Creazione di un Repository APT con key signing

Prima di tutto bisogna creare un pacchetto firmato.

• PER UNA COSA PIÙ COMPLETA VEDI Howto create a Debian repository (rigacci.org)

Il repository deve essere accessibile tramite l'indirizzo

http://support.rvmgroup.it/debian

E deve essere con la struttura:

/var/www/rvmgroup.it/support/html/debian
|-- binary
|   |-- ....
|   `-- ....
|-- firma
|-- gabriele.mailing@rvmgroup.it-public.key.gpg
`-- source

• firma: script di signing (vedi avanti)
• gabriele.mailing@rvmgroup.it-public.key.gpg: chiave pubblica per firma

Copiare i pacchetti GIA' FIRMATI in binary

Creare lo script

#!/bin/bash
cd /var/www/rvmgroup.it/support/html/debian/binary
rm -f Contents.bz2 Contents.gz Packages.bz2 Packages.gz \
      Release Release.gpg Sources.bz2 Sources.gz
cd ..

apt-ftparchive contents binary > binary/Contents
bzip2 -k binary/Contents
gzip -9 binary/Contents
apt-ftparchive packages binary > binary/Packages
bzip2 -k binary/Packages
gzip -9c binary/Packages > binary/Packages.gz
apt-ftparchive sources binary > binary/Sources
bzip2 -k binary/Sources
gzip -9c binary/Sources > binary/Sources.gz
cd binary
apt-ftparchive \
        -o APT::FTPArchive::Release::Origin="RVMGroup.it archive " \
        -o APT::FTPArchive::Release::Label="RVMGroup.it archive" \
        -o APT::FTPArchive::Release::Architectures="i386" \
        -o APT::FTPArchive::Release::Components="binary" \
        -o APT::FTPArchive::Release::Description="RVMGroup Debian Repository" \
        -o APT::FTPArchive::Release::Codename="binary" \
        -o APT::FTPArchive::Release::Suite="binary" \
        release . > Release
cd ..
rm -f binary/Packages binary/Sources
ssh -t fire.rvmgroup.it 'gpg -abs -o Release.gpg Release'
scp fire.rvmgroup.it:Release.gpg /var/www/rvmgroup.it/support/html/debian/binary

Firmare CON LA STESSA CHIAVE DEI PACCHETTI il file Release, chiamandolo Release.gpg e copiarlo in binary:

scp binary/Release fire.rvmgroup.it:

mnt.vvngrl@ergo:~$ gpg -abs -o Release.gpg Release
mnt.vvngrl@ergo:~$ scp Release.gpg support.rvmgroup.it:/var/www/rvmgroup.it/support/html/debian/binary

sources.list

/etc/apt/sources.list
...
deb http://support.rvmgroup.it/debian binary/

Importazione chiave

sudo ls
wget http://support.rvmgroup.it/debian//gabriele.mailing@rvmgroup.it-public.key.gpg -O - | sudo apt-key add -

sudo apt-get update

• how to create a Release file - linux.debian.devel.mentors | Google Gruppi:

• HowToSetupADebianRepository - Debian Wiki

• Creare un Repository Debian - Guide@Debianizzati.Org

• Debian Repository HOWTO

• Debian Administration :: Setting up your own APT repository with upload support

• Debian User Forums :: View topic - Package signing problem

• Debian User Forums :: View topic - The correct way to sign debian packages

• SecureApt - Debian Wiki