river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Burrell Donkin <robertburrelldon...@gmail.com>
Subject Re: Apache release signing on Solaris 10
Date Sun, 03 Jan 2010 17:22:37 GMT
On Fri, Jan 1, 2010 at 7:59 AM, Peter Firmstone <jini@zeus.net.au> wrote:
> I've been attempting to compile and install GnuPG 2.0.14 as per
> http://www.apache.org/dev/openpgp.html#generate-key
>
> Unfortunately GnuPG 2.0.14 depends upon libassuan-1.0.5 which uses funopen
> or fopencookie calls that don't exist on Solaris 10.  NB. I succeeded
> getting GNU PThreads library version 2.0.7 compiled and installed, which
> incidentally requested I email the author, to included it the tested
> platforms (after passing all tests).
>
> Other libraries required that I compiled and installed were:
> libgcrypt
> libksba
> libgpg-error
>
> I have GnuPG 1.4.10 installed, it can generate 4096 bit RSA keys.
>
> Is there anything on Solaris 10 that is considered suitable for key
> generation for Apache?

IIRC 1.4.10 has the required changes backported from the 2.x
codestream but i haven't had time to verify that the keys are
correctly generated or that the configuration instructions work (i may
be able to find some time in Feb once my semester one exams are done).
it is possible - with sufficient knowledge - to create secure keys
using 1.4.9 or earlier but it's fiddly and error prone. i think - but
haven't checked - that you should be able to follow the *full*
instructions for 2.x using 1.4.10 and then verify that the signatures
created by the new key are strong enough.

- robert

Mime
View raw message