Apkindex format

From Alpine Linux
Revision as of 12:11, 22 October 2012 by Dubiousjim (talk | contribs) (update link)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The APKINDEX.tar.gz format

From apk-tools-2.0_pre15 there was added support for package signing. The caused the index format to chage, as it needs to contain a signature for the repository. This document explains how the new index works and how it is created. This is intended to be a reference for abuild developers. Other developers should use the tools provided from abuild.

Creating APKINDEX.tar.gz

The APKINDEX.tar.gz is created by concatenating 2 other tar.gz files, signature.tar.gz and APKINDEX.unsigned.tar.gz.

cat signature.tar.gz APKINDEX.unsigned.tar.gz > APKINDEX.tar.gz

Creating signature.tar.gz

First we create a signature file for APKINDEX.unsigned.tar.gz, using our private key.

openssl dgst -sha1 -sign privatekeyfile -out .SIGN.RSA.nameofpublickey APKINDEX.unsigned.tar.gz

Then we put this in a tar file, without the end-of-tar record at the end of the file. This is because we will concatenate this tar archive with the index tar archive.

tar -c .SIGN.RSA.nameofpublickey | abuild-tar --cut | gzip -9 > signature.tar.gz

The name of public key should be the email address of the developer.

Creating APKINDEX.unsigned.tar.gz

The APKINDEX.unsigned.tar.gz is an old 1.9 style index file in a tar archive. This is created with:

apk index -o APKINDEX.unsigned.tar.gz *.apk