Menu

Optional Steps to Use DK tools Packages

Dirk Krause
← Previous ↑ Home ↑ Live Systems ↑ Prepare Virtual Machine → Next

Optional Steps to Use DK Tools Package

The steps below are only necessary to build DKtoolian live systems.
You can skip these steps if you are just interested in Disklessian.

Create GPG key to sign the packages

If you already have a GPG key, there is no need to create yet another one.

Configuration file

Edit the ~/.gnupg/gpg.conf file. It should contain:

personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

Create the key pair

gpg --full-generate-key

Choose key type “RSA and RSA”, key size “4096”, and a useful expiration time, i.e. “3y” (3 years).

List the keys

gpg -k --keyid-format long

Example output may look like

/home/joe/.gnupg/pubring.gpg
-------------------------------
pub   4096R/80618284692DE214 2026-06-27
uid       [ultimate] Joe Jellyfish <j.jelly@deep.blue.sea>
sub   4096R/D185E550FA6830A8 2026-06-27

Here we see the long key id 80618284692DE214 as the main key id and D185E550FA6830A8 as the key id of the sub key we will later use to sign packages.

Create revokation certificate

bash
umask 077
gpg --armor --gen-revoke 80618284692DE214 > ~/.gnupg/revocation-80618284692DE214.crt.asc
chmod go-rwx ~/.gnupg/revocation-80618284692DE214.crt.asc
exit

Keep the revokation certificate in a secure place.
It is recommended you also keep a paper printout.

Export public and private key

gpg --armor --export 80618284692DE214 > ~/.gnupg/80618284692DE214-public.txt
bash
umask 077
gpg --armor --export-secret-keys 80618284692DE214 > ~/.gnupg/80618284692DE214-secret.txt
exit
chmod 644 ~/.gnupg/80618284692DE214-public.txt
chmod 600 ~/.gnupg/80618284692DE214-secret.txt

Transfer both keys to the virtual machine

scp ~/.gnupg/80618284692DE214-public.txt user@host:/home/user
scp ~/.gnupg/80618284692DE214-secret.txt user@host:/home/user

Replace “user” by the login name of the unprivileged user, “host” by the host name of the virtual machine.

Import keys in the virtual machine

As unprivileged user in the virtual machine run:

gpg --import ~/80618284692DE214-secret.txt
gpg --import ~/80618284692DE214-public.txt
rm ~/80618284692DE214-secret.txt

Configure the package management to trust the key

As root in the virtual machine run:

mkdir /etc/gpg-livesys
cp ~user/80618284692DE214-public.txt /etc/gpg-livesys/livesys.pub.asc
chmod 644 /etc/gpg-livesys/livesys.pub.asc
cp ~user/80618284692DE214-public.txt /etc/apt/trusted.gpg.d/dktools.asc
chmod 644 /etc/apt/trusted.gpg.d/dktools.asc
apt-get update
rm ~user/80618284692DE214-public.txt

Replace “user” by the login name of the unprivileged user.

Configure key for package signing

As unprivileged user in the virtual machine edit the ~/.bashrc file, add the following line:

export DEB_SIGN_KEYID="D185E550FA6830A8"

Note: The key id of the “sub” key from the listing (see section “List keys” above) must be used here.
When using another shell (not bash) you have to edit another startup file. File name and syntax to use depend on the shell.

Logout, login, and check

Log out from all unprivileged user conntections to the virtual machine. Now log in to the virtual machine as unprivileged user and run

env | grep DEB_SIGN_KEYID

to verify the “DEB_SIGN_KEYID” variable exists and has the correct value.

Install and configure Apache

Install web server software

See https://wiki.debian.org/Apache/ for details how to set up Apache on Debian.

As root on the virtualization host run:

apt-get -y install apache2

Create directory structure

As root on the virtualization host run:

mkdir -p /var/www/html/debian@DEBIANVERSNO@/dktools
chmod 755 /var/www/html/debian@DEBIANVERSNO@
chmod 755 /var/www/html/debian@DEBIANVERSNO@/dktools

Modify Apache configuration

As root on the virtualization host modify the /etc/apache2/apache2.conf file.
Below the

<Directory /var/www/>
        ...
</Directory>

section add a section:

<Directory /var/www/html/debian@DEBIANVERSNO@/>
        Options All Indexes FollowSymLinks
</Directory>

Probably you want to restrict access permissions to your web server.
In the example below access is restricted to the virtualization host itself and the virtual machines in the “default” network.

<Directory /usr/share>
    AllowOverride None
    Require ip 192.168.122.0/24
    Require ip 127.0.0.0/8
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require ip 192.168.122.0/24
    Require ip 127.0.0.0/8
</Directory>

Restart the web server:

systemctl restart apache2

Build DK tools packages

Download DK tools

Download the DK tools source archive from the “Files” area in the SourceForge DK tools project.
Place the archive in the unprivileged users ~/Downloads directory in the virtual machine.

Unpack the software

As unprivileged user in the virtual machine run:

cd ~/Downloads
tar xzf dktools-4.39.1.tar.gz

Install required developer packages

As root in the virtual machine run:

cd ~user/Downloads
cd dktools-4.39.1
scripts/debian-prepare-deb

Build the packages

As unprivileged user in the virtual machine run:

cd ~/Downloads/dktools-4.39.1
scripts/debian-build-deb

Stay in front of the computer. At the end of the process you are asked for the passphrase protecting your GPG key. A timeout is used by the dialog, so if not responding in time you end up with unsigned packages.
On success the *.deb files are in the ~/Downloads/dktools-debian-pkg/repo directory.

Place packages in repository

As root on the virtualization host run:

rsync -rlptDHv --delete user@host:/home/user/Downloads/dktools-debian-pkg/repo/  /var/www/html/debian@DEBIANVERSNO@/dktools

Replace “user” by the login name of the unprivileged user, “host” by the host name or IP address of the virtual machine.

← Previous ↑ Home ↑ Live Systems ↑ Prepare Virtual Machine → Next

Related

Wiki: Prepare Virtual Machine

MongoDB Logo MongoDB