Translation(s): English - 한국어(Korean)
본 문서는 Debian 패키지 저장소를 구축하는 방법을 간략히 소개한다.
이 글을 쓰는 시점에서 가장 정확한 정보를 제공하려고 애썼다. 그래도 만약, 이 글에서 실수가 발견되면 옳게 고쳐주었으면 한다.
Contents
Archive Types
유저의 관점에서 저장소는 두 종류로 나눌 수 있다:
archive style |
apt line |
apt-pinning |
secure APT |
status |
official archive |
"deb http://example.org/debian unstable main" |
Yes |
Yes |
preferred |
trivial archive |
"deb http://example.org/debian ./" |
No |
Yes |
deprecated |
위의 두 아카이브는 서로 다른 메타 데이터 구조를 가졌다. 둘 다 실질저인 패키지 파일들을 저장할 수 있다. These archives have different meta-data structure. Both archives can store actual package files. Many older repository HOWTOs (e.g. old "Debian Reference (sarge)" and "APT HOWTO (sarge)") address creation of a "trivial archive" and are problematic since the "trivial archive" lacks support for apt-pinning and modern secure APT due to the collision of 2 types of Release files.
For creating something similar to the official archive, there are some good packages to help you but they tend to require a database server.
Available Tools
dak (Debian Archive Kit)
- Goals: Packaging of the tools handling the official Debian repositories.
- Pro: Real stuff.
- Cons: Depends on python and PostgreSQL (even if on an other host), lack of documentation, designed for large repositories.
Download: git repository.
- Distributions: not in Debian
- Dependencies:
- python
- postgresql (optional)
- Automatic repositories: Yes
- Incoming mechanism: Yes
- Pools: Yes
- GPG signing: Yes
Wiki Page: dak
mini-dak
- Goals: Partial and lightweight reimplementation of dak in shell script and with no database dependencies, "designed" to host new Debian architectures.
- Pro:
- easy to setup: edit a config file and run a script to generate the whole structure
- no database (the pool is the database)
- all .changes files kept for later possible importing into the master repository
- supports mail notifications and does extensive logging
- auto package obsoleting
- repository snapshotting
- supports multiple suites from the Distribution field on the .changes file
- additionally supports multipool (splitting each arch into its own pool, to ease partial mirroring)
- supports upload ACLs based on gpg public keys
- mirror push via ssh
- Cons:
- slow on huge repositories (due to not using a real db mainly)
- has been written and tested mainly as a slave archive, so might have some hardcoded stuff which should be fixed to make it work as a master server
- still has some quirks to be fixed
- Distributions: not in Debian
- Dependencies: ('grep Requires: *' on the source tree)
- apt-utils
- procmail
- gnupg
- wget
- ssh (optional)
- bzip2 (optional)
- quinn-diff (optional)
- Automatic repositories: Yes
- Incoming mechanism: Yes
- Pools: Yes
- GPG signing: Yes
- Sites using it:
reprepro (formerly known as mirrorer)
- Goals: Local Debian package repository storing files in a pool/ directory.
- Pro: Strict checking of what comes in, no database server needed.
- Cons: ?
Package: reprepro
Distributions: stable, testing, unstable and squeeze-backports
Dependencies: unstable/utils/reprepro
- Automatic repositories: Yes
- Incoming mechanism: Yes
- Pools: Yes
- GPG signing: Yes
Manual: Yes
- HOWTOs:
Setting up your own automatic Debian repository see this article on reprepro. The link is rather outdated, but still contains some useful information.
Setting up reprepro with apache2 and sign key (in italian language) http://www.biziowp.it/reprepro-repository-debian-329/
Creating your own Signed APT Repository and Debian Packages by Jon Cowie
mini-dinstall
- Goals: Miniature version of dak.
- Pro:
- Doesn't require a PostgreSQL database.
- small footprint
Package: mini-dinstall
Dependencies: unstable/devel/mini-dinstall
- apt-utils
- python2.3
- python-apt
- Automatic repositories: Yes (?)
- Incoming mechanism: Yes
- Pools: No
- GPG signing: Yes (external script and setup example provided in documentation)
apt-ftparchive
- Goals: Superset of dpkg-scanpackages and dpkg-scansources.
