Difference between revisions of "Apt repository hosting"

From Eitan Burcat
Jump to navigation Jump to search
Line 6: Line 6:


Things I'm still unsure of:
Things I'm still unsure of:
* Publishing my public keys.
* Will CloudFront work OK? Caching can be a pain.
* Will CloudFront work OK? Caching can be a pain.
* Automating publishing of packages with Aptly, and an easy way to control which packages are published.
* Automating publishing of packages with Aptly, and an easy way to control which packages are published.
* Maybe there's a simpler solution than using s3-apt-transport?
* Maybe there's a simpler solution than using s3-apt-transport?
* Safe distribution of the AWS Access and Secret keys to users.
* Safe distribution of the AWS Access and Secret keys to users.
* How do I choose which fork to fix the documentation of the apt-transport-s3 dependency?
* How do I choose on github on which fork to fix the documentation of the apt-transport-s3 dependency?
<s>* Publishing my public keys.</s>


My aptly configuration and some commands:
My aptly configuration and some commands:
Line 61: Line 61:
aptly snapshot create eburcat-0.01 from repo eburcat-release
aptly snapshot create eburcat-0.01 from repo eburcat-release
aptly publish snapshot eburcat-0.01 s3:eburcat.private:
aptly publish snapshot eburcat-0.01 s3:eburcat.private:
</pre>
To publish my public key, I put it on S3, and then I can install it on any machine:
<pre>
gpg --export --armor > /tmp/eburcat.pub
aws --region="eu-west-1" s3 cp --acl="public-read" /tmp/eburcat.pub s3://repo.eburcat.com/
wget -qO - https://s3-eu-west-1.amazonaws.com/repo.eburcat.com/eburcat.pub | sudo apt-key add -
</pre>
</pre>

Revision as of 23:55, 31 August 2015

Aptly looks promising.

Had quirk with publishing to us-east-1 on S3: http://www.aptly.info/doc/feature/s3/. Bypassed by using eu-west-1. Troubleshooting S3 with GoLang was interesting :)

For a private repository, I borrowed an idea from here: http://skife.org/apt/aws/2012/10/12/private-apt-repos-in-s3.html (apt-transport-s3 - depended on cdbs on my machine, which was not mentioned in its docs).

Things I'm still unsure of:

  • Will CloudFront work OK? Caching can be a pain.
  • Automating publishing of packages with Aptly, and an easy way to control which packages are published.
  • Maybe there's a simpler solution than using s3-apt-transport?
  • Safe distribution of the AWS Access and Secret keys to users.
  • How do I choose on github on which fork to fix the documentation of the apt-transport-s3 dependency?

* Publishing my public keys.

My aptly configuration and some commands:

{
  "rootDir": "/home/eburcat/.aptly",
  "downloadConcurrency": 4,
  "downloadSpeedLimit": 0,
  "architectures": [],
  "dependencyFollowSuggests": false,
  "dependencyFollowRecommends": false,
  "dependencyFollowAllVariants": false,
  "dependencyFollowSource": false,
  "gpgDisableSign": false,
  "gpgDisableVerify": false,
  "downloadSourcePackages": false,
  "ppaDistributorID": "ubuntu",
  "ppaCodename": "",
  "S3PublishEndpoints": {
    "eburcat.private":{
      "awsAccessKeyID":"",
      "awsSecretAccessKey":"",
      "region":"eu-west-1",
      "bucket":"repo.eburcat.com",
      "prefix":"private",
      "acl":"private",
      "encryptionMethod":"AES256"
    },
    "eburcat.public":{
      "awsAccessKeyID":"",
      "awsSecretAccessKey":"",
      "region":"eu-west-1",
      "bucket":"repo.eburcat.com",
      "prefix":"public",
      "acl":"public-read"
    }
  },
  "SwiftPublishEndpoints": {}
}

aptly repo create -distribution=precise -component=main eburcat-public
aptly repo add eburcat-public apt-transport-s3_1.1.1ubuntu2_amd64.deb
aptly repo add eburcat-public apt-transport-s3_1.1.1ubuntu2.dsc
aptly snapshot create eburcat-public-0.01 from repo eburcat-public
aptly publish snapshot eburcat-public-0.01 s3:eburcat.public:

aptly repo create -distribution=precise -component=main eburcat-release
aptly repo add eburcat-release my-package_1.0_amd64.deb
aptly snapshot create eburcat-0.01 from repo eburcat-release
aptly publish snapshot eburcat-0.01 s3:eburcat.private:

To publish my public key, I put it on S3, and then I can install it on any machine:

gpg --export --armor > /tmp/eburcat.pub
aws --region="eu-west-1" s3 cp --acl="public-read" /tmp/eburcat.pub s3://repo.eburcat.com/
wget -qO - https://s3-eu-west-1.amazonaws.com/repo.eburcat.com/eburcat.pub | sudo apt-key add -