Alternative DICE Platform

March 29, 2019

Uploading Debian packages

Filed under: Uncategorized — squinney @ 5:01 pm

I’ve recently been building lots of Debian packages for LCFG software but hit upon the problem of how to easily distribute them to other machines. The obvious solution is to create a local apt repository and provide some way to upload packages. For Redhat platforms we have always used a locally-written tool, named pkgsubmit, which validates the RPMs and then copies them into the appropriate directory stored in AFS. With Debian there are standard tools to do this task, in particular dput and dupload (which is rather old). dput supports https uploads so my first thought was to setup a webdav service, authenticated using GSSAPI, so that it is possible to upload from anywhere in a secure fashion. Sadly, although dput (and dput-ng) both support https neither appears to have any support for GSSAPI authentication or any easy way to extend the code for newer authentication mechanisms. With that option ruled out I decided that the next best option is probably to use AFS in the same way as we do for Redhat platforms. As long as an AFS client is available (which is the case for both Debian and Ubuntu) dput can be configured to do a local copy of the necessary files in a secure fashion into a drop box style incoming directory.

My current plans for the layout of the incoming directory are:

/afs/inf.ed.ac.uk/pkgs/incoming/debian/buster:
/afs/inf.ed.ac.uk/pkgs/incoming/debian/stretch:
/afs/inf.ed.ac.uk/pkgs/incoming/ubuntu/bionic:
/afs/inf.ed.ac.uk/pkgs/incoming/ubuntu/cosmic:
/afs/inf.ed.ac.uk/pkgs/incoming/ubuntu/disco:

This makes it possible to upload packages with the same name/version/architecture triple for different releases of the same platform, potentially built against different versions of any dependencies. The idea is that users who want to put packages into an incoming directory have rli access.

Each of those incoming directories would be processed using the reprepro tool to generate apt repositories.

The accompanying dput configuration for the Ubuntu distributions (typically in ~/dput.cf) would look like this:

[inf-ubuntu-bionic]
method                  = local
incoming                = /afs/.inf.ed.ac.uk/pkgs/incoming/ubuntu/bionic
allow_unsigned_uploads  = 1

[inf-ubuntu-cosmic]
method                  = local
incoming                = /afs/.inf.ed.ac.uk/pkgs/incoming/ubuntu/cosmic
allow_unsigned_uploads  = 1

[inf-ubuntu-disco]
method                  = local
incoming                = /afs/.inf.ed.ac.uk/pkgs/incoming/ubuntu/disco
allow_unsigned_uploads  = 1

We’re not currently supporting signed uploads so for now we allow unsigned uploads.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Your email address will not be published. Required fields are marked *

Theme: Rubric.