diff --git a/README.md b/README.md index 9b6db59..041fad8 100644 --- a/README.md +++ b/README.md @@ -39,72 +39,16 @@ I publish the packages I built, in my own apt repository, using the process desc However, you have no reason to trust me and my apt repository. This git repo exists so that you can build the packages yourself instead. See Option 2 for that. -### 1) Add the GPG key (signed-by) - ```bash sudo mkdir -p /usr/share/keyrings curl -fsSL https://mig5.net/static/mig5.asc | sudo gpg --dearmor -o /usr/share/keyrings/mig5.gpg -``` - -My GPG fingerprint is `00AE817C24A10C2540461A9C1D7CDE0234DB458D`. You can also fetch it from https://keys.openpgp.org or search the fingerprint online to confirm it. - -### 2) Add the APT source - -**Debian 12 (bookworm):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net bookworm main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -**Debian 13 (trixie):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net trixie main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -**Ubuntu 22.04 (jammy):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net jammy main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -**Ubuntu 24.04 (noble):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net noble main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -### 3) Update & install - -```bash +echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mig5.list sudo apt update -# (example: PHP 8.2) -sudo apt install php8.2-sqlcipher +sudo apt install php8.2-sqlcipher # or php8.0-sqlcipher, php7.4-sqlcipher, etc ``` > Remember: These packages are built to **replace** `phpX.Y-sqlite3` with a SQLCipher-linked build. -### 4) (Recommended) Pin to prefer this repo for sqlcipher packages - -Create `/etc/apt/preferences.d/mig5.pref`: - -```ini -Package: php*-sqlcipher -Pin: release o=mig5, l=php-sqlcipher, n=bookworm # adjust to your distro -Pin-Priority: 990 -``` - -Then: - -```bash -sudo apt update -apt-cache policy php8.2-sqlcipher -``` - -You should see this repo as the selected candidate. - ---- - ## Option 2: Building your own .debs If you’d rather build locally, execute `scripts/package.sh` which in turn executes the Docker build process for each distro and PHP version. diff --git a/repo/conf/distributions b/repo/conf/distributions deleted file mode 100644 index 5f2132b..0000000 --- a/repo/conf/distributions +++ /dev/null @@ -1,35 +0,0 @@ -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: trixie -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Debian 13 (trixie) -SignWith: !qubes-gpg-sign - -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: bookworm -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Debian 12 (bookworm) -SignWith: !qubes-gpg-sign - -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: noble -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Ubuntu 24.04 (noble) -SignWith: !qubes-gpg-sign - -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: jammy -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Ubuntu 22.04 (jammy) -SignWith: !qubes-gpg-sign diff --git a/repo/conf/qubes-gpg-sign b/repo/conf/qubes-gpg-sign deleted file mode 100755 index e448c59..0000000 --- a/repo/conf/qubes-gpg-sign +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -set -eu - -release="$1" # file to sign (exists in the repo VM) -inrel="${2:-}" # path for InRelease.new (may be empty) -relgpg="${3:-}" # path for Release.gpg.new (may be empty) - -export QUBES_GPG_DOMAIN="${QUBES_GPG_DOMAIN:-vault}" - -WRAP="${WRAP:-/usr/bin/qubes-gpg-client-wrapper}" -KEY="${REPO_SIGN_KEY:-00AE817C24A10C2540461A9C1D7CDE0234DB458D}" - -gpgcmd() { - if [ -n "$KEY" ]; then - "$WRAP" --batch --no-tty -u "$KEY" "$@" - else - "$WRAP" --batch --no-tty "$@" - fi -} - -mkout() { # write stdout to a tmp next to dst, then mv - dst="$1"; dir="$(dirname "$dst")" - tmp="$(mktemp "$dir/.reprepro.XXXXXX")" - cat >"$tmp" - mv -f "$tmp" "$dst" -} - -[ -r "$release" ] || { echo "error: $release not readable" >&2; exit 1; } -umask 022 - -# InRelease (clearsigned) -if [ -n "$inrel" ]; then - gpgcmd --clearsign <"$release" | mkout "$inrel" -fi - -# Release.gpg (detached, armored) -if [ -n "$relgpg" ]; then - gpgcmd --armor --detach-sign <"$release" | mkout "$relgpg" -fi diff --git a/scripts/publish.sh b/scripts/publish.sh index 8abe8e3..ad2c4b1 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -8,6 +8,6 @@ for CODENAME in trixie bookworm noble jammy; do # feed all .deb for that codename into the repo if compgen -G "${OUT_DIR}/${CODENAME}/php*/*.deb" >/dev/null 2>&1; then find "${OUT_DIR}/${CODENAME}" -name '*.deb' -print0 \ - | xargs -0 -n1 reprepro -b repo includedeb "$CODENAME" + | xargs -0 -n1 reprepro -b /home/user/git/repo includedeb "$CODENAME" fi done