ubuntu18.04 本地源製做

Ubuntu 18.04中的apt-get版本爲1.6.8。 若是你使用的ubuntu版本較低，apt版本低於1.5，可以使用簡單的方法配置本地源。簡單方法見第二部分。

第一部分，ubuntu18.04上製做本地源

步驟有：

一 建立目錄：mkdir repository

 

二 拷貝deb文件到目錄 cp /path/to/*.deb repository/

 

三 進入目錄生成索引文件及Release文件

cd repository

apt-ftparchive packages . > Packages

apt-ftparchive release . > Release

 

四 生成簽名

gpg --clearsign -o InRelease Release

若是這一步報以下錯誤：

root@serverdeb:/media/debs# gpg --clearsign -o InRelease Release
gpg: no default secret key: Unusable secret key
gpg: Release: clear-sign failed: Unusable secret key

 

說明須要生成gpg簽名，步驟以下：

1. gpg --gen-key

對於生成簽名，詳細見以下：https://blog.csdn.net/qdujunjie/article/details/48291017

若是生成簽名卡住(緣由詳見：https://www.cnblogs.com/styshoo/p/6415939.html)，執行以下命令：rng -r /dev/urandom    /// 前提是安裝：apt-get install rng-tools

2. gpg -a --export pub_id | apt-key add -

root@server10:/media/debs# apt-get update
Get:1 file:/media/debs  InRelease [1912 B]
Get:1 file:/media/debs  InRelease [1912 B]
Err:1 file:/media/debs  InRelease                                              
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5789843F6B61B0B4
Hit:2 http://apt.postgresql.org/pub/repos/apt xenial-pgdg InRelease            
Reading package lists... Done                        

gpg -a --export 5789843F6B61B0B4 | apt-key add -     ///其中pub key可用gpg --list-keys查到

 

五 gpg -abs -o Release.gpg Release

 

最後執行apt-get update的輸出以下 ：

root@server10:/media/debs# apt-get update
Get:1 file:/media/debs  InRelease [1912 B]
Get:1 file:/media/debs  InRelease [1912 B]
Get:2 file:/media/debs  Packages [74.1 kB]                                      
Hit:3 http://apt.postgresql.org/pub/repos/apt xenial-pgdg InRelease             
Reading package lists... Done

 

=======================================

第二部分 無簽名本地源製做

apt 版本低於1.5，無須簽名的本地源生成方法：

原文：https://blog.csdn.net/zp2006011242/article/details/79040172

一、在能夠上網的ubuntu設備上，對想要離線安裝的組件進行預處理。

（1）清理apt的下載緩存區。

sudo rm -rf /var/cache/apt/archives/*

（2）下載所須要的組件

sudo apt-get -d install <包名>

（3）建立一個目錄，將下載的包拷貝到該目錄下

cp -r /var/cache/apt/archives  /yout-path

（4）修改目錄權限

 chmod 777 -R /your-path

（5）創建deb包的依賴關係

    sudo touch /your-path/Packages.gz
    sudo dpkg-scanpackages /your-path/ /dev/null  | gzip > /your-path/Packages.gz

（6）將全部下載的文件和生成的gz文件拷貝到離線的ubuntu機器上，將/etc/apt/sources.list原有內容註釋掉，新增：

deb file:///var/debs/ /

（7）執行sudo apt-get update，以後就能夠直接使用apt-get install 包名 來安裝了
若是上面的步驟中報錯說

The repository 'file:/media debs/ Release' does not have a Release file.

 可用 apt-get update --allow-insecure-repositories，這個時侯錯誤就會變成警告，也能正常安裝軟件。

 

=========================
FYI:

1. 爲什麼apt-get 1.5版本後須要簽名

man apt-secure

Starting with version 0.6, APT contains code that does signature checking of the Release file for all repositories. This ensures that data like packages in the archive can't be
       modified by people who have no access to the Release file signing key. Starting with version 1.1 APT requires repositories to provide recent authentication information for
       unimpeded usage of the repository. Since version 1.5 changes in the information contained in the Release file about the repository need to be confirmed before APT continues to
       apply updates from this repository.

 

2. 簽名的方法出處

man apt-secure

其中REPOSITORY CONFIGURATION中

If you want to provide archive signatures in an archive under your maintenance you have to:

       ·   Create a toplevel Release file, if it does not exist already. You can do this by running apt-ftparchive release (provided in apt-utils).

       ·   Sign it. You can do this by running gpg --clearsign -o InRelease Release and gpg -abs -o Release.gpg Release.

       ·   Publish the key fingerprint, so that your users will know what key they need to import in order to authenticate the files in the archive. It is best to ship your key in its
           own keyring package like Ubuntu does with ubuntu-keyring to be able to distribute updates and key transitions automatically later.

       ·   Provide instructions on how to add your archive and key. If your users can't acquire your key securely the chain of trust described above is broken. How you can help users
           add your key depends on your archive and target audience ranging from having your keyring package included in another archive users already have configured (like the default
           repositories of their distribution) to leveraging the web of trust.

       Whenever the contents of the archive change (new packages are added or removed) the archive maintainer has to follow the first two steps outlined above.