Create Signed APT repository: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „{|width="40%" |Bild:deutsch.png - in Deutsch |Bild:english.png - in English …“) |
|||
Zeile 3: | Zeile 3: | ||
|[[Bild:english.png]] - [[Create Signed APT repository|in English]] | |[[Bild:english.png]] - [[Create Signed APT repository|in English]] | ||
|} | |} | ||
− | {{Achtung| | + | {{Achtung| This article requires some in-depth experience with Dreambox / Linux and is for advanced users.}} |
− | + | After you succeeded in setting up a [[Build images and compile programs with OE 2.2|Dreambox SDK]], e.g. for [[OE 2.2 (en)| OE 2.2]], this article is very interesting. It describes the setup of a signed [[APT (en)|APT]] repository. This will allow you to install your own packages via the package manager (APT) of the Dreambox. | |
− | + | Prerequisite for this description is a DEB based ditro (e.g. Ubuntu, Mint, Debian, etc.) which is installed on your computer with your Dreambox SDK. A web server is also needed, to offer the packages for the Dreambox. | |
− | == Repository | + | == Create Repository == |
− | === | + | === Install dependencies === |
<syntaxhighlight> | <syntaxhighlight> | ||
sudo apt-get install dpkg-dev apache2 dpkg-sig | sudo apt-get install dpkg-dev apache2 dpkg-sig | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | === GPG | + | === Create GPG key === |
− | + | Now we create a [http://en.wikipedia.org/wiki/GNU_Privacy_Guard GPG] key, which will be used to sign the packages and the repository. | |
<syntaxhighlight> | <syntaxhighlight> | ||
gpg --gen-key | gpg --gen-key | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | + | The following questions are not described in detail. The standard questions will appear. At the end, enter a passphrase and wait untill the key is generated. Be patient, and meanwhile play a little with the mouse and keyboard ;-). | |
− | ==== | + | ==== Display the key ==== |
− | + | Info about the created key can be displayed with the following command. | |
<syntaxhighlight> | <syntaxhighlight> | ||
gpg --list-keys | gpg --list-keys | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | ==== | + | ==== Export/save the public key ==== |
− | + | Now you can create the public key with following commands, the output is stored in a file (e.g. <code>my_public.key</code>). The key must be copied in the root directory of the web server, and will be loaded by the client Dreamboxes to permit the installation of the packages. | |
<syntaxhighlight> | <syntaxhighlight> | ||
− | gpg --output keyFile --armor --export | + | gpg --output keyFile --armor --export your_id_or_name |
</syntaxhighlight> | </syntaxhighlight> | ||
− | === | + | === Setup web server === |
− | + | This example shows the file structure of the web server for a DM 800 HD PVR. While creating the Dreambox SDK the following directories are created: <code>all</code>, <code>dm8000</code>, <code>mips32el</code>. This structure needs to be mirrored in the preconfigured web root of the web server to store the packages: | |
<syntaxhighlight> | <syntaxhighlight> | ||
/var/www/html/repository/dm8000/all | /var/www/html/repository/dm8000/all | ||
Zeile 41: | Zeile 41: | ||
/var/www/html/repository/dm8000/mip32el | /var/www/html/repository/dm8000/mip32el | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | The packages are copied into the corresponding directory. | ||
− | === | + | === Sign packages === |
− | + | The packages in the directories can be signed as follows. | |
<syntaxhighlight> | <syntaxhighlight> | ||
dpkg-sig --sign *.deb | dpkg-sig --sign *.deb | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | === | + | === Create repository index files === |
− | + | With the following command the required compressed '''Packages''' index file can be created. An uncompressed file is also needed. | |
<syntaxhighlight> | <syntaxhighlight> | ||
apt-ftparchive packages . > Packages | apt-ftparchive packages . > Packages | ||
Zeile 55: | Zeile 56: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | === Release, InRelease, and Release.gpg | + | === Create Release, InRelease, and Release.gpg files === |
