1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-13 21:05:05 -05:00
pacman/doc/repo-add.8.txt
Dan McGee a4120f2015 repo-add: allow signing of the package database
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.

While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00

58 lines
1.6 KiB
Plaintext

/////
vim:set ts=4 sw=4 syntax=asciidoc noet:
/////
repo-add(8)
==========
Name
----
repo-add - package database maintenance utility
Synopsis
--------
repo-add [-d] [-f] [-q] <path-to-db> <package1> [<package2> ...]
repo-remove [-q] <path-to-db> <packagename> [<packagename2> ...]
Description
-----------
repo-add and repo-remove are two scripts to help build a package database for
packages built with linkman:makepkg[8] and installed with linkman:pacman[8].
repo-add will update a package database by reading a built package file.
Multiple packages to add can be specified on the command line.
repo-remove will update a package database by removing the package name
specified on the command line. Multiple packages to remove can be specified
on the command line.
Options
-------
*-d, \--delta*::
Automatically generate and add a delta file between the old entry and the
new one, if the old package file is found next to the new one.
*-f, \--files*::
Tells repo-add also to create and include a list of the files in the
specified packages. This is useful for creating databases listing all files
in a given sync repository for tools that may use this information.
*-q, \--quiet*::
Force this program to keep quiet and run silent except for warning and
error messages.
*-s, \--sign*::
Generate a PGP signature file using GnuPG. This will execute `gpg
--detach-sign --use-agent` on the generated database to generate a detached
signature file, using the GPG agent if it is available. The signature file
will be the entire filename of the database with a ``.sig'' extension.
See Also
--------
linkman:makepkg[8], linkman:pacman[8]
include::footer.txt[]