在本文中,将介绍为 SuSE Linux Enterprise Linux 创建自定义存储库的详细步骤列表。
使用密码创建文本文件
接下来使用用于相应 GPG 密钥 ID 的密码创建一个纯文本文件
# echo "mypassw0rd" > /tmp/password
复制自定义存储库的 rpms
接下来在 /tmp/jackoir/updates 下创建目录,我们将其中复制所有 rpm
# cd /tmp/jackoir/updates
在这里,我们创建了三个目录,我们将根据架构类型其中复制 rpm。
# mkdir -p suse/x86_64 suse/i686 suse/noarch
我的 rpms 存在于 /tmp/rpms
# cp -av /tmp/rpms/suse/x86_64/ `/tmp/rpms/' -> `suse/x86_64/rpms' `/tmp/rpms/bash-doc-3.2-147.35.1.x86_64.rpm' -> `suse/x86_64/rpms/bash-doc-3.2-147.35.1.x86_64.rpm' `/tmp/rpms/bash-3.2-147.35.1.x86_64.rpm' -> `suse/x86_64/rpms/bash-3.2-147.35.1.x86_64.rpm' `/tmp/rpms/bind-9.9.6P1-0.39.1.x86_64.rpm' -> `suse/x86_64/rpms/bind-9.9.6P1-0.39.1.x86_64.rpm' `/tmp/rpms/bind-chrootenv-9.9.6P1-0.39.1.x86_64.rpm' -> `suse/x86_64/rpms/bind-chrootenv-9.9.6P1-0.39.1.x86_64.rpm'
生成 GPG 密钥
在开始之前,我们需要一个 GPG 密钥,该密钥将用于对存储库的内容进行签名。
如果我们已经有一个现有的 gpg 密钥,那么我们可以忽略它,或者为自定义存储库创建一个新的 gpg 密钥
注意:这里突出显示的部分是创建密钥必须提供的输入,我们可以根据要求提供不同的输入
# gpg --gen-key
gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: jack Prasad (onitroad)
Email address: onitroad1@gmail.com
Comment: This is a test Key
You selected this USER-ID:
"jack Prasad (onitroad) (This is a test Key) <onitroad1@gmail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x New passphrase x
x x
x x
x Passphrase ________________________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Repeat passphrase x
x x
x x
x Passphrase ________________________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 031D26CD marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 4096R/031D26CD 2015-06-21
Key fingerprint = EF12 A620 E193 D165 AF2D B60D 51EB 6A3E 4BF2 3A26
uid jack Prasad (onitroad) (This is a test Key) <onitroad1@gmail.com>
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
现在我们已经成功生成了一个 GPG 密钥。
检查节点上可用密钥的详细信息
# gpg --list-keys /root/.gnupg/pubring.gpg ----------------------- pub 1024D/9C800ACA 2000-10-19 [expired: 2015-03-17] uid SuSE Package Signing Key <build@suse.de> pub 1024R/307E3D54 2006-03-21 [expired: 2015-03-17] uid SuSE Package Signing Key <build@suse.de> pub 2048R/39DB7C82 2013-01-31 [expired: 2015-01-30] uid SuSE Package Signing Key <build@suse.de> pub 4096R/031D26CD 2015-06-21 uid jack Prasad (onitroad) (This is a test Key) <onitroad1@gmail.com>
这里“031D26CD”是我们将用于签署存储库内容的GPG KEY ID
验证Repo
我将上面创建的存档复制到我的测试设置中,我们将其中验证存储库和 zypper
下面是我的设置细节
180.144.62.60 -> NFS 服务器
180.144.62.61 -> NFS 客户端
所以我将在我的 NFS 客户端上创建一个 repo,而存档将在服务器上提取
在服务器上
# mkdir /tmp/repo && cd /tmp/repo # tar -xzvf test_repo.tgz
下面是提取的内容
