diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2018-07-19 01:09:16 +0800 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2018-07-19 01:09:16 +0800 |
commit | d0492d8f40b05ea5f4d378cd34221a9cd66cbfcd (patch) | |
tree | d79f415f344a81aca8d18e916b7016a84aec5793 /NOTES.dgit-downstream-dsc.7.pod | |
parent | eb07108c1051f227c83de01781f498a330faae43 (diff) | |
parent | 15fbfc94b8c6a08cffdf0f9a7ed5870252ad4416 (diff) |
Merge tag 'debian/5.10' into stretch-bpo
dgit release 5.10 for unstable (sid) [dgit]
[dgit distro=debian]
# gpg: Signature made Sun 15 Jul 2018 01:12:02 AM CST
# gpg: using RSA key 559AE46C2D6B6D3265E7CBA1E3E3392348B50D39
# gpg: Can't check signature: No public key
Diffstat (limited to 'NOTES.dgit-downstream-dsc.7.pod')
-rw-r--r-- | NOTES.dgit-downstream-dsc.7.pod | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/NOTES.dgit-downstream-dsc.7.pod b/NOTES.dgit-downstream-dsc.7.pod new file mode 100644 index 0000000..9be7cc3 --- /dev/null +++ b/NOTES.dgit-downstream-dsc.7.pod @@ -0,0 +1,69 @@ +NOTE This text was once going to be part of dgit-downstream-dsc(7) or + dgit-downstream-dsc(5). It probably wants to be reworked, and + maybe put there, to fix + #810829 want instructions for reprepro-style small repo + +This guide is to help you if: + + * you are a distro which is a downstream of Debian (directly + or indirectly) + + * you want to publish source packages as well as git branches + +You will also need: + + * A git server. [...] + + There are various options for the git server, depending on how much + you trust your uploaders. There are four levels of trust and + sophistication: + + shell account + + For use when uploaders have shell accounts on the server and you + trust them completely. You then do not need to install any special + software on the server. + + dgit-repos-server + + Your uploaders do not (necessarily) have shell accounts. + You will need to collect their ssh keys and also their PGP + signing keys. You can restrict uploads on a per-package + per-key basis by using the Debian `dm.txt' format. + + dgit-repos-server + policy hook + + You want to impose additional policy. For example, Debian's + copyright review process means that uploads of new packages are + initially not public: dgit-repos-policy-debian is an example. + + custom implementation + + From the dgit client's point of view, the dgit git server is a git + server accessed by ssh (when pushing) or https (when fetching). + You may use anything that has the right properties for your needs. + dgit primarily authenticates pushes by signing tags, so your + software will probably need to check and verify that tag + appropriately before accepting a push. dgit-repos-server knows how + to do this properly. + +Set up your git server, as follows: + + shell account + + Make a suitable (sub)directory. You should create a _template.git + bare repo, with appropriate permissions. When new packages are + uploaded, this _template.git will be copied. You will probably + want to set core.sharedRepository in the template, and/or arrange + for personal groups and 002 umask. + + dgit-repos-server + + Additionally, install dgit-infrastructure. Create a service + account `dgit' on the server. For each authorised uploader, put + their ssh key in dgit's authorized_keys file, with a + restricted_command specifying the dgit-repos-server invocation. + Put the keyring where dgit-repos-server can find it. + Consult the comment at the top of dgit-repos-server for the + restricted command rune. + |