Creazione di un Repository APT con key signing: Difference between revisions

From RVM Wiki
Jump to navigation Jump to search
VisualWikitext
m New page: Prima di tutto bisogna creare un pacchetto firmato. ==Creare un repository standard== Il repository deve essere accessibile tramite l'indirizzo '''http://support.rvmgroup.it/debian''' ...
 
mNo edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Prima di tutto bisogna creare un pacchetto firmato.
Prima di tutto bisogna creare un pacchetto firmato.


* PER UNA COSA PIÙ COMPLETA VEDI [http://www.rigacci.org/wiki/doku.php/doc/appunti/linux/sa/debian_repository Howto create a Debian repository (rigacci.org)]
==Creare un repository standard==
==Creare un repository standard==


Line 55: Line 56:
cd ..
cd ..
rm -f binary/Packages binary/Sources
rm -f binary/Packages binary/Sources
ssh -t fire.rvmgroup.it 'gpg -abs -o Release.gpg Release; scp Release.gpg support.rvmgroup.it:/var/www/rvmgroup.it/support/html/debian/binary'
ssh -t fire.rvmgroup.it 'gpg -abs -o Release.gpg Release'
scp fire.rvmgroup.it:Release.gpg /var/www/rvmgroup.it/support/html/debian/binary
</pre>
</pre>


Line 64: Line 66:
  mnt.vvngrl@ergo:~$ gpg -abs -o Release.gpg Release
  mnt.vvngrl@ergo:~$ gpg -abs -o Release.gpg Release
  mnt.vvngrl@ergo:~$ scp Release.gpg support.rvmgroup.it:/var/www/rvmgroup.it/support/html/debian/binary
  mnt.vvngrl@ergo:~$ scp Release.gpg support.rvmgroup.it:/var/www/rvmgroup.it/support/html/debian/binary
==Configurazione client==
sources.list
<pre>
/etc/apt/sources.list
...
deb http://support.rvmgroup.it/debian binary/
</pre>
Importazione chiave
<pre>
sudo ls
wget http://support.rvmgroup.it/debian//gabriele.mailing@rvmgroup.it-public.key.gpg -O - | sudo apt-key add -
</pre>
sudo apt-get update
==Riferimenti==
*[http://groups.google.ch/group/linux.debian.devel.mentors/browse_thread/thread/659a86953869de2f/ca50fd45b6fadc0e?lnk=st&q=Unable+to+find+expected+entry++Packages+in+Meta-index+file&rnum=5#ca50fd45b6fadc0e  how to create a Release file - linux.debian.devel.mentors | Google Gruppi:]
*[http://wiki.debian.org/HowToSetupADebianRepository HowToSetupADebianRepository - Debian Wiki]
*[http://guide.debianizzati.org/index.php/Creare_un_Repository_Debian Creare un Repository Debian - Guide@Debianizzati.Org]
*[http://www.debian.org/doc/manuals/repository-howto/repository-howto Debian Repository HOWTO]
*[http://www.debian-administration.org/articles/286 Debian Administration :: Setting up your own APT repository with upload support]
*[http://forums.debian.net/viewtopic.php?t=15209 Debian User Forums :: View topic - Package signing problem]
*[http://forums.debian.net/viewtopic.php?t=7320 Debian User Forums :: View topic - The correct way to sign debian packages]
*[http://wiki.debian.org/SecureApt SecureApt - Debian Wiki]

Latest revision as of 16:47, 19 August 2011

Prima di tutto bisogna creare un pacchetto firmato.

Creare un repository standard

Il repository deve essere accessibile tramite l'indirizzo

http://support.rvmgroup.it/debian

E deve essere con la struttura: 

/var/www/rvmgroup.it/support/html/debian
|-- binary
|   |-- ....
|   `-- ....
|-- firma
|-- gabriele.mailing@rvmgroup.it-public.key.gpg
`-- source
  • firma: script di signing (vedi avanti)
  • gabriele.mailing@rvmgroup.it-public.key.gpg: chiave pubblica per firma

Copiare i pacchetti GIA' FIRMATI in binary

Firma repository

Creare lo script 

#!/bin/bash
cd /var/www/rvmgroup.it/support/html/debian/binary
rm -f Contents.bz2 Contents.gz Packages.bz2 Packages.gz \
      Release Release.gpg Sources.bz2 Sources.gz
cd ..

apt-ftparchive contents binary > binary/Contents
bzip2 -k binary/Contents
gzip -9 binary/Contents
apt-ftparchive packages binary > binary/Packages
bzip2 -k binary/Packages
gzip -9c binary/Packages > binary/Packages.gz
apt-ftparchive sources binary > binary/Sources
bzip2 -k binary/Sources
gzip -9c binary/Sources > binary/Sources.gz
cd binary
apt-ftparchive \
        -o APT::FTPArchive::Release::Origin="RVMGroup.it archive " \
        -o APT::FTPArchive::Release::Label="RVMGroup.it archive" \
        -o APT::FTPArchive::Release::Architectures="i386" \
        -o APT::FTPArchive::Release::Components="binary" \
        -o APT::FTPArchive::Release::Description="RVMGroup Debian Repository" \
        -o APT::FTPArchive::Release::Codename="binary" \
        -o APT::FTPArchive::Release::Suite="binary" \
        release . > Release
cd ..
rm -f binary/Packages binary/Sources
ssh -t fire.rvmgroup.it 'gpg -abs -o Release.gpg Release'
scp fire.rvmgroup.it:Release.gpg /var/www/rvmgroup.it/support/html/debian/binary

Firmare CON LA STESSA CHIAVE DEI PACCHETTI il file Release, chiamandolo Release.gpg e copiarlo in binary: 

scp binary/Release fire.rvmgroup.it:

mnt.vvngrl@ergo:~$ gpg -abs -o Release.gpg Release
mnt.vvngrl@ergo:~$ scp Release.gpg support.rvmgroup.it:/var/www/rvmgroup.it/support/html/debian/binary

Configurazione client

sources.list 

/etc/apt/sources.list
...
deb http://support.rvmgroup.it/debian binary/


Importazione chiave 

sudo ls
wget http://support.rvmgroup.it/debian//gabriele.mailing@rvmgroup.it-public.key.gpg -O - | sudo apt-key add -

sudo apt-get update

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Creazione_di_un_Repository_APT_con_key_signing&oldid=7878"