README: new section: "Sharing and signing your repositories"

This commit is contained in:
Juan RP 2015-01-12 23:50:01 +01:00
parent 8cbc48b1d3
commit 216bda2d1c

View File

@ -134,6 +134,33 @@ It is possible to avoid using remote repositories completely by using the `-N` f
> NOTE: the default local repository may contain multiple *sub-repositories*: `debug`, `multilib`, etc. > NOTE: the default local repository may contain multiple *sub-repositories*: `debug`, `multilib`, etc.
### Sharing and signing your local repositories
To share a local repository remotely it's mandatory to sign it and the binary packages
stored on it. This is accomplished with the `xbps-rindex(8)` utility.
First a RSA key must be created with `openssl(1)` or `ssh-keygen(8)`:
$ openssl genrsa -des3 -out privkey.pem 4096
or
$ ssh-keygen -t rsa -b 4096 -f privkey.pem
> NOTE: only RSA keys in PEM format are currently accepted by xbps.
Once the RSA private key is ready you can use it to sign the repository:
$ xbps-rindex --sign --signedby "I'm Groot <groot@me>" --privkey privkey.pem ~/void-packages/hostdir/binpkgs
If the RSA key was protected with a passphrase you'll have to type it, or alternatively set
it via the `XBPS_PASSPHRASE` environment variable.
Once the binary packages have been signed, check the repository contains the appropiate `hex fingerprint`:
$ xbps-query --repository=~/void-packages/hostdir/binpkgs -vL
...
### Rebuilding and overwriting existing local packages ### Rebuilding and overwriting existing local packages
If for whatever reason a package has been built and it is available in your local repository If for whatever reason a package has been built and it is available in your local repository