仓库中有openresty (nginx), php (7.0-7.1), mysql (5.7-8.0), nmap等,详见这里;
适用于Ubuntu 16.04 32位或64位;一键配置脚本
wget https://dl.yooooo.us/build/setup.sh -O -|sudo bash
这个仓库将由两部分组成,一是自己编译的二进制包,二是从ppa等上镜像下来的包。
结构
- A:编译机
- B:签名,下载镜像
- C:CDN
编译
这里我们用docker来隔离每次编译的环境,同时避免重复地安装每次都会用到的包。
编译完成后上传并触发B机签名和生成新的InRelease和Packages。
签名
我们用lua-nginx-moduel写了处理上传,并配合cron实现触发编译。
nginx配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
server { listen 80; listen [::]:80; server_name build-trigger.com; client_max_body_size 30m; location ~ /(.+) { allow 127.0.0.1; allow ::1; allow IP-address-of-A; deny all; set $deb $1; content_by_lua_block { local method = ngx.req.get_method() local fpath = "/home/ftp/build/ubuntu/" .. ngx.var.deb; ngx.log(ngx.ERR, fpath) if method == "PUT" then ngx.req.read_body() local _ = ngx.req.get_body_data() if _ == nil then local _t_f = ngx.req.get_body_file() _ = io.open(_t_f, "rb"):read("*all") end local f = io.open(fpath, "wb") f:write(_) f:close() else --POST local upload = require "resty.upload" local chunk_size = 4096 local form, err = upload:new(chunk_size) if not form then ngx.log(ngx.ERR, "failed to new upload: ", err) ngx.exit(500) end form:set_timeout(1000) -- 1 sec local f = io.open(fpath, "wb") while true do local typ, res, err = form:read() if not typ then ngx.say("failed to read: ", err) f:close() return end if typ == "eof" then break elseif typ == "body" then f:write(res) end end local typ, res, err = form:read() if typ == "body" then f:write(res) end f:close() end local f = io.open("/tmp/new.deb", "a") f:write(ngx.var.deb) f:write("\n") f:close() ngx.exit(200) } } } |
安装apt-ftparchive和dpkg-sig。
签名脚本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#!/bin/bash cd /home/ftp/build/ubuntu if [[ -s /tmp/new.deb ]]; then mv /tmp/new.deb /tmp/new.deb.bak for pkg in $(cat /tmp/new.deb.bak); do dpkg-sig --sign builder $pkg chown www-data:www-data $pkg done rm /tmp/new.deb.bak fi apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz apt-ftparchive release . > Release gpg --batch --yes --digest-algo SHA256 --clearsign -o InRelease Release gpg --batch --yes --digest-algo SHA256 -abs -o Release.gpg Release |
生成gpg密钥,然后在cron中添加
*/5 * * * * sudo /path/gen_repo.sh
镜像
使用apt-mirror下载镜像并且重新签名。
安装apt-mirror,然后编辑/etc/apt/mirror.list:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
############# config ################## # # set base_path /var/spool/apt-mirror # # set mirror_path $base_path/mirror # set skel_path $base_path/skel # set var_path $base_path/var # set cleanscript $var_path/clean.sh # set defaultarch <running host architecture> # set postmirror_script $var_path/postmirror.sh # set run_postmirror 0 set nthreads 5 set _tilde 0 # ############# end config ############## # add as many as you like deb-i386 http://ppa.launchpad.net/ondrej/php/ubuntu xenial main clean http://archive.ubuntu.com/ubuntu |
签名脚本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
#!/bin/bash echo "* Downloading mirror" apt-mirror /var/spool/apt-mirror/var/clean.sh echo "* Gathering deb" mkdir -p /tmp/apt-mirror all_repos=("$(ls /var/spool/apt-mirror/mirror/repo.mysql.com/apt/ubuntu/pool/* -d -1)" /var/spool/apt-mirror/mirror/ppa.launchpad.net/ondrej/php/ubuntu/pool/main/) for repo in ${all_repos[@]}; do cd $repo for d in $(find . -type f); do dr=$(dirname /tmp/apt-mirror/$d) mkdir -p $dr 2>/dev/null ln -sf $repo/$d /tmp/apt-mirror/$d done done echo "* Signing new deb" cd /tmp/apt-mirror for d in $(find . -name "*.deb"); do if [[ ! -e /home/ftp/mirror/ubuntu/$d ]]; then echo Copy $d mkdir -p $(dirname /home/ftp/mirror/ubuntu/$d) 2>/dev/null cp /tmp/apt-mirror/$d /home/ftp/mirror/ubuntu/$d dpkg-sig --sign builder /home/ftp/mirror/ubuntu/$d 2>/dev/null fi done echo "* Generate Packages and Release" cd /home/ftp/mirror/ubuntu apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz apt-ftparchive release . > Release gpg --batch --yes --digest-algo SHA256 --clearsign -o InRelease Release gpg --batch --yes --digest-algo SHA256 -abs -o Release.gpg Release cd /home/ftp/build/ubuntu apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz apt-ftparchive release . > Release gpg --batch --yes --digest-algo SHA256 --clearsign -o InRelease Release gpg --batch --yes --digest-algo SHA256 -abs -o Release.gpg Release |
然后在cron中添加
6 0 */2 * * sudo /path/sync_repo.sh
CDN
使用openresty自建的CDN,有使用需求的小伙伴可以留言:)
测试cname: cdn.yoooo.us