Membuat Repository Debian dengan Reprepro
Tulisan ini mendokumentasikan pembuatan repository lokal Debian untuk sekolah, sekaligus tugas dari pak Darian Rizaludin selaku koordinator tim Infrastruktur BlankOn Linux Uluwatu. Semestinya catatan ini juga dapat diterapkan di turunan Debian.
Sistem operasi yang saya gunakan saat mengerjakan LAB ini adalah Debian 8, di atas sistem virtualisasi KVM di Debian 8 juga.
- Buat user reprepro (yang ini bebas sih namanya, yang penting konfigurasi selanjutnya harus disesuaikan).
root@docker:~# adduser reprepro
- Masukkan user reprepro tersebut ke grup sudo
root@docker:~# usermod -aG sudo reprepro
- Login ke user tersebut
root@docker:~# su - reprepro
- Install paket-paket yang diperlukan
reprepro@docker:~$ sudo apt-get install reprepro nginx haveged
- Buat kunci GnuPG untuk paket yang akan ditandatangani
reprepro@docker:~$ gpg --gen-key
Catatan :
* Pembuatan kunci GPG ini memerlukan waktu beberapa saat, dan ikuti langkah-langkahnya hingga selesai.
* Untuk password dapat dikosongi saja.
* Kunci akan tersimpan di direktori ~/.gnupg/
reprepro@docker:~$ gpg --gen-key
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N)
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Samsul Ma'arif
Email address: hay@samsul.web.id
Comment: Junior System Adminstrator
You selected this USER-ID:
"Samsul Ma'arif (Junior System Adminstrator) <hay@samsul.web.id>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 282 more bytes)
.+++++
..............+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
+++++
gpg: key 89441F3C marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/89441F3C 2017-04-24
Key fingerprint = F90D F428 CFEF E7AD 518A 10B6 C1F8 30CC 8944 1F3C
uid Samsul Ma'arif (Junior System Adminstrator) <hay@samsul.web.id>
sub 2048R/1056625C 2017-04-24
reprepro@docker:~$
- Konfigurasi web server nginx
Buat berkas dan tautkan ke /etc/nginx/sites-enabled/reprepro
reprepro@docker:~$ sudo vim /etc/nginx/sites-available/reprepro
Isi berkas tersebut dengan
server {
listen 80;
server_name $DOMAIN;
access_log /var/log/nginx/reprepro.access.log;
location / {
root /home/reprepro/repo/;
index index.html index.htm;
autoindex on;
}
}
- Lakukan symlink konfigurasi nginx
reprepro@docker:~$ sudo ln -s /etc/nginx/sites-available/reprepro /etc/nginx/sites-enabled/reprepro
- Restart nginx
reprepro@docker:~$ sudo /etc/init.d/nginx restart
- Konfigurasi reprepro
Buat direktori untuk area kerja reprepro
reprepro@docker:~$ mkdir -p conf
reprepro@docker:~$ mkdir -p repo/blankon
reprepro@docker:~$ mkdir -p db
- Periksa gpg yang dibuat sebelumnya
reprepro@docker:~$ gpg --list-key /home/reprepro/.gnupg/pubring.gpg --------------------------------- pub 2048R/89441F3C 2017-04-24 uid Samsul Ma'arif (Junior System Adminstrator) <hay@samsul.web.id> sub 2048R/1056625C 2017-04-24
- Export pgp/gpg
reprepro@docker:~$ gpg --armor --output arsip-archive-keyring.gpg --export hay@samsul.web.id
Keguanaan ini untuk didistribusikan ke client atau bisa juga dengan memaketkan dan masukkan ke dalam repo.
- Buat berkas distributions
reprepro@docker:~$ vim conf/distributions
Tambahkan konfigurasi berikut, atau sesuaikan kebutuhan. Dalam hal ini saya tidak menyertakan paket sumber (source).
