Okay, so here’s the scenario: you distribute .deb packages without an apt repository, but want to start signing your packages to ensure they aren’t corrupted or tampered with during transit to your users. I say “without an apt repository” since apt has its own mechanism for signing whole releases, via SecureApt.
The tools you are expected to use for this purpose are debsign and debsig-verify. Unfortunately I found the documentation for these to be pretty thin and ended up having to read the source of debsig-verify to work out what was expected of a signed package.
So hopefully to prevent others from having to trawl through source code, below are steps you could follow to sign your own .deb packages. My method is somewhat contra to the prescribed method from Debian, however it is the only way I’ve managed to get working. Please suggest better methods if you know them.
The steps I performed were:
- Create your GPG signing key, run
$ gpg --gen-key
and follow the steps.
As an experiment today I tried installing the Ubuntu 8.04 beta on my work PC. I work for a very large commercial company and don’t personally know of anyone who has tried such a thing before, so I thought I might as well give it a go.
Here are some highlights of the 5 or 6 hours I spent on this today:-
Most of my time was spent mucking about trying to get my dual screens setup to work. Something that is supposed to be easier in 8.04.
Ubuntu detected my video card fine (an on-board Intel 945G, quite standard for a work PC) and initially set me up with one monitor fine. Screen redraws were fast and Compiz was running pretty well.
But both monitors were showing the same image…
So I jumped to the new 8.04 Screen Resolution dialog and had a looksy. Sure enough it thought I had 2 monitors. It had also correctly decided that 1600×1200 was the resolution of choice. But where was the option to run a second desktop on screen #2?
And why was my xorg.conf nearly empty?
The answer (after quite a bit of research): X.Org 7.3 and XRandR.
As of 7.3, X.Org decides to wherever possible keep your xorg.conf brief. So much so that if you are having display issues the recommendation is to delete your xorg.conf file and restart X. Wow. The only downside being if you want to tweak just one parameter, erm, how do you do that?
XRandR, or X Resize and Rotate, replaces a plethora of dynamic display utilities and basically does just resize and rotate your X display or displays.
Right. So what about that Screen and Graphics dialog from Gutsy, aka displayconfig-gtk? It used to allow me to configure multiple displays the way I wanted. Oddly it’s now in the menus under Applications->Other. It’s an Application now? (Looks like this has since been removed – there’s now no menu item for it at all!)
Right anyway, so I trundled through and configured my screens using displayconfig-gtk, hit the Test button and wow, what an ugly garbled display I had on screen #1 and screen #2 just went black.
Fiddled with the settings some more and managed to get screen #1 looking okay but nothing on screen #2.
Reset my xorg.conf back to default.
Read somewhere that adding
SubSection "Display" Virtual 3200 1200 EndSubSection
should solve the problem (3200×1200 being the bounding box resolution of my 2 screens).
It worked! But screen draws were reeealllyyy sllloooww.
A quick scan through the xorg log file and hmm, this message
Cannot support DRI with frame buffer width > 2048
In other words, the driver was telling me my virtual desktop size (3200 pixels wide) was too big for the hardware to support. Odd, I’ve had this working before I thought.
I finally discovered that one of the caveats of XRandR is that it:
…hardware does not support unlimited coordinates. For instance, Intel boards up to i945 only support 2048 pixels in each direction. If you enable a larger virtual screen, DRI will be disabled and some problems may appear.
In other words: Even if your hardware is capable of handling two high-res displays, XRandR won’t be your friend unless your hardware is equally capable of running a single really really high-res display. For this reason I must say that I don’t think XRandR is ready for the big time and Ubuntu in some cases needs to know to fall back to other technologies.
The (only?) solution? Manually configuring Xinerama. Something I don’t mind doing but enough to put most new Linux users off the whole thing.
And the caveat: No Compiz.
“Your average computer user might never say that they find the flicker at the start of the Operating System a bit daunting or cheap looking, but when they switch between an OSX desktop and a Linux desktop subconsciously the fluid interface does register in their mind. The result of that is all the praise we hear about the gorgeous OSX interface.”
I have to say I do agree wholeheartedly with all points raised in the article and perhaps could add a few thoughts of my own:-
- During the installer the Select Time Zone dialog doesn’t list London in the location drop-down, but does show London on the map, but only if you zoom in first.
- Absolutley requiring a password to be entered for gnome-keyring to unmask my wireless networking key is counter-productive, i.e. I should be able to boot my laptop and have network access without having to enter a password at any stage.
- I believe a new user to Gnome will have difficulty distinguishing between ‘System->Preferences’ and ‘System-Administration’. In fact, I’m still never sure in which to look.
- It’s been said so many times, but there should be a 1-click way of changing the orange/brown colour scheme to a different colour. My fiancée looking over my shoulder didn’t particularly like the colour scheme and I couldn’t show her a straightforward way of changing it — I know, I know, change the control set to ‘Clearlooks’ first, but that is difficult for a novice user to understand.
Oh and I’m not Ubuntu/Gnome-bashing, I love Ubuntu! This is just an attempt to jot down some of the frustrations myself and others have experienced.
No operating system is perfect, but the number of user experience issues in Ubuntu certainly does outnumber OSX. To be fair, Apple have just a bit more dosh to spend. (And yet certainly Microsoft have never quite got the user experience right even with America’s richest man at the helm.)
Perhaps I should just stop whining and start committing…
(Disclosure: I have recently accepted a job at the BBC.)
The BBC has also confirmed that users of Apple Mac and Linux machines will be able to use its TV catch-up service from the end of the year.
The article focuses on a scheme for free access to BBC wi-fi hotspots via The Cloud, but slips in the above statement regarding iPlayer. This is indeed great news for Mac/Linux users in the UK, myself included (I run the latter), who thus far have had to resort to running a Windows virtual machine to even get a glimpse of the iPlayer.
And how will the content be delivered? The answer: Flash video. Meaning the BBC’s initial push for DRM controlled content are now out the window.
By using Flash, one must assume even relatively non-technically savvy users will be able to download the linked-to FLV video content and keep copies of videos for later viewing (i.e. longer than the 30 day restriction currently in place). Of course this will probably violate stated terms & conditions of the service, but at least it will be a possibility for those who really want to keep something for a short while to do so without resorting to ugly DRM hacks.
Also mentioned in the article is the possibility of programmes to be downloaded and stored on portables like the PSP. Again, with no reference to controlling the storage via DRM.
Will this lessen sales of BBC DVDs, at least in the UK? The article also mentions the possibility of “HD download” content in the future… so, very possibly I would speculate.