普通仓库
apt-get -y install nginx reprepro dpkg-sig
mkdir -pv /data/file /mnt/d{1,2,3} /data/mirror/debian/conf
下载DVD镜像wget -P /data/file http://mirrors.yun-idc.com/debian-cd/current/amd64/iso-dvd/debian-8.2.0-amd64-DVD-{1,2,3}.iso
挂载到本地
mount -t iso9660 -o ro,loop /data/file/debian-8.2.0-amd64-DVD-1.iso /mnt/d1
mount -t iso9660 -o ro,loop /data/file/debian-8.2.0-amd64-DVD-2.iso /mnt/d2
mount -t iso9660 -o ro,loop /data/file/debian-8.2.0-amd64-DVD-3.iso /mnt/d3
创建仓库
head -9 /mnt/d1/dists/jessie/Release | sed '/Date:/d' - > /data/mirror/debian/conf/distributions
reprepro -Vb /data/mirror/debian includedeb jessie $(find /mnt/d{1,2,3}/pool/ -type f -name "*.deb")
提供HTTP服务
server {
listen 80 backlog=8192; # backlog代表此端口允许同时打开(tcp_syn)的最大值
server_name mirrors.biliops.com;
charset utf-8;
location / {
root /data/mirror;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
access_log /data/log/nginx/access.log; #访问过程不记日志
}
location ~ ^(.*)\/\.(svn|git|hg|bzr|cvs)\/ { # 屏蔽这些目录
deny all;
access_log off;
log_not_found off;
}
location ~ /\. { # 屏蔽.开头的目录或文件,比如 .htaccess .bash_history
deny all;
access_log off;
log_not_found off;
}
}
测试使用deb http://mirrors.biliops.com/debian jessie main contrib
apt-get update
仓库签名制作签名
gpg --gen-key
# Real name: mirror-key
# gpg: directory `~/.gnupg' created
# gpg: new configuration file `~/.gnupg/gpg.conf' created
# gpg: WARNING: options in `~/.gnupg/gpg.conf' are not yet active during this run
# gpg: keyring `~/.gnupg/secring.gpg' created
# gpg: keyring `~/.gnupg/pubring.gpg' created
# Not enough random bytes available.
rngd -r /dev/urandom -o /dev/random -f -t 1
gpg --list-keys
gpg --list-secret-keys
apt-key list
gpg -o ~/gpg-pub.key -a --export mirror-key # 导出公钥
gpg -o ~/gpg-sec.key -a --export-secret-keys mirror-key # 导出私钥
gpg --import ~/gpg-sec.key ~/gpg-pub.key # 恢复公、私钥
给仓库签名
head -9 /mnt/d1/dists/jessie/Release | sed 's/^Date:.*/SignWith: mirror-key/g' - > /data/mirror/debian/conf/distributions
# rm -rfv /data/mirror/debian/{db,dists,lists} # 可删除
reprepro -Vb /data/mirror/debian export jessie
测试仓库的签名
wget -q -O - mirrors.biliops.com/gpg-pub.key | sudo apt-key add -
打包签名dpkg-sig -k mirror-key --sign higkoo $(find /data/mirror/debian/pool -type f -name "*.deb")
|