Origin: Blankon Label: Blankon Codename: nusantara Suite: nusantara Components: main restricted extras extras-restricted UDebComponents: main Architectures: i386 amd64 Version: 1.0 Description: BlankOn 1.0 nusantara # Jangan kasih "-" di kolom Update, nanti paket2 khas2 akan dihapus Update: merge.nusantara SignWith: yes DebIndices: Packages Release . .gz .bz2 tiffany.py UDebIndices: Packages . .gz .bz2 DscIndices: Sources Release . .gz .bz2 tiffany.py Contents: udebs nodebs . .gz ContentsArchitectures: i386 amd64 ContentsComponents: main restricted extras extras-restricted ContentsUComponents: main Log: /home/reprepro/nusantara.log #--type=dsc changelogs
- Buat berkas updates
reprepro@docker:~$ vim conf/updates
Isi dengan
Name: merge.nusantara Suite: jessie-backports VerifyRelease: blindtrust Method: http://kambing.ui.ac.id/debian Architectures: i386 amd64 Components: main
- Buat berkas options
reprepro@docker:~$ cat conf/options
Isi dengan
basedir /home/reprepro/
confdir /home/reprepro/conf
dbdir /home/reprepro/db
outdir /home/reprepro/repo/blankon/
gnupghome /home/reprepro/.gnupg
- Unduh berkas tiffany.py
reprepro@docker:~$ wget https://raw.githubusercontent.com/dotovr/repo/master/conf/tiffany.py -O conf/tiffany.py
- Menggunakan repositori
masuk ke direktori kerja, jalankan perintah
reprepro@docker:~$ cd ~ reprepro@docker:~$ reprepro -v -v -v update nusantara
Proses ini akan memakan waktu yang sangat lama, terutama ketika menggunakan koneksi internet yang terbatas.
- Membuat berkas index Packages.gz
reprepro@docker:~$ reprepro export nusantara
- Memasukkab berkas .deb/.Udeb Sources dengan berkas .changes
reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION include DIST /PATH/TO/PACKAGE.changes
- Memasuukan paket .deb
reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION includedeb DIST /PATH/TO/PACKAGE.deb
- Memasukkan paket debian-installer (udeb)
reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION includeudeb DIST /PATH/TO/PACKAGE.udeb
- Memasukkan Kode Sumber
reprepro@docker:~$ reprepro -C COMPONENT -P PRIORITY -S SECTION includedsc DIST /PATH/TO/PACKAGE.dsc
- Menghapus Paket
reprepro@docker:~$ reprepro remove DIST NAMA_PAKET
- Membekukan Rilis
Tambahkan opsi ReadOnly dan hilangkan tiffany.py , pada distributions contoh:
Origin: Blankon Label: Blankon Codename: nusantara Suite: nusantara .... ReadOnly: Yes <-------------
- Hasil Pekerjaan:
http://$DOMAIN/blankon/ dapat dipasang di /etc/apt/sources.list
deb http://$DOMAIN/blankon nusantara main restricted extras extras-restricted deb-src http://$DOMAIN/blankon nusantara main restricted extras extras-restricted
Keterangan:
deb: Binary Deb
deb-src: Source
http://$DOMAIN/blankon : Alamat Repo
nusantara: Dist/Nama Rilis
main: Repo Utama Bebas
restricted: Repo Utama Terbatas Lisensinya
extras: Repo Komunitas
extras-restricted: Repo Komunitas Terbatas Lisensinya
- Dari client coba lakukan update dan pasang package
samsul@blankon:~$ sudo apt-get update samsul@blankon:~$ sudo apt-get install nusantara-keyring
dan install aplikasi-aplikasi lainnya, baik dengan apt-get, aptitude, synaptic atau software center, jika tidak ada galat/error maka repo sudah siap digunakan.
Referensi
Tulisan ini merupakan remake dan hasil ujicoba dari tulisan pak Mahyuddin Idram Ahmad a.k.a dotovr di blognya http://dotovr.blogspot.co.id/2016/05/membuat-repository-debian-dengan.html
Lainnya :
~~DISQUS~~