The following are working examples for those too impatient to read the manual.
These example shows how to sign directories and create a tarball from a directory.
First set up the GNU Privacy Guard Settings. You can use the environment variable or command line options for this.
export GNUPGNAME export SWPACKAGEPASSFD GNUPGNAME="Your NameId" SWPACKAGEPASSFD=agent # Use the GPG agent, which must be running echo $GPG_AGENT_INFO # Must point to the running agent # The GPG agent is optional, unsetting SWPACKAGEPASSFD will cause # swpackage to ask for your passphrase from the terminal.
Create a tarball from the current directory.
swign -s. --file-ownerships @- | tar tvf -
A tar archive will be written to standard output.
This is a tar archive with an embedded GPG signature. It is able to be verified with swverify
swign -s. --file-ownerships @- | swverify -d @-
Now, for packaging up source code and other information where file ownerships are not important you can specify the file owners.
swign -s. -o 0 -g 0 @- | swverify -d @-
The first step in creating an archive is loading the GPG signed meta-data, hence we simply short circuit the operation to sign a directory. The directory can then be verified against the GPG signed information. For this you need the checkdigest.sh script.
cd /your/directory/ swign -s. --file-ownerships -D $HOME/checkdigest.sh --sign-only
Now verify the contents.
swverify -d @. # If this fails try swverify --order-catalog -d @.
Now pull the contents as is since you are satisfied nothing has changed and verify it again or copy the archive whereever you want.
swign --file-ownerships --emit-only | swverify -d @- swign --file-ownerships --emit-only | swcopy -s - @ firstname.lastname@example.org:/usr/local/store/your/directory/
The program swcopy can be used to copy directories (as tar archives) or arbitrary data streams from one host to another.
Unpack a compressed tarball
swcopy -s - @.
Translate and Unpack at a new locationswcopy -s - @/tmp/myname/xx/ <somepackage-1.0.tar.bz2 # Note: a trailing slash determines the target is a directory # or interpretation as a directory can be forced # with the --extract option
Here are examples of copying a data stream.swcopy --no-audit --show-progress -s /dev/zero @ /dev/null
Now run the data through localhostswcopy --no-audit --show-progress -s /dev/zero @ localhost:/dev/null
And now copy the data out to remote host as another user.swcopy --no-audit --show-progress -s /dev/zero @ email@example.com:/dev/null
Now copy a directory from another host.swcopy --no-audit --show-progress -s firstname.lastname@example.org:/etc @ - | tar tvf -
copy several files to a new locationswcopy --no-audit -s /etc/rc.d -s /etc/resolv.conf @ /tmp/new_etc/
1.3 Package Management Cycle
First, create a sample binary package# PSF (swpackage input file) for sample package distribution # And whitespace doesn't matter product tag somepackage # control_directory "" # For nil control directory revision 10.1 fileset tag bin # control_directory "" # For nil control directory directory /etc /tmp # Example of directory mapping file_permissions -o root,0 -g root,0 file /etc/hosts file /etc/issue file /etc/resolv.conf
Now, use this file as input to swpackageswpackage -s PSF -p -v # Preview only swpackage -s PSF | tar tvf - # Make and view the archive listing
Now, install this package, in this example to a alternate rootswpackage -s PSF | swinstall -vv -s - @ /tmp/newloc
Now, list the installed packages# swlist @ /tmp/newloc sys somepackage r=10.1 i=0
Now, list the files of the installed packageswlist --files somepackage @ /tmp/newloc
Now, verify the installed package. To get this to work, you must have signed the package when it was created using the ''--sign'' option of swpackage.
Recreate and reinstall the package. For this particular PSF, you must install as ''root'' to preserve the ownerships specified in the package. Privlidge escalation is accomplished via SSH.swpackage --no-defaults --gpg-name="YourNameID" --sign --file-digests -s PSF | swinstall -vv -x reinstall=y -s - @ root@localhost:/tmp/newlocswverify -vv somepackage @ /tmp/newloc
Now list the package files as specified in the metadataswlist --sig-level=1 --files -x verbose=2 somepackage @ root@localhost:/tmp/newloc
Now remove the packageswremove -vv --sig-level=1 somepackage @ root@localhost:/tmp/newloc