[PVE-User] available templates and gpg signatures

Dietmar Maurer dietmar at proxmox.com
Mon Dec 2 05:58:09 CET 2013


> 1. Is the aplinfo.dat file auto-generated? Can you update it easily? The wiki [4]
> somehow suggests that the amd64 templates are second-class, and should be
> handled manually. My feeling is that this page is outdated (troubleshooting
> section talks about 1.8).

First, the GUI does not handle amd64 template. Also, you do not have the correct key
to sign the template list.

What page is outdated?

> 2. Can you explain who is in charge of creating and maintaining the templates
> and the aplinfo.dat and its signature? Are the unlisted templates "not endorsed
> by Proxmox"? As there is no checksum on the signed index, they appear less
> reliable than the listed ones, anyway.

I maintain that list.

> 3. Can you please confirm that by downloading the templates from the web
> interface the application is actually verifying the gpg signature and the
> checksums of the downloaded tarballs? Is this documented somewhere? [5]
> suggests this is actually done; I am not very fluent with perl, and I would
> appreciate a quick authoritative answer; [6] is even more clear, but of course
> not under git.proxmox.com :)

yes, we verify signature and checksum.

- Dietmar


More information about the pve-user mailing list