repo-add_and_sign

2013-05-12 22:34 UTC
  • Xyne

Metadata

Description:

Easily create signed Pacman package repositories.

Latest Version:

2013.4

Architecture:
  • any

Dependencies:
  • pyalpm
  • python3

Arch Repositories:
  • [xyne-any]
  • [xyne-i686]
  • [xyne-x86_64]

AUR ID:

65749

Arch Forum ID:

145763

Tags:

About

repo-add_and_sign is a Python 3 script that wraps gpg, repo-add and repo-remove to batch-sign packages and generate signed repositories. The script will only prompt for a passphrase once and will not leave any keyring agents running. See the FAQ below.

FAQ

Why not sign with makepkg and repo-add?

To use those options you either need to enter a passphrase for each file, which is very tedious, or you need to run a keyring agent in the background. Unless you are constantly signing things, the agent is unnecessary most of the time. It is also a security risk because anyone who can get access to your system would be able to use your key while the agent is running.

How do I generate a key?

Short answer: gpg --gen-key

Long answer: GPGMiniHowto.

If you had to ask, I suggest at least skimming the documentation.

Help Message

$ repo-add_and_sign --help

usage: repo-add_and_sign [-h] [-r <name>] [-e <extension>] [-a <architecture>]
                         [-o <path>] [--no-files-db] [--purge] [--verbose]
                         [-u <GPG UID>]
                         <pkg path> [<pkg path> ...]

Generate a signed repo for some packages.

optional arguments:
  -h, --help            show this help message and exit

Repo Options:
  <pkg path>            The packages to include in the repo. Use the "--arch"
                        option if you need to filter the input paths.
  -r <name>, --repo <name>
                        The name of the repo to create.
  -e <extension>, --db-ext <extension>
                        The database archive extension. Default: ".tar.gz"
  -a <architecture>, --arch <architecture>
                        Filter the input files by architecture compatibility,
                        e.g. "--arch x86_64" will only include "x86_64" and
                        "any" packages. This is useful when generating a repo
                        from a pool of packages.
  -o <path>, --out <path>
                        The output directory in which to create the repo.
                        Defaults to the current directory.
  --no-files-db         Disable the files database. The files database allows
                        users to search for individual files in your packages
                        and it is used by some official tools. It is therefore
                        highly recommended that you do not disable it.
  --purge               Purge older versions of packages and databases.
  --verbose             Increase verbosity when running commands.

GPG Options:
  -u <GPG UID>, --uid <GPG UID>
                        The user ID of the signing key. This option accepts
                        anything that can be passed to gpg's "-u" option.

CHANGELOG

2013-01-31

  • improved checking of signature modification times to ensure consistency

2013-01-01

  • added --verbose option
  • delete matching signatures when purging old packages
Contact
echo xyne.archlinux.ca | sed 's/\./@/'
Feeds
Blog News
Validation
XHTML 1.0 Strict CSS level 3 Atom 1.0