− | Release | + | Create Release files. |
<syntaxhighlight> | <syntaxhighlight> | ||
apt-ftparchive release . > Release | apt-ftparchive release . > Release | ||
Zeile 63: | Zeile 64: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | == Dreambox | + | == Setup Dreambox == |
− | === | + | === Import public key === |
− | + | The public key needs to be imported on the dreambox with the following command. The server IP address and directory must be addapted to your setup. | |
<syntaxhighlight> | <syntaxhighlight> | ||
− | wget -O - http://server_ip/ | + | wget -O - http://server_ip/my_public.key | apt-key add - |
</syntaxhighlight> | </syntaxhighlight> | ||
− | === | + | === Modify package lists === |
+ | |||
Nun müsst ihr auf der Dreambox im Verzeichnis <code>/etc/apt/sources.list</code> drei Dateien erstellen für die verfügbaren Feeds (z.B. all, dm8000, mips32el). Die folgenden Befehlen zeigen den Inhalt der Dateien. | Nun müsst ihr auf der Dreambox im Verzeichnis <code>/etc/apt/sources.list</code> drei Dateien erstellen für die verfügbaren Feeds (z.B. all, dm8000, mips32el). Die folgenden Befehlen zeigen den Inhalt der Dateien. | ||
<syntaxhighlight> | <syntaxhighlight> |
Version vom 5. Oktober 2014, 08:40 Uhr
- in Deutsch | - in English |
This article requires some in-depth experience with Dreambox / Linux and is for advanced users. |
After you succeeded in setting up a Dreambox SDK, e.g. for OE 2.2, this article is very interesting. It describes the setup of a signed APT repository. This will allow you to install your own packages via the package manager (APT) of the Dreambox.
Prerequisite for this description is a DEB based ditro (e.g. Ubuntu, Mint, Debian, etc.) which is installed on your computer with your Dreambox SDK. A web server is also needed, to offer the packages for the Dreambox.
Inhaltsverzeichnis
Create Repository
Install dependencies
sudo apt-get install dpkg-dev apache2 dpkg-sig
Create GPG key
Now we create a GPG key, which will be used to sign the packages and the repository.
gpg --gen-key
The following questions are not described in detail. The standard questions will appear. At the end, enter a passphrase and wait untill the key is generated. Be patient, and meanwhile play a little with the mouse and keyboard ;-).
Display the key
Info about the created key can be displayed with the following command.
gpg --list-keys
Export/save the public key
Now you can create the public key with following commands, the output is stored in a file (e.g. my_public.key
). The key must be copied in the root directory of the web server, and will be loaded by the client Dreamboxes to permit the installation of the packages.
gpg --output keyFile --armor --export your_id_or_name
Setup web server
This example shows the file structure of the web server for a DM 800 HD PVR. While creating the Dreambox SDK the following directories are created: all
, dm8000
, mips32el
. This structure needs to be mirrored in the preconfigured web root of the web server to store the packages:
/var/www/html/repository/dm8000/all /var/www/html/repository/dm8000/dm8000 /var/www/html/repository/dm8000/mip32el
The packages are copied into the corresponding directory.
Sign packages
The packages in the directories can be signed as follows.
dpkg-sig --sign *.deb
Create repository index files
With the following command the required compressed Packages index file can be created. An uncompressed file is also needed.
apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz
Create Release, InRelease, and Release.gpg files
Create Release files.
apt-ftparchive release . > Release gpg --clearsign -o InRelease Release gpg -abs -o Release.gpg Release
Setup Dreambox
Import public key
The public key needs to be imported on the dreambox with the following command. The server IP address and directory must be addapted to your setup.
wget -O - http://server_ip/my_public.key | apt-key add -
Modify package lists
Nun müsst ihr auf der Dreambox im Verzeichnis /etc/apt/sources.list
drei Dateien erstellen für die verfügbaren Feeds (z.B. all, dm8000, mips32el). Die folgenden Befehlen zeigen den Inhalt der Dateien.
