Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/autopkg/gerardkok-recipes

Autopkg recipes
https://github.com/autopkg/gerardkok-recipes

Last synced: about 2 months ago
JSON representation

Autopkg recipes

Awesome Lists containing this project

README

        

# autopkg-recipes

Recipes for AutoPkg (https://github.com/autopkg/autopkg).

## Scribus recipe

The recipe for Scribus is just a Munki importer for a download recipe by @hansen_m, so you'll have to add his autopkg repo (https://github.com/autopkg/hansen-m-recipes.git) to your autopkg repo list, before the Scribus munki recipe will work.

## GPGTools recipe

Work in progress. The recipe does not add an uninstall script to the munki pkgsinfo yet, and no verification that the download is legitimate is being done yet.
Downloading the suite doesn't work from time to time; trying again usually works for me.

## Python-package

Work in progress. These are generic recipes to include Python packages in your AutoPkg run. I'm not entirely convinced myself that this is the right way to handle Python packages, but so far it serves my needs.
Creating an AutoPkg recipe for a Python package requires making an override, just like the AppStoreApp recipe by @nmcspadden (https://github.com/autopkg/nmcspadden-recipes.git).
Run `autopkg make-override Python-package.munki.recipe -n MyPythonPackage.munki`, then edit the NAME and the PYTHON_PKG_NAME input variables, and any other Munki pkginfo fields you wish to change (description, developer).

## Shared processors

### GPGSignatureVerifier

This processor verifies signatures of gpg-signed files against a gpg key. If gpg cannot be found at %gpg_path% (defaults to `/usr/local/bin/gpg`), this processor will silently succeed.
If will also succeed if the gpg executable can be found, the public key belonging to %public_key_id% can be imported, and gpg is able to verify
that the signature in %signature_file% matches that of %distribution_file%. It will throw a ProcessorError otherwise.

##### Example usage

```xml
Processor
com.github.autopkg.gerardkok-recipes.SharedProcessors/GPGSignatureVerifier
Comment
verify gpg-signature of download
Arguments

public_key_id
%KEYID%
distribution_file
%pathname%
signature_file
%RECIPE_CACHE_DIR%/downloads/%NAME%.dmg.asc

```

The public key id %KEYID% is an input variable, and can usually be found on the website of the developer of the application that's being packaged.
The signature is different for each download, use for example the URLDownloader processor to write it to a file. I think it's important that the name
of the signature file is just the name of the downloaded package with '.asc' appended.

Use with some care, because this is the first time I've programmed something against gpg.