Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
gitlab_to_aptly [2021/05/29 16:51]
okias created
gitlab_to_aptly [2021/06/29 22:36] (current)
okias english
Line 1: Line 1:
 ====== Creating repository from automated Debian Salsa builds ====== ====== Creating repository from automated Debian Salsa builds ======
 +{{ :salsa_to_aptly.png |}}
 ===== Motivation ===== ===== Motivation =====
  
 I'm not an Debian maintainer. Nor I want to be in future. I'm not an Debian maintainer. Nor I want to be in future.
-My reasons to do all this is that:+My reasons to do all this is:
   - I want some specific software to be packaged for Debian   - I want some specific software to be packaged for Debian
-  - when I update packaging on salsa.debian.org I want to have available package for computers and phones +  - when I update packaging on salsa.debian.org I want to have available package for my devices 
-  - I don't want to bother myself downloading packages from Salsa CI manually or compiling them again on the devices+  - I don't want to bother with downloading packages from Salsa CI manually or compiling them again on these devices
   - I want also others to be able use my packages   - I want also others to be able use my packages
  
 These reasons motivated me to look into [[salsa.debian.org/|Salsa]], [[https://docs.gitlab.com/ee/api/|GitLab API]] and [[https://www.aptly.info/tutorial/|Aptly]] deployment. These reasons motivated me to look into [[salsa.debian.org/|Salsa]], [[https://docs.gitlab.com/ee/api/|GitLab API]] and [[https://www.aptly.info/tutorial/|Aptly]] deployment.
 +
 +==== Advantages ====
 +   * package build process is handled by salsa, no need to worry about it
 +   * ecologic - it's build only once
 +
 +==== Disadvantages ====
 +   * no control about build process than offered by salsa-ci.yml configuration file
 +
 +===== Predisposition =====
 +  - You did correctly setup **debian/salsa-ci.yml** and Gitlab settings ([[https://debconf19.debconf.org/talks/148-salsa-ci-debian-pipeline-for-developers/|Debconf19 talk about Salsa CI]])
 +  - you build for achitectures you'll be distributing with aptly
 +
 +You can look at project configuration of [[https://salsa.debian.org/okias-guest/]] as an example.
  
 ===== Where to start ===== ===== Where to start =====
Line 21: Line 34:
  
 Then it's a time to create user and generate your repository replated GPG key. Then it's a time to create user and generate your repository replated GPG key.
 +==== Aptly ====
 <code> <code>
 useradd -m repo && export USER=repo # create user repo useradd -m repo && export USER=repo # create user repo
Line 53: Line 66:
 TOKEN= # watch https://www.youtube.com/watch?v=0LsMC3ZiXkA TOKEN= # watch https://www.youtube.com/watch?v=0LsMC3ZiXkA
  
-ARCHS="arm64 amd64" +ARCHS="amd64" 
-JOBS="build build\ arm64" # jobs must match to build == amd64;+JOBS="build" # jobs must match to build == amd64;
  
 ARTIF_UNPACK=debian/output ARTIF_UNPACK=debian/output
Line 91: Line 104:
 get_artifacts() { get_artifacts() {
         for job in $JOBS; do         for job in $JOBS; do
-        curl -o ${id}_${job}.zip -H 'Accept: application/json' -H "Authorization: Bearer ${TOKEN}" "https://salsa.debian.org/api/v4/projects/${id}/jobs/artifacts/debian/latest/download?job=${job}" && \+                BRANCH="debian/latest"         
 +        curl -o ${id}_${job}.zip -H 'Accept: application/json' -H "Authorization: Bearer ${TOKEN}" "https://salsa.debian.org/api/v4/projects/${id}/jobs/artifacts/${BRANCH}/download?job=${job}" && \
                 unzip ${id}_${job}.zip && \                 unzip ${id}_${job}.zip && \
                 rm ${id}_${job}.zip && \                 rm ${id}_${job}.zip && \
Line 108: Line 122:
         aptly repo add ${REPO_NAME} ${ARTIF_UNPACK} # add files         aptly repo add ${REPO_NAME} ${ARTIF_UNPACK} # add files
  aptly publish drop unstable # first we get rid of previously published repo  aptly publish drop unstable # first we get rid of previously published repo
-        aptly publish repo -batch -architectures ${ARCHS} -distribution unstable ${REPO_NAME}+ APTLY_ARCHS=`echo $ARCHS | tr " " ,` 
 + aptly publish repo -batch -architectures "${APTLY_ARCHS}-distribution unstable ${REPO_NAME}
 } }
  
Line 115: Line 130:
 publish publish
  
 +</code>
 +
 +==== Nginx ====
 +
 +Test script with <code>sudo -u $USER ./gitlab_to_aptly.sh</code>, if your /home/$USER/.aptly/public is populated, prepare nginx configuration. This configuration may differ a lot from your use. I'm assuming you have SSL configured (ssl.conf) and SSL certificates in place.
 +
 +**/etc/nginx/sites-available/repo.ixit.cz.conf**
 +<code>
 +server {
 +    include ssl.conf;
 +    server_name repo.ixit.cz;
 +    ssl_certificate /etc/letsencrypt/live/ixit.cz/fullchain.pem;
 +    ssl_certificate_key /etc/letsencrypt/live/ixit.cz/privkey.pem;
 +
 +    location / {
 +        root /home/repo/.aptly/public/;
 +        autoindex on;
 +    }
 +}
 +</code>
 +
 +systemctl reload nginx and check URL, if you see the repository.
 +
 +==== Testing it ====
 +
 +In that case, you can try add it to the first device. Replace ixit with your repository name:
 +
 +<code>
 +echo "deb https://repo.ixit.cz/ unstable main" > /etc/apt/sources.list.d/ixit.list # repository
 +curl -o /etc/apt/trusted.gpg.d/ixit.gpg https://repo.ixit.cz/public-key.asc # GPG key
 +apt update # shouldn't report any errors
 +</code>
 +now you can install package you desire and test.
 +
 +==== Repository refreshing ====
 +
 +Most likely, you'll want to regenerate your repository at least every hour.
 +
 +This is how can look **/etc/systemd/system/gitlab_to_aptly.service**
 +<code>
 +[Unit]
 +Description=Radioalarm service
 +
 +[Service]
 +User=repo
 +WorkingDirectory=/home/repo/tmp/
 +ExecStart=/home/repo/gitlab_to_aptly.sh
 +</code>
 +and **/etc/systemd/system/gitlab_to_aptly.timer**
 +<code>
 +[Unit]
 +Description=Update aptly repository every hour
 +
 +[Timer]
 +OnBootSec=60min
 +OnUnitActiveSec=60min
 +Unit=gitlab_to_aptly.service
 +
 +[Install]
 +WantedBy=timers.target
 </code> </code>