For the purposes of this document, we'll be working in /srv/dak
Set up the dak user on both the system and in postgres:
-# sudo adduser dak
-# sudo addgroup ftpmaster
-# sudo addgroup dak ftpmaster
+# sudo addgroup --system ftpmaster
+# sudo adduser --system dak --ingroup ftpmaster --shell /bin/bash
# sudo -u postgres createuser -s dak
Set up the dak directory:
# cp templates/* /srv/dak/templates/
Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg. Guard this key carefully
+pass one through to gpg. Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
# gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
Remember the signing key id for when creating the suite below.
Here we'll pretend it is DDDDDDDD for convenience