- Pro: Does not rely on any external programs aside from gzip. Creates Release and Contents files.
- Cons:
Package: apt
Distributions: oldstable, stable, testing, unstable, experimental
Dependencies: unstable/admin/apt-utils
- Automatic repositories: No (Yes with dupload)
- Incoming mechanism: No (Yes with custom move cron script with dupload)
- Pools: Yes
- GPG signing: No (Yes with dupload with script)
- HOWTOs:
Debian Reference (lenny) -- SecureAPT in combination with dupload (aimed at someone who has shell access to a web server)
apt-ftparchive generate Roberto Sanchez how-to -- he now recommends to use reprepro
debarchiver
- Goals: Make a simpler version of dak.
- Pro:
- easy to use incoming mechanism - even on remote systems - by using a cron-job
- packages can be moved into a distribution by
- reading the Distribution value from .changes file or
- directly putting the whole package into a distributions-incoming directory.
- standard repository (can be pinned)
- Cons:
- no Pool-architecture at the moment
- some useful checks are missing
- cleaning needs to be done manually
Package: debarchiver
Dependencies: unstable/devel/debarchiver
- adduser
- apt-utils (recommended) | dpkg-dev
- opalmod (Perl modules)
- gnupg (optional)
- Automatic repositories: Yes
- Incoming mechanism: Yes
Pools: No (but suggested somewhere at BTS).
- GPG signing: Yes (with gnupg, post-Sarge feature).
A debarchiver how-to. An other nice debarchiver how-to (in German). An Italian howto for local Debian package mirroring (similar to apt-proxy).
dpkg-scanpackages and dpkg-scansources
- Goals:
- Pro:
- Cons: Cannot create Release nor Contents files.
Package: dpkg
Dependencies: unstable/utils/dpkg-dev
- Automatic repositories: No
- Incoming mechanism: No
- Pools: No
- GPG signing: No
HOWTO: Aaron Isotton how-to
debpool
- Goals: Lightweight replacement for dak using a pool layout.
- Pro:
- No external dependencies.
- easy to use incoming mechanism
- standard repository (can be pinned)
- Cons:
not actively maintained since 2008-10-30 (see latest development)
- no checking of older packages being replaced with new ones
- no notification of what is going on (no mails when new packages are added)
Package: debpool
Distributions: experimental
- Dependencies:
- perl
- gnupg (optional)
- Automatic repositories: Yes
- Incoming mechanism: Yes
- Pools: Yes
- GPG signing: Yes (with gnupg).
Wiki page: debpool
DebMarshal
- Goals: Maintain multiple snapshots from upstream distros, to permit staging.
- Pro: Fast, no database server needed (BerkeleyDB).
- Cons: Lack of documentation. Hasn't been released (No version available, SVN repo has only trunk).
Download: http://code.google.com/p/debmarshal/
- Distributions: not in Debian
- Automatic repositories: Yes
- Incoming mechanism: Yes
- Pools: Yes
- GPG signing: Yes
Built by Google for their use.
Related software
netselect selects the fastest mirrors from a list you give, and netselect-apt does the same from all existing mirrors.
apt-spy does something similar with a different method.
dput uploads one or more Debian packages into a repository.
parse-apt-files.inc PHP-script by Jarno Elonen produces a nice XHTML-summary of available packages in a repository - enhanced version for special usage with (but not limited to) debarchiver. There seems to be some efforts to develop a wordpress-plugin based on these scripts.
mkdebidx is a shell (mksh) script wrapping dpkg-scanpackages, dpkg-scansources, generating Release and Release.gpg files, and producing a nice XHTML/1.1 index (currently only package-centric view, but dist-/suite-centric views planned) of packages in a full, pinnable, repository with multiple dists and suites (only scales up to a hundred or two packages though; with 904 packages in a repository at the employer, 900 of them in one dist+suite, it takes a while to finish but still works). There may be plans to write a FusionForge plugin for repository handling based on this.
HowTos
How to setup a mini-dinstall repository on people.debian.org
A howto is available for quickly setting up mini-dinstall on people.debian.org. It supports secure apt and remote signing.