mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-25 01:34:34 +03:00
a71d550860
We should get more strict about docs. Add some text about `contenturl` and mirrorlists. Closes: #709 Approved by: jlebon
265 lines
9.6 KiB
XML
265 lines
9.6 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<!--
|
|
Copyright 2014 Colin Walters <walters@verbum.org>
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with this library; if not, write to the
|
|
Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
-->
|
|
|
|
<refentry id="ostree.repo-config">
|
|
|
|
<refentryinfo>
|
|
<title>ostree.repo-config</title>
|
|
<productname>OSTree</productname>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<contrib>Developer</contrib>
|
|
<firstname>Colin</firstname>
|
|
<surname>Walters</surname>
|
|
<email>walters@verbum.org</email>
|
|
</author>
|
|
</authorgroup>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>ostree.repo-config</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>ostree.repo-config</refname>
|
|
<refpurpose>OSTree repository configuration</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
The <filename>config</filename> file in an OSTree
|
|
repository is a "keyfile" in the <ulink
|
|
url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG
|
|
Desktop Entry Specification</ulink> format. It has
|
|
several global flags, as well as zero or more remote
|
|
entries which describe how to access remote
|
|
repositories.
|
|
</para>
|
|
|
|
<para>
|
|
See <citerefentry><refentrytitle>ostree.repo</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information
|
|
about OSTree repositories.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>[core] Section Options</title>
|
|
|
|
<para>
|
|
Repository-global options. The following entries are defined:
|
|
</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><varname>mode</varname></term>
|
|
<listitem><para>One of <literal>bare</literal>, <literal>bare-user</literal> or <literal>archive-z2</literal>. </para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>repo_version</varname></term>
|
|
<listitem><para>Currently, this must be set to <literal>1</literal>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>commit-update-summary</varname></term>
|
|
<listitem><para>Boolean value controlling whether or not to
|
|
automatically update the summary file after a commit. Defaults
|
|
to <literal>false</literal>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>fsync</varname></term>
|
|
<listitem><para>Boolean value controlling whether or not to
|
|
ensure files are on stable storage when performing operations
|
|
such as commits, pulls, and checkouts. Defaults to
|
|
<literal>true</literal>.</para>
|
|
<para>
|
|
If you disable fsync, OSTree will no longer be robust
|
|
against kernel crashes or power loss.
|
|
</para>
|
|
<para>
|
|
You might choose to disable this for local development
|
|
repositories, under the assumption they can be recreated from
|
|
source. Similarly, you could disable for a mirror where you could
|
|
re-pull.
|
|
</para>
|
|
<para>
|
|
For the system repository, you might choose to disable fsync
|
|
if you have uninterruptable power supplies and a well tested
|
|
kernel.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>[remote "name"] Section Options</title>
|
|
|
|
<para>
|
|
Describes a remote repository location.
|
|
</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><varname>url</varname></term>
|
|
<listitem><para>Must be present; declares URL for accessing metadata and
|
|
content for remote. See also <literal>contenturl</literal>. The
|
|
supported schemes are documented below.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>contenturl</varname></term>
|
|
<listitem><para>Declares URL for accessing content (filez, static delta
|
|
parts). When specified, <literal>url</literal> is used just for
|
|
metadata: summary, static delta "superblocks".</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>proxy</varname></term>
|
|
<listitem><para>A string value, if given should be a URL for a
|
|
HTTP proxy to use for access to this repository.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>gpg-verify</varname></term>
|
|
<listitem><para>A boolean value, defaults to true.
|
|
Controls whether or not OSTree will require commits to be
|
|
signed by a known GPG key. For more information, see the
|
|
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
manual under GPG.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>gpg-verify-summary</varname></term>
|
|
<listitem><para>A boolean value, defaults to false.
|
|
Controls whether or not OSTree will check if the summary
|
|
is signed by a known GPG key.
|
|
For more information, see the <citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
manual under GPG.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>tls-permissive</varname></term>
|
|
<listitem><para>A boolean value, defaults to false. By
|
|
default, server TLS certificates will be checked against the
|
|
system certificate store. If this variable is set, any
|
|
certificate will be accepted.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>tls-client-cert-path</varname></term>
|
|
<listitem><para>Path to file for client-side certificate, to present when making requests to this repository.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>tls-client-key-path</varname></term>
|
|
<listitem><para>Path to file containing client-side certificate key, to present when making requests to this repository.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>tls-ca-path</varname></term>
|
|
<listitem><para>Path to file containing trusted anchors instead of the system CA database.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>unconfigured-state</varname></term>
|
|
<listitem><para>If set, pulls from this remote will fail with the configured text. This is intended for OS vendors which have a subscription process to access content.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>/etc/ostree/remotes.d</title>
|
|
|
|
<para>
|
|
In addition to the <filename>/ostree/repo/config</filename>
|
|
file, remotes may also be specified in
|
|
<filename>/etc/ostree/remotes.d</filename>. The remote
|
|
configuration file must end in <literal>.conf</literal>; files
|
|
whose name does not end in <literal>.conf</literal> will be
|
|
ignored.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Repository url/contenturl</title>
|
|
<para>
|
|
Originally, OSTree had just a <literal>url</literal> option
|
|
for remotes. Since then, the <literal>contenturl</literal>
|
|
option was introduced. Both of these support
|
|
<literal>file</literal>, <literal>http</literal>, and
|
|
<literal>https</literal> schemes.
|
|
</para>
|
|
<para>
|
|
Additionally, both of these can be prefixed with the string
|
|
<literal>mirrorlist=</literal>, which instructs the client
|
|
that the target url is a "mirrorlist" format, which is
|
|
a plain text file of newline-separated URLs. Earlier
|
|
URLs will be given precedence.
|
|
</para>
|
|
<para>
|
|
Note that currently, the <literal>tls-ca-path</literal> and
|
|
<literal>tls-client-cert-path</literal> options apply to every HTTP
|
|
request, even when <literal>contenturl</literal> and/or
|
|
<literal>mirrorlist</literal> are in use. This may change in the future to
|
|
only apply to metadata (i.e. <literal>url</literal>, not
|
|
<literal>contenturl</literal>) fetches.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Per-remote GPG keyrings and verification</title>
|
|
<para>
|
|
OSTree supports a per-remote GPG keyring, as well as a
|
|
<literal>gpgkeypath</literal> option. For more information see
|
|
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
in the section <literal>GPG verification</literal>.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Per-remote HTTP cookies</title>
|
|
<para>
|
|
Some content providers may want to control access to remote
|
|
repositories via HTTP cookies. The <command>ostree remote
|
|
add-cookie</command> and <command>ostree remote
|
|
delete-cookie</command> commands will update a per-remote
|
|
lookaside cookie jar, named
|
|
<filename>$remotename.cookies.txt</filename>.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>ostree.repo</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|