You are not logged in.

#1 2012-07-24 23:24:30

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,965
Website

repo-add_and_sign: batch-sign packages and repos

Info: http://xyne.archlinux.ca/projects/repo-add_and_sign
Summary: repo-add_and_sign lets you batch sign packages and then generate a signed repo with a single passphrase prompt

If you need to sign a lot of packages and don't want to deal with a keyring agent, this is for you.

Last edited by Xyne (2012-12-25 09:36:08)


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#2 2012-12-25 09:36:23

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,965
Website

Re: repo-add_and_sign: batch-sign packages and repos

packaged


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#3 2013-01-01 11:20:07

ShadowKyogre
Member
From: Hell! XP No... I'm not telling
Registered: 2008-12-19
Posts: 476
Website

Re: repo-add_and_sign: batch-sign packages and repos

Just wanted to drop by here and say that this has really helped me with starting up my own repository. One suggestion I'd like to add that if there is a signature for an old package version that is to be purged, it should be deleted as well.


For every problem, there is a solution that is:
Clean
Simple and most of all...wrong!
Github page

Offline

#4 2013-01-01 23:41:13

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,965
Website

Re: repo-add_and_sign: batch-sign packages and repos

@ShadowKyogre
As of today's version matching signatures are deleted too.

Thanks for the feedback!


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#5 2013-01-03 19:21:53

ShadowKyogre
Member
From: Hell! XP No... I'm not telling
Registered: 2008-12-19
Posts: 476
Website

Re: repo-add_and_sign: batch-sign packages and repos

@Xyne: Tested it with the new changes and it works as expected! big_smile


For every problem, there is a solution that is:
Clean
Simple and most of all...wrong!
Github page

Offline

#6 2021-01-13 12:14:46

bionade24
Member
Registered: 2020-12-26
Posts: 4

Re: repo-add_and_sign: batch-sign packages and repos

1. Sometimes after running repo-add_and_sign I have wrong signatures still afterwards. Is this a bug? Doesn't repo-add_and_sign resign every package? (I maybe have sometimes pkgs where the version didn't change but the hash of it)
2. If repo-add_and_sign resigns everything, why is it doing that? Why not check if the package already is signed and the signature newer than the pkg file?

Offline

#7 2021-01-27 23:13:13

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,965
Website

Re: repo-add_and_sign: batch-sign packages and repos

@bionade24
I've refactored the code to address those issues. The previous monstrosity was a quick hack that relied on false assumptions to determine which packages needed to be (re-)added. It now checks the expected file name, SHA256 sum and PGP signature so the issue should be fixed.

Please let me know if it works as expected. The refactoring may have introduced other bugs that I didn't notice after some quick testing.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

Board footer

Powered by FluxBB