GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PKG-REPO (8)

NAME

pkg repo - create a package repository catalogue

CONTENTS

Synopsis
Description
Options
Files
See Also
Examples

SYNOPSIS

pkg repo [-lqL] [-o output-dir] [-m meta-file] <repo-path[<rsa-key|signing_command:<the command>>]>

pkg repo [--{list-files,quiet,legacy}] [--output-dir output-dir] [--meta-file meta-file] <repo-path[<rsa-key|signing_command:<the command>>]>

DESCRIPTION

pkg repo is used for creating a catalogue of the available packages in a repository. pkg repo catalogues are necessary for sharing your package repository with other people.

When pkg repo is invoked it creates a package repository catalogue (repo.sqlite), with an optional cryptographic signature, as a compressed tarball (repo.txz). Repository users download and cache this on their local machines, for fast lookup of available packages by programs such as pkg-install(8).

To create a package repository catalogue you must specify the top-level directory where all the packages are stored as repo-path. pkg repo will search the filesystem beneath repo-path to find all the packages it contains. Directories starting with "."" or named Latest are not traversed.

The repository will be created in the package directory unless the -o output-dir or --output-dir output-dir is specified, in which case it will be created there.

Optionally you may sign the repository catalogue by specifying the path to an RSA private key as the rsa-key argument or an external command.

If rsa-key is used, the SHA256 of the repository is signed using the provided key. The signature is added into the repository catalogue. The client side should use SIGNATURE_TYPE set to PUBKEY and PUBKEY set to a local path of the public key in its repository configuration file.

An external command can be useful to create a signing server to keep the private key separate from the repository. The external command is passed the SHA256 of the repository catalogue on its stdin. It should output the following format:

SIGNATURE
signature data here
CERT
public key data here
END

When using an external command, the client’s pkg.conf must have SIGNATURE_TYPE set to FINGERPRINTS and FINGERPRINTS set to a directory having a trusted/myrepo containing a fingerprint style representation of the public key:

function: sha256
fingerprint: sha256_representation_of_the_public_key

See the EXAMPLES section and pkg.conf(5) for more information.

Signing the catalogue is strongly recommended.

OPTIONS

The following options are supported by pkg repo:
-q -, --quiet
  Force quiet output.
-L -, --legacy
  Create a repository compatible with pkg 1.2. Note that this is only required if the repository clients will not be upgrading to pkg 1.3+. Older versions of pkg can upgrade themselves even from non-legacy. repositories, provided pkg itself is included in those repositories.
-m meta-file, --meta-file meta-file
  Use the specified file as repository meta file instead of the default settings.
-l -, --list-files
  Generate list of all files in repo as filesite.txz archive.
-o output-dir, --output-dir output-dir
  Create the repository in the specified directory instead of the package directory.

FILES

See pkg.conf(5).

SEE ALSO

pkg_printf(3), pkg_repos(3), pkg-repository(5), pkg.conf(5), pkg(8), pkg-add(8), pkg-annotate(8), pkg-audit(8), pkg-autoremove(8), pkg-backup(8), pkg-check(8), pkg-clean(8), pkg-config(8), pkg-convert(8), pkg-create(8), pkg-delete(8), pkg-fetch(8), pkg-info(8), pkg-install(8), pkg-lock(8), pkg-query(8), pkg-register(8), pkg-rquery(8), pkg-search(8), pkg-set(8), pkg-shell(8), pkg-shlib(8), pkg-ssh(8), pkg-stats(8), pkg-update(8), pkg-updating(8), pkg-upgrade(8), pkg-version(8), pkg-which(8)

EXAMPLES

Create an RSA key pair:
% openssl genrsa -out repo.key 2048
% chmod 0400 repo.key
% openssl rsa -in repo.key -out repo.pub -pubout

Create a repository and sign it with a local RSA key. The public key would be shared on all client servers with SIGNATURE_TYPE set to PUBKEY and its path set via PUBKEY setting in the repository configuration file:

    pkg repo /usr/ports/packages repo.key

Create a repository and sign it with an external command. The client should set, via the repository configuration file, SIGNATURE_TYPE to FINGERPRINTS and FINGERPRINTS to a path containing a file with the SHA256 of the public key:

# On signing server:
% cat > sign.sh << EOF
#!/bin/sh
read -t 2 sum
[ -z "$sum" ] && exit 1
echo SIGNATURE
echo -n $sum | /usr/bin/openssl dgst -sign repo.key -sha256 -binary
echo
echo CERT
cat repo.pub
echo END
EOF

# On package server: % pkg repo /usr/ports/packages signing_command: ssh signing-server sign.sh # Generate fingerprint for sharing with clients % sh -c ’( echo "function: sha256"; echo "fingerprint: $(sha256 -q repo.pub)"; ) > fingerprint’ # The ’fingerprint’ file should be distributed to all clients.

# On clients with FINGERPRINTS: /usr/local/etc/pkg/fingerprints/myrepo: $ mkdir -p /usr/local/etc/pkg/fingerprints/myrepo/trusted # Add ’fingerprint’ into /usr/local/etc/pkg/fingerprints/myrepo/trusted

Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.