Here I explain how to set up a mirror for Debian an Ubuntu repositories, on a Debian server. The steps explained next can be found on other sites, except how to deal with the repository’s keyrings. For instance, on the Ubuntu’s tutorial they explain how to install the keyrings assuming the server you are installing the mirror has Ubuntu running, but what if it’s running on a Debian server?
As I mentioned, I used debmirror for mirroring both distros. There are other programs, like apt-cacher, but I chose debmirror because I wanted to mirror all Debian and Ubuntu repos. So, in order to install debmirror just type the following as root:
aptitude install debmirror
Installing the keyrings
Now it’s time for installing the repositories’ keyrings. Because I wanted a mirror for Debian and other for Ubuntu, I had to download both keyrings packages and import the keyrings from them:
To install the keyrings for Debian’s repos the latest debian-archive-keyrings must be downloaded, for instance from testing:
# wget http://ftp.us.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2012.4_all.deb
Then the package’s content must be extracted in the root’s home directory:
# dpkg-deb -x debian-archive-keyring_2012.4_all.deb ~
And finally import the keyrings:
# gpg --no-default-keyring --keyring /home/repo/keyrings/debian/trustedkeys.gpg --import /root/usr/share/keyrings/debian-archive-keyring.gpg gpg: keyring `/home/repo/keyrings/debian/trustedkeys.gpg' created gpg: key B98321F9: public key "Squeeze Stable Release Key " imported gpg: key 473041FA: public key "Debian Archive Automatic Signing Key (6.0/squeeze) " imported gpg: key 65FFB764: public key "Wheezy Stable Release Key " imported gpg: key 46925553: public key "Debian Archive Automatic Signing Key (7.0/wheezy) " imported gpg: Total number processed: 4 gpg: imported: 4 (RSA: 4) gpg: no ultimately trusted keys found
On Ubuntu I did something similar. I downloaded the latest ubuntu-keyring package up-to-date, from quantal’s repos:
# wget http://pa.archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2012.05.19_all.deb
Then I proceed to extract the package content in the root’s home directory and import the keyrinngs:
# dpkg-deb -x ubuntu-keyring_2012.05.19_all.deb ~# gpg --no-default-keyring --keyring /home/repo/keyrings/ubuntu/trustedkeys.gpg --import /root/usr/share/keyrings/ubuntu-archive-keyring.gpggpg: keyring `/home/repo/keyrings/ubuntu/trustedkeys.gpg' created gpg: key 437D05B5: public key "Ubuntu Archive Automatic Signing Key " imported gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key " imported gpg: key C0B21F32: public key "Ubuntu Archive Automatic Signing Key (2012) " imported gpg: key EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) " imported gpg: Total number processed: 4 gpg: imported: 4 (RSA: 2) gpg: no ultimately trusted keys found
The debmirror script
The script is an adaptation of the the one at Ubuntu’s documentation, I saved as /home/repo/scripts/debian.sh with the following values:
#!/bin/sh# Don't touch the user's keyring, have our own instead export GNUPGHOME=/home/repo/keyrings/ubuntu # Architecture. For Ubuntu can be i386, powerpc or amd64. arch=i386,amd64 # Minimum Ubuntu system requires main, restricted # Section (One of the following - main/restricted/universe/multiverse). section=main,multiverse,universe,restricted # Release of the system (Quantal, Precise, etc) release=quantal,quantal-security,quantal-updates,quantal-backports,precise,precise-security,precise-updates,precise-backports # Server name, minus the protocol and the path at the end server=us.archive.ubuntu.com # Path from the main server, so http://my.web.server/$dir, Server dependant inPath=/ubuntu # Protocol to use for transfer (http, ftp, hftp, rsync) proto=http # Directory to store the mirror in outPath=/home/repo/mirrors/ubuntu # Start script debmirror -a $arch \ --no-source \ --md5sums \ --progress \ --passive \ --verbose \ -s $section \ -h $server \ -d $release \ -r $inPath \ -e $proto \
For Debian I used other parameters and save it as /home/repo/scripts/debian.sh with this values:
#!/bin/sh # Don't touch the user's keyring, have our own instead export GNUPGHOME=/home/repo/keyrings/debian # Architecture (i386, powerpc, amd64, etc.) arch=i386,amd64 # Section (main,contrib,non-free) section=main,contrib,non-free # Release of the system (squeeze,lenny,stable,testing,etc) release=squeeze # Server name, minus the protocol and the path at the end server=ftp.us.debian.org # Path from the main server, so http://my.web.server/$dir, Server dependant inPath=/debian # Protocol to use for transfer (http, ftp, hftp, rsync) proto=http # Directory to store the mirror in outPath=/home/repo/mirrors/debian # Start script debmirror -a $arch \ --no-source \ --md5sums \ --progress \ --passive \ --verbose \ -s $section \ -h $server \ -d $release \ -r $inPath \ -e $proto \ $outPath
Note: On both cases you have to make the scripts executable, check the connection with the chosen servers and check if you have enough space available for hosting the mirrors.
Scheduled job (crontab)
Once the scripts are working, you can create a cron for keep the mirrors synced. For example, to run he scripts at midnight every day you can put the following in the /etc/crontab:
0 0 * * * root /home/repo/scripts/debian.sh 0 0 * * * root /home/repo/scripts/ubuntu.sh
Publishing the mirrrors
I published the mirror via http with Apache, the web server:
aptitude install apache2
By default on Debian, Apache uses /var/www as root directory. Thus in order to set the mirrors just make the symbolic links to that directory:
# ln -s /home/repo/mirrors/ubuntu /var/www/ # ln -s /home/repo/mirrors/debian /var/www/
Setting the clients
On the client side, you have to edit the /etc/apt/sources.list file according to the Linux version used on the client.
For Ubuntu precise (12.04) you have to put something like this in the /etc/apt/sources.list file:
deb http://192.168.1.1/ubuntu/ precise main restricted universe multiverse deb http://192.168.1.1/ubuntu/ precise-updates main restricted universe multiverse deb http://192.168.1.1/ubuntu/ precise-backports main restricted universe multiverse deb http://192.168.1.1/ubuntu/ precise-security main restricted universe multiverse
In this case the IP addresses 192.168.1.1 belongs to the server hosting the mirrors, which were published via http with Apache. Change to other IP or a DNS entry according to your configuration.
For Debian Squeeze you must have the following in your /etc/apt/sources.list:
deb http://192.168.1.1/debian squeeze main contrib non-free deb http://192.168.1.1/debian-security squeeze/updates main contrib non-free
For both cases after doing these changes you have to update the package list:
Once the package list has been updated you can use those repositories.