.\" Generated by scdoc 1.11.2
.\" Complete documentation for this program is not available as a GNU info page
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.nh
.ad l
.\" Begin generated content:
.TH "rebuilderd" "1" "2023-10-18"
.P
.SH NAME
.P
rebuilderd - Independent verification of binary packages (daemon)
.P
.SH SYNOPSIS
.P
\fBrebuilderd\fR [-v] [-c /etc/rebuilderd.\&conf]
.P
.SH DESCRIPTION
.P
The rebuilderd binary keeps track of the state for all packages, the work queue
and assigns rebuilds to \fBrebuilderd-worker\fR instances.\&
.P
.SH AUTHENTICATION
.P
There are two public routes so anybody can run \fBrebuildctl pkgs ls\fR and
\fBrebuildctl queue ls\fR.\& Everything else requires authentication.\& rebuilderd is
going to check multiple locations in this order:
.P
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
~/.\&config/rebuilderd.\&conf
.RE
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
/etc/rebuilderd.\&conf
.RE
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
/var/lib/rebuilderd/auth-cookie
.RE
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
~/.\&local/share/rebuilderd-auth-cookie

.RE
.P
.P
.P
Paths ending with \fB.\&conf\fR are parsed as config files and we'\&re looking for a
section like this:
.P
.nf
.RS 4
[auth]
cookie = "Put your secret here"
.fi
.RE
.P
With paths ending in \fBauth-cookie\fR we'\&re taking the content as-is.\& If we can'\&t
find a pre-configured value we'\&re going to generate one and write it to
\fB/var/lib/rebuilderd/auth-cookie\fR.\&
.P
.SH WORKER AUTHENTICATION
.P
There are two ways to authenticate workers.\& If you work with a fixed number of
workers you can allow-list their keys:
.P
.nf
.RS 4
[worker]
authorized_workers = ["key1", "key2"]
.fi
.RE
.P
NOTE: the keys are currently not challenged and the worker doesn'\&t have to
prove ownership of the private key.\& This is going to change in future versions.\&
.P
You can also use a shared secret that allows you to dynamically join new
workers.\& This is especially useful in cloud setups.\& A secret can be generated
with `pwgen -1s 32`:
.P
.nf
.RS 4
[worker]
signup_secret = "Put your secret here"
.fi
.RE
.P
If both are not configured the workers need to provide admin credentials
described in the previous section.\&
.P
.SH SEE ALSO
.P
\fBrebuilderd.\&conf\fR(5), \fBrebuildctl\fR(1), \fBrebuilderd-worker\fR(1).\&
.P
.SH AUTHORS
.P
rebuilderd was originally written by kpcyrd and is hosted at https://github.\&com/kpcyrd/rebuilderd