Page MenuHomeDevCentral
Differential D1553

Generate the FreeBSD packages repository signature fingerprints
ClosedPublic
Actions

Authored by dereckson on Mar 30 2018, 22:38.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 07:05
Unknown Object (File)
Tue, Nov 12, 05:59
Unknown Object (File)
Sun, Nov 10, 12:46
Unknown Object (File)
Wed, Oct 30, 23:46
Unknown Object (File)
Oct 21 2024, 23:11
Unknown Object (File)
Oct 21 2024, 23:11
Unknown Object (File)
Oct 21 2024, 22:48
Unknown Object (File)
Oct 21 2024, 22:32
View All Files
Subscribers
None

Details

Reviewers
dereckson
Commits
rOPSbe78c8fbc0ab: Generate the FreeBSD packages repository signature fingerprints
Summary

When pkg repo receives a public key as argument, it doesn't publish
fingerprints to the repository. The client needs to get the public key.

Yet, 643db9983997 picked the fingerprint configuration. This configuration
allows more flexibility (several keys, a trusted and a revoked list), and
as all is already ready to use this mode, this changes applies this mode
to pkg repo too.

A benefit is we can separate signature and package builder responsibities
in the future if such a need arises, for example if we've several builders.

Reference: man 8 pkg-repo

Test Plan
  • repository test: sudo -u builder make clean all
  • pkg client test: sudo pkg update -f -r Nasqueron

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Mar 30 2018, 22:38
dereckson created this revision.
Harbormaster completed remote builds in B2440: Diff 3968.Mar 30 2018, 22:38
dereckson added a comment.Mar 30 2018, 22:41
$ cd /var/repo

$ sudo -u builder make clean all
rm -f digests.txz meta.txz packagesite.txz
pkg repo . signing_command: sign-freebsd-repo
Creating repository in .: 100%
Packing files for repository: 100%

$ ls -lah
total 3300
drwxr-xr-x   2 builder  wheel     7B Mar 30 22:34 .
drwxr-xr-x  31 root     wheel    31B Mar 30 19:20 ..
-rw-r--r--   1 builder  wheel   1.5K Mar 30 22:34 digests.txz
-rw-r--r--   1 root     wheel   3.2M Mar 30 19:21 hs-ShellCheck-0.4.8.p1.txz
-rw-r--r--   1 root     wheel   1.0K Mar 30 22:31 Makefile
-rw-r--r--   1 builder  wheel   1.5K Mar 30 22:34 meta.txz
-rw-r--r--   1 builder  wheel   2.7K Mar 30 22:34 packagesite.txz

$ sudo pkg update -f -r Nasqueron
Updating Nasqueron repository catalogue...
Fetching meta.txz: 100%    1 KiB   1.5kB/s    00:01
Fetching packagesite.txz: 100%    3 KiB   2.8kB/s    00:01
Processing entries: 100%
Nasqueron repository update completed. 1 packages processed.
All repositories are up to date.
dereckson accepted this revision.Mar 30 2018, 22:41
This revision is now accepted and ready to land.Mar 30 2018, 22:41
Closed by commit rOPSbe78c8fbc0ab: Generate the FreeBSD packages repository signature fingerprints (authored by dereckson). · Explain WhyMar 30 2018, 22:41
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
roles/
freebsd-repo/
repo/
files/
3 lines
31 lines
11 lines

Diff 3969

View Options

roles/freebsd-repo/repo/files/Makefile

Loading...
View Options

roles/freebsd-repo/repo/files/sign-freebsd-repo.sh.jinja

Loading...
View Options

roles/freebsd-repo/repo/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator