blob: 5e231ffa4570c1917ba40d0c9bea07bff4fed2f3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# Client Setup
How to configure each OS to install packages from `pkgrepo.f3s.buetow.org`.
## FreeBSD (f0–f3)
Custom repo is configured alongside the official FreeBSD repos.
File: `/usr/local/etc/pkg/repos/custom.conf`
```
custom: {
url: "https://pkgrepo.f3s.buetow.org/freebsd/FreeBSD:15:amd64/latest",
mirror_type: "NONE",
signature_type: "NONE",
enabled: yes
}
```
### Using packages
```sh
doas pkg update
doas pkg install <package-name>
doas pkg upgrade # upgrade all, including custom packages
doas pkg install -fy <package> # force reinstall (same version)
```
### Setting up a new FreeBSD host
Pipe via stdin to avoid csh quoting issues:
```sh
cat <<'REPO' | ssh -p 22 <host>.lan.buetow.org 'doas mkdir -p /usr/local/etc/pkg/repos && doas tee /usr/local/etc/pkg/repos/custom.conf > /dev/null'
custom: {
url: "https://pkgrepo.f3s.buetow.org/freebsd/FreeBSD:15:amd64/latest",
mirror_type: "NONE",
signature_type: "NONE",
enabled: yes
}
REPO
```
## OpenBSD (blowfish, fishfinger)
Custom repo is configured via `PKG_PATH` in `/root/.profile`, deployed by `rex pkgrepo_setup`.
Official OpenBSD packages still install normally via `/etc/installurl`.
```sh
export PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/"
```
### Using packages
```sh
doas pkg_add <package> # installs from custom repo (signed with signify)
doas pkg_add -u <package> # update to latest version
```
### Setting up a new OpenBSD host
Two things needed:
1. **Signify public key** — copy from an existing host:
```sh
scp rex@fishfinger.buetow.org:/etc/signify/custom-pkg.pub /tmp/
scp /tmp/custom-pkg.pub rex@<newhost>:/tmp/
ssh rex@<newhost> "doas cp /tmp/custom-pkg.pub /etc/signify/custom-pkg.pub"
```
2. **PKG_PATH** — run the Rex task from `~/git/conf/frontends`:
```sh
rex pkgrepo_setup # adds PKG_PATH to /root/.profile on all frontends
```
Update `PKG_PATH` whenever the OpenBSD version changes (currently 7.8).
### Package signing
OpenBSD packages are signed with `signify(1)` via `pkg_sign`:
- **Private key**: `/etc/signify/custom-pkg.sec` on fishfinger (build host)
- **Public key**: `/etc/signify/custom-pkg.pub` on all OpenBSD clients
- Signing happens automatically during `make pkg-openbsd` / `make pkg`
- `pkg_add` verifies the signature — no `-D unsigned` needed
## Rocky Linux (r0–r2, pi0–pi3)
Architecture-specific repo URLs:
- `https://pkgrepo.f3s.buetow.org/rockylinux/9/x86_64/` (r0–r2)
- `https://pkgrepo.f3s.buetow.org/rockylinux/9/aarch64/` (pi0–pi3)
### Persistent repo file
Create `/etc/yum.repos.d/f3s-dtail.repo`:
```ini
[f3s-dtail]
name=f3s DTail
baseurl=https://pkgrepo.f3s.buetow.org/rockylinux/9/$basearch/
enabled=1
gpgcheck=0
repo_gpgcheck=0
```
Then:
```sh
sudo dnf makecache
sudo dnf install dtail
sudo dnf upgrade dtail
```
### Temporary one-off usage (no persistent repo file needed)
```sh
sudo dnf repoquery \
--disablerepo='*' \
--repofrompath=f3s-dtail,https://pkgrepo.f3s.buetow.org/rockylinux/9/$(uname -m)/ \
--enablerepo=f3s-dtail \
dtail
```
Do **not** pass `--repofrompath` when the persistent repo file already exists — dnf errors with "listed more than once".
|
