Project

General

Profile

Debian Repository » History » Version 22

Marc Dequènes, 2023-07-04 17:02

1 1 Marc Dequènes
h1. Debian Repository
2
3 3 Marc Dequènes
h2. Content
4
5
Since Buster we document here the reason for having custom/ported packages in this repository.
6
7 12 Marc Dequènes
h3. Sid
8
9 21 Marc Dequènes
| lxd
10
 *OBSOLETE* | Packaging of LXD (unsuitable for official Debian upload) |
11 12 Marc Dequènes
12 20 Marc Dequènes
h3. Bookworm
13
14
|_. Packages |_. Reason |
15
| spoolinger | DC tool, packaging in Debian WIP |
16 22 Marc Dequènes
| postfix-mta-sts-resolver | "fix redis support":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040331 |
17 20 Marc Dequènes
| python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight |
18
19 8 Marc Dequènes
h3. Bullseye
20
21 16 Marc Dequènes
|_. Packages |_. Reason |
22
| spoolinger | DC tool, packaging in Debian WIP |
23
| xl2tpd | fixed upstream release|
24
| openldap |/2. backport for N-Way Sync and better cn=config management|
25
| python-ldap |
26
| python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight |
27 1 Marc Dequènes
| lxd |/3. Packaging of LXD (unsuitable for official Debian upload), and related backports |
28 12 Marc Dequènes
| lxc |
29 15 Marc Dequènes
| dqlite |
30 16 Marc Dequènes
| criu | Backport for live migrations with LXD |
31 18 Marc Dequènes
| roundcube | back for newer version |
32 8 Marc Dequènes
33 3 Marc Dequènes
h3. Buster
34 1 Marc Dequènes
35 16 Marc Dequènes
|_. Packages |_. Reason |
36
| ftp-ssl | missing in Buster |
37
| m2crypto|dependency for *srv_cert_tlsa_gen*|
38
| molly-guard|/2. backported "fix for Debian#914716":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914716 |
39
| usrmerge|
40
| phpmyadmin|/7. phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies |
41
| google-recaptcha|
42
| phpmyadmin-motranslator|
43
| phpmyadmin-shapefile|
44
| phpmyadmin-sql-parser|
45
| tcpdf|
46
| twig-extensions|
47
| python-acme |/3. certbot with "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 |
48
| python-certbot |
49
| python-certbot-dns-rfc2136 |
50
| roundcube |/2. port of the 1.4 series to get important improvements  |
51
| php-masterminds-html5 |
52
| spoolinger | DC tool, packaging in Debian WIP |
53
| inspircd | patched to be able to reload the TLS certificate without restarting (not supported in v2) |
54
| xl2tpd | fixed upstream release |
55
| openldap |/2. backport for N-Way Sync and better cn=config management |
56
| python-ldap|
57 19 Marc Dequènes
| ruby-httpclient | backport to fix #995448 |
58 3 Marc Dequènes
59 2 Marc Dequènes
h2. Administration
60
61 1 Marc Dequènes
All files are stored into */srv/www/sites/repository.duckcorp.org* (config, packages, upload zone…). The user *dc-repository* has been created to handle all the necessary tasks with only limited rights.
62
63
Regular administration is to be done using the *adm_dc-repository* script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights.
64
65
For example:
66
<pre>
67
# adm_dc-repository list jessie
68
jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1
69
jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1
70
jessie|dc-net|amd64: libiksemel3 1.4-2+dc1
71
jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1
72
73
jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1
74
75
jessie|dc-net|source: libiksemel 1.4-2+dc1
76
jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1
77
</pre>
78 2 Marc Dequènes
79
h2. Adding Contributors
80
81 15 Marc Dequènes
The list of uploader is setup into *data/duckcorp/debian_repository/reprepro_conf/dc-incoming-uploaders*. Use the _playbooks/tenants/duckcorp/debian_repository.yml_ playbook to deploy it.
82 6 Marc Dequènes
83
h2. Renewing Signing Key
84
85
gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the _dc-repository_ user (or document here a better solution).
86
87
Key creation:
88
89
<pre>
90
chown dc-repository $(tty)
91
su - dc-repository
92
gpg --full-generate-key
93
# default key is fine
94
# expiration: 5y
95
# Real name: DuckCorp Archive Automatic Signing Key
96
# Email address: admin_at_duckcorp.org
97
# note the new <key-id>
98
gpg --armor --export <key-id> >duckcorp_repository.gpg.key
99
chown root $(tty)
100
</pre>
101
102
Update the <key_id> in _host_vars/Toushirou/debian_repository.yml_ and redeploy the repository configuration:
103
104
    ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml
105
106
Force resigning with the new key:
107
108
    adm_dc-repository --export=lookedat export
109
110
Then update the APT trusted keys on all hosts:
111
112
    ansible-playbook --diff -t apt playbooks/common.yml