xbps-src: document xbps-0.46 signing and require 0.46.
This commit is contained in:
parent
edc0d5d53d
commit
d24e75514f
2 changed files with 12 additions and 9 deletions
19
README.md
19
README.md
|
@ -10,7 +10,7 @@ or queried through the `xbps-install(1)` and `xbps-query(1)` utilities, respecti
|
||||||
### Requirements
|
### Requirements
|
||||||
|
|
||||||
- GNU bash
|
- GNU bash
|
||||||
- xbps >= 0.45
|
- xbps >= 0.46
|
||||||
|
|
||||||
`xbps-src` requires an utility to chroot and bind mount existing directories
|
`xbps-src` requires an utility to chroot and bind mount existing directories
|
||||||
into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports
|
into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports
|
||||||
|
@ -126,9 +126,9 @@ used as dependencies in the source packages tree.
|
||||||
If you want to customize those replacements, copy `etc/defaults.virtual` to `etc/virtual`
|
If you want to customize those replacements, copy `etc/defaults.virtual` to `etc/virtual`
|
||||||
and edit it accordingly to your needs.
|
and edit it accordingly to your needs.
|
||||||
|
|
||||||
### Directory tree
|
### Directory hierarchy
|
||||||
|
|
||||||
The following directory tree is used with a default configuration file:
|
The following directory hierarchy is used with a default configuration file:
|
||||||
|
|
||||||
/void-packages
|
/void-packages
|
||||||
|- common
|
|- common
|
||||||
|
@ -156,7 +156,7 @@ The description of these directories is as follows:
|
||||||
- `masterdir`: master directory to be used as rootfs to build/install packages.
|
- `masterdir`: master directory to be used as rootfs to build/install packages.
|
||||||
- `builddir`: to unpack package source tarballs and where packages are built.
|
- `builddir`: to unpack package source tarballs and where packages are built.
|
||||||
- `destdir`: to install packages, aka **fake destdir**.
|
- `destdir`: to install packages, aka **fake destdir**.
|
||||||
- `hostdir/ccache-<arch>`: to store ccache data if the `XBPS_CCACHE` option is enabled.
|
- `hostdir/ccache`: to store ccache data if the `XBPS_CCACHE` option is enabled.
|
||||||
- `hostdir/distcc-<arch>`: to store distcc data if the `XBPS_DISTCC` option is enabled.
|
- `hostdir/distcc-<arch>`: to store distcc data if the `XBPS_DISTCC` option is enabled.
|
||||||
- `hostdir/repocache`: to store binary packages from remote repositories.
|
- `hostdir/repocache`: to store binary packages from remote repositories.
|
||||||
- `hostdir/sources`: to store package sources.
|
- `hostdir/sources`: to store package sources.
|
||||||
|
@ -242,10 +242,14 @@ or
|
||||||
|
|
||||||
> Only RSA keys in PEM format are currently accepted by xbps.
|
> Only RSA keys in PEM format are currently accepted by xbps.
|
||||||
|
|
||||||
Once the RSA private key is ready you can use it to sign the repository:
|
Once the RSA private key is ready you can use it to initialize the repository metadata:
|
||||||
|
|
||||||
$ xbps-rindex --sign --signedby "I'm Groot" --privkey privkey.pem $PWD/hostdir/binpkgs
|
$ xbps-rindex --sign --signedby "I'm Groot" --privkey privkey.pem $PWD/hostdir/binpkgs
|
||||||
|
|
||||||
|
And then make a signature per package:
|
||||||
|
|
||||||
|
$ xbps-rindex --sign-pkg --privkey privkey.pem $PWD/hostdir/binpkgs/*.xbps
|
||||||
|
|
||||||
> If --privkey is unset, it defaults to `~/.ssh/id_rsa`.
|
> If --privkey is unset, it defaults to `~/.ssh/id_rsa`.
|
||||||
|
|
||||||
If the RSA key was protected with a passphrase you'll have to type it, or alternatively set
|
If the RSA key was protected with a passphrase you'll have to type it, or alternatively set
|
||||||
|
@ -253,11 +257,10 @@ it via the `XBPS_PASSPHRASE` environment variable.
|
||||||
|
|
||||||
Once the binary packages have been signed, check the repository contains the appropriate `hex fingerprint`:
|
Once the binary packages have been signed, check the repository contains the appropriate `hex fingerprint`:
|
||||||
|
|
||||||
$ xbps-query --repository=$PWD/hostdir/binpkgs -vL
|
$ xbps-query --repository=hostdir/binpkgs -vL
|
||||||
...
|
...
|
||||||
|
|
||||||
Each time a binary package is created, the repository must be signed as explained above with
|
Each time a binary package is created, a package signature must be created with `--sign-pkg`.
|
||||||
the difference that only those new packages will be signed.
|
|
||||||
|
|
||||||
> It is not possible to sign a repository with multiple RSA keys.
|
> It is not possible to sign a repository with multiple RSA keys.
|
||||||
|
|
||||||
|
|
2
xbps-src
2
xbps-src
|
@ -352,7 +352,7 @@ read_pkg() {
|
||||||
setup_pkg $XBPS_TARGET_PKG $XBPS_CROSS_BUILD
|
setup_pkg $XBPS_TARGET_PKG $XBPS_CROSS_BUILD
|
||||||
}
|
}
|
||||||
|
|
||||||
readonly XBPS_VERSION_REQ="0.45"
|
readonly XBPS_VERSION_REQ="0.46"
|
||||||
readonly XBPS_VERSION=$(xbps-uhelper -V|awk '{print $2}')
|
readonly XBPS_VERSION=$(xbps-uhelper -V|awk '{print $2}')
|
||||||
readonly XBPS_SRC_VERSION="113"
|
readonly XBPS_SRC_VERSION="113"
|
||||||
export XBPS_MACHINE=$(xbps-uhelper arch)
|
export XBPS_MACHINE=$(xbps-uhelper arch)
|
||||||
|
|
Loading…
Reference in a new issue