Project

General

Profile

Actions

Debian Repository » History » Revision 8

« Previous | Revision 8/22 (diff) | Next »
Marc Dequènes, 2021-08-16 07:47


Debian Repository

Content

Since Buster we document here the reason for having custom/ported packages in this repository.

Bullseye

Packages Reason
spoolinger DC tool, packaging in Debian WIP
xl2tpd fixed upstream release
openldap N-Way Sync and better cn=config management
python-acme certbot with CNAME resolution patch
python-certbot
python-certbot-dns-rfc2136

Buster

Packages Reason
ftp-ssl missing in Buster
m2crypto dependency for srv_cert_tlsa_gen
molly-guard backported fix for Debian#914716
usrmerge
phpmyadmin phpmyadmin is missing from Buster and previous version was broken (#670), simple backport with a few dependencies
google-recaptcha
phpmyadmin-motranslator
phpmyadmin-shapefile
phpmyadmin-sql-parser
tcpdf
twig-extensions
python-acme certbot with CNAME resolution patch
python-certbot
python-certbot-dns-rfc2136
roundcube port of the 1.4 series to get important improvements
php-masterminds-html5
spoolinger DC tool, packaging in Debian WIP
inspircd patched to be able to reload the TLS certificate without restarting (not supported in v2)
xl2tpd fixed upstream release
openldap N-Way Sync and better cn=config management

Administration

All files are stored into /srv/www/sites/repository.duckcorp.org (config, packages, upload zone…). The user dc-repository has been created to handle all the necessary tasks with only limited rights.

Regular administration is to be done using the adm_dc-repository script as root. This script is able to sudo and pass local configuration options to reprepro, and avoid messing with the rights.

For example:

# adm_dc-repository list jessie
jessie|dc-net|amd64: libiksemel-dev 1.4-2+dc1
jessie|dc-net|amd64: libiksemel-utils 1.4-2+dc1
jessie|dc-net|amd64: libiksemel3 1.4-2+dc1
jessie|dc-net|amd64: zabbix-agent 1:2.4.6+dfsg-1+dc1
…
jessie|dc-net|i386: zabbix-agent 1:2.4.6+dfsg-1+dc1
…
jessie|dc-net|source: libiksemel 1.4-2+dc1
jessie|dc-net|source: zabbix 1:2.4.6+dfsg-1+dc1

Adding Contributors

The list of uploader is setup into /srv/www/sites/repository.duckcorp.org/htdocs/debian/conf/dc-incoming-uploaders.

Renewing Signing Key

gpg expects to have full control over the tty, so temporarily give the tty's ownership over to the dc-repository user (or document here a better solution).

Key creation:

chown dc-repository $(tty)
su - dc-repository
gpg --full-generate-key
# default key is fine
# expiration: 5y
# Real name: DuckCorp Archive Automatic Signing Key
# Email address: admin_at_duckcorp.org
# note the new <key-id>
gpg --armor --export <key-id> >duckcorp_repository.gpg.key
chown root $(tty)

Update the <key_id> in host_vars/Toushirou/debian_repository.yml and redeploy the repository configuration:

ansible-playbook --diff playbooks/tenants/duckcorp/debian_repository.yml

Force resigning with the new key:

adm_dc-repository --export=lookedat export

Then update the APT trusted keys on all hosts:

ansible-playbook --diff -t apt playbooks/common.yml

Updated by Marc Dequènes over 2 years ago · 8 revisions