[Cryptech Core] Debian packages for the Novena, what next?

Joachim Strömbergson joachim at secworks.se
Fri Jul 10 06:41:57 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Very cool! Amazing work on the SW/system side.

/JoachimS

Rob Austein wrote:
> We have Debian packages.  They seem to work, and one can install
> them using apt-get.  Preliminary instructions below, eventually (ie,
> before the Prague workshop) these should go on the Wiki.
> 
> So in theory we now have PKCS #11 code for the Novena packaged so 
> people can install it.  Do we have a signer to run on top of this
> yet?
> 
> ===
> 
> How to configure a Novena PVT-1 running Debian Wheezy to pull
> packages from the Cryptech Project APT repository.
> 
> ***** Installation *****
> 
> * Add the GPG public key (current one is temporary with a very short 
> lifetime, will replace it with something better before Prague):
> 
> $ wget -q -O - https://apt.cryptech.is/novena/apt-gpg-key.asc | sudo
> apt-key add -
> 
> Or, for the tinfoil-inclined:
> 
> $ wget https://apt.cryptech.is/novena/apt-gpg-key.asc
> 
> [Do something here to reassure yourself that it's a good key]
> 
> $ sudo apt-key add apt-gpg-key.asc
> 
> For this week's temporary key, the best assurance you're likely to 
> get will be downloading the key via HTTPS using a program (browser, 
> wget, ...) that knows about the HACTRN Certificate Authority.
> 
> In the longer run (ie, by the time we get to Prague) the 
> (replacement) key should be properly signed so you can verify it via 
> the web of trust.  We'll probably want to hold a quick signing
> party.
> 
> See the apt-key(8) manual page for more information about the APT key
> database, including how to remove keys you don't want anymore.
> 
> * Configure APT to use this repository:
> 
> $ sudo wget -q -O /etc/apt/sources.list.d/novena.list
> http://apt.cryptech.is/novena/sources.list
> 
> * Update available packages and install the cryptech-novena packages:
> 
> 
> $ sudo apt-get update $ sudo apt-get install cryptech-novena-rtl
> 
> I haven't (yet) built a meta-package, but the -rtl package depends on
> the -sw package, so installing the -rtl package will get both.
> 
> ***** Upgrading *****
> 
> Once you've performed the steps above you should be able to upgrade
> to newer version of the code using the normal APT upgrade process,
> eg:
> 
> $ sudo apt-get update $ sudo apt-get upgrade 
> _______________________________________________ Core mailing list 
> Core at cryptech.is https://lists.cryptech.is/listinfo/core


- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJVn2k1AAoJEF3cfFQkIuyNNHEQAJItVA62GFTrDPlGi0x1ctGR
TGeLrybnXxmpcHo50+hiepQ0v9IvT5z382EK9XGbRxy4llmcr7OHNVN2TJe8C5qx
MAFbpQvz2j3ZBOlvub2NqA5X9pAfzSFzAaqyrBX1HIEyo88mq514RTdjzCKz7iQY
PssyxkT0b9BBtGX0L/IyABQ5lEB5iF3rhnVmCvIr2rGgENbLYwkPUpCmg6PJZN9k
vJia/TuMLKLh6oMz0phAwpXc/2NcdnfmnM+K2+zK7OeLVoHtqeXsUjIzmUKy80Dy
TqR8VYoqbNAP7444+IT7ApgG1/LXBamEiIFLaKiLAvaFlDK0XV402xuwEMeGitfQ
XtgCIzo4Qdy4IfnQ/5apcy9jAoL13n+RF9qYC3V6dEtoSAe23l2IfKbirYCm3eIL
3q3+nFX32UK9HHMLgqrlix2S/JFO/Qc2uoyuk+gmhjLrSa0ZHF9Xz5xmqExu6NFF
JXyJjxt1KbnzQgbWU040ce+VekYCENNywzgwxzherEu1oqtrrvgS5jUWtUB0ACm2
ImIbGjFyrBpDH85mOJUeew1L1pVNkSqfwH+otViZuelnlcajZCxYevy6YS/thhyC
YDr/VPxBD0ue6crGmEwAB6zmc/kAuSfy1nUeF+KFvZGhkcvmDg1EhXzqyqV6te06
E4OrcZMoWSiI75dWo06g
=Jy7M
-----END PGP SIGNATURE-----



More information about the Core mailing list