Debian Repository » History » Revision 21
Revision 20 (Marc Dequènes, 2023-06-28 15:45) → Revision 21/22 (Marc Dequènes, 2023-06-29 02:27)
h1. Debian Repository
h2. Content
Since Buster we document here the reason for having custom/ported packages in this repository.
h3. Sid
| lxd
*OBSOLETE* | Packaging of LXD (unsuitable for official Debian upload) |
h3. Bookworm
|_. Packages |_. Reason |
| spoolinger | DC tool, packaging in Debian WIP |
| python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight |
h3. Bullseye
|_. Packages |_. Reason |
| spoolinger | DC tool, packaging in Debian WIP |
| xl2tpd | fixed upstream release|
| openldap |/2. backport for N-Way Sync and better cn=config management|
| python-ldap |
| python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight |
| lxd |/3. Packaging of LXD (unsuitable for official Debian upload), and related backports |
| lxc |
| dqlite |
| criu | Backport for live migrations with LXD |
| roundcube | back for newer version |
h3. Buster
|_. Packages |_. Reason |
| ftp-ssl | missing in Buster |
| m2crypto|dependency for *srv_cert_tlsa_gen*|
| molly-guard|/2. backported "fix for Debian#914716":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914716 |
| usrmerge|
| phpmyadmin|/7. phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies |
| google-recaptcha|
| phpmyadmin-motranslator|
| phpmyadmin-shapefile|
| phpmyadmin-sql-parser|
| tcpdf|
| twig-extensions|
| python-acme |/3. certbot with "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 |
| python-certbot |
| python-certbot-dns-rfc2136 |
| roundcube |/2. port of the 1.4 series to get important improvements |
| php-masterminds-html5 |
| spoolinger | DC tool, packaging in Debian WIP |
| inspircd | patched to be able to reload the TLS certificate without restarting (not supported in v2) |
| xl2tpd | fixed upstream release |
| openldap |/2. backport for N-Way Sync and better cn=config management |
| python-ldap|
| ruby-httpclient | backport to fix #995448 |
h2. Administration
All files are stored into */srv/www/sites/repository.duckcorp.org* (config, packages, upload zone…). The user *dc-repository* has been created to handle all the necessary tasks with only limited rights.
Regular administration is to be done using the *adm_dc-repository* script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights.
For example:
<pre>
# adm_dc-repository list jessie
jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1
jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1
jessie|dc-net|amd64: libiksemel3 1.4-2+dc1
jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1
…
jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1
…
jessie|dc-net|source: libiksemel 1.4-2+dc1
jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1
</pre>
h2. Adding Contributors
The list of uploader is setup into *data/duckcorp/debian_repository/reprepro_conf/dc-incoming-uploaders*. Use the _playbooks/tenants/duckcorp/debian_repository.yml_ playbook to deploy it.
h2. Renewing Signing Key
gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the _dc-repository_ user (or document here a better solution).
Key creation:
<pre>
chown dc-repository $(tty)
su - dc-repository
gpg --full-generate-key
# default key is fine
# expiration: 5y
# Real name: DuckCorp Archive Automatic Signing Key
# Email address: admin_at_duckcorp.org
# note the new <key-id>
gpg --armor --export <key-id> >duckcorp_repository.gpg.key
chown root $(tty)
</pre>
Update the <key_id> in _host_vars/Toushirou/debian_repository.yml_ and redeploy the repository configuration:
ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml
Force resigning with the new key:
adm_dc-repository --export=lookedat export
Then update the APT trusted keys on all hosts:
ansible-playbook --diff -t apt playbooks/common.yml