We are going to work in a Linux environment using tools like Python, Reprepro and GPG key.
GPG key
With this we can sign our software and guarantee that we are using software from a trusted site.
Reprepro
Powerful tool for generate a Debian repository.
Python-pexpect Python's module for work with interactive applications.
Let's make it by step:
1- Create your own *.gpg key.
TODO
2- Create a folder and name as packages, here we'll place all the *.deb.
mkdir /home/packages cd /home/packages
3- Create a folder and name it as conf inside it create a file and call it distributions.
mkdir conf gedit conf/distributions
We'll do this for distribution lucid and the component main. Also we'll generate the Packages, Release, .gz y .bz2 files. SignWith is the variable that says who is going to sign .
distributions file
Codename: lucid Components: main Architectures: i386 amd64 Description: My repository SignWith: abelbmartinez@gmail.com DebIndices: Packages Release . .gz .bz2
4- Make a folder and name it as repository, there we'll have our new repository.
mkdir /home/repository
5- Create a script file and name it as pycrearepo_lucid.py. Copy and paste all the code below.
pycrearepo_lucid.py file
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
[EN]
This Script generate a DEBIAN repository using the tool 'reprepo'.
It works like this, first get all the *.deb from a folder, then obtain
the size of all these packages, the list from all the sizes is
ordered descendent, 'reprepro' interact more stable with
'python-pexpect' adding packages in this way.
[ES]
Este Script genera un repositorio DEBIAN usando la herremienta 'reprepro'.
La sintaxis es la siguiente, se obtinen todos los *.deb de una carpeta
luego se obtiene el tamaño de estos paquetes, el listado del tamaño de los
paquetes es ordenado de mayor a menor, ya que 'reprepo' trabaja junto con
'python-pexpect' más estable cuando se le adicionan los paquetes de esta manera.
Created on 04.06.2010
@requires: reprepro, python-pexpect
@author: Abel Bolaños Martínez
@contact: abelbmartinez@gmail.com
@author: Oscar Martínez Lopez
@contact: oscar.martinez@etecsa.cu
@license: Public Domain
'''
import pexpect
import glob
import os
import time
#packages *.deb
packagesSources = "/home/packages/"
distribution = "lucid"
#repositorio
repoMirror = "/home/repository/"
#private key
gpgKeys = "/home/mirrorGPG/"
#Secret phrase from the private key
keyringPhrase = "yourSecretPhrase"
os.chdir(packagesSources)
#get all the *.deb
listPackages = glob.glob("*.deb")
dictSizePackage = dict()
#dict de {size:package}
for package in listPackages:
dictSizePackage.update({os.path.getsize(package):package})
#sizes
sizes = dictSizePackage.keys()
#sort
sizes.sort()
#backToFront
sizes.reverse()
for size in sizes:
time.sleep(1.5)#let's wait for 'reprepro' delete the 'lockfile'
command = pexpect.spawn("reprepro -b . --gnupghome %s --outdir %s --ask-passphrase --waitforlock 2 --keepunusednewfiles includedeb %s %s" % (gpgKeys,repoMirror,distribution,dictSizePackage[size]))
print " "
print "Copying the package %s to repository." % dictSizePackage[size]
i = command.expect(["Please enter passphrase:","Skipping inclusion of","The lock file './db/lockfile' already exists"],timeout=520)
if i==0:
command.sendline(keyringPhrase)
print "Added to repository package %s with succeed." % dictSizePackage[size]
if i==1:
print 'Package already %s in the repository, not included.' % dictSizePackage[size]
if i==2:
print "Attention !!! : Database is locked now. Execute the Script again if the problem persist YOU must delete the file '%sdb/lockfile' and execute the Script again" % packagesSources
Variables packagesSources, distribution, repoMirror, gpgKeys, keyringPhrase must be filled.
- packagesSources: path to the packages.
- distribution: distribution to generate.
- repoMirror: the new repository path.
- gpgKeys: path to the GPG key for sign the packages.
- keyringPhrase: secret key phrase.
6- Completed!
7- At least you must create a package for share your public GPG key. Here you can learn how to make a simple deb package.
8- Publish it to the web and test it.
No comments:
Post a Comment