Aptly

From Athenaeum
Jump to: navigation, search
  • To bootstrap Aptly’s keyring for Ubuntu:
gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --export | gpg --no-default-keyring --keyring /root/aptly-trustedkeys.gpg --import
  • To import 3rd party repo keys:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --no-default-keyring --keyring /root/aptly-trustedkeys.gpg --import -
gpg --keyserver pool.sks-keyservers.net --recv-keys --no-default-keyring --keyring /root/keys/aptly-trustedkeys.gpg 4F4EA0AAE5267A6C
  • To generate and export our signing keys:
gpg2 --full-gen-key
gpg2 --armor --export > ./keys/nexus-signing-pub.asc
gpg2 --armor --export-secret-keys > ./keys/nexus-signing-priv.asc
gpg2 --armor --export-ownertrust > ./keys/nexus-signing-trust.asc
  • To import our signing keys:
export GPG_TTY=$(tty)
gpg2 --import-ownertrust < ./keys/nexus-signing-trust.asc
gpg2 --import < ./keys/nexus-signing-pub.asc
gpg2 --import < ./keys/nexus-signing-priv.asc
  • To create and publish a repo:
aptly mirror -filter='docker-ce | docker-ce-cli | containerd.io' create docker-xenial https://download.docker.com/linux/ubuntu xenial stable
aptly mirror -filter='docker-ce | docker-ce-cli | containerd.io' create docker-bionic https://download.docker.com/linux/ubuntu bionic stable

aptly mirror update docker-xenial
aptly mirror update docker-bionic

aptly snapshot create docker-xenial_`date +%m-%d-%y`_01 from mirror docker-xenial
aptly snapshot create docker-bionic_`date +%m-%d-%y`_01 from mirror docker-bionic

# To combine two snapshots together so they can be served via the same apt line:
aptly snapshot merge combined-xenial_`date +%m-%d-%y`_01 docker-xenial_02-04-20_01 php-xenial_02-29-20_01

Since Aptly cannot divide its pool by distribution the hacky work around is to specify different prefixes. So for example if you wanted to host xenial and bionic the commands would be:

aptly publish -gpg-key="C80BF196" -distribution="combined" -component="stable" snapshot main-bionic_02-29-20_01 filesystem:bionic:bionic
aptly publish -gpg-key="C80BF196" -distribution="combined" -component="stable" snapshot main-xenial_02-29-20_01 filesystem:xenial:xenial

You can now point nginx to Aptly's public directory but if you would like aptly to serve this repo directly...

aptly serve --listen=0.0.0.0:8080