Debian package repository.

• Based upon: the guide for setting up a private debian repository.

$ ./create-image.sh

Assuming the configuration is done, you can start the server as;

$ export CONFIG_FOLDER=/home/config_here
$ export WEBSERVER_PORT=8080
$ export SSH_PORT=2222
$ docker run -v $CONFIG_FOLDER:/srv/ -p $WEBSERVER_PORT:80 -p $SSH_PORT:22 -d solidhal/reprepro

There are three ways to configurate the image;

• Interactive
• Environmental
• Manual

Stand-alone (Interactive configuration);

$ export CONFIG_FOLDER=/home/config_here
$ export WEBSERVER_PORT=8080
$ export SSH_PORT=2222
$ docker run -v $CONFIG_FOLDER:/srv/ -p $WEBSERVER_PORT:80 -p $SSH_PORT:22 -it solidhal/reprepro

Stand-alone (Environemental configuration);

$ export CONFIG_FOLDER=/home/config_here
$ export WEBSERVER_PORT=8080
$ export SSH_PORT=2222
$ export HOSTNAME="{{YOUR-DOMAIN-NAME}}"
$ export PROJECT_NAME="{{NAME-OF-APT-REPO}}" 
$ export CODE_NAME="{{CODENAME-OF-OS-RELEASE}}" 
$ docker run -v $CONFIG_FOLDER:/srv/ -p $WEBSERVER_PORT:80 -p $SSH_PORT:22 \
             -e HOSTNAME=$HOSTNAME \
             -e PROJECT_NAME=$PROJECT_NAME -e CODE_NAME=$CODE_NAME \
             -it solidhal/reprepro

Stand-alone (Manual); The same as 'Configuration done'

• $CONFIG_FOLDER: The folder in which the reprepro configuration is stored.
• $WEBSERVER_PORT: The exposed nginx port (where packages are served).
• $SSH_PORT: The exposed openssh-port (which is used for uploading packages).

Note: Running in interactive configuration mode will prompth the user for this information.

Note: For manual configuration see the bottom of this file.

• Gpg key information lower down

• $HOSTNAME: The hostname of the server (i.e. the url on which it's reached).

• $PROJECT_NAME: The name of the apt repository (can be anything).

• $CODE_NAME: The code-name of the os release for which packages will be served (wheezy/jessie/ect).

While most of the configuration can be done inside the container.

The authorized_keys file (for uploading packages) must be supplied from outside the container.

The keys are required for adding packages to the system, and should be added to;

$CONFIG_FOLDER/home/debian/.ssh/authorized_keys

Assuming you have generated a ssh key-set on the machine, you can do this by running;

$ export CONFIG_FOLDER=/home/config_here
$ cp ~/.ssh/id_rsa.pub $CONFIG_FOLDER/home/debian/.ssh/authorized_keys

Generating a ssh key-set can be done by running;

$ ssh-keygen

And following the instructions.

Note: The image is able to run without authorized_keys being in place, however uploading packages will not be an option then.

The below assumes that you are in the folder of your .deb package.

The example is based upon uploading kicad*.deb (multiple packages).

$ export SSH_PORT=2222
$ export HOSTNAME="{{YOUR-DOMAIN-NAME}}"
$ export CODE_NAME="{{CODENAME-OF-OS-RELEASE}}"
$ scp -P SSH_PORT kicad*.deb debian@$HOSTNAME:
$ ssh -p SSH_PORT debian@$HOSTNAME "sudo chmod -R 777 /var/www/repos/"
$ ssh -p SSH_PORT debian@$HOSTNAME "reprepro -b /var/www/repos/apt/debian includedeb $CODE_NAME *.deb"

Once the repository is up and running, clients will need to be configured to use it.

The nginx webserver (which hosts the repository) has an index page with configuration information.

Assuming your hostname is $HOSTNAME head over to http://$HOSTNAME/, and these two commands will be shown;

$ wget -O - http://$HOSTNAME/$HOSTNAME.gpg.key | apt-key add - 

$ echo "deb http://$HOSTNAME/ $CODE_NAME main" > /etc/apt/sources.list.d/$HOSTNAME.list 

At this point the repository is added, and you can run;

$ apt-get update
$ apt-get install $PACKAGE_NAME

To install $PACKAGE_NAME from your own repository to the client system.

Note: The repository is non-functional until the first package has been added.

Instead of using the interactive or environmental configuration, you can simply provide your own configuration files inside $CONFIG_FOLDER, alike how it was done with the authorized_keys file.

See the section above.

The GPG keys are used for signing packages, they can be provided to;

$CONFIG_FOLDER/home/debian/.gnupg/master_pub.gpg
$CONFIG_FOLDER/home/debian/.gnupg/signing_sec.pgp

Generating gpg keys can be done by running;

$ gpg --gen-key

I suggest making a master with a long time to expire, then a signing sub key with a shorter time to expire. Keep the master offline, and backed up. Export the master pub and the signing key Then if your signing key is exposed, you can revoke it, and issue a new one with your safe offline master key.

Right now you can only see the subkey key ids when you are in edit mode: gpg --edit-key

See a good how to here https://www.debuntu.org/how-to-importexport-gpg-key-pair/ But remember to only export the master public key and the sub key private key. Export the master key at a different time to back it up.

The nginx sites-enabled file can be provided as:

$CONFIG_FOLDER/etc/nginx/sites-enabled/reprepro-repository

The reprepro configuration file can be provided as;

$CONFIG_FOLDER/var/www/repos/apt/debian/conf/options