merfi


Namemerfi JSON
Version 1.3.5 PyPI version JSON
download
home_pagehttp://github.com/alfredodeza/merfi
SummarySigns release files
upload_time2023-04-06 19:02:48
maintainer
docs_urlNone
authorAlfredo Deza
requires_python
licenseMIT
keywords rpm-sign gpg release binaries
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            `merfi`
=======
A helper tool to quickly crawl a file system and sign commonly used files for
repositories, with gpg or rpm-sign (Red Hat's signing internal tool).

*"a tool called "merfi" ... what could possibly go wrong?"*

rpm-sign
--------
Note: this sub-command tells merfi to use Red Hat's internal signing tool
inconveniently named ``rpm-sign``, not the ``rpmsign(8)`` command that is a
part of the `rpm <http://rpm.org>`_ open-source project.

For ``rpm-sign``, the default operation will just crawl the filesystem looking
for Debian repositories containing  ``Release`` files. When the proper
``Release`` file is found, merfi will proceed to sign the file like::

    $ merfi rpm-sign --key "mykey"
    --> signing: /Users/alfredo/repos/debian/dists/trusty/Release
    --> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg
    --> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease

Like all the other supported backends, it will crawl from the current working
directory unless a path is specified::

    $ merfi rpm-sign --key "mykey" /opt/packages

What is really doing behind the scenes is using ``rpm-sign`` like this::

    rpm-sign --key "mykey" --detachsign Release --output Release.gpg
    rpm-sign --key "mykey" --clearsign Release > InRelease

You can also specify a ``--keyfile`` argument to ``rpm-sign``. This will cause
merfi to copy this GPG public key as ``release.asc`` to the root of each
repository::

    $ merfi rpm-sign --key "mykey" --keyfile /etc/RPM-GPG-KEY-testing /opt/packages

This feature is designed for Ceph's ISO installer (ceph-ansible), because it
expects the GPG public key to be present in this location.

If you are running the ``rpm-sign`` command  on a computer that is behind a
NAT, you must pass the ``--nat`` argument, like so::

    $ merfi rpm-sign --nat --key "mykey"

gpg
---
GPG support is similar to ``rpm-sign`` in that merfi will crawl a path
(defaults to the current working directory) looking for Debian repositories,
and sign the appropriate ``Release`` files::

    $ merfi gpg
    --> signing: /Users/alfredo/repos/debian/dists/trusty/Release
    --> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg
    --> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease

Behind the scenes the tool is running ``gpg`` like::

    gpg --armor --detach-sig --output Release.gpg Release
    gpg --clearsign --output InRelease Release

iso
---
merfi can generate an ISO from a tree of package repositories::

    $ merfi iso /opt/packages --output my-dvd.iso

This will generate two files, ``my-dvd.iso`` and ``my-dvd.iso.SHA256SUM``. You
can verify the ISO file's integrity by passing the checksum file to the
``sha256sum -c`` command::

    $ sha256sum -c my-dvd.iso.SHA256SUM
    my-dvd.iso: OK

About the name
--------------
*"Firme"* is the Spanish word for "sign" and *"merfi"* is the Peruvian slang
for it.

            

