rbm-tar - Man Page

rbm tar <project> [options]

Create a tarball file for the selected project.

The output directory can be selected with the output_dir option.

The output filename will be :

<name>-<version>.tar

If the compress_tar, the filename will be :

<name>-<version>.tar.<ext>

With <name> the project’s name, <version> the version of the software, and <ext> the compression type selected in the compress_tar option.

The version of the software used to create the tarball and the packages should be set with the version option.

The following options are related to tarball creation :

git_url

The URL of a git repository that will be cloned and used to create the tarball. If this option is set, git_hash should be set to select the commit to use.

hg_url

The URL of a mercurial repository that will be cloned and used to create the tarball. If this option is set, hg_hash should be set to select the commit to use.

git_hash

A git hash, branch name or tag. This is what is used to create the tarball.

hg_hash

A mercurial changeset hash. This is what is used to create the tarball.

git_submodule

If this option is enabled, git submodules are fetched and included in the tarball. This option is disabled by default.

git_depth

An integer specifying a depth for shallow Git clone/fetch depth, to decrease network and storage usage. If not set, shallow clone/fetch is disabled.

git_branch

A Git ref name that will be exclusively cloned/fetched, to decrease network and storage usage. Must be a descendent (inclusive) of git_hash. If not set, all Git refs are cloned/fetched.

compress_tar

If set, the tarball created will be compressed in the select format. Possible values: xz, gz, bz2, zst. The default is gz but it can stay empty to disable compression.

commit_gpg_id

If set, the commit selected with git_hash will have its signature checked. The tarball will not be created if there is no valid signature, and if the key used to sign it does not match the key ID from commit_gpg_id. The option can be set to a single gpg ID, or to a list of gpg IDs. The IDs can be short or long IDs, or full fingerprint (with no spaces). For this to work, the GPG keys should be present in the selected keyring (see keyring option). If the option is set to 1 or an array containing 1 then any key from the selected keyring is accepted. On command line, the --commit-gpg-id option can be listed multiple times to define a list of keys.

tag_gpg_id

If set, the commit selected with git_hash should be a tag and will have its signature checked. The tarball will not be created if the tag doesn’t have a valid signature, and if the key used to sign it does not match the key ID from tag_gpg_id. The option can be set to a single gpg ID, or to a list of gpg IDs. The IDs can be short or long IDs, or full fingerprint (with no spaces). For this to work, the GPG keys should be present in the selected keyring (see keyring option). If the option is set to 1 or an array containing 1 then any key from the selected keyring is accepted. On command line, the --tag-gpg-id option can be listed multiple times to define a list of keys.

gpg_wrapper

This is a template for a gpg wrapper script. The default wrapper will call gpg with the keyring specified by option gpg_keyring if defined.

gpg_keyring

The filename of the gpg keyring to use. Path is relative to the keyring directory. This can also be an absolute path.

gpg_bin

The gpg command to be used. The default is gpg.

gpg_args

Optional gpg arguments. The default is empty.

gpg_allow_expired_keys

Allowing expired keys to successfully verify e.g. signed git tags. By default this is not allowed.

See rbm_config(7) for all other options.

The command line options related to tar :

--git-hash=<hash>

The git hash of the commit / tag to use.

--hg-hash=<hash>

The mercurial hash of the commit / tag to use.

--commit-gpg-id=<GPG ID>

Check the commit to be signed by this GPG key ID.

--tag-gpg-id=<GPG ID>

Check if the selected git hash is a tag and is signed by select GPG key ID.

--gpg-keyring=<file>

GPG keyring filename.

--gpg-keyring-dir=<directory>

Directory containing GPG keyring files

--gpg-args=<args>

Optional gpg arguments.

--gpg-bin=<path>

Path to gpg binary.

See rbm_cli(7) for all other options.

If you are going to use gpg signed commits, it is recommended to use git >= 1.8.3.

• git < 1.7.9 does not support signed commits. It only supports signed tags.
• git < 1.8.3 does not use the git-config option gpg.program in git log --show-signature and git show --show-signatures commands used to check commits signatures. This means you won’t be able to use the gpg_keyring option for commits signature verification (but it will work for tag signature verification). This was fixed in git commit 6005dbb9, included in version 1.8.3.

rbm(1)

rbm(1).