ubuntu18.04 本地源制作
Ubuntu 18.04中的apt-get版本为1.6.8。 如果你使用的ubuntu版本较低,apt版本低于1.5,可使用简单的方法配置本地源。简单方法见第二部分。
第一部分,ubuntu18.04上制作本地源
步骤有:
一 创建目录:mkdir repository
二 拷贝deb文件到目录 cp /path/to/*.deb repository/
三 进入目录生成索引文件及Release文件
cd repository
apt-ftparchive packages . > Packages
apt-ftparchive release . > Release
四 生成签名
gpg --clearsign -o InRelease Release
如果这一步报如下错误:root@serverdeb:/media/debs# gpg --clearsign -o InRelease Release gpg: no default secret key: Unusable secret key gpg: Release: clear-sign failed: Unusable secret key
说明需要生成gpg签名,步骤如下:
1. gpg --gen-key
对于生成签名,详细见如下:https://blog.csdn.net/qdujunjie/article/details/48291017
如果生成签名卡住(原因详见:https://www.cnblogs.com/styshoo/p/6415939.html),执行如下命令:rng -r /dev/urandom /// 前提是安装:apt-get install rng-tools
2. gpg -a --export pub_id | apt-key add -
root@server10:/media/debs# apt-get update
Get:1 file:/media/debs InRelease [1912 B]
Get:1 file:/media/debs InRelease [1912 B]
Err:1 file:/media/debs InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5789843F6B61B0B4
Hit:2 http://apt.postgresql.org/pub/repos/apt xenial-pgdg InRelease
Reading package lists... Done
gpg -a --export 5789843F6B61B0B4 | apt-key add - ///其中pub key可用gpg --list-keys查到
五 gpg -abs -o Release.gpg Release
最后执行apt-get update的输出如下 :
root@server10:/media/debs# apt-get updateGet:1 file:/media/debs InRelease [1912 B]
Get:1 file:/media/debs InRelease [1912 B]
Get:2 file:/media/debs Packages [74.1 kB]
Hit:3 http://apt.postgresql.org/pub/repos/apt xenial-pgdg InRelease
Reading package lists... Done
=======================================
第二部分 无签名本地源制作
apt 版本低于1.5,无须签名的本地源生成方法:
原文:https://blog.csdn.net/zp2006011242/article/details/79040172
1、在可以上网的ubuntu设备上,对想要离线安装的组件进行预处理。
(1)清理apt的下载缓存区。
sudo rm -rf /var/cache/apt/archives/*
(2)下载所需要的组件
sudo apt-get -d install <包名>
(3)创建一个目录,将下载的包拷贝到该目录下
cp -r /var/cache/apt/archives /yout-path
(4)修改目录权限
chmod 777 -R /your-path
(5)建立deb包的依赖关系
sudo touch /your-path/Packages.gz
sudo dpkg-scanpackages /your-path/ /dev/null | gzip > /your-path/Packages.gz
(6)将所有下载的文件和生成的gz文件拷贝到离线的ubuntu机器上,将/etc/apt/sources.list原有内容注释掉,新增:
deb file:///var/debs/ /
(7)执行sudo apt-get update,之后就可以直接使用apt-get install 包名 来安装了
如果上面的步骤中报错说
The repository 'file:/media debs/ Release' does not have a Release file.
可用apt-get update --allow-insecure-repositories,这个时侯错误就会变成警告,也能正常安装软件。
=========================
FYI:
1. 为何apt-get 1.5版本后需要签名
man apt-secure
Starting with version 0.6, APT contains code that does signature checking of the Release file for all repositories. This ensures that data like packages in the archive can't be
modified by people who have no access to the Release file signing key. Starting with version 1.1 APT requires repositories to provide recent authentication information for
unimpeded usage of the repository. Since version 1.5 changes in the information contained in the Release file about the repository need to be confirmed before APT continues to
apply updates from this repository.
2. 签名的方法出处
man apt-secure
其中REPOSITORY CONFIGURATION中
If you want to provide archive signatures in an archive under your maintenance you have to:
· Create a toplevel Release file, if it does not exist already. You can do this by running apt-ftparchive release (provided in apt-utils).
· Sign it. You can do this by running gpg --clearsign -o InRelease Release and gpg -abs -o Release.gpg Release.
· Publish the key fingerprint, so that your users will know what key they need to import in order to authenticate the files in the archive. It is best to ship your key in its
own keyring package like Ubuntu does with ubuntu-keyring to be able to distribute updates and key transitions automatically later.
· Provide instructions on how to add your archive and key. If your users can't acquire your key securely the chain of trust described above is broken. How you can help users
add your key depends on your archive and target audience ranging from having your keyring package included in another archive users already have configured (like the default
repositories of their distribution) to leveraging the web of trust.
Whenever the contents of the archive change (new packages are added or removed) the archive maintainer has to follow the first two steps outlined above.