# ls -l total 1108 -rw-r--r-- 1 root root 248 Jun 21 2015 content -rw-r--r-- 1 root root 197 Jun 21 2015 content.asc -rw-r--r-- 1 root root 5541 Jun 21 2015 content.key -rw-r--r-- 1 root root 42 Jun 21 2015 directory.yast drwxr-xr-x 2 root root 4096 Jun 21 2015 media.1 -rw-r--r-- 1 root root 10 Jun 21 2015 packages -rw-r--r-- 1 root root 10 Jun 21 2015 packages.DU -rw-r--r-- 1 root root 10 Jun 21 2015 packages.en drwxr-xr-x 4 root root 4096 Jun 21 2015 suse
在客户端
现在在客户端,我将创建一个别名为“test_repo”的仓库
# zypper addrepo nfs://180.144.62.160/tmp/repo test_repo Adding repository 'test_repo' [done] Repository 'test_repo' successfully added Enabled: Yes Autorefresh: No GPG check: Yes URI: nfs://180.144.62.160/tmp/repo
我们的 repo 已成功创建
让我们检查可用的包
# zypper pa Building repository 'test_repo' cache [done] Loading repository data... Reading installed packages... S | Repository | Name | Version | Arch --+------------+----------------+----------------+------ v | test_repo | bash | 3.2-147.35.1 | x86_64 v | test_repo | bash-doc | 3.2-147.35.1 | x86_64 | test_repo | bind | 9.9.6P1-0.39.1 | x86_64 | test_repo | bind-chrootenv | 9.9.6P1-0.39.1 | x86_64
分配 GPG
这里我们的 GPG KEY ID 是我们在本文第一阶段创建的“031D26CD”。
# cd /tmp/jackoir/updates/media.1 # gpg --local-user 031D26CD -b --sign --armor --passphrase-file /tmp/password --batch products # gpg --local-user 031D26CD --export --armor > products.key # ls > directory.yast
注意:此处 /tmp/password 包含分配给 GPG 密钥的密码。
接下来对内容重复相同的操作
# cd /tmp/jackoir/updates/ # gpg --local-user 031D26CD -b --sign --armor --passphrase-file /tmp/password --batch content # gpg --local-user 031D26CD --export --armor > content.key
这些将创建
-rw-r--r-- 1 root root 197 Jun 21 14:36 products.asc -rw-r--r-- 1 root root 5541 Jun 21 14:36 products.key
和
-rw-r--r-- 1 root root 197 Jun 21 14:36 content.asc -rw-r--r-- 1 root root 5541 Jun 21 14:37 content.key
创建目录结构
对于本文,我将在“/tmp/jackoir”下为自定义 SuSE 存储库创建我的目录结构
确保在节点上安装了以下 rpm
inst-source-utils
或者我们可以使用 zypper 或者 rpm 命令下载并安装相同的文件。
接下来在我们要创建目录结构的主目录中导航
# cd /tmp/jackoir # create_update_source.sh . Creating ./updates.. /EXTRA_PROV not found, trying to find it elsewhere... INFO: datadirs : ./updates/ INFO: languages : english INFO: output dir : ./updates/ WARNING: extra_provides : file ./updates//EXTRA_PROV not found! INFO: processed 0 packages in 1 volumes INFO: now recoding to UTF-8: packages packages.DU packages.en
这将创建以下结构
onitroad-server:/tmp/jackoir # ls -l * updates: total 20 -rw-r--r-- 1 root root 0 Jun 21 11:12 content -rw-r--r-- 1 root root 42 Jun 21 11:12 directory.yast drwxr-xr-x 2 root root 4096 Jun 21 11:12 media.1 -rw-r--r-- 1 root root 10 Jun 21 11:12 packages -rw-r--r-- 1 root root 10 Jun 21 11:12 packages.DU -rw-r--r-- 1 root root 10 Jun 21 11:12 packages.en yast: total 8 -rw-r--r-- 1 root root 11 Jun 21 11:12 instorder -rw-r--r-- 1 root root 20 Jun 21 11:12 order
创建 repo 的存档
我将导航到我的 repo 所在的目录并创建一个“test_repo.tgz”
