Membuat Repository Debian dengan Reprepro

Tulisan ini mendokumentasikan pembuatan repository lokal Debian untuk sekolah, sekaligus tugas dari pak Darian Rizaludin selaku koordinator tim Infrastruktur BlankOn Linux Uluwatu. Semestinya catatan ini juga dapat diterapkan di turunan Debian.

Sistem operasi yang saya gunakan saat mengerjakan LAB ini adalah Debian 8, di atas sistem virtualisasi KVM di Debian 8 juga.

  • Buat user reprepro (yang ini bebas sih namanya, yang penting konfigurasi selanjutnya harus disesuaikan).
  root@docker:~# adduser reprepro
  • Masukkan user reprepro tersebut ke grup sudo
  root@docker:~# usermod -aG sudo reprepro
  • Login ke user tersebut
  root@docker:~# su - reprepro
  • Install paket-paket yang diperlukan
  reprepro@docker:~$ sudo apt-get install reprepro nginx haveged
  • Buat kunci GnuPG untuk paket yang akan ditandatangani
  reprepro@docker:~$ gpg --gen-key
Catatan :
* Pembuatan kunci GPG ini memerlukan waktu beberapa saat, dan ikuti langkah-langkahnya hingga selesai.
* Untuk password dapat dikosongi saja.
* Kunci akan tersimpan di direktori ~/.gnupg/
reprepro@docker:~$ gpg --gen-key
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) 
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Samsul Ma'arif
Email address: hay@samsul.web.id
Comment: Junior System Adminstrator
You selected this USER-ID:
    "Samsul Ma'arif (Junior System Adminstrator) <hay@samsul.web.id>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option "--edit-key".

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 282 more bytes)
.+++++
..............+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
+++++
gpg: key 89441F3C marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/89441F3C 2017-04-24
      Key fingerprint = F90D F428 CFEF E7AD 518A  10B6 C1F8 30CC 8944 1F3C
uid                  Samsul Ma'arif (Junior System Adminstrator) <hay@samsul.web.id>
sub   2048R/1056625C 2017-04-24

reprepro@docker:~$
  • Konfigurasi web server nginx

Buat berkas dan tautkan ke /etc/nginx/sites-enabled/reprepro

  reprepro@docker:~$ sudo vim /etc/nginx/sites-available/reprepro

Isi berkas tersebut dengan

server {
     listen 80;
     server_name $DOMAIN;
     access_log /var/log/nginx/reprepro.access.log;
     location / {
          root /home/reprepro/repo/;
          index index.html index.htm;
          autoindex on;
     }
}
  • Lakukan symlink konfigurasi nginx
  reprepro@docker:~$ sudo ln -s /etc/nginx/sites-available/reprepro /etc/nginx/sites-enabled/reprepro
  • Restart nginx
 reprepro@docker:~$ sudo /etc/init.d/nginx restart
  • Konfigurasi reprepro

Buat direktori untuk area kerja reprepro

 reprepro@docker:~$ mkdir -p conf
 reprepro@docker:~$ mkdir -p repo/blankon
 reprepro@docker:~$ mkdir -p db
  • Periksa gpg yang dibuat sebelumnya
reprepro@docker:~$ gpg --list-key
/home/reprepro/.gnupg/pubring.gpg
---------------------------------
pub   2048R/89441F3C 2017-04-24
uid                  Samsul Ma'arif (Junior System Adminstrator) <hay@samsul.web.id>
sub   2048R/1056625C 2017-04-24
  • Export pgp/gpg
  reprepro@docker:~$ gpg --armor --output arsip-archive-keyring.gpg --export hay@samsul.web.id

Keguanaan ini untuk didistribusikan ke client atau bisa juga dengan memaketkan dan masukkan ke dalam repo.

  • Buat berkas distributions
  reprepro@docker:~$ vim conf/distributions 

Tambahkan konfigurasi berikut, atau sesuaikan kebutuhan. Dalam hal ini saya tidak menyertakan paket sumber (source).

