Debian Repository » History » Revision 17
« Previous |
Revision 17/22
(diff)
| Next »
Marc Dequènes, 2021-10-21 06:34
Debian Repository¶
Content¶
Since Buster we document here the reason for having custom/ported packages in this repository.
Sid¶
lxd | Packaging of LXD (unsuitable for official Debian upload) |
Bullseye¶
Packages | Reason |
---|---|
spoolinger | DC tool, packaging in Debian WIP |
xl2tpd | fixed upstream release |
openldap | backport for N-Way Sync and better cn=config management |
python-ldap | |
python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the CNAME resolution patch is not being merged and no solution in sight |
lxd | Packaging of LXD (unsuitable for official Debian upload), and related backports |
lxc | |
dqlite | |
criu | Backport for live migrations with LXD |
Buster¶
|_. Packages |_. Reason | | ftp-ssl | missing in Buster | | m2crypto|dependency for srv_cert_tlsa_gen| | molly-guard|/2. backported fix for Debian#914716 | | usrmerge| | phpmyadmin|/7. phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies | | google-recaptcha| | phpmyadmin-motranslator| | phpmyadmin-shapefile| | phpmyadmin-sql-parser| | tcpdf| | twig-extensions| | python-acme |/3. certbot with CNAME resolution patch | | python-certbot | | python-certbot-dns-rfc2136 | | roundcube |/2. port of the 1.4 series to get important improvements | | php-masterminds-html5 | | spoolinger | DC tool, packaging in Debian WIP | | inspircd | patched to be able to reload the TLS certificate without restarting (not supported in v2) | | xl2tpd | fixed upstream release | | openldap |/2. backport for N-Way Sync and better cn=config management | | python-ldap| | ruby-httpclient | backport to fix #995448
Administration¶
All files are stored into /srv/www/sites/repository.duckcorp.org (config, packages, upload zone…). The user dc-repository has been created to handle all the necessary tasks with only limited rights.
Regular administration is to be done using the adm_dc-repository script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights.
For example:
# adm_dc-repository list jessie jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1 jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1 jessie|dc-net|amd64: libiksemel3 1.4-2+dc1 jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1 … jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1 … jessie|dc-net|source: libiksemel 1.4-2+dc1 jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1
Adding Contributors¶
The list of uploader is setup into data/duckcorp/debian_repository/reprepro_conf/dc-incoming-uploaders. Use the playbooks/tenants/duckcorp/debian_repository.yml playbook to deploy it.
Renewing Signing Key¶
gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the dc-repository user (or document here a better solution).
Key creation:
chown dc-repository $(tty) su - dc-repository gpg --full-generate-key # default key is fine # expiration: 5y # Real name: DuckCorp Archive Automatic Signing Key # Email address: admin_at_duckcorp.org # note the new <key-id> gpg --armor --export <key-id> >duckcorp_repository.gpg.key chown root $(tty)
Update the <key_id> in host_vars/Toushirou/debian_repository.yml and redeploy the repository configuration:
ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml
Force resigning with the new key:
adm_dc-repository --export=lookedat export
Then update the APT trusted keys on all hosts:
ansible-playbook --diff -t apt playbooks/common.yml
Updated by Marc Dequènes about 3 years ago · 17 revisions