Version 23 - History - Debian Repository - DuckCorp Infrastructure - DuckCorp Projects

Debian Repository » History » Version 23

Marc Dequènes, 2025-08-19 21:34

-Marc Dequènes
+h1. Debian Repository
-Marc Dequènes
+h2. Content
 Since Buster we document here the reason for having custom/ported packages in this repository.
-Marc Dequènes
+h3. Sid
-Marc Dequènes
+| lxd
  *OBSOLETE* | Packaging of LXD (unsuitable for official Debian upload) |
 Marc Dequènes
-Marc Dequènes
+h3. Bookworm
 |_. Packages |_. Reason |
 | spoolinger | DC tool, packaging in Debian WIP |
-Marc Dequènes
+| postfix-mta-sts-resolver | "fix redis support":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040331 |
-Marc Dequènes
+| python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight |
-Marc Dequènes
+h3. Bullseye
-Marc Dequènes
+|_. Packages |_. Reason |
 | spoolinger | DC tool, packaging in Debian WIP |
 | xl2tpd | fixed upstream release|
 | openldap |/2. backport for N-Way Sync and better cn=config management|
 | python-ldap |
 | python-certbot-dns-rfc2136 | certbot DNS plugin with workaround since the "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 is not being merged and no solution in sight |
-Marc Dequènes
+| lxd |/3. Packaging of LXD (unsuitable for official Debian upload), and related backports |
-Marc Dequènes
+| lxc |
-Marc Dequènes
+| dqlite |
-Marc Dequènes
+| criu | Backport for live migrations with LXD |
-Marc Dequènes
+| roundcube | back for newer version |
 Marc Dequènes
-Marc Dequènes
+h3. Buster
 Marc Dequènes
-Marc Dequènes
+|_. Packages |_. Reason |
 | ftp-ssl | missing in Buster |
 | m2crypto|dependency for *srv_cert_tlsa_gen*|
 | molly-guard|/2. backported "fix for Debian#914716":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914716 |
 | usrmerge|
 | phpmyadmin|/7. phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies |
 | google-recaptcha|
 | phpmyadmin-motranslator|
 | phpmyadmin-shapefile|
 | phpmyadmin-sql-parser|
 | tcpdf|
 | twig-extensions|
 | python-acme |/3. certbot with "CNAME resolution patch":https://github.com/certbot/certbot/pull/7244 |
 | python-certbot |
 | python-certbot-dns-rfc2136 |
 | roundcube |/2. port of the 1.4 series to get important improvements  |
 | php-masterminds-html5 |
 | spoolinger | DC tool, packaging in Debian WIP |
 | inspircd | patched to be able to reload the TLS certificate without restarting (not supported in v2) |
 | xl2tpd | fixed upstream release |
 | openldap |/2. backport for N-Way Sync and better cn=config management |
 | python-ldap|
-Marc Dequènes
+| ruby-httpclient | backport to fix #995448 |
 Marc Dequènes
-Marc Dequènes
+h2. Administration
-Marc Dequènes
+All files are stored into */srv/www/sites/repository.duckcorp.org* (config, packages, upload zone…). The user *dc-repository* has been created to handle all the necessary tasks with only limited rights.
 Regular administration is to be done using the *adm_dc-repository* script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights.
 For example:
 <pre>
 # adm_dc-repository list jessie
 jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1
 jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1
 jessie|dc-net|amd64: libiksemel3 1.4-2+dc1
 jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1
 …
 jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1
 …
 jessie|dc-net|source: libiksemel 1.4-2+dc1
 jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1
 </pre>
 Marc Dequènes
 h2. Adding Contributors
-Marc Dequènes
+The list of uploader is setup into *data/duckcorp/debian_repository/reprepro_conf/dc-incoming-uploaders*. Use the _playbooks/tenants/duckcorp/debian_repository.yml_ playbook to deploy it.
 Marc Dequènes
 h2. Renewing Signing Key
 gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the _dc-repository_ user (or document here a better solution).
 Key creation:
 <pre>
-Marc Dequènes
+su - dc-repository
-Marc Dequènes
+# using loopback mode to avoid using the tty, which is owned by root, leading to permission denied
 gpg --full-generate-key --pinentry-mode=loopback
-Marc Dequènes
+# default key is fine
-Marc Dequènes
+# key size: 3072 or more
-Marc Dequènes
+# expiration: 5y
-Marc Dequènes
+# Real name: DuckCorp Archive Automatic Signing Key
 # Email address: admin_at_duckcorp.org
-Marc Dequènes
+# Comment: <year>
+#
-Marc Dequènes
+# note the new <key-id>
 gpg --armor --export <key-id> >duckcorp_repository.gpg.key
 </pre>
 Update the <key_id> in _host_vars/Toushirou/debian_repository.yml_ and redeploy the repository configuration:
     ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml
 Force resigning with the new key:
     adm_dc-repository --export=lookedat export
 Marc Dequènes
-Marc Dequènes
+Then update the APT trusted keys on all hosts:
 Marc Dequènes
-Marc Dequènes
+    scp Toushirou:/home/dc-repository/duckcorp_repository.gpg.key roles/dc-base/files/duckcorp_apt_repository.gpg
-Marc Dequènes
+    ansible-playbook --diff -t apt playbooks/common.yml
 Marc Dequènes
 And don't forget to commit the changes.

Project

General

Profile

DuckCorp » DuckCorp Infrastructure

Debian Repository » History » Version 23