`merfi`
=======
A helper tool to quickly crawl a file system and sign commonly used files for
repositories, with gpg or rpm-sign (Red Hat's signing internal tool).
*"a tool called "merfi" ... what could possibly go wrong?"*
rpm-sign
--------
Note: this sub-command tells merfi to use Red Hat's internal signing tool
inconveniently named ``rpm-sign``, not the ``rpmsign(8)`` command that is a
part of the `rpm <http://rpm.org>`_ open-source project.
For ``rpm-sign``, the default operation will just crawl the filesystem looking
for Debian repositories containing ``Release`` files. When the proper
``Release`` file is found, merfi will proceed to sign the file like::
$ merfi rpm-sign --key "mykey"
--> signing: /Users/alfredo/repos/debian/dists/trusty/Release
--> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg
--> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease
Like all the other supported backends, it will crawl from the current working
directory unless a path is specified::
$ merfi rpm-sign --key "mykey" /opt/packages
What is really doing behind the scenes is using ``rpm-sign`` like this::
rpm-sign --key "mykey" --detachsign Release --output Release.gpg
rpm-sign --key "mykey" --clearsign Release > InRelease
You can also specify a ``--keyfile`` argument to ``rpm-sign``. This will cause
merfi to copy this GPG public key as ``release.asc`` to the root of each
repository::
$ merfi rpm-sign --key "mykey" --keyfile /etc/RPM-GPG-KEY-testing /opt/packages
This feature is designed for Ceph's ISO installer (ceph-ansible), because it
expects the GPG public key to be present in this location.
If you are running the ``rpm-sign`` command on a computer that is behind a
NAT, you must pass the ``--nat`` argument, like so::
$ merfi rpm-sign --nat --key "mykey"
gpg
---
GPG support is similar to ``rpm-sign`` in that merfi will crawl a path
(defaults to the current working directory) looking for Debian repositories,
and sign the appropriate ``Release`` files::
$ merfi gpg
--> signing: /Users/alfredo/repos/debian/dists/trusty/Release
--> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg
--> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease
Behind the scenes the tool is running ``gpg`` like::
gpg --armor --detach-sig --output Release.gpg Release
gpg --clearsign --output InRelease Release
iso
---
merfi can generate an ISO from a tree of package repositories::
$ merfi iso /opt/packages --output my-dvd.iso
This will generate two files, ``my-dvd.iso`` and ``my-dvd.iso.SHA256SUM``. You
can verify the ISO file's integrity by passing the checksum file to the
``sha256sum -c`` command::
$ sha256sum -c my-dvd.iso.SHA256SUM
my-dvd.iso: OK
About the name
--------------
*"Firme"* is the Spanish word for "sign" and *"merfi"* is the Peruvian slang
for it.
Raw data
{
"_id": null,
"home_page": "http://github.com/alfredodeza/merfi",
"name": "merfi",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "rpm-sign,gpg,release,binaries",
"author": "Alfredo Deza",
"author_email": "alfredo@deza.pe",
"download_url": "https://files.pythonhosted.org/packages/f3/39/b240694bff1c4ac53ed5ba046689a0335dbc2b221ba428726ba4f7be8f96/merfi-1.3.5.tar.gz",
"platform": null,
"description": "`merfi`\n=======\nA helper tool to quickly crawl a file system and sign commonly used files for\nrepositories, with gpg or rpm-sign (Red Hat's signing internal tool).\n\n*\"a tool called \"merfi\" ... what could possibly go wrong?\"*\n\nrpm-sign\n--------\nNote: this sub-command tells merfi to use Red Hat's internal signing tool\ninconveniently named ``rpm-sign``, not the ``rpmsign(8)`` command that is a\npart of the `rpm <http://rpm.org>`_ open-source project.\n\nFor ``rpm-sign``, the default operation will just crawl the filesystem looking\nfor Debian repositories containing ``Release`` files. When the proper\n``Release`` file is found, merfi will proceed to sign the file like::\n\n $ merfi rpm-sign --key \"mykey\"\n --> signing: /Users/alfredo/repos/debian/dists/trusty/Release\n --> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg\n --> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease\n\nLike all the other supported backends, it will crawl from the current working\ndirectory unless a path is specified::\n\n $ merfi rpm-sign --key \"mykey\" /opt/packages\n\nWhat is really doing behind the scenes is using ``rpm-sign`` like this::\n\n rpm-sign --key \"mykey\" --detachsign Release --output Release.gpg\n rpm-sign --key \"mykey\" --clearsign Release > InRelease\n\nYou can also specify a ``--keyfile`` argument to ``rpm-sign``. This will cause\nmerfi to copy this GPG public key as ``release.asc`` to the root of each\nrepository::\n\n $ merfi rpm-sign --key \"mykey\" --keyfile /etc/RPM-GPG-KEY-testing /opt/packages\n\nThis feature is designed for Ceph's ISO installer (ceph-ansible), because it\nexpects the GPG public key to be present in this location.\n\nIf you are running the ``rpm-sign`` command on a computer that is behind a\nNAT, you must pass the ``--nat`` argument, like so::\n\n $ merfi rpm-sign --nat --key \"mykey\"\n\ngpg\n---\nGPG support is similar to ``rpm-sign`` in that merfi will crawl a path\n(defaults to the current working directory) looking for Debian repositories,\nand sign the appropriate ``Release`` files::\n\n $ merfi gpg\n --> signing: /Users/alfredo/repos/debian/dists/trusty/Release\n --> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg\n --> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease\n\nBehind the scenes the tool is running ``gpg`` like::\n\n gpg --armor --detach-sig --output Release.gpg Release\n gpg --clearsign --output InRelease Release\n\niso\n---\nmerfi can generate an ISO from a tree of package repositories::\n\n $ merfi iso /opt/packages --output my-dvd.iso\n\nThis will generate two files, ``my-dvd.iso`` and ``my-dvd.iso.SHA256SUM``. You\ncan verify the ISO file's integrity by passing the checksum file to the\n``sha256sum -c`` command::\n\n $ sha256sum -c my-dvd.iso.SHA256SUM\n my-dvd.iso: OK\n\nAbout the name\n--------------\n*\"Firme\"* is the Spanish word for \"sign\" and *\"merfi\"* is the Peruvian slang\nfor it.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Signs release files",
"version": "1.3.5",
"split_keywords": [
"rpm-sign",
"gpg",
"release",
"binaries"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "f339b240694bff1c4ac53ed5ba046689a0335dbc2b221ba428726ba4f7be8f96",
"md5": "99753694ef88777841dea2d6e2d2ef36",
"sha256": "a3ec2d19fc034c117772e70885fdd17cc08c9241513dd8f7bd25f7cc71f5057e"
},
"downloads": -1,
"filename": "merfi-1.3.5.tar.gz",
"has_sig": true,
"md5_digest": "99753694ef88777841dea2d6e2d2ef36",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 23183,
"upload_time": "2023-04-06T19:02:48",
"upload_time_iso_8601": "2023-04-06T19:02:48.839464Z",
"url": "https://files.pythonhosted.org/packages/f3/39/b240694bff1c4ac53ed5ba046689a0335dbc2b221ba428726ba4f7be8f96/merfi-1.3.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-04-06 19:02:48",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "alfredodeza",
"github_project": "merfi",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"tox": true,
"lcname": "merfi"
}
JSON
