Skip to content
/ pkgbuild Public

Scripts and instructions for building and deploying package repositories

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cadets/pkgbuild

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
E4
E4
 
 
E5
E5
 
 
.gitignore
.gitignore
 
 
README.adoc
README.adoc
 
 
build
build
 
 
deploy
deploy
 
 
find-deps
find-deps
 
 

Repository files navigation

pkgbuild

Scripts to help build and deploy package repositories

The steps required to deploy a package repository are:

  1. build your packages,

  2. [optionally] create a signing key,

  3. create repository metadata,

  4. deploy your repository files and

  5. configure your clients to use the new repository.

Build your packages

The preferred method of building packages is with Poudriere, but if you prefer to build things more manually, you can:

  1. check out a ports tree (e.g., the CADETS ports tree),

  2. set PORTSDIR to the path of your ports tree,

  3. set PORT_DBDIR to an empty directory somewhere on your system,

  4. create an empty packages directory within ${PORTSDIR} and then

  5. run make package within the ports you need.

The result should be a set of packages (e.g., git-2.18.0_1.txz) in the ${PORTSDIR}/packages/All directory.

Create a signing key

It’s a good idea to sign your package repositories to ensure that the packages haven’t been manipulated in-flight. You can create a signing keypair by running:

$ openssl genrsa -aes128 -out my-signing-key.key 4096
$ openssl rsa -in my-signing-key.key -out my-signing-key.pub -pubout

Create repository metadata

The build script can be used to create the package-repository metadata that pkg needs to install packages.

$ ./build ${PORTSDIR}/packages /path/to/my-signing-key.key

This will generate files such as meta.txz and packagesite.txz within the ${PORTSDIR}/packages directory that describe which packages are available in the repository, as well as a digests.txz that is used for package integrity verification.

Deploy your repository files

Create a directory on your webserver to hold the packages. Ensure that your SSH configuration is set up to be able to run ssh myservername "echo 'success'", then use the deploy script to sync your packages to the server:

$ ./deploy ${PORTSDIR}/packages servername /path/to/www/dir/on/server
Creating servername:/path/to/[...]/FreeBSD:12:amd64/2018-09-25-1522 ...
Synchronizing from /path/to/packages to servername...
./
digests.txz
meta.txa
packagesite.txz
All/
All/alsa-lib-1.1.2_1.txz
[...]

This script does more than just rsync the files over. It also creates a directory structure that pkg expects, including an ABI description (FreeBSD:12:$(sysctl -n hw.machine_arch)) and the timestamp of the repository. This timestamp is derived from the last modification time of the ${PORTSDIR}/packages/All directory, which should be the most recent time that a package was placed in that directory. The script also, after syncing the files into this directory structure, creates a latest symlink for the convenience of client configuration.

Configure clients

On each client machine, create a file /usr/local/etc/pkg/repos/my-repo.conf with the contents:

my-package-repo-name: {
    url: "https://servername.example.com/packages/${ABI}/latest",
    signature_type: "pubkey",
    pubkey: "/usr/local/etc/pkg/my-signing-key.pub",
    enabled: yes,
}

and install your [public key] in /usr/local/etc/pkg/.

About

Scripts and instructions for building and deploying package repositories

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages