本文详细介绍了在Ubuntu18.04中如何配置本地源,包括创建目录、拷贝deb文件、生成索引文件及Release文件、生成签名等步骤。同时,提供了针对apt版本低于1.5的无签名本地源生成方法。
Ubuntu 18.04中的apt-get版本为1.6.8。 如果你使用的ubuntu版本较低,apt版本低于1.5,可使用简单的方法配置本地源。简单方法见第二部分。
第一部分,ubuntu18.04上制作本地源
步骤有:
一 创建目录:mkdir repository
二 拷贝deb文件到目录 cp /path/to/*.deb repository/
三 进入目录生成索引文件及Release文件
cd repository
apt-ftparchive packages . > Packages
apt-ftparchive release . > Release
四 生成签名
gpg --clearsign -o InRelease Release
root@serverdeb:/media/debs# gpg --clearsign -o InRelease Release gpg: no default secret key: Unusable secret key gpg: Release: clear-sign failed: Unusable secret key
说明需要生成gpg签名,步骤如下:
1. gpg --gen-key
对于生成签名,详细见如下:https://blog.csdn.net/qdujunjie/article/details/48291017
如果生成签名卡住(原因详见:https://www.cnblogs.com/styshoo/p/6415939.html),执行如下命令:rng -r /dev/urandom /// 前提是安装:apt-get install rng-tools
2. gpg -a --export pub_id | apt-key add -
root@server10:/media/debs# apt-get update
Get:1 file:/media/debs InRelease [1912 B]
Get:1 file:/media/debs InRelease [1912 B]
Err:1 file:/media/debs InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5789843F6B61B0B4
Hit:2 http://apt.postgresql.org/pub/repos/apt xenial-pgdg InRelease
Reading package lists... Done
gpg -a --export 5789843F6B61B0B4 | apt-key add - ///其中pub key可用gpg --list-keys查到
五 gpg -abs -o Release.gpg Release
最后执行apt-get update的输出如下 :
root@server10:/media/debs# apt-get updateGet:1 file:/media/debs InRelease [1912 B]
Get:1 file:/media/debs InRelease [1912 B]
Get:2 file:/media/debs Packages [74.1 kB]
Hit:3 http://apt.postgresql.org/pub/repos/apt xenial-pgdg InRelease
Reading package lists... Done
第二部分 无签名本地源制作
(1)清理apt的下载缓存区。
sudo rm -rf /var/cache/apt/archives/*
(2)下载所需要的组件
sudo apt-get -d install <包名>
(3)创建一个目录,将下载的包拷贝到该目录下
cp -r /var/cache/apt/archives /yout-path
(4)修改目录权限
chmod 777 -R /your-path
(5)建立deb包的依赖关系
sudo touch /your-path/Packages.gz
sudo dpkg-scanpackages /your-path/ /dev/null | gzip > /your-path/Packages.gz
(6)将所有下载的文件和生成的gz文件拷贝到离线的ubuntu机器上,将/etc/apt/sources.list原有内容注释掉,新增:
(7)执行sudo apt-get update,之后就可以直接使用apt-get install 包名 来安装了
如果上面的步骤中报错说
FYI:
modified by people who have no access to the Release file signing key. Starting with version 1.1 APT requires repositories to provide recent authentication information for
unimpeded usage of the repository. Since version 1.5 changes in the information contained in the Release file about the repository need to be confirmed before APT continues to
apply updates from this repository.
· Create a toplevel Release file, if it does not exist already. You can do this by running apt-ftparchive release (provided in apt-utils).
· Sign it. You can do this by running gpg --clearsign -o InRelease Release and gpg -abs -o Release.gpg Release.
· Publish the key fingerprint, so that your users will know what key they need to import in order to authenticate the files in the archive. It is best to ship your key in its
own keyring package like Ubuntu does with ubuntu-keyring to be able to distribute updates and key transitions automatically later.
· Provide instructions on how to add your archive and key. If your users can't acquire your key securely the chain of trust described above is broken. How you can help users
add your key depends on your archive and target audience ranging from having your keyring package included in another archive users already have configured (like the default
repositories of their distribution) to leveraging the web of trust.
Whenever the contents of the archive change (new packages are added or removed) the archive maintainer has to follow the first two steps outlined above.
扫一扫
9719
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
