From a72a8d7d03cbd43b08845d5974d9d0468bbebc82 Mon Sep 17 00:00:00 2001 From: Juan RP Date: Tue, 13 Jan 2015 00:16:41 +0100 Subject: [PATCH] README: explain repo signing limitations. --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2373a0db15..a19b018dbb 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ By default **xbps-src** will try to resolve package dependencies in this order: It is possible to avoid using remote repositories completely by using the `-N` flag. -> NOTE: the default local repository may contain multiple *sub-repositories*: `debug`, `multilib`, etc. +> The default local repository may contain multiple *sub-repositories*: `debug`, `multilib`, etc. ### Sharing and signing your local repositories @@ -147,13 +147,13 @@ or $ ssh-keygen -t rsa -b 4096 -f privkey.pem -> NOTE: only RSA keys in PEM format are currently accepted by xbps. +> Only RSA keys in PEM format are currently accepted by xbps. Once the RSA private key is ready you can use it to sign the repository: $ xbps-rindex --sign --signedby "I'm Groot" --privkey privkey.pem $PWD/hostdir/binpkgs -> NOTE: If --privkey is unset, it defaults to `~/.ssh/id_rsa`. +> If --privkey is unset, it defaults to `~/.ssh/id_rsa`. If the RSA key was protected with a passphrase you'll have to type it, or alternatively set it via the `XBPS_PASSPHRASE` environment variable. @@ -163,6 +163,11 @@ Once the binary packages have been signed, check the repository contains the app $ xbps-query --repository=$PWD/hostdir/binpkgs -vL ... +Each time a binary package is created, the repository must be signed as explained above with +the difference that only those new packages will be signed. + +> It is not possible to sign a repository with multiple RSA keys. + ### Rebuilding and overwriting existing local packages If for whatever reason a package has been built and it is available in your local repository