Raw data

            {
    "_id": null,
    "home_page": "http://github.com/alfredodeza/merfi",
    "name": "merfi",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "rpm-sign,gpg,release,binaries",
    "author": "Alfredo Deza",
    "author_email": "alfredo@deza.pe",
    "download_url": "https://files.pythonhosted.org/packages/f3/39/b240694bff1c4ac53ed5ba046689a0335dbc2b221ba428726ba4f7be8f96/merfi-1.3.5.tar.gz",
    "platform": null,
    "description": "`merfi`\n=======\nA helper tool to quickly crawl a file system and sign commonly used files for\nrepositories, with gpg or rpm-sign (Red Hat's signing internal tool).\n\n*\"a tool called \"merfi\" ... what could possibly go wrong?\"*\n\nrpm-sign\n--------\nNote: this sub-command tells merfi to use Red Hat's internal signing tool\ninconveniently named ``rpm-sign``, not the ``rpmsign(8)`` command that is a\npart of the `rpm <http://rpm.org>`_ open-source project.\n\nFor ``rpm-sign``, the default operation will just crawl the filesystem looking\nfor Debian repositories containing  ``Release`` files. When the proper\n``Release`` file is found, merfi will proceed to sign the file like::\n\n    $ merfi rpm-sign --key \"mykey\"\n    --> signing: /Users/alfredo/repos/debian/dists/trusty/Release\n    --> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg\n    --> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease\n\nLike all the other supported backends, it will crawl from the current working\ndirectory unless a path is specified::\n\n    $ merfi rpm-sign --key \"mykey\" /opt/packages\n\nWhat is really doing behind the scenes is using ``rpm-sign`` like this::\n\n    rpm-sign --key \"mykey\" --detachsign Release --output Release.gpg\n    rpm-sign --key \"mykey\" --clearsign Release > InRelease\n\nYou can also specify a ``--keyfile`` argument to ``rpm-sign``. This will cause\nmerfi to copy this GPG public key as ``release.asc`` to the root of each\nrepository::\n\n    $ merfi rpm-sign --key \"mykey\" --keyfile /etc/RPM-GPG-KEY-testing /opt/packages\n\nThis feature is designed for Ceph's ISO installer (ceph-ansible), because it\nexpects the GPG public key to be present in this location.\n\nIf you are running the ``rpm-sign`` command  on a computer that is behind a\nNAT, you must pass the ``--nat`` argument, like so::\n\n    $ merfi rpm-sign --nat --key \"mykey\"\n\ngpg\n---\nGPG support is similar to ``rpm-sign`` in that merfi will crawl a path\n(defaults to the current working directory) looking for Debian repositories,\nand sign the appropriate ``Release`` files::\n\n    $ merfi gpg\n    --> signing: /Users/alfredo/repos/debian/dists/trusty/Release\n    --> signed: /Users/alfredo/repos/debian/dists/trusty/Release.gpg\n    --> signed: /Users/alfredo/repos/debian/dists/trusty/InRelease\n\nBehind the scenes the tool is running ``gpg`` like::\n\n    gpg --armor --detach-sig --output Release.gpg Release\n    gpg --clearsign --output InRelease Release\n\niso\n---\nmerfi can generate an ISO from a tree of package repositories::\n\n    $ merfi iso /opt/packages --output my-dvd.iso\n\nThis will generate two files, ``my-dvd.iso`` and ``my-dvd.iso.SHA256SUM``. You\ncan verify the ISO file's integrity by passing the checksum file to the\n``sha256sum -c`` command::\n\n    $ sha256sum -c my-dvd.iso.SHA256SUM\n    my-dvd.iso: OK\n\nAbout the name\n--------------\n*\"Firme\"* is the Spanish word for \"sign\" and *\"merfi\"* is the Peruvian slang\nfor it.\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Signs release files",
    "version": "1.3.5",
    "split_keywords": [
        "rpm-sign",
        "gpg",
        "release",
        "binaries"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "f339b240694bff1c4ac53ed5ba046689a0335dbc2b221ba428726ba4f7be8f96",
                "md5": "99753694ef88777841dea2d6e2d2ef36",
                "sha256": "a3ec2d19fc034c117772e70885fdd17cc08c9241513dd8f7bd25f7cc71f5057e"
            },
            "downloads": -1,
            "filename": "merfi-1.3.5.tar.gz",
            "has_sig": true,
            "md5_digest": "99753694ef88777841dea2d6e2d2ef36",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 23183,
            "upload_time": "2023-04-06T19:02:48",
            "upload_time_iso_8601": "2023-04-06T19:02:48.839464Z",
            "url": "https://files.pythonhosted.org/packages/f3/39/b240694bff1c4ac53ed5ba046689a0335dbc2b221ba428726ba4f7be8f96/merfi-1.3.5.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-04-06 19:02:48",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "alfredodeza",
    "github_project": "merfi",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "tox": true,
    "lcname": "merfi"
}
        
Elapsed time: 0.06740s