User Tools

Site Tools


howto_build_deb_binary_packages_and_create_a_package_repository_for_debian_or_ubuntu

Page under construction as of 2009-02-22

The problem: Currently (Feb 2009) distributed binary packages for Debian and Ubuntu do not include use of the openssl package and thus don't include support for encryption.

I backup to those really cheap, really easy portable USB drives. The problem is any visitor to your home or office can take that drive with them. They might only take it because they want a cheap, easy portable USB drive, but now they have your data. The answer is to encrypt the data. You can always buy another disk if the old one gets stolen. You can just compile and install the source code but then you lose all of APT's wonderful value at installing prerequisites and updates. Building your own packages has value, especially if you have lots of client machines.

There are four parts to this process.

  1. Build the binary packages. This has to be done once for each distribution/release/architecture you have clients running.
  2. Aggregate those various versions of the packages to repository directory structure and sign the repository with an encryption key.
  3. Place the signed repository on a public web server
  4. Update the client machines to use your custom debs

Prepare the target repository

This creates the target directories for the repository. After the debs are loaded in the right spot you run it again to sign the repository.

#!/bin/bash
# script mkrepo

ROOT=/var/www
SIGID=2811D217
CUSTOM=merriam
USERID=debs

#	Distribution	Release		Component
DISTS=( \
	debian		lenny		$CUSTOM \
	ubuntu		intrepid	$CUSTOM \
)

echo creating user $USERID
# ubuntu doesn't like the -m switch
grep $USERID /etc/passwd || {
	useradd -m $USERID
	passwd $USERID
}

echo Processing ${DISTS[@]}

number_of_elements=${#DISTS[@]}

echo Count is $number_of_elements

for (( i = 0 ; i < ${#DISTS[@]}-1; i += 3 ))
do
	DIST=${DISTS[$i]}
	VER=${DISTS[$i+1]}
	COMP=${DISTS[$i+2]}
	
	echo processing distribution $DIST version $VER component $COMP

	echo making directories $ROOT/$DIST/dists/$VER/$COMP/{source,binary-{i386,amd64}}
	mkdir -p $ROOT/$DIST/dists/$VER/$COMP/{source,binary-{i386,amd64}}

	echo change owner of directories to debs
	chown -R $USERID $ROOT/$DIST

	echo creating /etc/apt/apt-ftparchive-$DIST.conf
	cat <<- EOF > /etc/apt/apt-ftparchive-$DIST.conf
		Dir {
		ArchiveDir "$ROOT/$DIST";
		};

		BinDirectory "dists/$VER/$COMP/binary-i386" {
		  Packages "dists/$VER/$COMP/binary-i386/Packages";
		  Contents "dists/$VER/Contents-i386";
		  SrcPackages "dists/$VER/$COMP/source/Sources";
		};

		BinDirectory "dists/$VER/$COMP/binary-amd64" {
		  Packages "dists/$VER/$COMP/binary-amd64/Packages";
		  Contents "dists/$VER/Contents-amd64";
		  SrcPackages "dists/$VER/$COMP/source/Sources";
		};

		Tree "dists/$VER" {
		  Sections "$COMP";
		  Architectures "i386 amd64 source";
		};
		EOF

	echo creating /etc/apt/apt-$DIST-release.conf

	cat <<- EOF > /etc/apt/apt-$DIST-release.conf
		APT::FTPArchive::Release::Archive "$VER";
		APT::FTPArchive::Release::Origin "$VER";
		APT::FTPArchive::Release::Label "$VER";
		APT::FTPArchive::Release::Suite "$VER";
		APT::FTPArchive::Release::Codename "$VER";
		APT::FTPArchive::Release::Architectures "i386 amd64 source";
		APT::FTPArchive::Release::Components "$COMP";
		APT::FTPArchive::Release::Description "Custom $DIST $VER packages for Bill Merriam";
		EOF

	echo generating archive
	apt-ftparchive generate /etc/apt/apt-ftparchive-$DIST.conf

	echo generating Release file
	RELDIR=$ROOT/$DIST/dists/$VER
	RELFILE=$RELDIR/Release

	apt-ftparchive -c /etc/apt/apt-$DIST-release.conf release $RELDIR > $RELFILE

	echo deleting old signature file $RELFILE.gpg
	rm $RELFILE.gpg

	echo signing Release file $RELFILE
	gpg -abs -u $SIGID -o $RELFILE.gpg $RELFILE

	echo adding key to apt-key
	gpg --armor --export $SIGID | apt-key add -
done

Build the packages

This downloads and builds the bacula source code and copies the debs to the repository we created in the previous step.

#!/bin/bash
# script mkbacula

ROOT=/root
PKG=bacula
SEDTEST=openssl
SEDCMD='s/CONF_ALL*.=/& --with-openssl/'
DEST=192.168.1.171:/var/www/ubuntu/dists/intrepid/custom/binary-i386

echo updating apt cache
apt-get update

echo installing dpkg-dev
apt-get install -y dpkg-dev

echo making directory $ROOT/build/$PKG
mkdir -p $ROOT/build/$PKG

cd $ROOT/build/$PKG

echo installing dependencies
apt-get build-dep -y $PKG

echo retreving and building source

apt-get source $PKG
 
echo updating rules
RULES=$PKG*[0-9]/debian/rules
grep $SEDTEST $RULES || sed -i -e "$SEDCMD" $RULES

echo building source
apt-get source --compile $PKG 

su -c "rsync --rsh ssh -av $ROOT/build/$PKG/*deb $DEST" debs
howto_build_deb_binary_packages_and_create_a_package_repository_for_debian_or_ubuntu.txt · Last modified: 2009/02/22 18:42 by merriam