root@dm8000:~# cat /etc/apt/sources.list.d/all-feed.list deb http://server_ip/repository/dm8000/all ./ root@dm8000:~# cat /etc/apt/sources.list.d/dm8000-feed.list deb http://server_ip/repository/dm8000/dm8000 ./ root@dm8000:~# cat /etc/apt/sources.list.d/mips32el-feed.list deb http://server_ip/repository/dm8000/mips32el ./ root@dm8000:~#
Paketliste aktualisieren / Pakete installieren
Ist alles eingerichtet könnt ihr von der Dreambox die Paketlisten aktualisieren mit dem Befehl:
apt-get update
Anschliessend könnt ihr die verfügbaren Pakete vom Feed installieren, usw.
Tipps & Tricks
Script zum Erstellen eines signierten Repositories
Dieser Abschnitt ist ein Beispiel, wie ein signiertes Repsitory erstellt werden kann. |
Am einfachstes ist es sicherlich ein Script zu erstellen, welches die Daten für ein Repository der Dreambox bereitstellt. Z.B kann ein solches Script wie folgt ausschauen, um die einzelnen Schritte zeigen. Ist aber nicht zum Copy & Pasten empfohlen, und dient nur als grobe Vorlage für das erstellen eines Repos für die Dreambox.
#!/bin/bash #Webserver dirs erstellen mkdir -p /var/www/html/repository/dm8000/{all,dm8000,mips32el} #Pakete nach webserver dir kopieren cp -u /media/oe/oe2.2/opendreambox/build/dm8000/tmp-eglibc/deploy/deb/all/* /var/www/html/repository/dm8000/all cp -u /media/oe/oe2.2/opendreambox/build/dm8000/tmp-eglibc/deploy/deb/dm8000/* /var/www/html/repository/dm8000/dm8000 cp -u /media/oe/oe2.2/opendreambox/build/dm8000/tmp-eglibc/deploy/deb/mips32el/* /var/www/html/repository/dm8000/mips32el #Pakete signieren dpkg-sig -s -p builder /var/www/html/repository/dm8000/all/*.deb dpkg-sig -s -p builder /var/www/html/repository/dm8000/dm8000/*.deb --batch dpkg-sig -s -p builder /var/www/html/repository/dm8000/mips32el/*.deb --batch #Alte Sachen entfernen rm -f /var/www/html/repository/dm8000/all/Packages Packages.gz Packages.xz Release.gpg rm -f /var/www/html/repository/dm8000/dm8000/Packages Packages.gz Packages.xz Release.gpg rm -f /var/www/html/repository/dm8000/mips32el/Packages Packages.gz Packages.xz Release.gpg #Indexen dpkg-scanpackages -t deb /var/www/html/repository/dm8000/all/ ./ | tee Packages | gzip -9c > Packages.gz dpkg-scanpackages -t deb /var/www/html/repository/dm8000/dm8000/ ./ | tee Packages | gzip -9c > Packages.gz dpkg-scanpackages -t deb /var/www/html/repository/dm8000/mips32el/ ./ | tee Packages | gzip -9c > Packages.gz #Indexen cd /var/www/html/repository/dm8000/all && apt-ftparchive packages . > Packages && gzip -c Packages > Packages.gz cd /var/www/html/repository/dm8000/dm8000 && apt-ftparchive packages . > Packages && gzip -c Packages > Packages.gz cd /var/www/html/repository/dm8000/mips32el && apt-ftparchive packages . > Packages && gzip -c Packages > Packages.gz #Repo signieren cd /var/www/html/repository/dm8000/all && apt-ftparchive release . > Release && gpg --clearsign -o InRelease Release && gpg -abs -o Release.gpg Release cd /var/www/html/repository/dm8000/dm8000 && apt-ftparchive release . > Release && gpg --clearsign -o InRelease Release && gpg -abs -o Release.gpg Release cd /var/www/html/repository/dm8000/mips32el && apt-ftparchive release . > Release && gpg --clearsign -o InRelease Release && gpg -abs -o Release.gpg Release