HOWTO: Install Keybase on openSUSE Tumbleweed with signature verification and update repository

Sunday, October 21, 2018

HOWTO: Install Keybase on openSUSE Tumbleweed with signature verification and update repository

I’m a huge fan of keybase as well as openSUSE Tumbleweed but looking over the installation page, it doesn’t appear that openSUSE is among the supported Linux distributions.

Making it work, however, is only a tiny bit more difficult than setting it up for Fedora (which is to say, it’s not difficult at all). Since I end up doing this rather regularly, I thought I’d throw a HOWTO out there that I can refer back to. If you’re not me, then hey, hopefully I was able to help you out, too!

Note that I run 64-bit openSUSE Tumbleweed, as I assume you probably do, too. These instructions should work for the 32-bit version, however, I haven’t tested them. And, of course, while this works for me, it may not always work and may not work at all for you.

Before We Start - Fixing a few Things

Problem #1 - Missing Dependencies that Cannot be Resolved

Nevermind, they fixed this for me (love those folks!)

Problem #2 - The Package Signature Cannot be Verified

They don’t provide instructions for importing their signing key, so we’ll do this with rpm

# for users of zsh, the following one-liner works - run it and skip the rest
sudo rpm --import =(curl https://keybase.io/docs/server_security/code_signing_key.asc)

# If you're on bash, '=( ... )' isn't supported, but we can do the same with the following:
TMFILE="$(mktemp)"
curl https://keybase.io/docs/server_security/code_signing_key.asc > "$TMFILE"
sudo rpm --import "$TMFILE"
rm "$TMFILE

Installing with zypper

Follow the instructions on the download page for installing under Fedora, however, replace yum with zypper. As of the time of this writing, that command would be:

# Under bash/zsh
sudo zypper in -y https://prerelease.keybase.io/keybase_amd64.rpm
# If you're on the 32-bit version, you'd use:
sudo zypper in -y https://prerelease.keybase.io/keybase_i386.rpm
# ... or install the Windows 95 version (/s)

And, finally . . .

run_keybase
keybase login

Follow the install instructions for logging in for the first time (usually involves running keybase device add on another machine that is already logged in).

Making Upgrades work when zypper up or zypper dup is run

Keybase is updated … sheesh, it seems like daily, sometimes. But you’re running Tumbleweed, so installing 1,000 updates every week is kind of your thing. Unfortunately, the repo for keybase is not installed by default when zypper installs the keybase RPM, so we have to add it manually.

To get started, you should make sure that you do not have a reference to the keybase repo (who knows, maybe they’ve added support since I wrote this!)

sudo zypper lr

You should see something along the lines of …


# | Alias               | Name                        | Enabled | GPG Check | Refresh
--+---------------------+-----------------------------+---------+-----------+--------
1 | openSUSE-20181015-0 | openSUSE-20181015-0         | No      | ----      | ----   
2 | repo-debug          | openSUSE-Tumbleweed-Debug   | No      | ----      | ----   
3 | repo-non-oss        | openSUSE-Tumbleweed-Non-Oss | Yes     | (r ) Yes  | Yes    
4 | repo-oss            | openSUSE-Tumbleweed-Oss     | Yes     | (r ) Yes  | Yes    
5 | repo-source         | openSUSE-Tumbleweed-Source  | No      | ----      | ----   
6 | repo-update         | openSUSE-Tumbleweed-Update  | Yes     | (r ) Yes  | Yes    

That’s from a fresh install that I did on Saturday with nothing added beyond tmux and zsh to the default server configuration pattern.

If you don’t have a keybase repository, let’s add it:

sudo zypper ar -f http://prerelease.keybase.io/rpm/x86_64 keybase
sudo zypper --gpg-auto-import-keys refresh
# Presently you get a warning that the repomd.xml is unsigned; allow this, though it's not a great thing if you have security concerns

Performing an Update

Simple! Next time you do a zypper up or zypper dup, keybase’s repository will be checked and the software will be updated if it is modified.
However, don’t forget to run run_keybase after the software is updated or you’ll be using the previous version

No comments :