[Cryptech Core] Debian packages for the Novena, what next?

Rob Austein sra at hactrn.net
Wed Jul 8 01:16:53 UTC 2015


We have Debian packages.  They seem to work, and one can install them
using apt-get.  Preliminary instructions below, eventually (ie, before
the Prague workshop) these should go on the Wiki.

So in theory we now have PKCS #11 code for the Novena packaged so
people can install it.  Do we have a signer to run on top of this yet?

===

How to configure a Novena PVT-1 running Debian Wheezy to pull packages
from the Cryptech Project APT repository.

***** Installation *****

* Add the GPG public key (current one is temporary with a very short
  lifetime, will replace it with something better before Prague):

  $ wget -q -O - https://apt.cryptech.is/novena/apt-gpg-key.asc | sudo apt-key add -

  Or, for the tinfoil-inclined:

  $ wget https://apt.cryptech.is/novena/apt-gpg-key.asc

  [Do something here to reassure yourself that it's a good key]

  $ sudo apt-key add apt-gpg-key.asc

  For this week's temporary key, the best assurance you're likely to
  get will be downloading the key via HTTPS using a program (browser,
  wget, ...) that knows about the HACTRN Certificate Authority.

  In the longer run (ie, by the time we get to Prague) the
  (replacement) key should be properly signed so you can verify it via
  the web of trust.  We'll probably want to hold a quick signing party.

  See the apt-key(8) manual page for more information about the APT
  key database, including how to remove keys you don't want anymore.

* Configure APT to use this repository:

  $ sudo wget -q -O /etc/apt/sources.list.d/novena.list http://apt.cryptech.is/novena/sources.list

* Update available packages and install the cryptech-novena packages: 

  $ sudo apt-get update
  $ sudo apt-get install cryptech-novena-rtl

  I haven't (yet) built a meta-package, but the -rtl package depends
  on the -sw package, so installing the -rtl package will get both.

***** Upgrading *****

Once you've performed the steps above you should be able to upgrade to newer
version of the code using the normal APT upgrade process, eg:

  $ sudo apt-get update
  $ sudo apt-get upgrade



More information about the Core mailing list