![]() ![]() I’m relatively new to MacPorts so I don’t know if what I’ve described here even remotely follows best practices.I am not able to update the macport. At least for the distribution of the source’s public key I’d still opt to sign that with GnuPG which is why there is also a in my example repository. Personally, I would have preferred GnuPG signatures over openssl/rmd160 simply because they are a bit more modern and include more meta-data about the owner of the signature. ![]() ![]() While MacPorts approach for offering multiple sources of packages is a bit more complicated to set up than Homebrew’s, I really like that archives have to be signed (unless you just expose a folder somewhere). Maintainers: Email: good and the not so good # Download the sources:ĭescription: exa is a replacement for ls with additional features like color-coding for file types, Git integration, and extended attributes. This tells MacPorts that it should look first inside the source for a port before falling back to the default one. Rsync:///macports/release/tarballs/ports.tar Finally, update the nf inside /opt/local/etc/macports/ to look like this: Hurray, we now have a ports archive that we can finally use. Running make clean all release now generates an archive, signs it, and uploads it including the public key (and its signature) to. Rsync -avz pubkey.* :/srv/www//www/htdocs/macports-ports/ Rsync -avz dist/* :/srv/www//www/htdocs/macports-ports/ & \ Openssl dgst -ripemd160 -sign privkey.pem -out dist/160 dist/160 The Makefile is mostly there to automate the creation of the ports-tree archive and its signing: all: dist/2 dist/160Ĭd dist & tar -cjvf 2 ports & \ ![]() This contains the following files: $ exa -l -tree For my exa Portfile I’ve created the following repository: Now that MacPorts knows how it can verify our new source, we need to create an archive to distribute. Users/zerok/src//zerok/macports-ports/pubkey.pem opt/local/share/macports/macports-pubkey.pem This is done by adding it to the /opt/local/etc/macports/nf: # MacPorts system-wide public key configuration file. Next, MacPorts has to know that the public key can be used to verify artefacts. I’ve then placed the public key file ( pubkey.pem) inside /Users/zerok/src//zerok/macports-ports/. $ openssl rsa -in privkey.pem -pubout -out pubkey.pem $ openssl genrsa -des3 -out privkey.pem 2048 In order to sign anything, we first need a key-pair (consisting of a private and public key). Since that road is only a bit longer, let’s take that extra step here. While MacPorts doesn’t strictly require the ports tree to be distributed as archive, this is the only way where it also enforces the use of signatures. In order to demonstrate this feature, I’ve created a custom Portfile for exa which we are now going to distribute through a custom source. You do that by editing /opt/local/etc/macports/nf: rsync:///macports/release/tarballs/ports.tar Īny custom source should be added before the “default” entry in there as MacPorts will go through each source in the order they are specified here. While MacPorts focuses heavily on the main port tree you can specify multiple sources for that tree. This is pretty straight forward as it only requires a Git repository where the audience can access it. In order to distribute custom tools among friends but also to some degree at work I’ve created a custom tap in Homebrew. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |