User Tools

Site Tools


Page under construction as of 2009-02-22

The problem: Currently (Feb 2009) distributed binary packages for Debian and Ubuntu do not include use of the openssl package and thus don't include support for encryption.

I backup to those really cheap, really easy portable USB drives. The problem is any visitor to your home or office can take that drive with them. They might only take it because they want a cheap, easy portable USB drive, but now they have your data. The answer is to encrypt the data. You can always buy another disk if the old one gets stolen. You can just compile and install the source code but then you lose all of APT's wonderful value at installing prerequisites and updates. Building your own packages has value, especially if you have lots of client machines.

There are four parts to this process.

  1. Build the binary packages. This has to be done once for each distribution/release/architecture you have clients running.
  2. Aggregate those various versions of the packages to repository directory structure and sign the repository with an encryption key.
  3. Place the signed repository on a public web server
  4. Update the client machines to use your custom debs

Prepare the target repository

This creates the target directories for the repository. After the debs are loaded in the right spot you run it again to sign the repository.

# script mkrepo


#	Distribution	Release		Component
	debian		lenny		$CUSTOM \
	ubuntu		intrepid	$CUSTOM \

echo creating user $USERID
# ubuntu doesn't like the -m switch
grep $USERID /etc/passwd || {
	useradd -m $USERID
	passwd $USERID

echo Processing ${DISTS[@]}


echo Count is $number_of_elements

for (( i = 0 ; i < ${#DISTS[@]}-1; i += 3 ))
	echo processing distribution $DIST version $VER component $COMP

	echo making directories $ROOT/$DIST/dists/$VER/$COMP/{source,binary-{i386,amd64}}
	mkdir -p $ROOT/$DIST/dists/$VER/$COMP/{source,binary-{i386,amd64}}

	echo change owner of directories to debs

	echo creating /etc/apt/apt-ftparchive-$DIST.conf
	cat <<- EOF > /etc/apt/apt-ftparchive-$DIST.conf
		Dir {
		ArchiveDir "$ROOT/$DIST";

		BinDirectory "dists/$VER/$COMP/binary-i386" {
		  Packages "dists/$VER/$COMP/binary-i386/Packages";
		  Contents "dists/$VER/Contents-i386";
		  SrcPackages "dists/$VER/$COMP/source/Sources";

		BinDirectory "dists/$VER/$COMP/binary-amd64" {
		  Packages "dists/$VER/$COMP/binary-amd64/Packages";
		  Contents "dists/$VER/Contents-amd64";
		  SrcPackages "dists/$VER/$COMP/source/Sources";

		Tree "dists/$VER" {
		  Sections "$COMP";
		  Architectures "i386 amd64 source";

	echo creating /etc/apt/apt-$DIST-release.conf

	cat <<- EOF > /etc/apt/apt-$DIST-release.conf
		APT::FTPArchive::Release::Archive "$VER";
		APT::FTPArchive::Release::Origin "$VER";
		APT::FTPArchive::Release::Label "$VER";
		APT::FTPArchive::Release::Suite "$VER";
		APT::FTPArchive::Release::Codename "$VER";
		APT::FTPArchive::Release::Architectures "i386 amd64 source";
		APT::FTPArchive::Release::Components "$COMP";
		APT::FTPArchive::Release::Description "Custom $DIST $VER packages for Bill Merriam";

	echo generating archive
	apt-ftparchive generate /etc/apt/apt-ftparchive-$DIST.conf

	echo generating Release file

	apt-ftparchive -c /etc/apt/apt-$DIST-release.conf release $RELDIR > $RELFILE

	echo deleting old signature file $RELFILE.gpg
	rm $RELFILE.gpg

	echo signing Release file $RELFILE
	gpg -abs -u $SIGID -o $RELFILE.gpg $RELFILE

	echo adding key to apt-key
	gpg --armor --export $SIGID | apt-key add -

Build the packages

This downloads and builds the bacula source code and copies the debs to the repository we created in the previous step.

# script mkbacula

SEDCMD='s/CONF_ALL*.=/& --with-openssl/'

echo updating apt cache
apt-get update

echo installing dpkg-dev
apt-get install -y dpkg-dev

echo making directory $ROOT/build/$PKG
mkdir -p $ROOT/build/$PKG

cd $ROOT/build/$PKG

echo installing dependencies
apt-get build-dep -y $PKG

echo retreving and building source

apt-get source $PKG
echo updating rules
grep $SEDTEST $RULES || sed -i -e "$SEDCMD" $RULES

echo building source
apt-get source --compile $PKG 

su -c "rsync --rsh ssh -av $ROOT/build/$PKG/*deb $DEST" debs
howto_build_deb_binary_packages_and_create_a_package_repository_for_debian_or_ubuntu.txt · Last modified: 2009/02/22 18:42 by merriam