## 创建仓库目录 mkdir /opt/repo/pool/main -p mv /var/cache/apt/archives/*.deb /opt/repo/pool/main/ ## 开始创建 ### 生成公钥和私钥 root@maas:~# gpg --full-generate-key gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (14) Existing key from card Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 1024 Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: maas Email address: maas@maas.com Comment: You selected this USER-ID: "maas@maas.com" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ### key 的类型选择 RSA (sign only) ### keyzise 选择 1024 ### 过期时间选择 0 (永不过期) ### 最后填上 Real name 和 Email address ### 完成后会要求设置私钥密码,后续导出私钥或者用私钥进行签名都会用到该密码! ### 可以使用 gpg -k 来查看当前的 gpg key 信息 root@maas:~# gpg -k /root/.gnupg/pubring.kbx ------------------------ pub rsa1024 2021-08-19 [SC] D923B3893E0AB27C3690696CFC3E8D5996EBB76F uid [ultimate] maas <maas@maas.com> cd /opt/repo/ gpg -a --export maas@maas.com > maas.pub ## 导出公钥,后续需要将内容复制到 MAAS 上 gpg -a --export-secret-keys maas@maas.com > maas.sec ## 导出私钥 mkdir -p dists/focal/main/binary-amd64 apt-ftparchive packages /opt/repo/pool/main/ > dists/focal/Packages cd dists/focal/ gzip -c Packages > Packages.gz cp Packages* main/binary-amd64/ apt-ftparchive release . > Release gpg -abs -o Release.gpg Release gpg --clearsign -o InRelease Release ### 创建 backports/proposed/security/updates 目录 ### 因为我们只是为了安装上述的依赖包从而完成部署流程,因此这几个目录只是用来骗过 ubuntu 的,直接从 focal copy 即可 ### proposed 是 src 源,不搞也可以 cp -r focal focal-backports cp -r focal focal-proposed cp -r focal focal-security cp -r focal focal-updates ## 通过 Nginx 发布 HTTP 服务 apt install -y nginx sed -e $'/server_name _/a\ \ \ \ \ \ \ \ autoindex on;' /etc/nginx/sites-available/default ## 打开 autoindex nginx -t ## 检查配置语法问题 nginx -s reload ## 加载 nginx 配置 cd /var/www/html mv /opt/repo ./