[Настройка Linux, *nix, Разработка под Linux, DevOps] Creating and using your own deb repository (not mirroring)

Автор Сообщение
news_bot ®

Стаж: 6 лет 9 месяцев
Сообщений: 27286

Создавать темы news_bot ® написал(а)
24-Фев-2021 11:32

IntroTested on the following configuration:
Server: ubuntu 20.04
Clients: ubuntu 16.04, 18.04, 20.04It doesn’t require a lot of software to create it.
  • web server with directory listing ( I use lighttpd)
  • packages: gpg(for signs), dpkg-dev
  • rng-tools (highly recommended)
Repo URL: http://192.168.56.48/repo/ (it is preferable to use DNS)
Repo directory on the server : /var/www/html/repo/
Deb-packages directory: /var/www/html/repo/deb-packages
Repo generation script: /usr/bin/update-repo.shServer preparationMain steps:
  • web server installation
  • gpg-key generation
  • creating script for repo generation
  • repo creation
Gpg-key generation notesGPG needs entropy for key generation. These operations can be very time-consuming, but they can be sped up with rng-tools packages. Use the next command for ubuntu:
sudo apt-get update
sudo apt-get install -y rng-tools
Web server configurationNow you need to install lighttpd and enable dir-listing on it:
# install package
apt-get install lighttpd
# enable directory listing
echo 'server.dir-listing = "enable"' > /etc/lighttpd/conf-enabled/dir-listing.conf
# start lighhttpd and enable autostrt
systemctl restart lighttpd
systemctl enable lighttpd
# create dir for repo
mkdir -p /var/www/html/repo/deb-packages/
Now you should put your deb-packages in /var/www/html/repo/deb-packages/GPG-keysI will use self-signed keys, but you should use your company’s PKI-infrastructure (if available). Check if you already have the keys:
root@repo:~# gpg --list-keys
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
Now you can see that there are no keys available. First, we’ll create keys-generation script. You should use the proper values for your repo:
cat >~/.gnupg/aptRepo <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 3072
Subkey-Type: ELG-E
Subkey-Length: 3072
Name-Real: apt tech user
Name-Comment: without passphrase
Name-Email: apt@email.non
Expire-Date: 0
%echo done
EOF
Now create the keys. This may take some time. Do not set a password for the keys since you’ll need to enter it every time the repo is updated:
root@repo:~# gpg --batch --gen-key ~/.gnupg/aptRepo
gpg: Generating a basic OpenPGP key
gpg: done
gpg: key 16B7C8484EC3AC5F marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F.rev'
Check the keys availability:
root@repo:~# gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/root/.gnupg/pubring.kbx
pub   rsa3072 2021-02-07 [SCEA]
      D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F
uid           [ultimate] apt tech user (without passphrase) <apt@email.non>
sub   elg3072 2021-02-07 [E]
OK, now you need to export keys to the file:
gpg --export -a D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F > /var/www/html/repo/boozlachuRepo.gpg
It's time to write a repo-creation script. I used the following variables
    • updatescript=/usr/bin/update-repo.sh - path to this script
    • repodir=/var/www/html/repo - path to the repo
    • gpgKey="D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F" - gpg-key ID
updatescript=/usr/bin/update-repo.sh
cat <<'EOFSH' >${updatescript}
#!/bin/sh
working directory
repodir=/var/www/html/repo/
GPG key
gpgKey="D538A3381F3D2FC89F34EFDD16B7C8484EC3AC5F"
cd ${repodir}
create the package index
dpkg-scanpackages -m . > Packages
cat Packages | gzip -9c > Packages.gz
create the Release file
PKGS=$(wc -c Packages)
PKGS_GZ=$(wc -c Packages.gz)
cat < Release
Architectures: all
Date: $(date -R -u)
MD5Sum:
$(md5sum Packages  | cut -d" " -f1) $PKGS
$(md5sum Packages.gz  | cut -d" " -f1) $PKGS_GZ
SHA1:
$(sha1sum Packages  | cut -d" " -f1) $PKGS
$(sha1sum Packages.gz  | cut -d" " -f1) $PKGS_GZ
SHA256:
$(sha256sum Packages | cut -d" " -f1) $PKGS
$(sha256sum Packages.gz | cut -d" " -f1) $PKGS_GZ
EOF
gpg --yes -u $gpgKey --sign -bao Release.gpg Release
EOFSH
chmod 755 ${updatescript}
Don't forget to install the dpkg-scanpackages util:
apt-get install dpkg-dev
Repo creation/updateRequired steps for creation/update:
  • add your deb-packages to /var/www/html/repo/deb-packages
  • run the creation script /usr/bin/update-repo.sh
Script output example (for a single package):
/usr/bin/update-repo.sh
dpkg-scanpackages: info: Wrote 1 entries to output Packages file.
Clients setupFirst, add your repo to the apt source lists:
wget -O -  http://192.168.56.48/repo/boozlachuRepo.gpg | sudo apt-key add -
echo 'deb http://192.168.56.48/repo/ ./ ' >  /etc/apt/sources.list.d/boozlachuRepo.list
apt-get update
You can now use this repo on clients:
root@alexey-VirtualBox:~# apt-cache search testpackage
testpackage - simple testpackage for demo
My test package is now available for installation.
===========
Источник:
habr.com
===========

Похожие новости: Теги для поиска: #_nastrojka_linux (Настройка Linux), #_*nix, #_razrabotka_pod_linux (Разработка под Linux), #_devops, #_linux, #_debian, #_ubuntu, #_repository, #_bash, #_devops, #_development, #_nastrojka_linux (
Настройка Linux
)
, #_*nix, #_razrabotka_pod_linux (
Разработка под Linux
)
, #_devops
Профиль  ЛС 
Показать сообщения:     

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы

Текущее время: 22-Ноя 13:37
Часовой пояс: UTC + 5