NAME

tix-fetch — download files from repository

SYNOPSIS

tix-fetch

[-c] [-q] [-v] [-C collection] [-o file] [-O directory] [--continue] [--download-default] [--download-non-verbose] [--download-quiet] [--download-quiet-progress] [--download-verbose] [--input-release-info=file] [--input-release-info-sig=file] [--input-release-pub=file] [--input-sha256sum=file] [--insecure-downgrade-to-http] [--insecure-no-check-certificate] [--nv] [--output file] [--output-directory directory] [--output-release-info=file] [--output-release-info-sig=file] [--output-release-pub=file] [--output-sha256sum=file] [--output-upgrade-info=file] [--upgrade] [--url] [--url-mirror-release] [--url-release-info-sig] [--url-sha256sum] [--wget-options=options] file ...

DESCRIPTION

tix-fetch downloads files from a tix repository. tix-fetch downloads the signed release.info.sig release information, verifies the signature with signify(1), downloads the sha256sum file, and then downloads the requested files. Every file in the repository has a cryptographic chain leading back to the signed release information, and the download will be rejected if the files have been tampered with. The specified collection is used to locate the repository URL. The root directory collection is used if no --collection is specified. The RELEASE_URL variable in the collection.conf(5) configuration file is used to locate the signed release.info.sig information. If the URL points to a channel, then the channel redirection is followed to the appropriate release, and optionally upgraded to a new release per the --upgrade option. The signature of the release information is verified with the public key in the collection. Once the authoritative release information is obtained, the release URL is rewritten to use the configured mirror if any, and the requested files are downloaded from the mirror. The options are as follows:

-C, --collection=collection

Use the repository of this collection.

-c, --continue

Fetch the file as a resumable download. During the download, a file suffixed with .hash is placed adjacent to the output file with the desired checksum, to prevent continuing the download if the remote file changes.

--download-default

Pass the default options to wget(1).

--nv, --download-non-verbose

Pass the -nv option to wget(1) for a non-verbose download.

This behavior is the default if the standard error is not a terminal.

-q, --download-quiet

Pass the -q option to wget(1) for a quiet download.

--download-quiet-progress

Pass the -q --show-progress options to wget(1) for a quiet download with a progress bar.

This behavior is the default if the standard error is a terminal.

-v, --download-verbose

Pass the -v option to wget(1) for a verbose download.

--input-release-info=file

Use path as the unsigned release information rather than downloading it.

--input-release-info-sig=file

Use path as the signed release info information rather than downloading it.

--input-release-pub=file

Use path as the public key, rather than the default $collection/tix/release.pub.

--input-sha256sum=file

Use path as the sha256sum file rather than downloading it.

--insecure-downgrade-to-http

Downgrade the release URL from HTTPS to an insecure HTTP download.

Warning: HTTP downloads makes it possible for man-in-the-middle attacks to interfere with the download and enables eavesdropping. However, the release is still cryptographically signed as a secondary layer of protection, which still protects the download integrity. This option is useful in the future when the client and server may not have overlapping cryptographic protocols and ciphers.

--insecure-no-check-certificate

Don't check the HTTPS certificates.

Warning: HTTPS downloading without trusting the certificate makes it possible for man-in-the-middle attacks to interfere with the download and enables eavesdropping. However, the release is still cryptographically signed as a secondary layer of protection, which still protects the download integrity.

-o, --output file

Write the download to the output file.

-O, --output-directory directory

Write the downloaded files into the output directory.

--output-release-info=file

Write the unsigned release information (after the signature check) to this file.

--output-release-info-sig=file

Write the signed release information to this file.

--output-release-pub=file

Write the used public key to this file.

--output-sha256sum=file

Write the sha256sum file to this file.

--output-upgrade-info=file

Write the unsigned upgrade information (after the signature check) to this file.

--upgrade

If the RELEASE_URL variable points to a channel, and an upgrade is available, then accept it and download that upgraded release instead.

--url

Output the URLs to the requested files.

--url-mirror-release

Output the URL to the release on the mirror.

--url-release-info-sig

Output the URL to the signed release information.

--url-sha256sum

Output the URL to the sha256sum file.

--wget-options=options

Pass these download options to wget(1).

FILES

/tix/collection.conf

collection.conf(5) configuration.

EXIT STATUS

tix-fetch will exit 0 on success and non-zero otherwise.

SEE ALSO

signify(1), wget(1), collection.conf(5), tix(8), tix-install(8), tix-port(8), tix-upgrade(8)

HISTORY

tix-fetch originally appeared in Sortix 1.1.