The following are working examples for those too impatient to read the manual.
These example shows how to sign directories and create a tarball from a directory.
First set up the GNU Privacy Guard Settings. You can use the environment variable or command line options for this.
export GNUPGNAME export SWPACKAGEPASSFD GNUPGNAME="Your NameId" SWPACKAGEPASSFD=agent # Use the GPG agent, which must be running echo $GPG_AGENT_INFO # Must point to the running agent # The GPG agent is optional, unsetting SWPACKAGEPASSFD will cause # swpackage to ask for your passphrase from the terminal.
Create a tarball from the current directory.
swign -s. --file-ownerships @- | tar tvf -
A tar archive will be written to standard output.
This is a tar archive with an embedded GPG signature. It is able to be verified with swverify
swign -s. --file-ownerships @- | swverify -d @-
Now, for packaging up source code and other information where file ownerships are not important you can specify the file owners.
swign -s. -o 0 -g 0 @- | swverify -d @-
The first step in creating an archive is loading the GPG signed meta-data, hence we simply short circuit the operation to sign a directory. The directory can then be verified against the GPG signed information. For this you need the checkdigest.sh script.
cd /your/directory/ swign -s. --file-ownerships -D $HOME/checkdigest.sh --sign-only
Now verify the contents.
swverify -d @. # If this fails try swverify --order-catalog -d @.
Now pull the contents as is since you are satisfied nothing has changed and verify it again or copy the archive whereever you want.
swign --file-ownerships --emit-only | swverify -d @- swign --file-ownerships --emit-only | swcopy -s - @ root@192.168.1.9:/usr/local/store/your/directory/
The program swcopy can be used to copy directories (as tar archives) or arbitrary data streams from one host to another.
Unpack a compressed tarball
swcopy -s - @.Translate and Unpack at a new location
swcopy -s - @/tmp/myname/xx/ <somepackage-1.0.tar.bz2 # Note: a trailing slash determines the target is a directory # or interpretation as a directory can be forced # with the --extract optionHere are examples of copying a data stream.
swcopy --no-audit --show-progress -s /dev/zero @ /dev/nullNow run the data through localhost
swcopy --no-audit --show-progress -s /dev/zero @ localhost:/dev/nullAnd now copy the data out to remote host as another user.
swcopy --no-audit --show-progress -s /dev/zero @ root@192.168.1.9:/dev/nullNow copy a directory from another host.
swcopy --no-audit --show-progress -s root@192.168.1.9:/etc @ - | tar tvf -copy several files to a new location
swcopy --no-audit -s /etc/rc.d -s /etc/resolv.conf @ /tmp/new_etc/1.3 Package Management Cycle
First, create a sample binary package
# PSF (swpackage input file) for sample package distribution # And whitespace doesn't matter product tag somepackage # control_directory "" # For nil control directory revision 10.1 fileset tag bin # control_directory "" # For nil control directory directory /etc /tmp # Example of directory mapping file_permissions -o root,0 -g root,0 file /etc/hosts file /etc/issue file /etc/resolv.confNow, use this file as input to swpackage
swpackage -s PSF -p -v # Preview only swpackage -s PSF | tar tvf - # Make and view the archive listingNow, install this package, in this example to a alternate root
swpackage -s PSF | swinstall -vv -s - @ /tmp/newlocNow, list the installed packages
# swlist @ /tmp/newloc sys somepackage r=10.1 i=0Now, list the files of the installed package
swlist --files somepackage @ /tmp/newlocNow, verify the installed package. To get this to work, you must have signed the package when it was created using the ''--sign'' option of swpackage.
Recreate and reinstall the package. For this particular PSF, you must install as ''root'' to preserve the ownerships specified in the package. Privlidge escalation is accomplished via SSH.
swpackage --no-defaults --gpg-name="YourNameID" --sign --file-digests -s PSF | swinstall -vv -x reinstall=y -s - @ root@localhost:/tmp/newlocswverify -vv somepackage @ /tmp/newlocNow list the package files as specified in the metadata
swlist --sig-level=1 --files -x verbose=2 somepackage @ root@localhost:/tmp/newlocNow remove the package
swremove -vv --sig-level=1 somepackage @ root@localhost:/tmp/newloc