This guide provides instructions for setting up the Invinsense repository with proper cryptographic verification across various environments, including bare-metal, containers, SystemV, and SystemD.
- Root or sudo access (for bare-metal and some container environments)
- Internet connectivity
- Basic command-line knowledge
-
Download the Invinsense GPG key:
wget -O invinsense-repo-key.gpg https://invinsense.s3.us-east-2.amazonaws.com/4.x/apt/invinsense-repo-key.gpg
-
Verify the key's fingerprint (replace with the actual fingerprint):
gpg --show-keys invinsense-repo-key.gpg
Ensure the fingerprint matches:
8152 1539 216D 3D1F(example fingerprint) -
Add the key to the trusted keyring:
- For APT-based systems:
sudo gpg --dearmor -o /usr/share/keyrings/invinsense-archive-keyring.gpg invinsense-repo-key.gpg
- For RPM-based systems:
sudo rpm --import invinsense-repo-key.gpg
- For APT-based systems:
-
Add the Invinsense repository:
- For APT-based systems:
echo "deb [signed-by=/usr/share/keyrings/invinsense-archive-keyring.gpg] https://invinsense.s3.us-east-2.amazonaws.com/4.x/apt stable main" | sudo tee /etc/apt/sources.list.d/invinsense.list
- For RPM-based systems:
sudo tee /etc/yum.repos.d/invinsense.repo << EOF [invinsense] name=Invinsense Repository baseurl=https://invinsense.s3.us-east-2.amazonaws.com/4.x/rpm enabled=1 gpgcheck=1 gpgkey=https://invinsense.s3.us-east-2.amazonaws.com/4.x/apt/invinsense-repo-key.gpg EOF
- For APT-based systems:
-
Update package lists:
- For APT-based systems:
sudo apt update
- For RPM-based systems:
sudo yum makecache
- For APT-based systems:
- Follow the Universal Steps above.
- Ensure you have sudo privileges.
- If running as root, omit
sudofrom the commands. - If GPG is not available, install it:
apt-get update && apt-get install -y gnupg - For Docker containers, consider adding these steps to your Dockerfile.
- Follow the Universal Steps above.
- If using a SystemV init script, add the repository setup to your initialization scripts.
- Follow the Universal Steps above.
- Consider creating a oneshot systemd service to set up the repository on first boot:
Then enable and start the service:
sudo tee /etc/systemd/system/invinsense-repo-setup.service << EOF [Unit] Description=Setup Invinsense Repository After=network.target [Service] Type=oneshot ExecStart=/path/to/your/setup/script.sh RemainAfterExit=true [Install] WantedBy=multi-user.target EOF
sudo systemctl enable invinsense-repo-setup.service sudo systemctl start invinsense-repo-setup.service
-
Check the sources list (APT-based systems):
cat /etc/apt/sources.list.d/invinsense.list
-
Check the repo file (RPM-based systems):
cat /etc/yum.repos.d/invinsense.repo
-
List available Invinsense packages:
- APT-based:
apt search invinsense - RPM-based:
yum list available | grep invinsense
- APT-based:
-
If you encounter GPG errors:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 81521539216D3D1F
-
For RPM-based systems, if you see GPG check failures:
sudo rpm --import https://invinsense.s3.us-east-2.amazonaws.com/4.x/apt/invinsense-repo-key.gpg
-
If the repository isn't accessible, check your network connection and firewall settings.
- Always verify the GPG key fingerprint before adding it to your system.
- Regularly update your system to ensure you have the latest security patches.
- In production environments, consider setting up a local mirror of the repository for better control and security.
- APT-based systems:
sudo rm /etc/apt/sources.list.d/invinsense.list sudo rm /usr/share/keyrings/invinsense-archive-keyring.gpg sudo apt update
- RPM-based systems:
sudo rm /etc/yum.repos.d/invinsense.repo sudo rpm -e gpg-pubkey-216d3d1f-* sudo yum clean all
- Always refer to the official Invinsense documentation for the most up-to-date information.
- If you encounter persistent issues, contact Invinsense support for assistance.