mig5/php-sqlcipher
1
0
Fork 0
Code Activity Actions

Compare commits

base: mig5:7f9370df91433ce5ad22fdf0759a802e20a49be0
Branches Tags
mig5:main
..
compare: mig5:620f7646de387adf2377cf76c6766054bd28604a
Branches Tags
mig5:main

No commits in common. "7f9370df91433ce5ad22fdf0759a802e20a49be0" and "620f7646de387adf2377cf76c6766054bd28604a" have entirely different histories.
7f9370df91 ... 620f7646de

4 changed files with 133 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

60
README.md
View file

@ -39,16 +39,72 @@ I publish the packages I built, in my own apt repository, using the process desc
However, you have no reason to trust me and my apt repository. This git repo exists so that you can build the packages yourself instead. See Option 2 for that. However, you have no reason to trust me and my apt repository. This git repo exists so that you can build the packages yourself instead. See Option 2 for that.
### 1) Add the GPG key (signed-by)
```bash ```bash
sudo mkdir -p /usr/share/keyrings sudo mkdir -p /usr/share/keyrings
curl -fsSL https://mig5.net/static/mig5.asc | sudo gpg --dearmor -o /usr/share/keyrings/mig5.gpg curl -fsSL https://mig5.net/static/mig5.asc | sudo gpg --dearmor -o /usr/share/keyrings/mig5.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mig5.list ```
My GPG fingerprint is `00AE817C24A10C2540461A9C1D7CDE0234DB458D`. You can also fetch it from https://keys.openpgp.org or search the fingerprint online to confirm it.
### 2) Add the APT source
**Debian 12 (bookworm):**
```bash
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net bookworm main" | sudo tee /etc/apt/sources.list.d/mig5.list
```
**Debian 13 (trixie):**
```bash
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net trixie main" | sudo tee /etc/apt/sources.list.d/mig5.list
```
**Ubuntu 22.04 (jammy):**
```bash
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net jammy main" | sudo tee /etc/apt/sources.list.d/mig5.list
```
**Ubuntu 24.04 (noble):**
```bash
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net noble main" | sudo tee /etc/apt/sources.list.d/mig5.list
```
### 3) Update & install
```bash
sudo apt update sudo apt update
sudo apt install php8.2-sqlcipher # or php8.0-sqlcipher, php7.4-sqlcipher, etc # (example: PHP 8.2)
sudo apt install php8.2-sqlcipher
``` ```
> Remember: These packages are built to **replace** `phpX.Y-sqlite3` with a SQLCipher-linked build. > Remember: These packages are built to **replace** `phpX.Y-sqlite3` with a SQLCipher-linked build.
### 4) (Recommended) Pin to prefer this repo for sqlcipher packages
Create `/etc/apt/preferences.d/mig5.pref`:
```ini
Package: php*-sqlcipher
Pin: release o=mig5, l=php-sqlcipher, n=bookworm # adjust to your distro
Pin-Priority: 990
```
Then:
```bash
sudo apt update
apt-cache policy php8.2-sqlcipher
```
You should see this repo as the selected candidate.
---
## Option 2: Building your own .debs ## Option 2: Building your own .debs
If youd rather build locally, execute `scripts/package.sh` which in turn executes the Docker build process for each distro and PHP version. If youd rather build locally, execute `scripts/package.sh` which in turn executes the Docker build process for each distro and PHP version.

35
repo/conf/distributions Normal file
View file

@ -0,0 +1,35 @@
Origin: mig5
Label: php-sqlcipher
Suite: stable
Codename: trixie
Architectures: amd64
Components: main
Description: mig5 SQLCipher for PHP packages for Debian 13 (trixie)
SignWith: !qubes-gpg-sign
Origin: mig5
Label: php-sqlcipher
Suite: stable
Codename: bookworm
Architectures: amd64
Components: main
Description: mig5 SQLCipher for PHP packages for Debian 12 (bookworm)
SignWith: !qubes-gpg-sign
Origin: mig5
Label: php-sqlcipher
Suite: stable
Codename: noble
Architectures: amd64
Components: main
Description: mig5 SQLCipher for PHP packages for Ubuntu 24.04 (noble)
SignWith: !qubes-gpg-sign
Origin: mig5
Label: php-sqlcipher
Suite: stable
Codename: jammy
Architectures: amd64
Components: main
Description: mig5 SQLCipher for PHP packages for Ubuntu 22.04 (jammy)
SignWith: !qubes-gpg-sign

39
repo/conf/qubes-gpg-sign Executable file
View file

@ -0,0 +1,39 @@
#!/bin/sh
set -eu
release="$1" # file to sign (exists in the repo VM)
inrel="${2:-}" # path for InRelease.new (may be empty)
relgpg="${3:-}" # path for Release.gpg.new (may be empty)
export QUBES_GPG_DOMAIN="${QUBES_GPG_DOMAIN:-vault}"
WRAP="${WRAP:-/usr/bin/qubes-gpg-client-wrapper}"
KEY="${REPO_SIGN_KEY:-00AE817C24A10C2540461A9C1D7CDE0234DB458D}"
gpgcmd() {
if [ -n "$KEY" ]; then
"$WRAP" --batch --no-tty -u "$KEY" "$@"
else
"$WRAP" --batch --no-tty "$@"
fi
}
mkout() { # write stdout to a tmp next to dst, then mv
dst="$1"; dir="$(dirname "$dst")"
tmp="$(mktemp "$dir/.reprepro.XXXXXX")"
cat >"$tmp"
mv -f "$tmp" "$dst"
}
[ -r "$release" ] || { echo "error: $release not readable" >&2; exit 1; }
umask 022
# InRelease (clearsigned)
if [ -n "$inrel" ]; then
gpgcmd --clearsign <"$release" | mkout "$inrel"
fi
# Release.gpg (detached, armored)
if [ -n "$relgpg" ]; then
gpgcmd --armor --detach-sign <"$release" | mkout "$relgpg"
fi

2
scripts/publish.sh
View file

@ -8,6 +8,6 @@ for CODENAME in trixie bookworm noble jammy; do
# feed all .deb for that codename into the repo # feed all .deb for that codename into the repo
if compgen -G "${OUT_DIR}/${CODENAME}/php*/*.deb" >/dev/null 2>&1; then if compgen -G "${OUT_DIR}/${CODENAME}/php*/*.deb" >/dev/null 2>&1; then
find "${OUT_DIR}/${CODENAME}" -name '*.deb' -print0 \ find "${OUT_DIR}/${CODENAME}" -name '*.deb' -print0 \
| xargs -0 -n1 reprepro -b /home/user/git/repo includedeb "$CODENAME" | xargs -0 -n1 reprepro -b repo includedeb "$CODENAME"
fi fi
done done