centos7搭建本地源
# 安装工具,需要用到以下两个命令
# repotrack:下载服务的rpm文件以及所有依赖的rpm。yumdownloader只会下载未安装的。不好用。
# createrepo:生成repo信息
yum -y install yum-utils createrepo
mkdir /data/myrepo/centos/7/ -p
cd /data/myrepo/centos/7/
#
# 将httpd的所有依赖下载到当前目录下。
repotrack httpd -p ./
# 生成repo信息
# 如果下载了新的rpm包,需要再次执行此命令,更新repo信息
creatrepo .
ubuntu18.04搭建本地源
mkdir /data/repo/ubuntu/bionic
cd /data/repo/ubuntu/bionic
# 列出要下载的包
export PACKAGES="keepalived lvm2"
# 将包机器依赖包下载到当前目录。apt-get install --download-only 也有类似yumdownloader的问题
apt-get download $(apt-cache depends --recurse --no-recommends --no-suggests \
--no-conflicts --no-breaks --no-replaces --no-enhances \
--no-pre-depends ${PACKAGES} | grep "^\w")
# 生成包信息
# 如果下载了新的deb包,需要再次执行此命令,更新repo信息
apt-ftparchive packages . > Packages
apt-ftparchive release . > Release
# ubuntu从16.04开始,源是要验签的。步骤比较麻烦,而且需要导入验签的key。
# 所以我们创建的本地源,没有加验签
# 16.04估计跟这类似。就不写了。
搭建nginx,把源暴露出去
# 下载epel源
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# 安装nginx
yum install nginx -y
# /etc/nginx/nginx.conf
################################## nginx.conf 文件开始 ##############################
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
autoindex on;# 显示目录
autoindex_exact_size on;# 显示文件大小
autoindex_localtime on;
listen 80;
root /data/repo;
}
}
################################## nginx.conf 文件结束 ##############################
#启动nginx
systemctl start nginx
把自建的源加入到服务器配置文件中
## centos7
## 老规矩,不做验签
echo '
[myrepo]
name=myrepo
baseurl=http://mirror.test001.com/centos/7
enabled=1
gpgcheck=0
' > /etc/yum.repos.d/myrepo.repo
# ubuntu
## 不做验签
echo 'deb [trusted=yes] http://mirror.test001.com/ubuntu/bionic ./' >/etc/apt/sources.list
apt update
#如果是把源放在当前服务器上
# centos7
echo '
[myrepo]
name=myrepo
baseurl=file:///data/repo/centos/7
enabled=1
gpgcheck=0
' > /etc/yum.repos.d/myrepo.repo
# ubuntu
echo 'deb [trusted=yes] file:///data/repo/ubuntu/bionic ./' >/etc/apt/sources.list
apt update
如果非要做验签(ubuntu)
# 下载工具
apt-get install gnupg rng-tools
# 后台持续生成随机串,生成key的时候要用
rngd -r /dev/urandom
gpg --gen-key
############################## 交互开始 ##################################
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: smartxff01
Email address: smartxff02@smartxff.com
You selected this USER-ID:
"smartxff01 <smartxff02@smartxff.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
############################ 交互结束 ############################################
# 需要输入 名字 以及 邮箱 。然后输入 O 进行确认。
# 确认后需要输入密码,不能太短,需要输入两次。
# 后面签名的时候需要输入密码。
# 导出公私钥,生成的时候我们输入的name为smartxff01,此处导出的就是这个
gpg -a --export smartxff01 > Ubuntu_Local_Archive_Automatic_Signing_Key_2017.pub
gpg -a --export-secret-keys smartxff01 > Ubuntu_Local_Archive_Automatic_Signing_Key_2017.sec
# 生成repo的Packages和Release信息
# 如果下载了新的deb包,需要更新repo信息,需要执行下面更新Packages和Release信息,还要再执行一次签名。
apt-ftparchive packages . | gzip -9c > Packages.gz
gunzip -k Packages.gz
apt-ftparchive release ./ > Release
# 对Release进行签名,还是用smartxff01,此步骤需要输入密码。
gpg -abs --default-key smartxff01 -o Release.gpg Release
gpg --clearsign --default-key smartxff01 -o InRelease Release
# 至此repo的签名就完成了。
# 如果某台服务器需要使用这个源,就必须倒入key。就是上面生成的Ubuntu_Local_Archive_Automatic_Signing_Key_2017.pub
apt-key add Ubuntu_Local_Archive_Automatic_Signing_Key_2017.pub
# 一般会把公钥放在repo目录下提供下载。然后通过以下方式安装key。
wget --quiet -O - http://mirror.test001.com/ubuntu/bionic Ubuntu_Local_Archive_Automatic_Signing_Key_2017.pub | sudo apt-key add -