Description: | Easily create signed Pacman package repositories. |
Latest Version: | 2016.2 |
Source Code: | src/ |
Architecture: |
|
Dependencies: |
|
Arch Repositories: |
|
AUR Page: | repo-add_and_sign |
Arch Forum Thread: | 145763 |
Tags: |
repo-add_and_sign is a Python 3 script that wraps gpg
, repo-add
and repo-remove
to batch-sign packages and generate signed repositories. The script will only prompt for a passphrase once and will not leave any keyring agents running. See the FAQ below.
makepkg
and repo-add
?To use those options you either need to enter a passphrase for each file, which is very tedious, or you need to run a keyring agent in the background. Unless you are constantly signing things, the agent is unnecessary most of the time. It is also a security risk because anyone who can get access to your system would be able to use your key while the agent is running.
Short answer: gpg --gen-key
Long answer: GPGMiniHowto.
If you had to ask, I suggest at least skimming the documentation.
$ repo-add_and_sign --help
usage: repo-add_and_sign [-h] [-r <name>] [-e <extension>] [-a <architecture>]
[-o <path>] [--no-sign] [--copy] [--purge]
[--verbose] [-u <GPG UID>]
<pkg path> [<pkg path> ...]
Generate a signed repo for some packages.
optional arguments:
-h, --help show this help message and exit
Repo Options:
<pkg path> The packages to include in the repo. Use the "--arch"
option if you need to filter the input paths.
-r <name>, --repo <name>
The name of the repo to create.
-e <extension>, --archive-ext <extension>
The database archive extension. Default: ".tar.xz"
-a <architecture>, --arch <architecture>
Filter the input files by architecture compatibility,
e.g. "--arch x86_64" will only include "x86_64" and
"any" packages. This is useful when generating a repo
from a pool of packages.
-o <path>, --out <path>
The output directory in which to create the repo.
Defaults to the current directory.
--no-sign Do not sign packages and databases.
--copy Copy extradirectorial packages instead of symlinking
them.
--purge Purge older versions of packages and databases.
--verbose Increase verbosity when running commands.
GPG Options:
-u <GPG UID>, --uid <GPG UID>
The user ID of the signing key. This option accepts
anything that can be passed to gpg's "-u" option.
For signing you will need to add allow-loopback-pinentry
to ~/.gnupg/gpg-agent.conf
.
--copy
option as suggested by mortbauer from the Arch Linux forums--verbose
option