 |
FirewallBuilder |
|
Packages for Windows, Mac OS X
Source Code, Packages for Linux on SourceForge
Released packages and source code tar.gz archives
can be downloaded from SourceForge:
Download page on our SourceForge project site
In addition, we maintain repositories of the rpm and deb packages, including both stable releases and testing builds.
Debian/Ubuntu packages repository
To access Debian/Ubuntu repository
of
deb http://www.fwbuilder.org/deb/stable/ intrepid contrib
To access Debian/Ubuntu repository
of
deb http://www.fwbuilder.org/deb/testing/ intrepid contrib
If you wish to follow only stable releases, add only the line with "/deb/stable" url.
Packages in all repositories are signed with GPG key with ID EAEE08FE "Firewall Builder Project (Package Signing Key) <pkgadmin@fwbuilder.org>". Download public key and add it to your key chain to be able to verify integrity of the packages in repositories. To add the key on Debian/Ubuntu, use the following commands:
wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
apt-key add PACKAGE-GPG-KEY-fwbuilder.asc
Configuring debsig-verify to verify package signatures
This part is optional, although it is highly recommended in order to ensure authenticity of the installed fwbuilder packages. However, if you do not configure debsig-verify, package signatures will not be verified but apt tools will try to install them anyway.
Unfortunately it is not enough to just add the key to apt-get, you also need to install package debsig-verify and configure it. Consult one of the HOWTO guides on the Internet that describe how to set up debsig-verify tools to verify signed packages; one such guide can be found here: Signing .deb packages . See section #4 "Setup the machine(s) that will be downloading and verifying the package" in it.
Here is a brief write-up of the debsig-verify installation and configuration process.
First, you need to install debsig-verify and gpg:
aptitude install debsig-verify gpg
Import our key and check its fingerprint:
gpg --import PACKAGE-GPG-KEY-fwbuilder.asc gpg --fingerprint
gpg --fingerprint prints something like this:
------------------------
pub 1024D/EAEE08FE 2009-05-17
Key fingerprint = 5397 6AA1 5E71 2F74 947B 4496 EF2E DD98 EAEE 08FE
uid Firewall Builder Project (Package Signing Key) <pkgadmin@fwbuilder.org>
sub 2048g/FE31D386 2009-05-17
Key ID is EAEE08FE, its fingerprint is last 4 groups if hex digits in the "Key fingerprint" line: EF2EDD98EAEE08FE (remove white spaces).
Next step is to import the key into debsig keyring:
mkdir /usr/share/debsig/keyrings/EF2EDD98EAEE08FE gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/EF2EDD98EAEE08FE/debsig.gpg --import PACKAGE-GPG-KEY-fwbuilder.asc
Now we need to create debsig-verify policy file:
mkdir /etc/debsig/policies/EF2EDD98EAEE08FE/ vi /etc/debsig/policies/EF2EDD98EAEE08FE/fwbuilder-testing.pol
The policy file is in XML and looks like this:
<?xml version="1.0"?>
<!DOCTYPE Policy SYSTEM "http://www.debian.org/debsig/1.0/policy.dtd">
<Policy xmlns="http://www.debian.org/debsig/1.0/">
<Origin Name="Firewall Builder" id="EF2EDD98EAEE08FE"
Description="Firewall Builder Package"/>
<Selection>
<Required Type="origin" File="debsig.gpg" id="EF2EDD98EAEE08FE"/>
</Selection>
<Verification MinOptional="0">
<Required Type="origin" File="debsig.gpg" id="EF2EDD98EAEE08FE"/>
</Verification>
</Policy>
Note how key fingerprint is used as an id in all XML elements.
apt-get, aptitude and other apt tools save downloaded packages in the directory /var/cache/apt/archives/. You can use debsig-verify to verify saved copy:
# debsig-verify /var/cache/apt/archives/libfwbuilder_3.0.5-b961-ubuntu-hardy-1_amd64.deb debsig: Verified package from `package from Firewall Builder' (Firewall Builder)
Now apt-get and other apt tools will call debsig-verify to verify packages they are about to install or upgrade.
Troubleshooting .deb repository access
After this, you should be able to install and update fwbuilder packages using synaptic or aptitude.
Note that apt caches package information, so when we release new packages, they will not match cached data when you try to install them. Run apt-get update before you install or upgrade packages to refresh cached data. If you don't, you'll get "Size mismatch" error which is not very descriptive. Note that if you do this from the command line using apt-get, you'll notice that it suggests running apt-get upate, but unfortunately update manager cuts off this part of the error message. Just run apt-get update or aptitude update from the command line before doing update.
RPM packages repository
To access repository of RPM packages, create file /etc/yum.repos.d/fwbuilder.repo with the following contents:
[fwbuilder]
name=Firewall Builder
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/stable/fedora-$releasever-$basearch
enabled=1
[fwbuilder-testing]
name=Firewall Builder Test Builds
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/testing/fedora-$releasever-$basearch
enabled=0
Packages in all repositories are signed with GPG key with ID EAEE08FE "Firewall Builder Project (Package Signing Key) <pkgadmin@fwbuilder.org>". Download public key and add it to your key chain to be able to verify integrity of the packages in repositories. To add the key on Fedora, use the following commands:
wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
rpm --import PACKAGE-GPG-KEY-fwbuilder.asc
To install stable package of fwbuilder with dependencies, use command
yum install fwbuilder
This should find and install both fwbuilder and libfwbuilder packages and dependencies.
To install latest package from the testing repository (latest nightly build), use command
yum --enablerepo=fwbuilder-testing install fwbuilder
Future versions of Firewall Builder: beta testing, source and binary packages for all OS
Third Party Packages
- OpenSuse rpms: http://download.opensuse.org/repositories/home:/worldcitizen/
- OpenSuse rpms: http://medozas.de/content.php?id=4
- OpenSuse rpms: http://etherkiller.org/fwbuilder/