README: new section: "Sharing and signing your repositories"
This commit is contained in:
parent
8cbc48b1d3
commit
216bda2d1c
1 changed files with 27 additions and 0 deletions
27
README.md
27
README.md
|
@ -134,6 +134,33 @@ It is possible to avoid using remote repositories completely by using the `-N` f
|
|||
|
||||
> NOTE: the default local repository may contain multiple *sub-repositories*: `debug`, `multilib`, etc.
|
||||
|
||||
### Sharing and signing your local repositories
|
||||
|
||||
To share a local repository remotely it's mandatory to sign it and the binary packages
|
||||
stored on it. This is accomplished with the `xbps-rindex(8)` utility.
|
||||
|
||||
First a RSA key must be created with `openssl(1)` or `ssh-keygen(8)`:
|
||||
|
||||
$ openssl genrsa -des3 -out privkey.pem 4096
|
||||
|
||||
or
|
||||
|
||||
$ ssh-keygen -t rsa -b 4096 -f privkey.pem
|
||||
|
||||
> NOTE: only RSA keys in PEM format are currently accepted by xbps.
|
||||
|
||||
Once the RSA private key is ready you can use it to sign the repository:
|
||||
|
||||
$ xbps-rindex --sign --signedby "I'm Groot <groot@me>" --privkey privkey.pem ~/void-packages/hostdir/binpkgs
|
||||
|
||||
If the RSA key was protected with a passphrase you'll have to type it, or alternatively set
|
||||
it via the `XBPS_PASSPHRASE` environment variable.
|
||||
|
||||
Once the binary packages have been signed, check the repository contains the appropiate `hex fingerprint`:
|
||||
|
||||
$ xbps-query --repository=~/void-packages/hostdir/binpkgs -vL
|
||||
...
|
||||
|
||||
### Rebuilding and overwriting existing local packages
|
||||
|
||||
If for whatever reason a package has been built and it is available in your local repository
|
||||
|
|
Loading…
Reference in a new issue