Origin: Blankon
Label: Blankon
Codename: nusantara
Suite: nusantara
Components: main restricted extras extras-restricted
UDebComponents: main
Architectures: i386 amd64 
Version: 1.0
Description: BlankOn 1.0 nusantara
# Jangan kasih "-" di kolom Update, nanti paket2 khas2 akan dihapus
Update: merge.nusantara
SignWith: yes
DebIndices: Packages Release . .gz .bz2 tiffany.py
UDebIndices: Packages . .gz .bz2
DscIndices: Sources Release . .gz .bz2 tiffany.py
Contents: udebs nodebs . .gz
ContentsArchitectures: i386 amd64
ContentsComponents: main restricted extras extras-restricted
ContentsUComponents: main
Log: /home/reprepro/nusantara.log 
#--type=dsc changelogs
  • Buat berkas updates
  reprepro@docker:~$ vim conf/updates 

Isi dengan

Name: merge.nusantara
Suite: jessie-backports
VerifyRelease: blindtrust
Method: http://kambing.ui.ac.id/debian
Architectures: i386 amd64
Components: main
  • Buat berkas options
  reprepro@docker:~$ cat conf/options 

Isi dengan

basedir /home/reprepro/
confdir /home/reprepro/conf
dbdir /home/reprepro/db
outdir /home/reprepro/repo/blankon/
gnupghome /home/reprepro/.gnupg
  • Unduh berkas tiffany.py
  reprepro@docker:~$ wget https://raw.githubusercontent.com/dotovr/repo/master/conf/tiffany.py -O conf/tiffany.py
  • Menggunakan repositori

masuk ke direktori kerja, jalankan perintah

  reprepro@docker:~$ cd ~
  reprepro@docker:~$ reprepro -v -v -v update nusantara

Proses ini akan memakan waktu yang sangat lama, terutama ketika menggunakan koneksi internet yang terbatas.

  • Membuat berkas index Packages.gz
  reprepro@docker:~$ reprepro export nusantara
  • Memasukkab berkas .deb/.Udeb Sources dengan berkas .changes
  reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION include DIST /PATH/TO/PACKAGE.changes
  • Memasuukan paket .deb
  reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION includedeb DIST /PATH/TO/PACKAGE.deb
  • Memasukkan paket debian-installer (udeb)
  reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION includeudeb DIST /PATH/TO/PACKAGE.udeb
  • Memasukkan Kode Sumber
  reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION includedsc DIST /PATH/TO/PACKAGE.dsc
  • Menghapus Paket
  reprepro@docker:~$ reprepro remove DIST NAMA_PAKET
  • Membekukan Rilis

Tambahkan opsi ReadOnly dan hilangkan tiffany.py , pada distributions contoh:

Origin: Blankon
Label: Blankon
Codename: nusantara
Suite: nusantara
....
ReadOnly: Yes <-------------
  • Hasil Pekerjaan:

http://$DOMAIN/blankon/ dapat dipasang di /etc/apt/sources.list

  deb http://$DOMAIN/blankon nusantara main restricted extras extras-restricted
  deb-src http://$DOMAIN/blankon nusantara main restricted extras extras-restricted
Keterangan:
deb: Binary Deb
deb-src: Source
http://$DOMAIN/blankon : Alamat Repo
nusantara: Dist/Nama Rilis
main: Repo Utama Bebas
restricted: Repo Utama Terbatas Lisensinya
extras: Repo Komunitas
extras-restricted: Repo Komunitas Terbatas Lisensinya
  • Dari client coba lakukan update dan pasang package
  samsul@blankon:~$ sudo apt-get update
  samsul@blankon:~$ sudo apt-get install nusantara-keyring

dan install aplikasi-aplikasi lainnya, baik dengan apt-get, aptitude, synaptic atau software center, jika tidak ada galat/error maka repo sudah siap digunakan.

  • linux/Membuat.Repository.Debian.dengan.Reprepro
  • Terakhir diubah: 9 bulan yang lalu
  • (Perubahan eksternal)