tags: - debian - apt - reprepro categories: - informational comments: true

date: 2022-01-23 00:00:00

DESCRIPTION

Host a postgresql APT repo locally Act as a middle man to control postgresql installs on clients

ERRORS

VERIFICATION

COMMANDS

Administrator computer

• Add postgresql.org APT to download software

• /etc/apt/sources.list.d/pgdb.list

  deb [arch=amd64] http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main

• add key from postgresql.org

  sudo apt install curl ca-certificates gnupg
  curl https://www.postgresql.org/media/keys/ACCC4CF8.asc \
  | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null

• update and confirm

  apt update

APT host node

mkdir /opt/site/pkg/postgresql
cd /opt/site/pkg/postgresql
ls
conf  index.html  root0.asc  root0.asc.sig

cd conf
ls
distributions  options  override.focal

• conf/distributions

  Codename: focal
  Architectures: amd64
  Components: main
  SignWith: yes
  DebOverride: override.focal
  DscOverride: override.focal

• conf/options

  verbose
  ask-passphrase
  basedir .

• Empty: conf/override.focal

  touch conf/override.focal

• index.html

  index.html
  <!DOCTYPE html>
  <html>
  <head>
      <meta charset="UTF-8">
      <title> Postgresql Package Repository</title>
  </head>
  <body>
      <h1>Adding the  Postgresql Package Repository</h1>
      <ol>
          <li>Create <i>/etc/apt/sources.list.d/site.list</i> with the following line:
          <pre>
  deb [arch=amd64] https://root0managedservices.com/d7ca7ae9-359b-4b80-9fbe-8857827b7a86/postgresql focal main
  # deb [arch=amd64] http://192.168.2.144:8080/postgresql focal main # use for internal systems
          </pre>
          <li>Download the package signing keys
          <pre>
  wget http://192.168.2.144:8080/postgresql/root0.asc
  wget http://192.168.2.144:8080/postgresql/root0.asc.sig
          </pre>
          <li>Verify the signature and add the keys
          <pre>
  gpg root0.asc.sig
  sudo apt-key add root0.asc
          </pre>
          <li>Update the repository cache
          <pre>
          <pre>
  sudo apt-get update
  sudo apt-get postgresql-14
          </pre>
      </ol>
  </body>
  <html>

client

• Add key (should be already available - ubuntu repo - uses it)

• Add source

• /etc/apt/sources.list.d/postgresql.list

  deb [arch=amd64] https://root0.ca/postgresql focal main

• update

  apt update
  apt install postgresql-14

Appendix A: root0-postgresql-apt-repo

#! /bin/bash
set -o pipefail
set -o errexit
set -o nounset
umask 0002

TMPDIR=$(mktemp -d)
DEBDIR=$(mktemp -d)
trap 'rm -rf ${TMPDIR} ${DEBDIR}' EXIT

APTREPO=${_APTREPO-mylxc1}
DIR=root0-postgresql-apt-repo

mkdir "${DIR}"
rsync -az --omit-dir-times --delete "${APTREPO}":/opt/site/pkg/postgresql/ "${DIR}/"

pushd "${DEBDIR}" >/dev/null
apt-get -qq download \
  pgdg-keyring \
  libpq5 \
  postgresql-common \
  postgresql-client-common \
  postgresql-client-14 \
  postgresql-14
popd >/dev/null

pushd "${DIR}" >/dev/null
for PGDEB in "${DEBDIR}"/*.deb ;do
  reprepro --ask-passphrase -Vb . \
    includedeb focal "${PGDEB}"
done
popd >/dev/null

rsync -avz --omit-dir-times --delete "${DIR}/" "${APTREPO}":/opt/site/pkg/postgresql/

Appendix B: Using nginx to host apt repo

apt install  --no-install-recommends nginx-core

• /etc/nginx/sites-available/default server { listen 80; server_name postgresql.root0.ca; access_log /var/log/nginx/packages-error.log; error_log /var/log/nginx/packages-error.log; location / { root /opt/site/pkg/postgresql; index index.html; autoindex on; } location ~ /(.*)/conf { deny all; } location ~ /(.*)/db { deny all; } } systemctl restart nginx

References

https://wiki.debian.org/DebianRepository/SetupWithReprepro https://wiki.postgresql.org/wiki/Apt https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html