Debian Repository » History » Version 22
Marc Dequènes, 2023-07-04 17:02
| 1 | 1 | Marc Dequènes | h1. Debian Repository |
|---|---|---|---|
| 2 | |||
| 3 | 3 | Marc Dequènes | h2. Content |
| 4 | |||
| 5 | Since Buster we document here the reason for having custom/ported packages in this repository. |
||
| 6 | |||
| 7 | 12 | Marc Dequènes | h3. Sid |
| 8 | |||
| 9 | 21 | Marc Dequènes | | lxd |
| 10 | *OBSOLETE* | Packaging of LXD (unsuitable for official Debian upload) | |
||
| 11 | 12 | Marc Dequènes | |
| 12 | 20 | Marc Dequènes | h3. Bookworm |
| 13 | |||
| 14 | |_. Packages |_. Reason | |
||
| 15 | | spoolinger | DC tool, packaging in Debian WIP | |
||
| 16 | 22 | Marc Dequènes | | postfix-mta-sts-resolver | "fix redis support":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040331 | |
| 17 | 20 | Marc Dequènes | | python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight | |
| 18 | |||
| 19 | 8 | Marc Dequènes | h3. Bullseye |
| 20 | |||
| 21 | 16 | Marc Dequènes | |_. Packages |_. Reason | |
| 22 | | spoolinger | DC tool, packaging in Debian WIP | |
||
| 23 | | xl2tpd | fixed upstream release| |
||
| 24 | | openldap |/2. backport for N-Way Sync and better cn=config management| |
||
| 25 | | python-ldap | |
||
| 26 | | python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight | |
||
| 27 | 1 | Marc Dequènes | | lxd |/3. Packaging of LXD (unsuitable for official Debian upload), and related backports | |
| 28 | 12 | Marc Dequènes | | lxc | |
| 29 | 15 | Marc Dequènes | | dqlite | |
| 30 | 16 | Marc Dequènes | | criu | Backport for live migrations with LXD | |
| 31 | 18 | Marc Dequènes | | roundcube | back for newer version | |
| 32 | 8 | Marc Dequènes | |
| 33 | 3 | Marc Dequènes | h3. Buster |
| 34 | 1 | Marc Dequènes | |
| 35 | 16 | Marc Dequènes | |_. Packages |_. Reason | |
| 36 | | ftp-ssl | missing in Buster | |
||
| 37 | | m2crypto|dependency for *srv_cert_tlsa_gen*| |
||
| 38 | | molly-guard|/2. backported "fix for Debian#914716":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914716 | |
||
| 39 | | usrmerge| |
||
| 40 | | phpmyadmin|/7. phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies | |
||
| 41 | | google-recaptcha| |
||
| 42 | | phpmyadmin-motranslator| |
||
| 43 | | phpmyadmin-shapefile| |
||
| 44 | | phpmyadmin-sql-parser| |
||
| 45 | | tcpdf| |
||
| 46 | | twig-extensions| |
||
| 47 | | python-acme |/3. certbot with "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 | |
||
| 48 | | python-certbot | |
||
| 49 | | python-certbot-dns-rfc2136 | |
||
| 50 | | roundcube |/2. port of the 1.4 series to get important improvements | |
||
| 51 | | php-masterminds-html5 | |
||
| 52 | | spoolinger | DC tool, packaging in Debian WIP | |
||
| 53 | | inspircd | patched to be able to reload the TLS certificate without restarting (not supported in v2) | |
||
| 54 | | xl2tpd | fixed upstream release | |
||
| 55 | | openldap |/2. backport for N-Way Sync and better cn=config management | |
||
| 56 | | python-ldap| |
||
| 57 | 19 | Marc Dequènes | | ruby-httpclient | backport to fix #995448 | |
| 58 | 3 | Marc Dequènes | |
| 59 | 2 | Marc Dequènes | h2. Administration |
| 60 | |||
| 61 | 1 | Marc Dequènes | All files are stored into */srv/www/sites/repository.duckcorp.org* (config, packages, upload zone…). The user *dc-repository* has been created to handle all the necessary tasks with only limited rights. |
| 62 | |||
| 63 | Regular administration is to be done using the *adm_dc-repository* script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights. |
||
| 64 | |||
| 65 | For example: |
||
| 66 | <pre> |
||
| 67 | # adm_dc-repository list jessie |
||
| 68 | jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1 |
||
| 69 | jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1 |
||
| 70 | jessie|dc-net|amd64: libiksemel3 1.4-2+dc1 |
||
| 71 | jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1 |
||
| 72 | … |
||
| 73 | jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1 |
||
| 74 | … |
||
| 75 | jessie|dc-net|source: libiksemel 1.4-2+dc1 |
||
| 76 | jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1 |
||
| 77 | </pre> |
||
| 78 | 2 | Marc Dequènes | |
| 79 | h2. Adding Contributors |
||
| 80 | |||
| 81 | 15 | Marc Dequènes | The list of uploader is setup into *data/duckcorp/debian_repository/reprepro_conf/dc-incoming-uploaders*. Use the _playbooks/tenants/duckcorp/debian_repository.yml_ playbook to deploy it. |
| 82 | 6 | Marc Dequènes | |
| 83 | h2. Renewing Signing Key |
||
| 84 | |||
| 85 | gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the _dc-repository_ user (or document here a better solution). |
||
| 86 | |||
| 87 | Key creation: |
||
| 88 | |||
| 89 | <pre> |
||
| 90 | chown dc-repository $(tty) |
||
| 91 | su - dc-repository |
||
| 92 | gpg --full-generate-key |
||
| 93 | # default key is fine |
||
| 94 | # expiration: 5y |
||
| 95 | # Real name: DuckCorp Archive Automatic Signing Key |
||
| 96 | # Email address: admin_at_duckcorp.org |
||
| 97 | # note the new <key-id> |
||
| 98 | gpg --armor --export <key-id> >duckcorp_repository.gpg.key |
||
| 99 | chown root $(tty) |
||
| 100 | </pre> |
||
| 101 | |||
| 102 | Update the <key_id> in _host_vars/Toushirou/debian_repository.yml_ and redeploy the repository configuration: |
||
| 103 | |||
| 104 | ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml |
||
| 105 | |||
| 106 | Force resigning with the new key: |
||
| 107 | |||
| 108 | adm_dc-repository --export=lookedat export |
||
| 109 | |||
| 110 | Then update the APT trusted keys on all hosts: |
||
| 111 | |||
| 112 | ansible-playbook --diff -t apt playbooks/common.yml |