Debian package repository.
- Based upon: the guide for setting up a private debian repository.
$ ./create-image.sh
Assuming the configuration is done, you can start the server as;
$ export CONFIG_FOLDER=/home/config_here
$ export WEBSERVER_PORT=8080
$ export SSH_PORT=2222
$ docker run -v $CONFIG_FOLDER:/srv/ -p $WEBSERVER_PORT:80 -p $SSH_PORT:22 -d solidhal/reprepro
There are three ways to configurate the image;
- Interactive
- Environmental
- Manual
Stand-alone (Interactive configuration);
$ export CONFIG_FOLDER=/home/config_here
$ export WEBSERVER_PORT=8080
$ export SSH_PORT=2222
$ docker run -v $CONFIG_FOLDER:/srv/ -p $WEBSERVER_PORT:80 -p $SSH_PORT:22 -it solidhal/reprepro
Stand-alone (Environemental configuration);
$ export CONFIG_FOLDER=/home/config_here
$ export WEBSERVER_PORT=8080
$ export SSH_PORT=2222
$ export HOSTNAME="{{YOUR-DOMAIN-NAME}}"
$ export PROJECT_NAME="{{NAME-OF-APT-REPO}}"
$ export CODE_NAME="{{CODENAME-OF-OS-RELEASE}}"
$ docker run -v $CONFIG_FOLDER:/srv/ -p $WEBSERVER_PORT:80 -p $SSH_PORT:22 \
-e HOSTNAME=$HOSTNAME \
-e PROJECT_NAME=$PROJECT_NAME -e CODE_NAME=$CODE_NAME \
-it solidhal/reprepro
Stand-alone (Manual); The same as 'Configuration done'
$CONFIG_FOLDER
: The folder in which the reprepro configuration is stored.$WEBSERVER_PORT
: The exposed nginx port (where packages are served).$SSH_PORT
: The exposed openssh-port (which is used for uploading packages).
Note: Running in interactive configuration mode will prompth the user for this information.
Note: For manual configuration see the bottom of this file.
-
Gpg key information lower down
-
$HOSTNAME
: The hostname of the server (i.e. the url on which it's reached). -
$PROJECT_NAME
: The name of the apt repository (can be anything). -
$CODE_NAME
: The code-name of the os release for which packages will be served (wheezy/jessie/ect).
While most of the configuration can be done inside the container.
The authorized_keys
file (for uploading packages) must be supplied from outside the container.
The keys are required for adding packages to the system, and should be added to;
$CONFIG_FOLDER/home/debian/.ssh/authorized_keys
Assuming you have generated a ssh key-set on the machine, you can do this by running;
$ export CONFIG_FOLDER=/home/config_here
$ cp ~/.ssh/id_rsa.pub $CONFIG_FOLDER/home/debian/.ssh/authorized_keys
Generating a ssh key-set can be done by running;
$ ssh-keygen
And following the instructions.
Note: The image is able to run without authorized_keys
being in place,
however uploading packages will not be an option then.
The below assumes that you are in the folder of your .deb
package.
The example is based upon uploading kicad*.deb
(multiple packages).
$ export SSH_PORT=2222
$ export HOSTNAME="{{YOUR-DOMAIN-NAME}}"
$ export CODE_NAME="{{CODENAME-OF-OS-RELEASE}}"
$ scp -P SSH_PORT kicad*.deb debian@$HOSTNAME:
$ ssh -p SSH_PORT debian@$HOSTNAME "sudo chmod -R 777 /var/www/repos/"
$ ssh -p SSH_PORT debian@$HOSTNAME "reprepro -b /var/www/repos/apt/debian includedeb $CODE_NAME *.deb"
Once the repository is up and running, clients will need to be configured to use it.
The nginx webserver (which hosts the repository) has an index page with configuration information.
Assuming your hostname is $HOSTNAME
head over to http://$HOSTNAME/
, and these two commands will be shown;
$ wget -O - http://$HOSTNAME/$HOSTNAME.gpg.key | apt-key add -
$ echo "deb http://$HOSTNAME/ $CODE_NAME main" > /etc/apt/sources.list.d/$HOSTNAME.list
At this point the repository is added, and you can run;
$ apt-get update
$ apt-get install $PACKAGE_NAME
To install $PACKAGE_NAME
from your own repository to the client system.
Note: The repository is non-functional until the first package has been added.
Instead of using the interactive or environmental configuration,
you can simply provide your own configuration files inside $CONFIG_FOLDER
,
alike how it was done with the authorized_keys
file.
See the section above.
The GPG keys are used for signing packages, they can be provided to;
$CONFIG_FOLDER/home/debian/.gnupg/master_pub.gpg
$CONFIG_FOLDER/home/debian/.gnupg/signing_sec.pgp
Generating gpg keys can be done by running;
$ gpg --gen-key
I suggest making a master with a long time to expire, then a signing sub key with a shorter time to expire. Keep the master offline, and backed up. Export the master pub and the signing key Then if your signing key is exposed, you can revoke it, and issue a new one with your safe offline master key.
Right now you can only see the subkey key ids when you are in edit mode:
gpg --edit-key
See a good how to here https://www.debuntu.org/how-to-importexport-gpg-key-pair/ But remember to only export the master public key and the sub key private key. Export the master key at a different time to back it up.
The nginx sites-enabled
file can be provided as:
$CONFIG_FOLDER/etc/nginx/sites-enabled/reprepro-repository
The reprepro configuration file can be provided as;
$CONFIG_FOLDER/var/www/repos/apt/debian/conf/options