Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

conex test-repository

You need conex from master branch to use this, opam pin add conex --dev should do the trick!

To test conex_verify, you need to add the following to your $(OPAMROOT)/config:

repository-validation-command: [
  "conex_verify_nocrypto" "--quorum" "%{quorum}%"
  "--trust-anchors" "%{anchors}%"
  "--repo" "%{repo}%"
  "--dir=%{dir}%" { ! incremental }
  "--patch=%{patch}%" { incremental }
  "--incremental" { incremental }

You can use conex_verify_openssl instead of nocrypto, add -v flags. This will only be used for repositories which have trust anchors and a quorum configured. Update of the default opam-repository will not be affected.

To add this repository with a quorum of 1, you have to type:

opam repo add conex-test 1 sha256=5a148d3977cb03dbeaeb99fa7033b5c7a43c8c7ee1114fee0c22fada2f7c9687

Vary the quorum or the fingerprints to see verification failures.

Private keys

For maintainer m1, maintainer m2, and maintainer m3 are help for test purposes in priv. Do not use these private keys elsewhere, generate your own instead. The rootA key is also in priv.

If you clone this repository and cp priv/* ~/.conex/, you'll be able to sign updates.

Creation of this repository

Initial setup:

$ mkdir -p /tmp/testrepo/packages/foo/foo.0.1.0
$ echo > /tmp/testrepo/packages/foo/foo.0.1.0/opam
# init some keys
$ conex_key --id rootA
$ conex_key --id j1
$ conex_key --id j2
$ conex_key --id j3

# root
$ conex_root create
$ conex_key --id rootA --pub
# manually modify root (valid: rootA; maintainer role; keys: root key)
$ conex_root sign --id rootA

# targets (maintainer) - repeat for m2 and m3
$ conex_targets create --id m1
# collect targets
$ conex_targets compute --pkg foo
# sign targets
$ conex_targets sign --id m1

Testing of conex_verify:

$ conex_verify_nocrypto -v --dir `pwd` -t sha256=3aedc7043e771efc42a3c3e6b60fa6baeb2c26c2d57f994c632bae98a09af701
$ conex_verify_openssl -v --dir `pwd` -t sha256=3aedc7043e771efc42a3c3e6b60fa6baeb2c26c2d57f994c632bae98a09af701


No description, website, or topics provided.






No releases published


No packages published