Linux Ubuntu

Part 2: Set up a repository by using Reprepro and make the repository public with AWS S3

By Binh No Comments #deb package repository #reprepro #s3 use case #setup apt repo

Continue from Part 1: How to build a custom Debian repository on AWS S3 with Ubuntu 20.04 and reprepo

Set up a repository by using Reprepro

Reprepro was created by R. Bernhard who used to “produce, manage and sync a local repository of Debian packages” (also known as Mirrorer). This tool makes us build a custom repository easier and it’s under the GNU licence and completely open source.

Step 1 – Reprepro installation

Run this command to install

apt-get update
apt-get install reprepro

Create a dedicated folder for this repository

mkdir -p /opt/repositories/
cd /opt/repositories/

Create a configuration directory

mkdir conf
cd conf/

Create a distributions config file.

touch distributions

Edit file by nano command:

nano distributions

And add these fields to the file (Remember to copy the signing key’s ID that we created in part 1, which is 5A7B560EB84593AA in this example), you may want to check out this document to see the meaning of these fields as well as other fields if you like:

Codename: focal
Components: main
Architectures: i386 amd64
SignWith: 5A7B560EB84593AA

NOTE: If you have created your master key in part 1 with a password, you have to create an “options” file here. And add ask-passphrase as content in this “options” file. The ask-passphrase directive tells Reprepro to request a GPG password when signing.

Optional: If you want to serve other codenames

You can include other codenames as well, just right below the configurations of the “focal” codename. E.g.

Codename: focal
Components: main
...

Codename: jammy
Components: main
Architectures: i386 amd64 arm64
SignWith: 5A7B560EB84593AA

# Other codenames....
Codename: noble
...

Step 2 – Add a Debian Package with Reprepro

Let’s change our directory to a temporary location

mkdir -p /tmp/example_debs
cd /tmp/example_debs

Copy your custom Debian package into this directory. My packages are helloworld_0.1~focal1_amd64.deb and helloworld_0.1~focal1_i386.deb

Add these 2 Debian packages into our repository by:

reprepro -b /opt/repositories includedeb focal helloworld_0.1~focal1_*

You’ll get a result similar to the below by listing packages:

reprepro -b /opt/repositories/ list focal

To delete a package, we simply run:

reprepro -b /opt/repositories/ remove focal helloworld

Ok! Now we have our own repository. The /opt/repositories/ directory should have content like below inside it

.
├── conf
│   └── distributions
├── db
│   ├── checksums.db
│   ├── contents.cache.db
│   ├── packages.db
│   ├── references.db
│   ├── release.caches.db
│   └── version
├── dists
│   └── focal
│       ├── InRelease
│       ├── main
│       │   ├── binary-amd64
│       │   │   ├── Packages
│       │   │   ├── Packages.gz
│       │   │   └── Release
│       │   └── binary-i386
│       │       ├── Packages
│       │       ├── Packages.gz
│       │       └── Release
│       ├── Release
│       └── Release.gpg
└── pool
    └── main
        └── h
            └── helloworld
                ├── helloworld_0.1_amd64.deb
                └── helloworld_0.1_i386.deb

Make the repository public with AWS S3

In this part, we’ll need to upload the whole data in /opt/repositories directory to the S3 bucket that we’ll create in the next step

  1. Create an S3 bucket called “testing-repository”

Go to AWS Management S3 Console -> select “Create bucket” -> And enter basic information to create

  1. Default, the new created “testing-repository” has Block all public access option is turned “ON”. Because we use this custom repository for publishing our own package for others to use. We’ll make it public by

From AWS Management S3 Console -> Select “testing-repository” -> select “Permissions” tab -> click Edit under the Block public access (bucket settings)

Then unselect the check box “Block all public access” -> click “Save changes”

  1. Next, you’ll need to create a Bucket policy to allow you to copy data from /opt/repositories to s3://testing-repository. Remember to replace your Public IP (go to Google and type “my IP”, copy from there) to the <Your-public-ip> under the below content). This to make sure no one can except you can copy data to this repository.

Under “Permissions” tab where you just turned off “Block public accesss” -> Click Edit under Bucket policy

Then add this policy and click “Save changes”

{
    "Version": "2012-10-17",
    "Id": "Policy1440406249823",
    "Statement": [
        {
            "Sid": "Allow copy code to S3 testing-repository",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::testing-repository/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "<Your-public-ip>/32"
                }
            }
        }
    ]
}
  1. Come back to the Ubuntu server where you stored the data of /opt/repositories. You should run aws configure first in order to add your user’s credentials (if you haven’t done so), so that you’ll be able to put data into S3. I assume you know this part, so I will skip this.

Now upload data from /opt/repositories to s3://testing-repository by running the command:

aws s3 sync --region=us-east-1 --delete /opt/repositories/ s3://testing-repository --profile binh

Done! Your package data in /opt/repositories now will be in S3 bucket “testing-repository”

The result should look like

Testing to install a package from our new repository on S3

On a second server, we have to copy the signing.key file created on the first server over to this server, and then on this second server, run the command to add the signing key:

apt-key add signing.key

Check that the signing key is added:

apt-key list

The output should look like

Now add the repository’s address for apt-get to find. Here is the url https://testing-repository.s3.amazonaws.com/, we run command:

add-apt-repository "deb https://testing-repository.s3.amazonaws.com/ focal main"

From the command, most Debian repository can be added with the format:

deb (repository location) (current distribution code name)  (the components name)

Where:

  • (repository location): is the location of the server where it stored our repository, we use https://testing-repository.s3.amazonaws.com/
  • (current distribution code name): is our server’s code name, which is focal here.
  • (the component’s name): we install a simple repository, so the component is called “main”

Run update:

apt-get update

Try searching for our package “helloworld”:

apt search helloworld

We get the result:

Now, we try installing the package, if it is correct, you should be able to run the command helloworld

apt install helloworld

My result is showing:

That’s all steps we need to have our own repository.

Discover more from Turn DevOps Easier

Subscribe to get the latest posts sent to your email.

By Binh

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents

Content on this page