mirror of
https://github.com/moparisthebest/pacman
synced 2024-11-10 11:35:00 -05:00
a4120f2015
In order to be fully secure, we can't only sign packages. We also need to sign our repository metadata to prevent database falsification, dependency injection, etc. Add an '-s/--sign' option that allows this functionality, and will generate a .sig file side-by-side with the package database. While at it, fix the issue where a signature file would never be found because of 'cd' madness (this needs fixing in another commit). Signed-off-by: Dan McGee <dan@archlinux.org>
58 lines
1.6 KiB
Plaintext
58 lines
1.6 KiB
Plaintext
/////
|
|
vim:set ts=4 sw=4 syntax=asciidoc noet:
|
|
/////
|
|
repo-add(8)
|
|
==========
|
|
|
|
Name
|
|
----
|
|
repo-add - package database maintenance utility
|
|
|
|
Synopsis
|
|
--------
|
|
repo-add [-d] [-f] [-q] <path-to-db> <package1> [<package2> ...]
|
|
|
|
repo-remove [-q] <path-to-db> <packagename> [<packagename2> ...]
|
|
|
|
|
|
Description
|
|
-----------
|
|
repo-add and repo-remove are two scripts to help build a package database for
|
|
packages built with linkman:makepkg[8] and installed with linkman:pacman[8].
|
|
|
|
repo-add will update a package database by reading a built package file.
|
|
Multiple packages to add can be specified on the command line.
|
|
|
|
repo-remove will update a package database by removing the package name
|
|
specified on the command line. Multiple packages to remove can be specified
|
|
on the command line.
|
|
|
|
|
|
Options
|
|
-------
|
|
*-d, \--delta*::
|
|
Automatically generate and add a delta file between the old entry and the
|
|
new one, if the old package file is found next to the new one.
|
|
|
|
*-f, \--files*::
|
|
Tells repo-add also to create and include a list of the files in the
|
|
specified packages. This is useful for creating databases listing all files
|
|
in a given sync repository for tools that may use this information.
|
|
|
|
*-q, \--quiet*::
|
|
Force this program to keep quiet and run silent except for warning and
|
|
error messages.
|
|
|
|
*-s, \--sign*::
|
|
Generate a PGP signature file using GnuPG. This will execute `gpg
|
|
--detach-sign --use-agent` on the generated database to generate a detached
|
|
signature file, using the GPG agent if it is available. The signature file
|
|
will be the entire filename of the database with a ``.sig'' extension.
|
|
|
|
|
|
See Also
|
|
--------
|
|
linkman:makepkg[8], linkman:pacman[8]
|
|
|
|
include::footer.txt[]
|