Apt Repository
(→Adding Packages) |
|||
| (4 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
We now have our own apt repository on hephaestus. We don't mirror the entire Debian repo; we just have our own packages. Cfengine places the appropriate line in sources.list on each machine. | We now have our own apt repository on hephaestus. We don't mirror the entire Debian repo; we just have our own packages. Cfengine places the appropriate line in sources.list on each machine. | ||
| − | It has packages under distribution "lenny", section "main". The origin is set to UGCS for easy pinning (use a line like "Pin: release o=UGCS"). Use | + | It has packages under distribution "lenny" or "squeeze" (as appropriate), section "main". The origin is set to UGCS for easy pinning (use a line like "Pin: release o=UGCS"). Use |
| − | deb http:// | + | deb http://apt.ugcs.caltech.edu/debian lenny main |
to use our packages on your system. | to use our packages on your system. | ||
| Line 10: | Line 10: | ||
=Adding Packages= | =Adding Packages= | ||
| − | We are using reprepro to maintain the repository. The repository directory is writable by the sysadmin group, so you don't need to use sudo to add a a package. If you built a package correctly (with source and all), you can add it with the following command | + | We are using reprepro to maintain the repository. The repository directory is writable by the sysadmin group, so you don't need to use sudo to add a a package. If you built a package correctly (with source and all), you can add it with the following command: |
| − | reprepro -Vb / | + | reprepro -Vb /afs/.ugcs/public/apt include lenny package_version.changes |
Most packages should be built for both i386 and amd64. On one of the architectures, build with 'dpkg-buildpackge -B' to not include the architecture independent parts (reprepro will complain if you try to upload the same thing twice and it has a different checksum). | Most packages should be built for both i386 and amd64. On one of the architectures, build with 'dpkg-buildpackge -B' to not include the architecture independent parts (reprepro will complain if you try to upload the same thing twice and it has a different checksum). | ||
| Line 19: | Line 19: | ||
After adding a package, you should sign the release file. | After adding a package, you should sign the release file. | ||
| − | cd / | + | cd /afs/.ugcs/public/apt/dists/lenny |
GNUPGHOME=/afs/.ugcs/public/apt/conf/gnupg gpg --armor --detach-sign Release | GNUPGHOME=/afs/.ugcs/public/apt/conf/gnupg gpg --armor --detach-sign Release | ||
mv Release.asc Release.gpg | mv Release.asc Release.gpg | ||
The base Release file contains md5's and sha1's of everything else, so it's the only thing you need to sign. Please don't forget to do it- otherwise aptitude will complain about installing packages from untrusted sources. | The base Release file contains md5's and sha1's of everything else, so it's the only thing you need to sign. Please don't forget to do it- otherwise aptitude will complain about installing packages from untrusted sources. | ||
| + | |||
| + | =Toughguy forward= | ||
| + | Since debian netboot installer images have difficulty with our weird networking, http://hephaestus/toughguy is a proxy for http://toughguy/public/linux/debian | ||
| + | |||
See also: [[Building_Packages]] | See also: [[Building_Packages]] | ||
[[Category:Sysadmin_Documentation]] | [[Category:Sysadmin_Documentation]] | ||
Latest revision as of 04:59, 21 June 2011
We now have our own apt repository on hephaestus. We don't mirror the entire Debian repo; we just have our own packages. Cfengine places the appropriate line in sources.list on each machine.
It has packages under distribution "lenny" or "squeeze" (as appropriate), section "main". The origin is set to UGCS for easy pinning (use a line like "Pin: release o=UGCS"). Use
deb http://apt.ugcs.caltech.edu/debian lenny main
to use our packages on your system.
Signatures
The archive is signed with the key apt@ugcs.caltech.edu; you can get it from a keyserver. Its key ID is 19BF57EC, and its fingerprint is 5387 F633 29C8 90F5 A185 F392 7DB8 8140 19BF 57EC
Adding Packages
We are using reprepro to maintain the repository. The repository directory is writable by the sysadmin group, so you don't need to use sudo to add a a package. If you built a package correctly (with source and all), you can add it with the following command:
reprepro -Vb /afs/.ugcs/public/apt include lenny package_version.changes
Most packages should be built for both i386 and amd64. On one of the architectures, build with 'dpkg-buildpackge -B' to not include the architecture independent parts (reprepro will complain if you try to upload the same thing twice and it has a different checksum).
You can also include a .deb like:
reprepro -Vb /afs/.ugcs/public/apt includedeb lenny package.deb
After adding a package, you should sign the release file.
cd /afs/.ugcs/public/apt/dists/lenny GNUPGHOME=/afs/.ugcs/public/apt/conf/gnupg gpg --armor --detach-sign Release mv Release.asc Release.gpg
The base Release file contains md5's and sha1's of everything else, so it's the only thing you need to sign. Please don't forget to do it- otherwise aptitude will complain about installing packages from untrusted sources.
Toughguy forward
Since debian netboot installer images have difficulty with our weird networking, http://hephaestus/toughguy is a proxy for http://toughguy/public/linux/debian
See also: Building_Packages