# cd /tmp/jackoir/updates # tar -czvf ../test_repo.tgz * content content.asc content.key directory.yast media.1/ media.1/products.asc media.1/products.key media.1/media media.1/products media.1/directory.yast packages packages.DU packages.en suse/ suse/setup/ suse/setup/descr/ suse/setup/descr/directory.yast suse/setup/descr/packages suse/setup/descr/packages.en suse/setup/descr/MD5SUMS suse/setup/descr/packages.DU suse/x86_64/ suse/x86_64/bash-doc-3.2-147.35.1.x86_64.rpm suse/x86_64/bash-3.2-147.35.1.x86_64.rpm suse/x86_64/MD5SUMS suse/x86_64/bind-9.9.6P1-0.39.1.x86_64.rpm suse/x86_64/bind-chrootenv-9.9.6P1-0.39.1.x86_64.rpm
所以到这里我们的 repo 结构就完成了。
我们可以将其存档并通过 zypper 将其用于安装。
创建必要的文件
复制所有 rpm 后,接下来是创建存储库所需的所有其他必要文件和目录的时候了
# cd /tmp/jackoir/updates/suse # create_package_descr -x setup/descr/EXTRA_PROV -C INFO: datadirs : . INFO: languages : english INFO: output dir : ./setup/descr/ WARNING: extra_provides : file setup/descr/EXTRA_PROV not found! INFO: creating output directory ./setup/descr/ INFO: processed 8 packages in 1 volumes INFO: now recoding to UTF-8: packages packages.DU packages.en
接下来创建 MD5SUMS 文件,该文件将包含所有可用 rpm 的 md5sum 值
# create_md5sums ./ INFO: created MD5SUMS in /tmp/jackoir/updates/suse/./setup/descr INFO: created MD5SUMS in /tmp/jackoir/updates/suse/./x86_64
以下是我用于 rpm 列表的 MD5SUMS 文件
onitroad-server:/tmp/jackoir/updates/suse/x86_64 # cat MD5SUMS 8b29f664006cab0187d18647e22dea87 bash-3.2-147.35.1.x86_64.rpm d1d426cd61af5ee8ee971ea61418d023 bash-doc-3.2-147.35.1.x86_64.rpm 26f0829b54d2b8260c1c0f5efb7ac3d1 bind-9.9.6P1-0.39.1.x86_64.rpm a3450462b957602502b85d21bcbf38c8 bind-chrootenv-9.9.6P1-0.39.1.x86_64.rpm
接下来创建一个包含 setup/descr 内容的文件,如下所示
onitroad-server:/tmp/jackoir/updates/suse/x86_64 # cd ../setup/descr/ onitroad-server:/tmp/jackoir/updates/suse/setup/descr # ls > directory.yast onitroad-server:/tmp/jackoir/updates/suse/setup/descr # ls -l total 24 -rw-r--r-- 1 root root 135 Jun 21 11:41 MD5SUMS -rw-r--r-- 1 root root 56 Jun 21 11:44 directory.yast -rw-r--r-- 1 root root 4927 Jun 21 11:40 packages -rw-r--r-- 1 root root 1766 Jun 21 11:40 packages.DU -rw-r--r-- 1 root root 1684 Jun 21 11:40 packages.en
接下来创建sha1
# cd /tmp/jackoir/updates/ onitroad-server:/tmp/jackoir/updates/# create_sha1sums -x -n .
我将使用 DVD 中的默认标题作为内容下的列
onitroad-server:/tmp/jackoir/updates/# sed -i '1iVENDOR SUSE LINUX Products GmbH, Nuernberg, Germany' /tmp/jackoir/updates/content
这将添加填充内容文件,如下所示
# cat content VENDOR SUSE LINUX Products GmbH, Nuernberg, Germany META SHA1 1206b18fb0b70c36ef39a1b2e9f105488836e42a packages META SHA1 1206b18fb0b70c36ef39a1b2e9f105488836e42a packages.DU META SHA1 1206b18fb0b70c36ef39a1b2e9f105488836e42a packages.en
日期:2020-06-02 22:18:26 来源:oir作者:oir