mirror/ nfpm
1
1
Fork 0
mirror of https://github.com/goreleaser/nfpm synced 2024-05-05 07:46:15 +02:00
Code Issues Releases Activity
nfpm/www/docs/install.md
Carlos A Becker e0d55fba23
docs: install script method removed 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2021-10-13 21:23:36 -03:00

3.2 KiB
Raw Blame History

Install

You can install the pre-compiled binary (in several different ways), use Docker or compile from source.

Bellow you can find the steps for each of them.

Install the pre-compiled binary

homebrew tap

brew install goreleaser/tap/nfpm

homebrew

brew install nfpm

!!! info The formula in homebrew-core might be slightly outdated. Use our homebrew tap to always get the latest updates.

gofish

gofish rig add https://github.com/goreleaser/fish-food
gofish install github.com/goreleaser/fish-food/nfpm

scoop

scoop bucket add goreleaser https://github.com/goreleaser/scoop-bucket.git
scoop install nfpm

apt

echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
sudo apt update
sudo apt install nfpm

yum

echo '[goreleaser]
name=GoReleaser
baseurl=https://repo.goreleaser.com/yum/
enabled=1
gpgcheck=0' | sudo tee /etc/yum.repos.d/goreleaser.repo
sudo yum install nfpm

deb, apk and rpm packages

Download the .deb, .rpm or .apk from the releases page and install them with the appropriate tools.

go install

go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest

manually

Download the pre-compiled binaries from the releases page and copy them to the desired location.

Verifying the binaries

All artifacts are checksummed and the checksum file is signed with [cosign][].

You can verify it using our public key.

  1. Download the files you want, the checksums.txt and checksums.txt.sig files from the releases page.
  2. Verify the signature: 
    cosign verify-blob \
	-key https://goreleaser.com/static/goreleaser.pub \
	-signature checksums.txt.sig \
	checksums.txt
  3. If the signature is valid, you can then verify the SHA256 sums match with the downloaded binary: 
    sha256sum --ignore-missing -c checksums.txt

Verifying docker images

Our Docker image is signed with [cosign][].

You can verify it using our public key:

cosign verify \
	-key https://goreleaser.com/static/goreleaser.pub \
	goreleaser/nfpm
cosign verify \
	-key https://goreleaser.com/static/goreleaser.pub \
	ghcr.io/goreleaser/nfpm

Running with Docker

You can also use it within a Docker container. To do that, you'll need to execute something more-or-less like the following:

docker run --rm -v $PWD:/tmp/pkg goreleaser/nfpm package \
	--config /tmp/pkg/foo.yml \
	--target /tmp \
	--packager deb

Compiling from source

Here you have two options:

If you want to contribute to the project, please follow the steps on our contributing guide.

If you just want to build from source for whatever reason, follow these steps:

clone:

git clone https://github.com/goreleaser/nfpm
cd nfpm

get the dependencies:

go mod tidy

build:

go build -o nfpm ./cmd/nfpm

verify it works:

./nfpm --version