The reprepro configuration is all handled by puppet now. The Jenkins service also performs automatic configuration of its own archive. See JenkinsGuide for usage, PackageBuildingGuide for other package building instructions and 9178 for history.

Reprepro is a simple and quite commonly used tool to create Debian repositories.

Installation

apt-get install reprepro inoticoming
apt-get install -t squeeze-backports nginx-light

Base Configuration

jenkins:/srv# adduser --system --home /src/reprepro --group reprepro
jenkins:/srv# mkdir reprepro
jenkins:/srv# chown reprepro:reprepro reprepro/
jenkins:/srv# chmod 771 reprepro/
jenkins:/srv# cd reprepro/
jenkins:/srv/reprepro# mkdir conf db dists pool incoming logs tmp
jenkins:/srv/reprepro# chmod 770 conf db
jenkins:/srv/reprepro# chmod 1777 incoming
jenkins:/srv/reprepro# cd conf/

Content of conf/distributions

Origin: aegir
Label: aegir
Suite: stable
Pull: testing
Codename: squeeze
Version: 6.0
Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386
Components: main non-free contrib
Description: aegir specific (or backported) packages
SignWith: yes
Uploaders: uploaders

Origin: aegir
Label: aegir
Suite: testing
Pull: unstable
Codename: wheezy
Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386
Components: main non-free contrib
Description: aegir specific (or backported) packages
SignWith: yes
Uploaders: uploaders

Origin: aegir
Label: aegir
Suite: unstable
Codename: sid
Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386
Components: main non-free contrib
Description: aegir specific (or backported) packages
SignWith: yes
Uploaders: uploaders

Content of conf/uploaders

allow * by key 1234567890ABCDEF

Content of conf/incoming

Name: incoming
IncomingDir: incoming
TempDir: tmp
Allow: oldstable>lenny stable>squeeze testing>wheezy unstable>sid
Cleanup: on_deny on_error

Content of index.html (optional)

<html>
<head>
<title>Aegir's Debian package repository</title>
</head>
<body>
<h1>Introduction</h1>

<p>This is the Debian package repository for the Aegir project.</p>

<h1>How to use</h1>

<p>In your /etc/apt/source.list:

<pre>
deb http://debian.aegirproject.org/debian squeeze main
deb-src http://debian.aegirproject.org/debian squeeze main
</pre>

"squeeze", of course, can be replaced by your distribution. For more information on this archive and the way it is managed, see the <a href="http://community.aegirproject.org/debian">http://community.aegirproject.org/debian</a>.

<h2>Adding the archive key to your keyring</h2>

<p>This archive self-signs packages uploaded to it (and packages uploaded are
verified against a whitelist of trusted uploaders) using OpenPGP (GnuPG, to be
more precise).</p>

<p>The key of the archive is in the <a href="/debian/key.asc">key.asc file</a>. You should add the key using something like this:</p>

<pre>
wget http://debian.aegirproject.org/debian/key.asc
apt-key add key.asc
apt-get update
</pre>

<h2>Browsing the archive</h2>

There is no interactive interface to browse the archive.

<ul>
<li>To see the list of all packages regardless of the distribution, see the <a href="/debian/pool">pool directory</a></li>
<li>To see the package descriptions per distribution, see the <a href="/debian/dists">dists directory</a>
</li>

Inotify configuration

Inotify is a daemon that can watch the incoming directory for new packages... ToDo.

PGP

A pgp key need to be generated for the archive to be signed:

sudo -u reprepro -i
gpg --gen-key

Wrap up

sudo -u reprepro -i
reprepro -b /srv/reprepro createsymlinks
reprepro -b /srv/reprepro export

Adding keys to uploaders

Something like this;

sudo -u reprepro -i
gpg --search-keys foo@bar.com
gpg --fingerprint foo@bar.com ; gpg --check-sigs foo@bar.com # check if this is the real key
echo allow * by key 1234567890ABCDEF >> /srv/reprepro/conf/uploaders

Nginx frontend

apt-get install -t squeeze-backports nginx-light

setup the config file:

jenkins:/etc/nginx/conf.d# cat debian.conf
server {
  listen 80;
  server_name debian.aegirproject.org;
  index index.html;
  root /srv/reprepro;
}

and restart nginx:

/etc/init.d/nginx restart

(!) For integration with jenkins, I use https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx - but unfortunately it breaks the nice AJAX stuff.

References

RepreproConfiguration (last edited 2014-09-04 08:18:23 by GabrielFilion)