Sortix volatile manual
This manual documents Sortix volatile, a development build that has not been officially released. You can instead view this document in the latest official manual.
| TIX-FETCH(8) | System Manager's Manual | TIX-FETCH(8) |
NAME
tix-fetch —
download files from repository
SYNOPSIS
tix-fetch |
[-c] [-q]
[-v] [-C
collection] [-o
file] [-O
directory] [--continue]
[--download-default]
[--download-non-verbose]
[--download-quiet]
[--download-quiet-progress]
[--download-verbose]
[--input-release-info=file]
[--input-release-info-sig=file]
[--input-release-pub=file]
[--input-sha256sum=file]
[--insecure-downgrade-to-http]
[--insecure-no-check-certificate]
[--nv] [--output
file] [--output-directory
directory]
[--output-release-info=file]
[--output-release-info-sig=file]
[--output-release-pub=file]
[--output-sha256sum=file]
[--output-upgrade-info=file]
[--upgrade] [--url]
[--url-mirror-release]
[--url-release-info-sig]
[--url-sha256sum]
[--wget-options=options]
file ... |
DESCRIPTION
tix-fetch downloads files from a tix
repository. tix-fetch downloads the signed
release.info.sig release information, verifies the
signature with signify(1),
downloads the sha256sum file, and then downloads the
requested files. Every file in the repository has a
cryptographic chain leading back to the signed release information, and the
download will be rejected if the files have been tampered with.
The specified collection is
used to locate the repository URL. The root directory collection is used if
no --collection is specified. The
RELEASE_URL
variable in the
collection.conf(5)
configuration file is used to locate the signed
release.info.sig information. If the URL points to a
channel, then the channel redirection is followed to the appropriate
release, and optionally upgraded to a new release per the
--upgrade option. The signature of the release
information is verified with the public key in the collection. Once the
authoritative release information is obtained, the release URL is rewritten
to use the configured mirror if any, and the requested
files are downloaded from the mirror.
The options are as follows:
-C,--collection=collection- Use the repository of this collection.
-c,--continue- Fetch the file as a resumable download. During the download, a file suffixed with .hash is placed adjacent to the output file with the desired checksum, to prevent continuing the download if the remote file changes.
--download-default- Pass the default options to wget(1).
--nv,--download-non-verbose- Pass the
-nvoption to wget(1) for a non-verbose download.This behavior is the default if the standard error is not a terminal.
-q,--download-quiet- Pass the
-qoption to wget(1) for a quiet download. --download-quiet-progress- Pass the
-q--show-progressoptions to wget(1) for a quiet download with a progress bar.This behavior is the default if the standard error is a terminal.
-v,--download-verbose- Pass the
-voption to wget(1) for a verbose download. --input-release-info=file- Use path as the unsigned release information rather than downloading it.
--input-release-info-sig=file- Use path as the signed release info information rather than downloading it.
--input-release-pub=file- Use path as the public key, rather than the default $collection/tix/release.pub.
--input-sha256sum=file- Use path as the sha256sum file rather than downloading it.
--insecure-downgrade-to-http- Downgrade the release URL from HTTPS to an insecure HTTP download.
Warning: HTTP downloads makes it possible for man-in-the-middle attacks to interfere with the download and enables eavesdropping. However, the release is still cryptographically signed as a secondary layer of protection, which still protects the download integrity. This option is useful in the future when the client and server may not have overlapping cryptographic protocols and ciphers.
--insecure-no-check-certificate- Don't check the HTTPS certificates.
Warning: HTTPS downloading without trusting the certificate makes it possible for man-in-the-middle attacks to interfere with the download and enables eavesdropping. However, the release is still cryptographically signed as a secondary layer of protection, which still protects the download integrity.
-o,--outputfile- Write the download to the output file.
-O,--output-directorydirectory- Write the downloaded files into the output directory.
--output-release-info=file- Write the unsigned release information (after the signature check) to this file.
--output-release-info-sig=file- Write the signed release information to this file.
--output-release-pub=file- Write the used public key to this file.
--output-sha256sum=file- Write the sha256sum file to this file.
--output-upgrade-info=file- Write the unsigned upgrade information (after the signature check) to this file.
--upgrade- If the RELEASE_URL variable points to a channel, and an upgrade is available, then accept it and download that upgraded release instead.
--url- Output the URLs to the requested files.
--url-mirror-release- Output the URL to the release on the mirror.
--url-release-info-sig- Output the URL to the signed release information.
--url-sha256sum- Output the URL to the sha256sum file.
--wget-options=options- Pass these download options to wget(1).
FILES
- /tix/collection.conf
- collection.conf(5) configuration.
EXIT STATUS
tix-fetch will exit 0 on success and
non-zero otherwise.
SEE ALSO
signify(1), wget(1), collection.conf(5), tix(8), tix-install(8), tix-port(8), tix-upgrade(8)
HISTORY
tix-fetch originally appeared in Sortix
1.1.
| February 17, 2025 | Sortix 1.1.0-dev |