The software distribution via package management topic

In the previous section we had to deal with the verification of downloadable open source tools using the hash of the binaries to verify that the binaries were not altered outside of the responsibility of the developer that build the binary version. This was a first dipping of the toes into cryptographic tools for internet security. In this section we will start to take a look at automatic package management like the one used in Ubuntu Linux distribution or Debian packet management. It is clear that for the moment we do not cover the version management of software or the online repositories that are offered in Github.

Considering the tools that are standard in software development we are just touching this topic lightly to understand the security technology that is used in these constant update - or pull as you go package management systems.

There are hundred's of webpages out there that turn out to have not working examples for activities in this area. Please pay attention to the exact versions of software and operating system and platform used. Only for the given versions and releases was the code tested.

Here the different Topics that will be covered:

  1. How to use Gnupg to create asymmmetic key's for use in encryptions and authentication:
  2. How to add encryption keys to your private and secure keyring:
  3. Creating a package to deploy
  4. Uploading the package file to a apache webserver for distribution:
  5. Configuring the remote system to get and deploy the software: