Sunday, November 27, 2011

Create your own Debian or Ubuntu repository and certified by your own *.gpg using Reprepo and Python



We are going to work in a Linux environment using tools like Python, Reprepro and GPG key. 

GPG key
With this we can sign our software and guarantee that we are using software from a trusted site.


Reprepro 
Powerful tool for generate  a Debian repository.

Python-pexpect Python's module for work with interactive applications.

Let's make it by step:

1- Create your own *.gpg key. 

TODO

2- Create a folder and name as packages, here we'll place all the *.deb.

mkdir /home/packages
cd /home/packages

3- Create a folder and name it as conf inside it create a file and call it distributions.

mkdir conf
gedit conf/distributions

We'll do this for distribution  lucid and the component main. Also we'll generate the Packages, Release, .gz y .bz2 files.  SignWith is the variable that says who is going to sign .


distributions file

Codename: lucid
Components: main
Architectures: i386 amd64
Description: My repository
SignWith: abelbmartinez@gmail.com
DebIndices: Packages Release . .gz .bz2

4- Make a folder and name it as repository, there we'll have our new repository.

mkdir /home/repository

5- Create a script file and name it as pycrearepo_lucid.py. Copy and paste all the code below.

pycrearepo_lucid.py file

#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
[EN]
This Script generate a DEBIAN repository using the tool 'reprepo'.
It works like this, first get all the *.deb from a folder, then obtain 
the size of all these packages, the list from all the sizes is 
ordered descendent, 'reprepro' interact more stable with 
'python-pexpect' adding packages in this way.

[ES]
Este Script genera un repositorio DEBIAN usando la herremienta 'reprepro'. 
La sintaxis es la siguiente, se obtinen todos los *.deb de una carpeta
luego se obtiene el tamaño de estos paquetes, el listado del tamaño de los
paquetes es ordenado de mayor a menor, ya que 'reprepo' trabaja junto con
'python-pexpect' más estable cuando se le adicionan los paquetes de esta manera.

Created on 04.06.2010

@requires: reprepro, python-pexpect

@author: Abel Bolaños Martínez
@contact: abelbmartinez@gmail.com

@author: Oscar Martínez Lopez 
@contact: oscar.martinez@etecsa.cu

@license: Public Domain
'''

import pexpect
import glob
import os
import time

#packages *.deb
packagesSources = "/home/packages/"
distribution = "lucid"
#repositorio
repoMirror = "/home/repository/"
#private key
gpgKeys = "/home/mirrorGPG/"
#Secret phrase from the private key
keyringPhrase = "yourSecretPhrase"


os.chdir(packagesSources)
#get all the *.deb
listPackages = glob.glob("*.deb")
dictSizePackage = dict()
#dict de {size:package}
for package in listPackages:
    dictSizePackage.update({os.path.getsize(package):package})
#sizes
sizes = dictSizePackage.keys()
#sort
sizes.sort()
#backToFront
sizes.reverse()

for size in sizes:
    time.sleep(1.5)#let's wait for 'reprepro' delete the 'lockfile'
    command = pexpect.spawn("reprepro -b . --gnupghome %s --outdir %s --ask-passphrase --waitforlock 2 --keepunusednewfiles includedeb %s %s" % (gpgKeys,repoMirror,distribution,dictSizePackage[size]))
    print " "
    print "Copying the package %s to repository." % dictSizePackage[size]
    i = command.expect(["Please enter passphrase:","Skipping inclusion of","The lock file './db/lockfile' already exists"],timeout=520) 
    if i==0:
        command.sendline(keyringPhrase) 
        print "Added to repository package %s with succeed." % dictSizePackage[size]
    if i==1:
        print 'Package already %s in the repository, not included.' % dictSizePackage[size]
    if i==2:
        print "Attention !!! : Database is locked now. Execute the Script again if the problem persist YOU must delete the file '%sdb/lockfile' and execute the Script again" % packagesSources

Variables packagesSources, distribution, repoMirror, gpgKeys, keyringPhrase must be filled.

  • packagesSources: path to the packages.
  • distribution: distribution to generate.
  • repoMirror: the new repository path.
  • gpgKeys: path to the GPG key for sign the packages.
  • keyringPhrase: secret key phrase.

6- Completed!
7- At least you must create a package for share your public GPG key. Here you can learn how to make a simple deb package.
8- Publish it to the web and test it.

No comments:

Post a Comment