remove
Descriptionโ
Removes projects and packages from the package store.
In a package store, remove can do the following:
- delete a project and all packages inside it
- delete a package and all its versions
- delete a specific version of a package
- delete reproducible build artifacts for package versions
Use this command to remove all data associated with a project, package or package version (including analyzed files and their reports) from your package store.
Removing projects and packages from the store is a destructive operation. After the data is removed from the package store, you will not be able to restore it without a prior backup!
When a package version is removed from the store, all its metadata including analysis reports and any reproducible build artifacts are also removed.
By default, the remove command requests you to confirm your actions before proceeding.
To skip the confirmation prompt, use the --silent option.
Usageโ
rl-secure remove <purl> [<options>]
rl-secure remove --purl=<purl> [<options>]
Optionsโ
| Option | Description |
|---|---|
| -p, --purl | Required. Package URL to remove from the package store, in the format [pkg:type/]<project>[/<package>[@<version>]]. Providing only the project name removes all packages in that project. Providing the package name without a specific version removes all versions of that package. |
| ?build=repro ย ย | Remove reproducible build artifacts for a package version without removing the main package version artifact itself. This option must be appended to the package URL in the format [pkg:type/]<project></package><@version?build=repro>. Wildcard matching with * and ? characters is supported. |
| --silent | Don't prompt for removal confirmation. |
| -h, --help | Display usage information and exit. |
| -s, --rl-store | Path to an initialized package store containing the package URL. If not provided, the current directory is used. |
Examplesโ
Remove all reproducible builds in a projectโ
This example removes all reproducible build artifacts from all package versions in a project.
The directory structure created for packages is preserved, along with any YARA rules and custom policy settings.
The main package version artifacts are also preserved, together with their analysis results. Only the reproducible build artifacts are removed. If a package version doesn't have any reproducible build artifacts, it is automatically skipped.
We're using the --silent option to prevent the CLI from prompting for confirmation on every item to remove.
This implicitly confirms the removal of every item (it's equivalent to pressing y for every prompt).
The command expects the package store to exist in the current directory.
Use the -s or --rl-store options to provide an alternative path to the package store.
- Input
- Output
rl-secure remove pkg:rl/my-project/*@*?build=repro --silent
Silently removed: my-project/my-package@1.0 (repro)
Silently removed: my-project/external-package@3.2.0 (repro)
Removal tasks on my-project finished
To confirm that only reproducible build artifacts were removed, run
rl-secure list pkg:rl/my-project --all
The command output should show that all package versions still remain in the project.
Their analysis results should no longer show any (repro) instances or reproducible build checks.
Remove a package versionโ
This example removes a specific version of a package from a project in a previously initialized package store.
The directory structure created for packages is preserved (along with any YARA rules and custom policy settings), even if the removed version is the only version of the package.
The command expects the package store to exist in the current directory.
Use the -s or --rl-store options to provide an alternative path to the package store.
- Default store
- Specified store
- Output
rl-secure remove pkg:rl/my-project/my-package@1.0.1
rl-secure remove pkg:rl/my-project/my-package@1.0.1 --rl-store=/home/armando/my-repository/
Remove my-project/my-package@1 (y/n)?: y
... done
Removal tasks on pkg:rl/my-project/my-package@1.0.1 finished
Remove all package versions in a projectโ
This example removes all package versions from a project in a previously initialized package store.
The directory structure created for packages is preserved (along with any YARA rules and custom policy settings), even if all package versions are removed.
The command expects the package store to exist in the current directory.
Use the -s or --rl-store options to provide an alternative path to the package store.
- Default store
- Specified store
- Output
rl-secure remove pkg:rl/my-project/* --silent
rl-secure remove pkg:rl/my-project/* --rl-store=/home/armando/my-repository/ --silent
Silently removed: my-project/my-package
Removal tasks on pkg:rl/my-project/* finished
Remove an entire projectโ
This example removes a project and all its contents from a previously initialized package store. This is achieved by providing only the project name in the package URL, without specifying any package names or versions.
In this case, no directory structure is preserved. The project directory, all its subdirectories and their contents (including custom policy settings) are removed from the package store.
The command expects the package store to exist in the current directory.
Use the -s or --rl-store options to provide an alternative path to the package store.
- Default store
- Specified store
- Output
rl-secure remove pkg:rl/my-project
rl-secure remove pkg:rl/my-project --rl-store=/home/armando/my-repository/
Remove my-project (y/n)?: y
... done
Removal tasks on pkg:rl/my-project finished