Debian Repository » History » Revision 18

« Previous | Revision 18/22 (diff) | Next »
Marc Dequènes, 2021-10-27 13:15

Debian Repository


Since Buster we document here the reason for having custom/ported packages in this repository.


lxd Packaging of LXD (unsuitable for official Debian upload)


Packages Reason
spoolinger DC tool, packaging in Debian WIP
xl2tpd fixed upstream release
openldap backport for N-Way Sync and better cn=config management
python-certbot-dns-rfc2136 certbot DNS plugin with workaround since the CNAME resolution patch is not being merged and no solution in sight
lxd Packaging of LXD (unsuitable for official Debian upload), and related backports
criu Backport for live migrations with LXD
roundcube back for newer version


|_. Packages |_. Reason | | ftp-ssl | missing in Buster | | m2crypto|dependency for srv_cert_tlsa_gen| | molly-guard|/2. backported fix for Debian#914716 | | usrmerge| | phpmyadmin|/7. phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies | | google-recaptcha| | phpmyadmin-motranslator| | phpmyadmin-shapefile| | phpmyadmin-sql-parser| | tcpdf| | twig-extensions| | python-acme |/3. certbot with CNAME resolution patch | | python-certbot | | python-certbot-dns-rfc2136 | | roundcube |/2. port of the 1.4 series to get important improvements | | php-masterminds-html5 | | spoolinger | DC tool, packaging in Debian WIP | | inspircd | patched to be able to reload the TLS certificate without restarting (not supported in v2) | | xl2tpd | fixed upstream release | | openldap |/2. backport for N-Way Sync and better cn=config management | | python-ldap| | ruby-httpclient | backport to fix #995448


All files are stored into /srv/www/sites/ (config, packages, upload zone…). The user dc-repository has been created to handle all the necessary tasks with only limited rights.

Regular administration is to be done using the adm_dc-repository script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights.

For example:

# adm_dc-repository list jessie
jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1
jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1
jessie|dc-net|amd64: libiksemel3 1.4-2+dc1
jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1
jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1
jessie|dc-net|source: libiksemel 1.4-2+dc1
jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1

Adding Contributors

The list of uploader is setup into data/duckcorp/debian_repository/reprepro_conf/dc-incoming-uploaders. Use the playbooks/tenants/duckcorp/debian_repository.yml playbook to deploy it.

Renewing Signing Key

gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the dc-repository user (or document here a better solution).

Key creation:

chown dc-repository $(tty)
su - dc-repository
gpg --full-generate-key
# default key is fine
# expiration: 5y
# Real name: DuckCorp Archive Automatic Signing Key
# Email address:
# note the new <key-id>
gpg --armor --export <key-id> >duckcorp_repository.gpg.key
chown root $(tty)

Update the <key_id> in host_vars/Toushirou/debian_repository.yml and redeploy the repository configuration:

ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml

Force resigning with the new key:

adm_dc-repository --export=lookedat export

Then update the APT trusted keys on all hosts:

ansible-playbook --diff -t apt playbooks/common.yml

Updated by Marc Dequènes about 2 years ago · 18 revisions