Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

README.md

conex test-repository

You need conex from master branch to use this, opam pin add conex --dev should do the trick!

To test conex_verify, you need to add the following to your $(OPAMROOT)/config:

repository-validation-command: [
  "conex_verify_nocrypto" "--quorum" "%{quorum}%"
  "--trust-anchors" "%{anchors}%"
  "--repo" "%{repo}%"
  "--dir=%{dir}%" { ! incremental }
  "--patch=%{patch}%" { incremental }
  "--incremental" { incremental }
  "--no-opam"
]

You can use conex_verify_openssl instead of nocrypto, add -v flags. This will only be used for repositories which have trust anchors and a quorum configured. Update of the default opam-repository will not be affected.

To add this repository with a quorum of 1, you have to type:

opam repo add conex-test https://github.com/hannesm/testrepo.git 1 sha256=5a148d3977cb03dbeaeb99fa7033b5c7a43c8c7ee1114fee0c22fada2f7c9687

Vary the quorum or the fingerprints to see verification failures.

Private keys

For maintainer m1, maintainer m2, and maintainer m3 are help for test purposes in priv. Do not use these private keys elsewhere, generate your own instead. The rootA key is also in priv.

If you clone this repository and cp priv/* ~/.conex/, you'll be able to sign updates.

Creation of this repository

Initial setup:

$ mkdir -p /tmp/testrepo/packages/foo/foo.0.1.0
$ echo > /tmp/testrepo/packages/foo/foo.0.1.0/opam
# init some keys
$ conex_key --id rootA
$ conex_key --id j1
$ conex_key --id j2
$ conex_key --id j3

# root
$ conex_root create
$ conex_key --id rootA --pub
# manually modify root (valid: rootA; maintainer role; keys: root key)
$ conex_root sign --id rootA

# targets (maintainer) - repeat for m2 and m3
$ conex_targets create --id m1
# collect targets
$ conex_targets compute --pkg foo
# sign targets
$ conex_targets sign --id m1

Testing of conex_verify:

$ conex_verify_nocrypto -v --dir `pwd` -t sha256=3aedc7043e771efc42a3c3e6b60fa6baeb2c26c2d57f994c632bae98a09af701
$ conex_verify_openssl -v --dir `pwd` -t sha256=3aedc7043e771efc42a3c3e6b60fa6baeb2c26c2d57f994c632bae98a09af701

About

No description, website, or topics provided.

Resources

Releases

No releases published

Packages

No packages published