[Настройка Linux, *nix, Разработка под Linux, DevOps] Creating and using your own deb repository (not mirroring)

Ответить на тему

Автор

Сообщение

news_bot ^®

Стаж: 6 лет 2 месяца
Сообщений: 27286

news_bot ^® написал(а)
24-Фев-2021 11:32

Цитировать

IntroTested on the following configuration:
Server: ubuntu 20.04
Clients: ubuntu 16.04, 18.04, 20.04It doesn’t require a lot of software to create it.

web server with directory listing ( I use lighttpd)
packages: gpg(for signs), dpkg-dev
rng-tools (highly recommended)

Repo URL: http://192.168.56.48/repo/ (it is preferable to use DNS)
Repo directory on the server : /var/www/html/repo/
Deb-packages directory: /var/www/html/repo/deb-packages
Repo generation script: /usr/bin/update-repo.shServer preparationMain steps:

web server installation
gpg-key generation
creating script for repo generation
repo creation

Gpg-key generation notesGPG needs entropy for key generation. These operations can be very time-consuming, but they can be sped up with rng-tools packages. Use the next command for ubuntu:

sudo apt-get update
sudo apt-get install -y rng-tools

Web server configurationNow you need to install lighttpd and enable dir-listing on it:

# install package
apt-get install lighttpd
# enable directory listing
echo 'server.dir-listing = "enable"' > /etc/lighttpd/conf-enabled/dir-listing.conf
# start lighhttpd and enable autostrt
systemctl restart lighttpd
systemctl enable lighttpd
# create dir for repo
mkdir -p /var/www/html/repo/deb-packages/

Now you should put your deb-packages in /var/www/html/repo/deb-packages/GPG-keysI will use self-signed keys, but you should use your company’s PKI-infrastructure (if available). Check if you already have the keys:

root@repo:~# gpg --list-keys
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created

Now you can see that there are no keys available. First, we’ll create keys-generation script. You should use the proper values for your repo:

cat >~/.gnupg/aptRepo <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 3072
Subkey-Type: ELG-E
Subkey-Length: 3072
Name-Real: apt tech user
Name-Comment: without passphrase
Name-Email: apt@email.non
Expire-Date: 0
%echo done
EOF

Now create the keys. This may take some time. Do not set a password for the keys since you’ll need to enter it every time the repo is updated:

root@repo:~# gpg --batch --gen-key ~/.gnupg/aptRepo
gpg: Generating a basic OpenPGP key
gpg: done
gpg: key 16B7C8484EC3AC5F marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F.rev'

Check the keys availability:

root@repo:~# gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/root/.gnupg/pubring.kbx
pub rsa3072 2021-02-07 [SCEA]
D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F
uid [ultimate] apt tech user (without passphrase) <apt@email.non>
sub elg3072 2021-02-07 [E]

OK, now you need to export keys to the file:

gpg --export -a D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F > /var/www/html/repo/boozlachuRepo.gpg
It's time to write a repo-creation script. I used the following variables
• updatescript=/usr/bin/update-repo.sh - path to this script
• repodir=/var/www/html/repo - path to the repo
• gpgKey="D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F" - gpg-key ID

updatescript=/usr/bin/update-repo.sh
cat <<'EOFSH' >${updatescript}
#!/bin/sh
working directory
repodir=/var/www/html/repo/
GPG key
gpgKey="D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F"
cd ${repodir}
create the package index
dpkg-scanpackages -m . > Packages
cat Packages | gzip -9c > Packages.gz
create the Release file
PKGS=$(wc -c Packages)
PKGS_GZ=$(wc -c Packages.gz)
cat < Release
Architectures: all
Date: $(date -R -u)
MD5Sum:
$(md5sum Packages | cut -d" " -f1) $PKGS
$(md5sum Packages.gz | cut -d" " -f1) $PKGS_GZ
SHA1:
$(sha1sum Packages | cut -d" " -f1) $PKGS
$(sha1sum Packages.gz | cut -d" " -f1) $PKGS_GZ
SHA256:
$(sha256sum Packages | cut -d" " -f1) $PKGS
$(sha256sum Packages.gz | cut -d" " -f1) $PKGS_GZ
EOF
gpg --yes -u $gpgKey --sign -bao Release.gpg Release
EOFSH
chmod 755 ${updatescript}

Don't forget to install the dpkg-scanpackages util:

apt-get install dpkg-dev

Repo creation/updateRequired steps for creation/update:

add your deb-packages to /var/www/html/repo/deb-packages
run the creation script /usr/bin/update-repo.sh

Script output example (for a single package):

/usr/bin/update-repo.sh
dpkg-scanpackages: info: Wrote 1 entries to output Packages file.

Clients setupFirst, add your repo to the apt source lists:

wget -O - http://192.168.56.48/repo/boozlachuRepo.gpg | sudo apt-key add -
echo 'deb http://192.168.56.48/repo/ ./ ' > /etc/apt/sources.list.d/boozlachuRepo.list
apt-get update

You can now use this repo on clients:

root@alexey-VirtualBox:~# apt-cache search testpackage
testpackage - simple testpackage for demo

My test package is now available for installation.
===========
Источник:
habr.com
===========
Похожие новости:

Теги для поиска: #_nastrojka_linux (Настройка Linux), #_*nix, #_razrabotka_pod_linux (Разработка под Linux), #_devops, #_linux, #_debian, #_ubuntu, #_repository, #_bash, #_devops, #_development, #_nastrojka_linux (
Настройка Linux
), #_*nix, #_razrabotka_pod_linux (
Разработка под Linux
), #_devops

Профиль ЛС

Ответить на тему

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы

Текущее время: 04-Май 03:15
Часовой пояс: UTC + 5