Difference between revisions of "Bering-uClibc 6.x - User Guide - Advanced Topics - Unpacking a gpg signed lrp package"

From bering-uClibc
Jump to: navigation, search
(Unpacking a gpg signed lrp package)
(6 intermediate revisions by 2 users not shown)
Line 11: Line 11:
  
  
Starting with version 6.2 , the packages in the distribution are now gpg signed. This implies you won't be able to unpack them the old way, which was simply changing the package extension .lrp to .tgz and doing a "tar zxvf" on the .tgz . This is done in the name of security.  
+
Starting with version 6.2 , the packages in the distribution are now gpg signed for security reasons. This implies you won't be able to unpack them the old way, which was simply doing:
 +
 
 +
tar zxvf file.lrp
  
 
It is still possible to access the content of the lrp, to make you personal changes, but you'll have to do some more steps to manually extract them, you'll have to decrypt the lrp first. Once your modifications are done, repackage the lrp as before, you will only get a warning at reboot that the package does not have a valid signature, but it will work as expected, unless your changes broke it :-( !
 
It is still possible to access the content of the lrp, to make you personal changes, but you'll have to do some more steps to manually extract them, you'll have to decrypt the lrp first. Once your modifications are done, repackage the lrp as before, you will only get a warning at reboot that the package does not have a valid signature, but it will work as expected, unless your changes broke it :-( !
  
Start by extracting <code class="filename">initrd.lrp</code> where the signature is to be found.  
+
Start by extracting <code class="filename">initrd.lrp</code> where the public key signature is to be found.  
  
 
Go to your distribution directory and do:  
 
Go to your distribution directory and do:  
  
  cd Downloads/Bering-uClibc_7.x.x_x86_64_syslinux_serial115200
+
  cd Downloads/Bering-uClibc_6.2.x_x86_64_syslinux_serial115200
 
  mkdir initrd
 
  mkdir initrd
 
  cd initdr
 
  cd initdr
Line 34: Line 36:
 
You now have access to the package content. Make you modifications and when done, repackage the lrp the usual way with:
 
You now have access to the package content. Make you modifications and when done, repackage the lrp the usual way with:
  
  cd Downloads/Bering-uClibc_7.x.x_x86_64_syslinux_serial115200/etc
+
  cd Downloads/Bering-uClibc_6.2.x_x86_64_syslinux_serial115200/etc
 
  rm etc.tgz
 
  rm etc.tgz
 
  tar -c * | gzip -9 > etc.lrp
 
  tar -c * | gzip -9 > etc.lrp

Revision as of 20:22, 18 December 2020

Unpacking a gpg signed lrp package
Prev Bering-uClibc 6.x - User Guide

Unpacking a gpg signed lrp package

Starting with version 6.2 , the packages in the distribution are now gpg signed for security reasons. This implies you won't be able to unpack them the old way, which was simply doing:

tar zxvf file.lrp

It is still possible to access the content of the lrp, to make you personal changes, but you'll have to do some more steps to manually extract them, you'll have to decrypt the lrp first. Once your modifications are done, repackage the lrp as before, you will only get a warning at reboot that the package does not have a valid signature, but it will work as expected, unless your changes broke it :-( !

Start by extracting initrd.lrp where the public key signature is to be found.

Go to your distribution directory and do:

cd Downloads/Bering-uClibc_6.2.x_x86_64_syslinux_serial115200
mkdir initrd
cd initdr
gzip -cd ../initrd.lrp | cpio -idmv 

now, let's decrypt and extract for instance etc.lrp...

cd ..
mkdir etc
cd etc
gpg --keyring ../initrd/root/.gnupg/LEAF_sigkeys.gpg --decrypt -o etc.tgz ../etc.lrp
tar zxvf etc.tgz

You now have access to the package content. Make you modifications and when done, repackage the lrp the usual way with:

cd Downloads/Bering-uClibc_6.2.x_x86_64_syslinux_serial115200/etc
rm etc.tgz
tar -c * | gzip -9 > etc.lrp

Replace the old etc.lrp in the distribution with your modified version, but, I repeat, during boot you'll get a warning that the etc.lrp has no valid signature, but it will work as expected.


Prev Up