APT Repository Configuration

Owned by Tomáš Vojík
Last updated: Mar 26, 2024 by Charles Wernicke
4 min read

In order to maintain the security of your server, our software, starting from version 20230801, uses APT/Debian package management infrastructure to ensure that you are installing software signed by GB. This helps immunize your server against attacks on GB software distribution servers. Even if an attacker manages to somehow place their own software on GB repositories, your server will not trust it because the software is not signed by GB.

Here are the steps on how to download GENERAL BYTES public key that your machine will always trust when downloading new software packages from GENERAL BYTES.

KYC is now required by GB!

Access to the private APT repository is provided only to our Operators that:

  1. undergo additional KYC checks, and

  2. have paid all current invoices.

Please contact the Sales department if you cannot access the package repository during CAS installation or CAS update.

1. Download the repository public key to your key rings folder.

Run the following command to download the public key:

sudo wget -O /usr/share/keyrings/generalbytes-repo.public https://trust.generalbytes.com/generalbytes-repo.public

2. Check the digital signature of the downloaded public key.

Make sure that the public key has the correct checksum.

sha256sum /usr/share/keyrings/generalbytes-repo.public

The correct checksum is:

6f65c52005425872acd880cbf9c3975fdc1db45fc85b60ef981482cead51746b /usr/share/keyrings/generalbytes-repo.public

3. Compare the checksum of GENERAL BYTES public key from the repository.

The correct checksum of the key at packages.generalbytes.com must be the same as the one downloaded in step 1 from trust.generalbytes.com.

4. Verification

Contact Support if:

  • any of the steps fail, or

  • the checksum is invalid, or

  • the checksums differ.

Continuing may result in the installation of an untrusted key and subsequently: untrusted software in the future.

5. Add the generalbytes repository to APT

For installation and updates, the repository must be specifically added to the Ubuntu system.

Create the repository file:

Edit the new file using nano:

Add the following line to the file:

  • Replace “LICENSE” with your actual GENERAL BYTES approved license key.

Example:

  • Save and exit the nano editor (Press Ctrl+X, and answer “Y” when asked to save the file).

If you prefer to do it in a single line, use this script:

6. Update the Ubuntu system repository.

Troubleshooting

The license issued by GENERAL BYTES may be revoked without warning.

If your license fails to be accepted during an APT update, CAS update, or CAS installation, please contact Sales to ensure that your account is in good standing.

Removal

The changes made to APT will prevent APT from installing updates - including security updates - if the license is invalid for any reason. If you continue to use the server (without CAS), then you should remove the modifications to your Ubuntu.

DO NOT DO THIS UNLESS REQUIRED!

To temporarily disable the GB APT Repository:

Rename this file:

Re-enable the file when you’re ready to update CAS:

To permanently remove the GB APT repository:

Viewing patch availability:

You might want to check if a patch is available before shutting down CAS and upgrading. You can do this while CAS is up.

  • where the version sought is 20240201

The current patch versions will be displayed.

Copyright © 2020-2024 General Bytes USA LLC