From Athenaeum
Revision as of 17:27, 28 February 2020 by James8562 (talk | contribs)

Jump to: navigation, search
  • To bootstrap Aptly’s keyring for Ubuntu:
gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --export | gpg --no-default-keyring --keyring /root/aptly-trustedkeys.gpg --import
  • To import 3rd party repo keys:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --no-default-keyring --keyring /root/aptly-trustedkeys.gpg --import -
gpg --keyserver pool.sks-keyservers.net --recv-keys --no-default-keyring --keyring /root/keys/aptly-trustedkeys.gpg 4F4EA0AAE5267A6C
  • To generate and export our signing keys:
gpg2 --full-gen-key
gpg2 --armor --export > ./keys/nexus-signing-pub.asc
gpg2 --armor --export-secret-keys > ./keys/nexus-signing-priv.asc
gpg2 --armor --export-ownertrust > ./keys/nexus-signing-trust.asc
  • To import our signing keys:
export GPG_TTY=$(tty)
gpg2 --import-ownertrust < ./keys/nexus-signing-trust.asc
gpg2 --import < ./keys/nexus-signing-pub.asc
gpg2 --import < ./keys/nexus-signing-priv.asc
  • To create and publish a repo:
aptly mirror -filter='docker-ce | docker-ce-cli | containerd.io' create docker-xenial https://download.docker.com/linux/ubuntu xenial stable
aptly mirror -filter='docker-ce | docker-ce-cli | containerd.io' create docker-bionic https://download.docker.com/linux/bionic bionic stable

aptly mirror update docker-xenial
aptly mirror update docker-bionic

aptly snapshot create docker-xenial_`date +%m-%d-%y`_01 from mirror docker-xenial
aptly snapshot create docker-bionic_`date +%m-%d-%y`_01 from mirror docker-bionic

Since Aptly cannot divide its pool by distribution the hacky work around is to specify different prefixes. So for example if you wanted to host xenial and bionic the commands would be:

aptly publish -gpg-key="C80BF196" -distribution="xenial" -component="main" snapshot docker-xenial_02-04-20_01 xenial
aptly publish -gpg-key="C80BF196" -distribution="bionic" -component="main" snapshot docker-bionic_02-04-20_01 bionic

You can now point nginx to Aptly's public directory but if you would like aptly to serve this repo directly...

aptly serve --listen=