openscap - Create an offline repo

New to Debian (Or Linux in general)? Ask your questions here!

openscap - Create an offline repo

Postby florian188 » 2018-10-02 15:14

Hello

I am looking to install openscap offline (https://www.open-scap.org/tools/scap-workbench/#download)

I am trying to create a repo locally for this command to work: apt-get install scap-workbench

How to do it please?

Thank you
florian188
 
Posts: 1
Joined: 2018-10-02 15:11

Re: openscap - Create an offline repo

Postby stevepusser » 2018-10-02 19:34

Since it's in the Debian repo, you must be trying to install in on a disconnected machine.

It sounds like local-apt-repository is what you want, though I've never used it...though I'm going to now!

Package: local-apt-repository (0.4+deb9u1)

Ready to use local apt repository

With this package installed, every Debian package (i.e. a *.deb file) dropped into /srv/local-apt-repository (which you need to create first) will be available to apt.

This package does not provide an apt repository to be used by other hosts. For that, look at more serious repository solutions like reprepro and apt-ftparchive
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Kdenlive 18.08.1, Pale Moon 28.1.0, wine-staging 3.17, qBittorrent 4.1.3, Liquorix kernel 4.18-13, Audacity 2.3.0
User avatar
stevepusser
 
Posts: 10004
Joined: 2009-10-06 05:53

Re: openscap - Create an offline repo

Postby stevepusser » 2018-10-02 19:44

Hmm...doesn't seem to work as advertised on MX Linux. Off to see if it can be fixed.

Edit: well that was easy--MX Linux isn't running systemd by default, so if that's the case (Debian does run it by default), you just have to run an extra command.
If you want to use this package on a system without systemd running,
you will have to manually run /usr/lib/local-apt-repository/rebuild
when you add new packages to /srv/local-apt-repository.


I'm using sudo and a backported Gramps 5.0.0 I just built in this example, but as root also works:

Code: Select all
sudo  /usr/lib/local-apt-repository/rebuild
sudo apt update
apt policy gramps

gramps:
  Installed: 4.2.8~dfsg-1~mx17+1
  Candidate: 5.0.0-1~mx17+1
  Version table:
     5.0.0-1~mx17+1 500
        500 file:/var/lib/local-apt-repository ./ Packages
 *** 4.2.8~dfsg-1~mx17+1 500
        500 http://iso.mxrepo.com/mx/testrepo stretch/test amd64 Packages
        500 http://iso.mxrepo.com/mx/testrepo stretch/test i386 Packages
        100 /var/lib/dpkg/status
     4.2.5~dfsg-1 500
        500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
        500 http://ftp.us.debian.org/debian stretch/main i386 Packages


and my update notifier shows it as upgradable.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Kdenlive 18.08.1, Pale Moon 28.1.0, wine-staging 3.17, qBittorrent 4.1.3, Liquorix kernel 4.18-13, Audacity 2.3.0
User avatar
stevepusser
 
Posts: 10004
Joined: 2009-10-06 05:53

Re: openscap - Create an offline repo

Postby CwF » 2018-10-04 04:07

If you don't mind a fully manual minimal solution you can create a local pool in a few steps with the package:dpkg-dev
This will give you dpkg-scanpackages

Create a directory to dump packages as you like. I choose to do a similar tree as done by debian with some consolidation. I also choose to have -all and -amd64 directories.
Code: Select all
~/Desktop$ dir /pool/dists/stretch
binary-all  binary-amd64


In each top directory, ie binary-all open a root terminal to create the packages file
Code: Select all
root@computer:/pool/dists/stretch/binary-all# dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
dpkg-scanpackages: warning: Packages in archive but missing from override file:
dpkg-scanpackages: warning:   acpi-support-base.......all the packages....zenmap
dpkg-scanpackages: info: Wrote 843 entries to output Packages file.


List this source before online equivalents in sources.list
Code: Select all
deb [trusted=yes] file:///pool/dists/stretch/binary-all/ ./


The listing order in sources.list dictates which will be used, as in
Code: Select all
xfce4-power-manager-data:
  Installed: (none)
  Candidate: 1.4.4-4
  Version table:
     1.4.4-4 500
        500 file:/pool/dists/stretch/binary-all ./ Packages
        500 http://ftp.us.debian.org/debian stretch/main amd64 Packages

Notice the 'file' version is listed first, as in sources.list. There is no need for priorities or pinning. If there is an online version as seen here, the file will be read locally and not downloaded. Swap the order is sources.list and it will download the file even if it is available locally. If there is more than one version, the newest will be the priority.

You can add files to an otherwise 'main only' installation, as in
Code: Select all
~/Desktop$ apt-cache policy *firmware-linux*
firmware-linux-free:
  Installed: 3.4
  Candidate: 3.4
  Version table:
 *** 3.4 500
        500 file:/pool/dists/stretch/binary-all ./ Packages
        500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status
firmware-linux-nonfree:
  Installed: (none)
  Candidate: 20161130-3
  Version table:
     20161130-3 500
        500 file:/pool/dists/stretch/binary-all ./ Packages

I'll mention again, this is entirely manual and can be tedious to update, then there's maybe more tricks for that. I have done this to create a full pool that can get to the end system entirely offline from a netinst cd.
CwF
 
Posts: 131
Joined: 2018-06-20 15:16


Return to Beginners Questions

Who is online

Users browsing this forum: cooler01 and 5 guests

fashionable