For each apt repository, sign the Release file metadata
For each apt repository, write a "release.asc" file into the root of the repo. This release.asc file should contain the public key that was used to sign the repo.
Re-generate the ISO with these modifications.
(Additionally, it would be good if merfi could sha256sum the resulting ISO, and then GPG-inline-sign the resulting ".SHA256SUM" file... but that could be a separate RFE.)
FYI on Ubuntu I've used p7zip to extract the contents of ISOs without needing root access. A fallback option would be to use "sudo mount".
ktdreyer
commented
9 years ago
merfi should be able to do the following:
Releasefile metadatarelease.asc" file into the root of the repo. Thisrelease.ascfile should contain the public key that was used to sign the repo.(Additionally, it would be good if merfi could sha256sum the resulting ISO, and then GPG-inline-sign the resulting "
.SHA256SUM" file... but that could be a separate RFE.)FYI on Ubuntu I've used p7zip to extract the contents of ISOs without needing root access. A fallback option would be to use "
sudo mount".