From d24e75514f20215530cb68d1bcdcfbd4d77b6715 Mon Sep 17 00:00:00 2001 From: Juan RP Date: Sun, 12 Jul 2015 10:05:39 +0200 Subject: [PATCH] xbps-src: document xbps-0.46 signing and require 0.46. --- README.md | 19 +++++++++++-------- xbps-src | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index aaa4ac62f71..699069b305f 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ or queried through the `xbps-install(1)` and `xbps-query(1)` utilities, respecti ### Requirements - GNU bash -- xbps >= 0.45 +- xbps >= 0.46 `xbps-src` requires an utility to chroot and bind mount existing directories into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports @@ -126,9 +126,9 @@ used as dependencies in the source packages tree. If you want to customize those replacements, copy `etc/defaults.virtual` to `etc/virtual` and edit it accordingly to your needs. -### Directory tree +### Directory hierarchy -The following directory tree is used with a default configuration file: +The following directory hierarchy is used with a default configuration file: /void-packages |- common @@ -156,7 +156,7 @@ The description of these directories is as follows: - `masterdir`: master directory to be used as rootfs to build/install packages. - `builddir`: to unpack package source tarballs and where packages are built. - `destdir`: to install packages, aka **fake destdir**. - - `hostdir/ccache-`: to store ccache data if the `XBPS_CCACHE` option is enabled. + - `hostdir/ccache`: to store ccache data if the `XBPS_CCACHE` option is enabled. - `hostdir/distcc-`: to store distcc data if the `XBPS_DISTCC` option is enabled. - `hostdir/repocache`: to store binary packages from remote repositories. - `hostdir/sources`: to store package sources. @@ -242,10 +242,14 @@ or > Only RSA keys in PEM format are currently accepted by xbps. -Once the RSA private key is ready you can use it to sign the repository: +Once the RSA private key is ready you can use it to initialize the repository metadata: $ xbps-rindex --sign --signedby "I'm Groot" --privkey privkey.pem $PWD/hostdir/binpkgs +And then make a signature per package: + + $ xbps-rindex --sign-pkg --privkey privkey.pem $PWD/hostdir/binpkgs/*.xbps + > If --privkey is unset, it defaults to `~/.ssh/id_rsa`. If the RSA key was protected with a passphrase you'll have to type it, or alternatively set @@ -253,11 +257,10 @@ it via the `XBPS_PASSPHRASE` environment variable. Once the binary packages have been signed, check the repository contains the appropriate `hex fingerprint`: - $ xbps-query --repository=$PWD/hostdir/binpkgs -vL + $ xbps-query --repository=hostdir/binpkgs -vL ... -Each time a binary package is created, the repository must be signed as explained above with -the difference that only those new packages will be signed. +Each time a binary package is created, a package signature must be created with `--sign-pkg`. > It is not possible to sign a repository with multiple RSA keys. diff --git a/xbps-src b/xbps-src index e26e1f68945..21791d9ff86 100755 --- a/xbps-src +++ b/xbps-src @@ -352,7 +352,7 @@ read_pkg() { setup_pkg $XBPS_TARGET_PKG $XBPS_CROSS_BUILD } -readonly XBPS_VERSION_REQ="0.45" +readonly XBPS_VERSION_REQ="0.46" readonly XBPS_VERSION=$(xbps-uhelper -V|awk '{print $2}') readonly XBPS_SRC_VERSION="113" export XBPS_MACHINE=$(xbps-uhelper arch)