This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git
The following commit(s) were added to refs/heads/master by this push:
new 3e9a2a5 Improve Debian repo creation steps (#30)
3e9a2a5 is described below
commit 3e9a2a5a5e73a03476b614a5f02f8cdcdbf7ed1a
Author: Gregor Riepl <[email protected]>
AuthorDate: Mon Jul 8 11:55:28 2019 +0200
Improve Debian repo creation steps (#30)
* Added missing steps to dpkg repository creation procedure
* Document optional repository signing steps
---
source/installguide/building_from_source.rst | 55 +++++++++++++++++++++++++---
1 file changed, 50 insertions(+), 5 deletions(-)
diff --git a/source/installguide/building_from_source.rst
b/source/installguide/building_from_source.rst
index 7fe98bd..019c99a 100644
--- a/source/installguide/building_from_source.rst
+++ b/source/installguide/building_from_source.rst
@@ -304,7 +304,7 @@ as well.
.. parsed-literal::
- $ sudo apt-get install dpkg-dev
+ $ sudo apt-get install dpkg-dev apt-utils
The next step is to copy the DEBs to the directory where they can be
served over HTTP. We'll use ``/var/www/cloudstack/repo`` in the
@@ -315,15 +315,53 @@ examples, but change the directory to whatever works for
you.
$ sudo mkdir -p /var/www/cloudstack/repo/binary
$ sudo cp \*.deb /var/www/cloudstack/repo/binary
$ cd /var/www/cloudstack/repo/binary
- $ sudo sh -c 'dpkg-scanpackages . /dev/null | tee Packages | gzip -9 >
Packages.gz'
+ $ sudo dpkg-scanpackages . /dev/null > Packages
+ $ sudo gzip -9k Packages
+ $ sudo apt-ftparchive release . > Release
.. note::
You can safely ignore the warning about a missing override file.
-Now you should have all of the DEB packages and ``Packages.gz`` in the
-``binary`` directory and available over HTTP. (You may want to use
-``wget`` or ``curl`` to test this before moving on to the next step.)
+Now you should have all of the DEB packages, ``Packages``,
+``Packages.gz`` and ``Release`` in the ``binary`` directory and
+available over HTTP. (You may want to use ``wget`` or ``curl``
+to test this before moving on to the next step.)
+
+
+Repository signing
+~~~~~~~~~~~~~~~~~~
+
+The following step is optional.
+
+The repository we just created will work without cryptographic
+signatures, but it's always better to sign your releases if you can.
+
+Install GnuPG first:
+
+.. parsed-literal::
+
+ $ sudo apt-get install gpg
+
+Set up a signing key if you don't have one yet.
+If you already have a suitable key, skip this step.
+
+.. parsed-literal::
+
+ $ sudo gpg --default-new-key-algo rsa4096 --gen-key
+
+Generate the repository signatures. Replace ${YOUR_KEY_ID} with the
+key ID of the key you created above.
+
+.. parsed-literal::
+
+ $ sudo rm -fr Release.gpg InRelease
+ $ sudo gpg --default-key ${YOUR_KEY_ID} -abs -o Release.gpg Release
+ $ sudo gpg --default-key ${YOUR_KEY_ID} --clearsign -o InRelease Release
+ $ sudo gpg --output KEY.gpg --armor --export ${YOUR_KEY_ID}
+
+Store the ``Release.gpg`` and ``InRelease`` as well as KEY.gpg on your
+HTTP server.
Configuring your machines to use the APT repository
@@ -339,6 +377,13 @@ line:
deb http://server.url/cloudstack/repo/binary ./
+If you signed your Release file with GnuPG, import the signing key
+on your target system first.
+
+.. parsed-literal::
+
+ $ wget -q -O - http://server.url/cloudstack/repo/binary/KEY.gpg | sudo
apt-key add -
+
Now that you have the repository info in place, you'll want to run
another update so that APT knows where to find the CloudStack packages.
