要建立自己的Debian Package Repository需要執行以以下幾個步驟:

  1. 利用gpg產生OpenPGP key。這個key會被reprepro用來做簽章。
  2. 安裝設定好reprepro套件,並利用reprepro來導入要被下載的deb檔。
  3. 安裝設定好apache2 server,讓外部使用者可以連線並下載deb檔。
接下來就一步一步說明。
 

1. gpg 產生key

 

執行以下的命令來產生key。

$ gpg --full-generate-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
 
GnuPG needs to construct a user ID to identify your key.
 
Real name: Frank
Email address: frank@example.com
Comment:
You selected this USER-ID:
"Frank <frank@example.com>"
 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/ubuntu/.gnupg/trustdb.gpg: trustdb created
gpg: key 2D408A217696F776 marked as ultimately trusted
gpg: directory '/home/ubuntu/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/1912B4D6FF91DB9C7E9563052D408A217696F776.rev'
public and secret key created and signed.
 
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
pub rsa4096 2021-11-26 [SC]
1912B4D6FF91DB9C7E9563052D408A217696F776
uid Frank <frank@example.com>

如果執行的過程中出現以下的錯誤

GPG error "Not enough random bytes available. Please do some other work to give the OS a chance to collect more"

可安裝 rng-tools 解決。

$ sudo apt-get install rng-tools

將public key匯出成ASCII 格式。存起來之後的步驟會使用到。

$ gpg --armor --output frank.gpg.key --export <keyid>

其中keyid 以上面的例子應該為  

1912B4D6FF91DB9C7E9563052D408A217696F776

frank.gpg.key則可以替換成任何的名字。

2. 安裝設定reprepro

reprepro 是用來建立deb repository相關的資料夾。使用他可以很簡單的把deb檔匯入repository。不用自己慢慢的手動設定。

安裝reprepro。

$ sudo apt-get install reprepro

建立repository目錄,並在底下建立conf目錄。本文用/home/ubuntu/apt-server做範例。

$ mkdir -p /home/ubuntu/apt-server/conf

在conf底下新增一個distributions檔案,並增加以下的內容。

 

Origin: apt repository
Label: apt repository
Codename: <os_release>
Architectures: amd64
Components: main
Description: debian package repo
SignWith: <keyid>
Pull: <os_release>

其中<os_release>為ubuntu的code name。以18.04來說的話就是bionic。<keyid>則是上面步驟中所產生的key的id。

將deb檔匯入repository裡

$ reprepro -Vb /home/ubuntu/apt-server includedeb <osrelease> <debfile>

如果出現以下錯誤

No section given for 'xxxxxxx', skipping.
There have been errors!

或是

No priority given for 'xxxxxxx', skipping.
There have been errors!

可能要檢查一下deb檔案內的DEBIAN/control檔,是不是有加入section和priority兩個設定。例如

section: utils
priority: optional

3. 設定apache2 server

接下來需要安裝設定apache2 server。讓其他使用者可以連進來下載deb檔。

安裝apache2。

$ sudo apt-get install apache2

在apache2中新增一設定檔,讓使用者可以連進/home/ubuntu/apt-server。

$ sudo vi /etc/apache2/conf.available/repos.conf

repos.conf中新增以下內容,讓其他的使用者除了pool和dists資料夾以外都不能讀取。

Alias /apt-server /home/ubuntu/apt-server
 
<Directory /home/ubuntu/apt-server/ >
Options Indexes FollowSymLinks Multiviews
Require all granted
</Directory>
 
<Directory "/home/ubuntu/apt-server/db/">
Require all denied
</Directory>
 
<Directory "/home/ubuntu/apt-server/conf/">
Require all denied
</Directory>
 
<Directory "/home/ubuntu/apt-server/incoming/">
Require all denied
</Directory>

修改完後存檔,並執行以下命令讓apache2執行設定檔。

$ sudo a2enconf repos
$ sudo systemctl reload apache2

加入前面存起來的public key到server底下。這樣其他的使用者可以直接用wget去抓取並加入他的apt-key中。

$ cp frank.gpg.key /home/ubuntu/apt-server

4. 連接建立好的repository

使用者需要在另一台電腦上執行以下的步驟,才能連接到前面建立好的repository並下載上面的deb檔案。

下載repository的public key並加入apt-key中。

$ wget -O - http://www.example.com/apt-server/frank.gpg.key | apt-key add -

將server加入apt source裡面。

$ sudo vi /etc/apt/sources.list.d/frank.list

在檔案內容加入

$ deb http://www.example.com/apt-server <osrelease> main

存檔後執行以下指令。

$ sudo apt update

然後就可以安裝你在server上放的deb檔案了!

$ sudo apt install <your-package>

 

參考連結:

https://wiki.debian.org/DebianRepository/SetupWithReprepro

arrow
arrow
    文章標籤
    ubuntu deb repository reprepro gpg linux debian
    全站熱搜

    阿轟師 發表在 痞客邦 留言(0) 人氣()