Table of Contents
LPMtool makes it easy to distribute packages on a web site. The lpm(1) manual page describes all the available bells and whistles. This chapter gives a simplified overview of how to set up a simple web site that distributes LPMtool packages, and how to automatically download packages from a web site. The steps involved are:
Create a new GPG key, or, alternatively, use your existing GPG. Export the GPG key and create the primary repository. This should be a directory accessible by the web server, and available via a URL.
Create a new primary repository directory.
Specify the primary repository information when building packages. Have the packages signed by the GPG key, and copy the package files into the primary repository directory.
Update the primary repository's metadata. The packages are now available for download.
This takes care of publishing packages on a web site. The steps to download packages from a web site are even shorter:
Initialize a new default remote repository. A remote repository is a local directory that mirrors, or tracks, the contents of a primary repository on a web site. Explicit, manual initialization may not even be necessary most of the time. In most cases the lpm will figure out on its own when it needs to download packages from a web site, and which web site it is.
Use the lpm command's
-i
, -u
, or -a
option
normally, but provide the name of a package instead of a filename.
lpm will find the package, download it, and install
it.
GPG keys provide a way to verify package files downloaded from a web site. Run the gpg command to create a new GPG key, if necessary. Of course, an existing GPG key will work just as well:
gpg --gen-key
The GPG key must be exported to a file
(the following examples use pgpkeys.txt
) using the
--armor
option:
gpg --export --armor -o gpgkey.txt
This command exports all public GPG.
It is possible to use multiple GPG keys with a published
primary repository, and any one of the keys may be used to publish packages.
Otherwise, use --default-key
to specify a single
GPG key.
The exported GPG key must be the default secret key which will be used to sign packages.