Without this change gpg aborted with
gpg: Sorry, no terminal at all requested - can't get input
and after adding --batch onlye with
gpg: signing failed: File exists
If GPG signing is aborted, e.g., by pressing CTRL-C, an empty .sig file
remained in PUBLIC_DIR because the file was created by the Bash
redirection. By using '--output $@', gpg maintains the .sig file.
This patch equips the publish tool to handle system images.
System images reside at <depot-user/image/. The directory contains an
index file that contains the meta information of the available images
in XML form, e.g.,
<index>
<image name="sculpt-pinephone-2023-01-19" board="pinephone">
<info text="initial version"/>
</image>
</index>
To publish a new version of the index:
./tool/depot/publish <depot-user>/image/index
Each system image comes in two forms, a bootable disk image and an
archive of the boot directory. The bootable disk image can be used to
install a new system from scratch by copying the image directly ot a
block device. It contains raw block data. The archive of the boot
directory contains the content needed for an on-target system update to
this version. Within the depot, this archive a directory - named after
the image - that contains the designated content of the boot directory
on target. Depending on the board, it may contain only a single file
loaded by the boot loader (e.g., uImage), or several boot modules, or
even the boot-loader configuration.
To publish both forms:
./tool/depot/publish <depot-user>/image/<image-name>
This results in the following - accompanied by their respective .sig
files - in the public directory:
<depot-user>/image/<image-name>.img.gz (disk image)
<depot-user>/image/<image-name>.tar.xz (boot archive)
<depot-user>/image/<image-name>.zip (disk image)
The .zip file contains the .img file. It is provided for users who
download the image on a system with no support for .gz.
Fixes#4735
Issue #4744
By replacing the formerly hard-coded $(GENODE_DIR)/tool/depot/ by the
variable DEPOT_TOOL_DIR, the depot tools can be hosted outside the
Genode source tree, i.e., as part of the Goa tool.
This change keeps the version-controlled 'pubkey' and 'download' files
separate from files generated via depot/create or downloaded via
depot/download. So one can remove the entire depot/ directory without
interfering with git.
Furthermore, depot keys can now be hosted in supplemental repositories
independent from Genode's main repository.
Fixes#4364
Introduce 'XZ_THREADS' to override the default number of threads used
for compression, which is still set to '1'. As using multiple threads
will increase the amount of memory needed during the compression and
potentially influences the size of the created archive, setting the
variable limits the impact.
Fixes#3431.
In cases where the signing failed (maybe the passphrase for the key was
not available at this time), there remained an empty .sig file, which is
newer than the to-be-signed file and, therefore, prevents subsequent
signing processes.
The input for the pkg index is located at gems/run/sculpt/index.
The sculpt.run script uses this input for generating the depot index
file at depot/<user>/index/<version>.
The tool/depot/publish tool support arguments of the form
<user>/index/<version> where <version> corresponds to the Sculpt
version.
Issue #3172
Allow the gpg utility to be overridden on the command line. For
example, './tool/depot/publish GPG="ssh 10.0.1.3 gpg" ...' would invoke
a remote gpg over SSH.
Fix#2981
The timestamp-based rules of make do not work well for the publish tool
because depot archives are often re-created with the same content but a
different modification time, in particular when creating archives via
'FORCE'. This way, those archives are re-published every time, which
becomes a time-consuming operation since all archives must be signed.
This patch filters the targets based on the content that is already
present in the public/ location. All existing archives are skipped.
This patch replaces the toy downloader (that merely copied files
locally, for testing) with the mechanics needed to download files from a
www server.
It also changes the use of GPG to use detached signatures.
Issue #2339
