Difference between revisions of "Apt repository hosting"
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
* Automating publishing of packages with Aptly, and an easy way to control which packages are published. | * Automating publishing of packages with Aptly, and an easy way to control which packages are published. | ||
* Safe distribution of the AWS Access and Secret keys to users. According to [https://github.com/brianm/apt-s3/ This] they can also come as environment variables <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_KEY_ID</code>. | * Safe distribution of the AWS Access and Secret keys to users. According to [https://github.com/brianm/apt-s3/ This] they can also come as environment variables <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_KEY_ID</code>. | ||
* Add SSL to S3 on my own domain. | |||
* It's recommended [http://www.slideshare.net/SimonBoulet/deploying-with-super-cow-powers-44212139 Here], instead of "precise" to have "dev", "staging" and "prod". (Some other good advice there as well: mirror useful packages to my own repository instead of counting on other people to keep it up. It simplifies keys as well. If other package's conf is needed - setup diversion). | * It's recommended [http://www.slideshare.net/SimonBoulet/deploying-with-super-cow-powers-44212139 Here], instead of "precise" to have "dev", "staging" and "prod". (Some other good advice there as well: mirror useful packages to my own repository instead of counting on other people to keep it up. It simplifies keys as well. If other package's conf is needed - setup diversion). | ||
* Maybe there's a simpler solution than using s3-apt-transport? | * Maybe there's a simpler solution than using s3-apt-transport? | ||
Revision as of 02:15, 1 September 2015
Aptly looks promising.
Had quirk with publishing to us-east-1 on S3: http://www.aptly.info/doc/feature/s3/. Bypassed by using eu-west-1. Troubleshooting S3 with GoLang was interesting :)
For a private repository, I borrowed an idea from here: http://skife.org/apt/aws/2012/10/12/private-apt-repos-in-s3.html (apt-transport-s3 - depended on cdbs on my machine, which was not mentioned in its docs).
Things I'm still unsure of:
- Automating publishing of packages with Aptly, and an easy way to control which packages are published.
- Safe distribution of the AWS Access and Secret keys to users. According to This they can also come as environment variables
AWS_ACCESS_KEY_IDandAWS_SECRET_KEY_ID.
* Add SSL to S3 on my own domain.
- It's recommended Here, instead of "precise" to have "dev", "staging" and "prod". (Some other good advice there as well: mirror useful packages to my own repository instead of counting on other people to keep it up. It simplifies keys as well. If other package's conf is needed - setup diversion).
- Maybe there's a simpler solution than using s3-apt-transport?
- Will CloudFront work OK? Caching can be a pain.
- How do I choose on github on which fork to fix the documentation of the apt-transport-s3 dependency?
Publishing my public keys.
My aptly configuration and some commands:
{
"rootDir": "/home/eburcat/.aptly",
"downloadConcurrency": 4,
"downloadSpeedLimit": 0,
"architectures": [],
"dependencyFollowSuggests": false,
"dependencyFollowRecommends": false,
"dependencyFollowAllVariants": false,
"dependencyFollowSource": false,
"gpgDisableSign": false,
"gpgDisableVerify": false,
"downloadSourcePackages": false,
"ppaDistributorID": "ubuntu",
"ppaCodename": "",
"S3PublishEndpoints": {
"eburcat.private":{
"awsAccessKeyID":"",
"awsSecretAccessKey":"",
"region":"eu-west-1",
"bucket":"repo.eburcat.com",
"prefix":"private",
"acl":"private",
"encryptionMethod":"AES256"
},
"eburcat.public":{
"awsAccessKeyID":"",
"awsSecretAccessKey":"",
"region":"eu-west-1",
"bucket":"repo.eburcat.com",
"prefix":"public",
"acl":"public-read"
}
},
"SwiftPublishEndpoints": {}
}
aptly repo create -distribution=precise -component=main eburcat-public
aptly repo add eburcat-public apt-transport-s3_1.1.1ubuntu2_amd64.deb
aptly repo add eburcat-public apt-transport-s3_1.1.1ubuntu2.dsc
aptly snapshot create eburcat-public-0.01 from repo eburcat-public
aptly publish snapshot eburcat-public-0.01 s3:eburcat.public:
aptly repo create -distribution=precise -component=main eburcat-release
aptly repo add eburcat-release my-package_1.0_amd64.deb
aptly snapshot create eburcat-0.01 from repo eburcat-release
aptly publish snapshot eburcat-0.01 s3:eburcat.private:
To publish my public key, I put it on S3, and then I can install it on any machine:
gpg --export --armor > /tmp/eburcat.pub aws --region="eu-west-1" s3 cp --acl="public-read" /tmp/eburcat.pub s3://repo.eburcat.com/ wget -qO - https://s3-eu-west-1.amazonaws.com/repo.eburcat.com/eburcat.pub | sudo apt-key add -