Setting Up An APT Repository With reprepro And nginx On Debian Wheezy
Abstract: vi /var/packages/debian/conf/distributions The address of our apt repository will be apt.example.comgpg --armor --output /var/packages/apt.example.com
This tutorial explains how to set up an apt repository with the tool reprepro and a Debian Wheezy system. The repository will be served by an nginx server.
1 Preliminary Note
In this tutorial I want to set up a small apt repository for the nginx packages that I built in the tutorial Using ngx_pagespeed With nginx On Debian Jessie/testing. Therefore my repository will be fpr Debian testing, not stable, so you have to adjust this tutorial where appropriate.
2 Generating A Key For Signing Packages
We will have to create a key for signing packages. This key can be generated with gnupg which we install as follows:
apt-get install gnupg
On servers, when generating a key, you might see this common error:
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)
To avoid this, we install rng-tools:
apt-get install rng-tools
Open /etc/default/rng-tools...
vi /etc/default/rng-tools
... and make sure you have the following line in it:
[...] HRNGDEVICE=/dev/urandom [...]
Then start rng-tools...
/etc/init.d/rng-tools start
... and generate your key:
gpg --gen-key
3 Configuring Your Repository
Install reprepro:
apt-get install reprepro
Let's use the directory /var/packages as the root directory for our repository. Create the directory /var/packages/debian/conf:
mkdir -p /var/packages/debian/conf
Let's find out about the key we have created in chapter 1:
gpg --list-keys
[email protected]:~# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/434433F2 2014-02-05
uid Falko Timme (Falko Timme) <[email protected]>
sub 2048R/C7C1365D 2014-02-05
[email protected]:~#
Our public key is C7C1365D. We have to use this from now on.
Create the file /var/packages/debian/conf/distributions as follows:
vi /var/packages/debian/conf/distributions
The address of our apt repository will be apt.example.com, so we use this in the Origin and Label lines. In the SignWith line, we add our public key (C7C1365D):
Origin: apt.example.com Label: apt.example.com Codename: testing Architectures: amd64 Components: main Description: Example APT Repository SignWith: C7C1365D DebOverride: override.testing DscOverride: override.testing
Create the (empty) file /var/packages/debian/conf/override.testing:
touch /var/packages/debian/conf/override.testing
Then create the file /var/packages/debian/conf/options:
vi /var/packages/debian/conf/options
verbose ask-passphrase basedir /var/packages/debian
To sign our deb packages with our public key, we need the package dpkg-sig:
apt-get install dpkg-sig
My nginx deb packages that I want to import into the apt repository are located in the /usr/src/pagespeed directory. Let's sign those packages as follows (again, make sure you use the correct public key):
dpkg-sig -k C7C1365D --sign builder /usr/src/pagespeed/*.deb
Now we import the deb packages into our apt repository:
cd /var/packages/debian
reprepro includedeb testing /usr/src/pagespeed/*.deb
4 Configuring nginx
We need a webserver to serve our apt repository. In this example I'm using an nginx webserver.
apt-get install nginx
Configure a vhost for apt.example.com:
vi /etc/nginx/sites-available/apt.example.com.vhost
server {
listen 80;
server_name apt.example.com;
access_log /var/log/nginx/packages-error.log;
error_log /var/log/nginx/packages-error.log;
location / {
root /var/packages;
index index.html;
autoindex on;
}
location ~ /(.*)/conf {
deny all;
}
location ~ /(.*)/db {
deny all;
}
}
Enable the vhost and reload nginx:
cd /etc/nginx/sites-enabled
ln -s ../sites-available/apt.example.com.vhost .
/etc/init.d/nginx reload
Let's create a GPG key for the repository:
gpg --armor --output /var/packages/apt.example.com.gpg.key --export C7C1365D
5 Using The Repository
To use the repository, place the following line in your /etc/apt/sources.list:
vi /etc/apt/sources.list
[...] deb http://apt.example.com/debian/ testing main [...]
If you want this repository to always have precedence over other repositories, you should have this line right at the beginning of your /etc/apt/sources.list and add the following entry to /etc/apt/preferences (check out our A Short Introduction To Apt-Pinning tutorial):
vi /etc/apt/preferences
Package: * Pin: origin apt.example.com Pin-Priority: 1001
Before we can use the repository, we must import its key:
wget -O - -q http://apt.example.com/apt.example.com.gpg.key | apt-key add -
Then update your package database:
apt-get update
Now you can start using the repository and install packages from it, e.g. like this:
apt-get install nginx
6 Links
- Debian: http://www.debian.org/
