Page MenuHomeDevCentral

Generate FreeBSD packages repository signing key
ClosedPublic

Authored by dereckson on Mar 30 2018, 19:12.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:54
Unknown Object (File)
Wed, Nov 27, 17:33
Subscribers
None

Details

Summary

FreeBSD packages are signed hence a signing key.

Reference: man 8 pkg-repo

Test Plan

pkg repo /path/to/some/tmp/packages repo.key

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
freebsd-repo
Build Status
Buildable 2434
Build 2682: arc lint + arc unit

Event Timeline

dereckson created this revision.

s/signing_key_dir/repo.signing_key_dir

Create parent directory too.

Set builder as user, so we don't run openssl and pkg as root

$ salt-call --local state.apply roles/freebsd-repo
local:
----------
          ID: /usr/local/etc/freebsd-pkg-repo/key
    Function: file.directory
      Result: True
     Comment: Directory /usr/local/etc/freebsd-pkg-repo/key updated
     Started: 19:15:51.118448
    Duration: 38.505 ms
     Changes:
              ----------
              /usr/local/etc/freebsd-pkg-repo/key:
                  New Dir
----------
          ID: signing_key_generate_private
    Function: cmd.run
        Name: openssl genrsa -out repo.key 4096
      Result: True
     Comment: Command "openssl genrsa -out repo.key 4096" run
     Started: 19:15:51.160136
    Duration: 1480.753 ms
     Changes:
              ----------
              pid:
                  40367
              retcode:
                  0
              stderr:
                  Generating RSA private key, 4096 bit long modulus
                  ......++
                  ....................................++
                  e is 65537 (0x10001)
              stdout:
----------
          ID: signing_key_generate_public
    Function: cmd.run
        Name: openssl rsa -in repo.key -out repo.pub -pubout
      Result: True
     Comment: Command "openssl rsa -in repo.key -out repo.pub -pubout" run
     Started: 19:15:52.641676
    Duration: 151.185 ms
     Changes:
              ----------
              pid:
                  40370
              retcode:
                  0
              stderr:
                  writing RSA key
              stdout:
----------
          ID: /usr/local/etc/freebsd-pkg-repo/key/repo.key
    Function: file.managed
      Result: True
     Comment:
     Started: 19:15:52.793655
    Duration: 7.51 ms
     Changes:
              ----------
              mode:
                  0400

Summary for local
------------
Succeeded: 4 (changed=4)
Failed:    0
------------
Total states run:     4
Total run time:   1.678 s

$ cat /usr/local/etc/freebsd-pkg-repo/key/repo.key
cat: /usr/local/etc/freebsd-pkg-repo/key/repo.key: Permission denied

$ sudo -u builder pkg repo /var/repo /usr/local/etc/freebsd-pkg-repo/key/repo.key
Creating repository in /var/repo: 100%
Packing files for repository: 100%

$ ls -lah /var/repo
total 3295
drwxr-xr-x   2 builder  wheel     6B Mar 30 19:27 .
drwxr-xr-x  31 root     wheel    31B Mar 30 19:20 ..
-rw-r--r--   1 builder  wheel   836B Mar 30 19:27 digests.txz
-rw-r--r--   1 root     wheel   3.2M Mar 30 19:21 hs-ShellCheck-0.4.8.p1.txz
-rw-r--r--   1 builder  wheel   828B Mar 30 19:27 meta.txz
-rw-r--r--   1 builder  wheel   2.1K Mar 30 19:27 packagesite.txz
This revision is now accepted and ready to land.Mar 30 2018, 19:29
This revision was automatically updated to reflect the committed changes.