倉庫中有openresty (nginx), php (7.0-7.1), mysql (5.7-8.0), nmap等,詳見這裡;
適用於Ubuntu 16.04 32位或64位;一鍵配置腳本
wget https://dl.yooooo.us/build/setup.sh -O -|sudo bash
這個倉庫將由兩部分組成,一是自己編譯的二進位包,二是從ppa等上鏡像下來的包。
結構
- A:編譯機
- B:簽名,下載鏡像
- C:CDN
編譯
這裡我們用docker來隔離每次編譯的環境,同時避免重複地安裝每次都會用到的包。
編譯完成後上傳並觸發B機簽名和生成新的InRelease和Packages。
簽名
我們用lua-nginx-moduel寫了處理上傳,並配合cron實現觸發編譯。
nginx配置:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
server { listen 80; listen [::]:80; server_name build-trigger.com; client_max_body_size 30m; location ~ /(.+) { allow 127.0.0.1; allow ::1; allow IP-address-of-A; deny all; set $deb $1; content_by_lua_block { local method = ngx.req.get_method() local fpath = "/home/ftp/build/ubuntu/" .. ngx.var.deb; ngx.log(ngx.ERR, fpath) if method == "PUT" then ngx.req.read_body() local _ = ngx.req.get_body_data() if _ == nil then local _t_f = ngx.req.get_body_file() _ = io.open(_t_f, "rb"):read("*all") end local f = io.open(fpath, "wb") f:write(_) f:close() else --POST local upload = require "resty.upload" local chunk_size = 4096 local form, err = upload:new(chunk_size) if not form then ngx.log(ngx.ERR, "failed to new upload: ", err) ngx.exit(500) end form:set_timeout(1000) -- 1 sec local f = io.open(fpath, "wb") while true do local typ, res, err = form:read() if not typ then ngx.say("failed to read: ", err) f:close() return end if typ == "eof" then break elseif typ == "body" then f:write(res) end end local typ, res, err = form:read() if typ == "body" then f:write(res) end f:close() end local f = io.open("/tmp/new.deb", "a") f:write(ngx.var.deb) f:write("\n") f:close() ngx.exit(200) } } } |
安裝apt-ftparchive和dpkg-sig。
簽名腳本:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#!/bin/bash cd /home/ftp/build/ubuntu if [[ -s /tmp/new.deb ]]; then mv /tmp/new.deb /tmp/new.deb.bak for pkg in $(cat /tmp/new.deb.bak); do dpkg-sig --sign builder $pkg chown www-data:www-data $pkg done rm /tmp/new.deb.bak fi apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz apt-ftparchive release . > Release gpg --batch --yes --digest-algo SHA256 --clearsign -o InRelease Release gpg --batch --yes --digest-algo SHA256 -abs -o Release.gpg Release |
生成gpg密鑰,然後在cron中添加
*/5 * * * * sudo /path/gen_repo.sh
鏡像
使用apt-mirror下載鏡像並且重新簽名。
安裝apt-mirror,然後編輯/etc/apt/mirror.list:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
############# config ################## # # set base_path /var/spool/apt-mirror # # set mirror_path $base_path/mirror # set skel_path $base_path/skel # set var_path $base_path/var # set cleanscript $var_path/clean.sh # set defaultarch <running host architecture> # set postmirror_script $var_path/postmirror.sh # set run_postmirror 0 set nthreads 5 set _tilde 0 # ############# end config ############## # add as many as you like deb-i386 http://ppa.launchpad.net/ondrej/php/ubuntu xenial main clean http://archive.ubuntu.com/ubuntu |
簽名腳本:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
#!/bin/bash echo "* Downloading mirror" apt-mirror /var/spool/apt-mirror/var/clean.sh echo "* Gathering deb" mkdir -p /tmp/apt-mirror all_repos=("$(ls /var/spool/apt-mirror/mirror/repo.mysql.com/apt/ubuntu/pool/* -d -1)" /var/spool/apt-mirror/mirror/ppa.launchpad.net/ondrej/php/ubuntu/pool/main/) for repo in ${all_repos[@]}; do cd $repo for d in $(find . -type f); do dr=$(dirname /tmp/apt-mirror/$d) mkdir -p $dr 2>/dev/null ln -sf $repo/$d /tmp/apt-mirror/$d done done echo "* Signing new deb" cd /tmp/apt-mirror for d in $(find . -name "*.deb"); do if [[ ! -e /home/ftp/mirror/ubuntu/$d ]]; then echo Copy $d mkdir -p $(dirname /home/ftp/mirror/ubuntu/$d) 2>/dev/null cp /tmp/apt-mirror/$d /home/ftp/mirror/ubuntu/$d dpkg-sig --sign builder /home/ftp/mirror/ubuntu/$d 2>/dev/null fi done echo "* Generate Packages and Release" cd /home/ftp/mirror/ubuntu apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz apt-ftparchive release . > Release gpg --batch --yes --digest-algo SHA256 --clearsign -o InRelease Release gpg --batch --yes --digest-algo SHA256 -abs -o Release.gpg Release cd /home/ftp/build/ubuntu apt-ftparchive packages . > Packages gzip -c Packages > Packages.gz apt-ftparchive release . > Release gpg --batch --yes --digest-algo SHA256 --clearsign -o InRelease Release gpg --batch --yes --digest-algo SHA256 -abs -o Release.gpg Release |
然後在cron中添加
6 0 */2 * * sudo /path/sync_repo.sh
CDN
使用openresty自建的CDN,有使用需求的小夥伴可以留言:)
測試cname: cdn.yoooo.us
挺不錯的,可以
最後一行少了一個蛋
沒少,4個蛋也是我的了
哦~換主題!感覺近期有一篇文章被刪除了,是我的錯覺么?
對的,設成私密了,不發牢騷了
prprprpr竟然換theme了嗎?excited!
嗯,換了一個?顏色的
好久不見啦~~~prprprpr
好久不見prprprpr