Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

openscap - Create an offline repo

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
florian188
Posts: 1
Joined: 2018-10-02 15:11

openscap - Create an offline repo

#1 Post by florian188 »

Hello

I am looking to install openscap offline (https://www.open-scap.org/tools/scap-wo ... /#download)

I am trying to create a repo locally for this command to work: apt-get install scap-workbench

How to do it please?

Thank you

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: openscap - Create an offline repo

#2 Post by stevepusser »

Since it's in the Debian repo, you must be trying to install in on a disconnected machine.

It sounds like local-apt-repository is what you want, though I've never used it...though I'm going to now!
Package: local-apt-repository (0.4+deb9u1)

Ready to use local apt repository

With this package installed, every Debian package (i.e. a *.deb file) dropped into /srv/local-apt-repository (which you need to create first) will be available to apt.

This package does not provide an apt repository to be used by other hosts. For that, look at more serious repository solutions like reprepro and apt-ftparchive
MX Linux packager and developer

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: openscap - Create an offline repo

#3 Post by stevepusser »

Hmm...doesn't seem to work as advertised on MX Linux. Off to see if it can be fixed.

Edit: well that was easy--MX Linux isn't running systemd by default, so if that's the case (Debian does run it by default), you just have to run an extra command.
If you want to use this package on a system without systemd running,
you will have to manually run /usr/lib/local-apt-repository/rebuild
when you add new packages to /srv/local-apt-repository.
I'm using sudo and a backported Gramps 5.0.0 I just built in this example, but as root also works:

Code: Select all

sudo  /usr/lib/local-apt-repository/rebuild
sudo apt update
apt policy gramps

gramps:
  Installed: 4.2.8~dfsg-1~mx17+1
  Candidate: 5.0.0-1~mx17+1
  Version table:
     5.0.0-1~mx17+1 500
        500 file:/var/lib/local-apt-repository ./ Packages
 *** 4.2.8~dfsg-1~mx17+1 500
        500 http://iso.mxrepo.com/mx/testrepo stretch/test amd64 Packages
        500 http://iso.mxrepo.com/mx/testrepo stretch/test i386 Packages
        100 /var/lib/dpkg/status
     4.2.5~dfsg-1 500
        500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
        500 http://ftp.us.debian.org/debian stretch/main i386 Packages
and my update notifier shows it as upgradable.
MX Linux packager and developer

CwF
Global Moderator
Global Moderator
Posts: 2638
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 41 times
Been thanked: 192 times

Re: openscap - Create an offline repo

#4 Post by CwF »

If you don't mind a fully manual minimal solution you can create a local pool in a few steps with the package:dpkg-dev
This will give you dpkg-scanpackages

Create a directory to dump packages as you like. I choose to do a similar tree as done by debian with some consolidation. I also choose to have -all and -amd64 directories.

Code: Select all

~/Desktop$ dir /pool/dists/stretch
binary-all  binary-amd64
In each top directory, ie binary-all open a root terminal to create the packages file

Code: Select all

root@computer:/pool/dists/stretch/binary-all# dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
dpkg-scanpackages: warning: Packages in archive but missing from override file:
dpkg-scanpackages: warning:   acpi-support-base.......all the packages....zenmap
dpkg-scanpackages: info: Wrote 843 entries to output Packages file.
List this source before online equivalents in sources.list

Code: Select all

deb [trusted=yes] file:///pool/dists/stretch/binary-all/ ./
The listing order in sources.list dictates which will be used, as in

Code: Select all

xfce4-power-manager-data:
  Installed: (none)
  Candidate: 1.4.4-4
  Version table:
     1.4.4-4 500
        500 file:/pool/dists/stretch/binary-all ./ Packages
        500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
Notice the 'file' version is listed first, as in sources.list. There is no need for priorities or pinning. If there is an online version as seen here, the file will be read locally and not downloaded. Swap the order is sources.list and it will download the file even if it is available locally. If there is more than one version, the newest will be the priority.

You can add files to an otherwise 'main only' installation, as in

Code: Select all

~/Desktop$ apt-cache policy *firmware-linux*
firmware-linux-free:
  Installed: 3.4
  Candidate: 3.4
  Version table:
 *** 3.4 500
        500 file:/pool/dists/stretch/binary-all ./ Packages
        500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status
firmware-linux-nonfree:
  Installed: (none)
  Candidate: 20161130-3
  Version table:
     20161130-3 500
        500 file:/pool/dists/stretch/binary-all ./ Packages
I'll mention again, this is entirely manual and can be tedious to update, then there's maybe more tricks for that. I have done this to create a full pool that can get to the end system entirely offline from a netinst cd.

Post Reply