Page under construction as of 2009-02-22
The problem: Currently (Feb 2009) distributed binary packages for Debian and Ubuntu do not include use of the openssl package and thus don't include support for encryption.
I backup to those really cheap, really easy portable USB drives. The problem is any visitor to your home or office can take that drive with them. They might only take it because they want a cheap, easy portable USB drive, but now they have your data. The answer is to encrypt the data. You can always buy another disk if the old one gets stolen. You can just compile and install the source code but then you lose all of APT's wonderful value at installing prerequisites and updates. Building your own packages has value, especially if you have lots of client machines.
There are four parts to this process.
This creates the target directories for the repository. After the debs are loaded in the right spot you run it again to sign the repository.
#!/bin/bash # script mkrepo ROOT=/var/www SIGID=2811D217 CUSTOM=merriam USERID=debs # Distribution Release Component DISTS=( \ debian lenny $CUSTOM \ ubuntu intrepid $CUSTOM \ ) echo creating user $USERID # ubuntu doesn't like the -m switch grep $USERID /etc/passwd || { useradd -m $USERID passwd $USERID } echo Processing ${DISTS[@]} number_of_elements=${#DISTS[@]} echo Count is $number_of_elements for (( i = 0 ; i < ${#DISTS[@]}-1; i += 3 )) do DIST=${DISTS[$i]} VER=${DISTS[$i+1]} COMP=${DISTS[$i+2]} echo processing distribution $DIST version $VER component $COMP echo making directories $ROOT/$DIST/dists/$VER/$COMP/{source,binary-{i386,amd64}} mkdir -p $ROOT/$DIST/dists/$VER/$COMP/{source,binary-{i386,amd64}} echo change owner of directories to debs chown -R $USERID $ROOT/$DIST echo creating /etc/apt/apt-ftparchive-$DIST.conf cat <<- EOF > /etc/apt/apt-ftparchive-$DIST.conf Dir { ArchiveDir "$ROOT/$DIST"; }; BinDirectory "dists/$VER/$COMP/binary-i386" { Packages "dists/$VER/$COMP/binary-i386/Packages"; Contents "dists/$VER/Contents-i386"; SrcPackages "dists/$VER/$COMP/source/Sources"; }; BinDirectory "dists/$VER/$COMP/binary-amd64" { Packages "dists/$VER/$COMP/binary-amd64/Packages"; Contents "dists/$VER/Contents-amd64"; SrcPackages "dists/$VER/$COMP/source/Sources"; }; Tree "dists/$VER" { Sections "$COMP"; Architectures "i386 amd64 source"; }; EOF echo creating /etc/apt/apt-$DIST-release.conf cat <<- EOF > /etc/apt/apt-$DIST-release.conf APT::FTPArchive::Release::Archive "$VER"; APT::FTPArchive::Release::Origin "$VER"; APT::FTPArchive::Release::Label "$VER"; APT::FTPArchive::Release::Suite "$VER"; APT::FTPArchive::Release::Codename "$VER"; APT::FTPArchive::Release::Architectures "i386 amd64 source"; APT::FTPArchive::Release::Components "$COMP"; APT::FTPArchive::Release::Description "Custom $DIST $VER packages for Bill Merriam"; EOF echo generating archive apt-ftparchive generate /etc/apt/apt-ftparchive-$DIST.conf echo generating Release file RELDIR=$ROOT/$DIST/dists/$VER RELFILE=$RELDIR/Release apt-ftparchive -c /etc/apt/apt-$DIST-release.conf release $RELDIR > $RELFILE echo deleting old signature file $RELFILE.gpg rm $RELFILE.gpg echo signing Release file $RELFILE gpg -abs -u $SIGID -o $RELFILE.gpg $RELFILE echo adding key to apt-key gpg --armor --export $SIGID | apt-key add - done
This downloads and builds the bacula source code and copies the debs to the repository we created in the previous step.
#!/bin/bash # script mkbacula ROOT=/root PKG=bacula SEDTEST=openssl SEDCMD='s/CONF_ALL*.=/& --with-openssl/' DEST=192.168.1.171:/var/www/ubuntu/dists/intrepid/custom/binary-i386 echo updating apt cache apt-get update echo installing dpkg-dev apt-get install -y dpkg-dev echo making directory $ROOT/build/$PKG mkdir -p $ROOT/build/$PKG cd $ROOT/build/$PKG echo installing dependencies apt-get build-dep -y $PKG echo retreving and building source apt-get source $PKG echo updating rules RULES=$PKG*[0-9]/debian/rules grep $SEDTEST $RULES || sed -i -e "$SEDCMD" $RULES echo building source apt-get source --compile $PKG su -c "rsync --rsh ssh -av $ROOT/build/$PKG/*deb $DEST" debs