Reprepro is a simple and quite commonly used tool to create Debian repositories.

Contents

  1. Installation
  2. Base Configuration
    1. Content of conf/distributions
    2. Content of conf/uploaders
    3. Content of conf/incoming
    4. Content of index.html (optional)
    5. Inotify configuration
    6. Creating PGP key for repository
    7. reprepro Wrap up
    8. Adding keys to uploaders (e.g. who can send packages to koumbit's debian repo?)
    9. Bumping repository key expiry date
  3. Basic usage
    1. Listing all packages in a certain distribution
    2. List all releases and versions of a package
  4. Nginx frontend
  5. References

Installation

apt-get install reprepro inoticoming
apt-get install -t squeeze-backports nginx-light

Base Configuration

jenkins:/srv# adduser --system --home /src/reprepro --group reprepro
jenkins:/srv# mkdir reprepro
jenkins:/srv# chown reprepro:reprepro reprepro/
jenkins:/srv# chmod 771 reprepro/
jenkins:/srv# cd reprepro/
jenkins:/srv/reprepro# mkdir conf db dists pool incoming logs tmp
jenkins:/srv/reprepro# chmod 770 conf db
jenkins:/srv/reprepro# chmod 1777 incoming
jenkins:/srv/reprepro# cd conf/

Content of conf/distributions

Origin: aegir
Label: aegir
Suite: stable
Pull: testing
Codename: squeeze
Version: 6.0
Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386
Components: main non-free contrib
Description: aegir specific (or backported) packages
SignWith: yes
Uploaders: uploaders

Origin: aegir
Label: aegir
Suite: testing
Pull: unstable
Codename: wheezy
Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386
Components: main non-free contrib
Description: aegir specific (or backported) packages
SignWith: yes
Uploaders: uploaders

Origin: aegir
Label: aegir
Suite: unstable
Codename: sid
Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386
Components: main non-free contrib
Description: aegir specific (or backported) packages
SignWith: yes
Uploaders: uploaders

Content of conf/uploaders

allow * by key 1234567890ABCDEF

Content of conf/incoming

Name: incoming
IncomingDir: incoming
TempDir: tmp
Allow: oldstable>lenny stable>squeeze testing>wheezy unstable>sid
Cleanup: on_deny on_error

Content of index.html (optional)

<html>
<head>
<title>Aegir's Debian package repository</title>
</head>
<body>
<h1>Introduction</h1>

<p>This is the Debian package repository for the Aegir project.</p>

<h1>How to use</h1>

<p>In your /etc/apt/source.list:

<pre>
deb http://debian.aegirproject.org/debian squeeze main
deb-src http://debian.aegirproject.org/debian squeeze main
</pre>

"squeeze", of course, can be replaced by your distribution. For more information on this archive and the way it is managed, see the <a href="http://community.aegirproject.org/debian">http://community.aegirproject.org/debian</a>.

<h2>Adding the archive key to your keyring</h2>

<p>This archive self-signs packages uploaded to it (and packages uploaded are
verified against a whitelist of trusted uploaders) using OpenPGP (GnuPG, to be
more precise).</p>

<p>The key of the archive is in the <a href="/debian/key.asc">key.asc file</a>. You should add the key using something like this:</p>

<pre>
wget http://debian.aegirproject.org/debian/key.asc
apt-key add key.asc
apt-get update
</pre>

<h2>Browsing the archive</h2>

There is no interactive interface to browse the archive.

<ul>
<li>To see the list of all packages regardless of the distribution, see the <a href="/debian/pool">pool directory</a></li>
<li>To see the package descriptions per distribution, see the <a href="/debian/dists">dists directory</a>
</li>

Inotify configuration

Inotify is a daemon that can watch the incoming directory for new packages... ToDo.

Creating PGP key for repository

A pgp key need to be generated for the archive to be signed: 

sudo -u reprepro -i
gpg --gen-key

reprepro Wrap up

sudo -u reprepro -i
reprepro -b /srv/reprepro createsymlinks
reprepro -b /srv/reprepro export

Adding keys to uploaders (e.g. who can send packages to koumbit's debian repo?)

Something like this: 

sudo -u reprepro -i
gpg --search-keys foo@bar.com
gpg --fingerprint foo@bar.com ; gpg --check-sigs foo@bar.com # check if this is the real key
echo allow * by key 1234567890ABCDEF >> /srv/reprepro/conf/uploaders

Bumping repository key expiry date

Voir: JenkinsMaintenance#Renouveler_la_clef_PGP_de_reprepro

Basic usage

This section should really be in a RepreproMaintenance page... but currently we have information scattered in a couple places already so adding one more page feels like adding to the feeling of being lost.

The examples here should be executed as root on jenkins0:

Listing all packages in a certain distribution

sudo -u reprepro reprepro -b /srv/reprepro list unstable

List all releases and versions of a package

sudo -u reprepro reprepro -b /srv/reprepro ls alternc

Nginx frontend

apt-get install -t squeeze-backports nginx-light

setup the config file: 

jenkins:/etc/nginx/conf.d# cat debian.conf
server {
  listen 80;
  server_name debian.aegirproject.org;
  index index.html;
  root /srv/reprepro;
}

and restart nginx: 

/etc/init.d/nginx restart

(!) For integration with jenkins, I use https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx - but unfortunately it breaks the nice AJAX stuff.

References

RepreproConfiguration (last edited 2022-04-28 11:01:16 by kienan)