This week I've been trying to build secure local repository on my server. I used debian DVD files for my repository. Here how I build my repository using DVD.
1. First, I just link all DVD files to /var/www/html directory
Code: Select all
ln -s /media/dvd-mount/* /var/www/html/
3. In order to make my repository secure, I have to sign my Release file. I use these command to do that
Code: Select all
gpg --gen-key --default-new-key-algo=rsa4096/cert,sign+rsa4096/encr
gpg -a --yes --output dists/stable/Release.gpg --local-user <username> --detach-sign dists/stable/Release
gpg -a --yes --clearsign --output dists/stable/InRelease --local-user <username> --detach-sign dists/stable/Release
gpg --export <username> | tee pubkey.gpg > /dev/null
3. After signing the Release files and exporting the pubkey, the last thing is to add my server address to /etc/apt/sources.list file and save the pubkey to the /etc/apt/trusted.gpg.d/ directory.
My sources.list file now, looked like this
Code: Select all
# deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ - Official amd64 DVD Binary-1 20220709-10:33]/ bullseye contrib main
#deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ - Official amd64 DVD Binary-1 20220709-10:33]/ bullseye contrib main
deb http://10.10.10.1/debian bullseye main contrib
Code: Select all
root@debian:/etc/apt/trusted.gpg.d# ls
debian-archive-bullseye-automatic.gpg debian-archive-buster-automatic.gpg debian-archive-stretch-automatic.gpg pubkey.gpg
debian-archive-bullseye-security-automatic.gpg debian-archive-buster-security-automatic.gpg debian-archive-stretch-security-automatic.gpg
debian-archive-bullseye-stable.gpg debian-archive-buster-stable.gpg debian-archive-stretch-stable.gpg
root@debian:/etc/apt/trusted.gpg.d#
Code: Select all
Ign:1 http://10.10.10.1/debian bullseye InRelease
Hit:2 http://10.10.10.1/debian bullseye Release
Ign:3 http://10.10.10.1/debian bullseye Release.gpg
Reading package lists... Done
E: The repository 'http://10.10.10.1/debian bullseye Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Code: Select all
root@debian:/var/www/html/dists/bullseye# ls
contrib InRelease main Release Release.gpg
root@debian:/var/www/html/dists/bullseye# gpg --verify Release.gpg Release
gpg: Signature made Thu 20 Apr 2023 09:06:29 AM WIB
gpg: using RSA key 91E41F7C5A54476C81F905FAC408BDC6B014B343
gpg: issuer "client@tes.com"
gpg: Good signature from "client <client@tes.com>" [ultimate]
root@debian:/var/www/html/dists/bullseye#
I'm stuck at this error, is there something I missed to do? or is there something I did wrong?
forgive me if my explanation is weird, I'm trying my best to make it understandable as possible.