
You need to create a gpg key, and then run the various flatpak build
and build-update command with --gpg-sign=KEY-ID (and optionally, if
the key is not in your regular gpg dir in your homedir, add
--gpg-homedir=HOMEDIR). This will sign all the builds and the summary.
I actually have an old makefile that does the gpg generation if you
want a sample.
Feel free to use this or find some other gpg tutorial:
gpg-key:
if [ "x${KEY_USER}" == "x" ]; then echo Must set KEY_USER in
Makefile.config; exit 1; fi
mkdir -p gpg
gpg2 --homedir gpg --quick-gen-key ${KEY_USER}
echo Enter the above gpg key id as RELEASE_GPG_KEY in Makefile.config
spotify.flatpakref: spotify.flatpakref.in
sed -e 's|@URL@|${URL}|g' -e 's|@GPG@|$(shell gpg2
--homedir=gpg --export ${RELEASE_GPG_KEY} | base64 | tr -d '\n')|' $<
> $@
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list