Arepa
view release on metacpan or search on metacpan
config.yml-sample view on Meta::CPAN
path: /var/arepa/repository/
# Where the repo should be in the final machine (if it's different). Use
# Rsync format (user@machine:/var/www/virtual/aptrepo/html/debian/)
# remote_path: machine:/var/www/virtual/aptrepo/html/debian/
signature:
# Sign the repository with this ID. This is useful in case you might login
# with the wrong user and end up signing the repo with the wrong key
# id: 12345678
# The SPECIAL VALUE 'unsigned' means that the repository shouldn't be
# signed. This is useful mostly so that automated tests don't require
# having gpg installed
# URL to the repo. NO NEED to add a trailing slash
# url: http://localhost/arepa/repository
# Where the upload queue is (some anonymous FTP upload directory, or
# SSH-accesible queue or whatever)
upload_queue:
path: /var/arepa/upload-queue
# SQLite package database with compilation requests and other stuff
package_db: /var/arepa/db/package.db
web_ui:
# Public URL (to use in RSS feeds)
public_url: http://localhost/cgi-bin/arepa/arepa.cgi
# Base URL for CSS files and stuff
base_url: /arepa
# The trusted public keys (for package signatures) should be here
gpg_homedir: /var/arepa/gnupg-web
# Check if the remote repository is in sync with the local copy. Be sure to
# have SSH keys and sudo correctly configured, otherwise it will hang.
check_remote_repo: 0
# SQLite DB for storing sessions
session_db: /var/arepa/db/sessions.db
# Authentication type
authentication:
# By default, read users and (MD5) passwords from "user_file"
# below. The other valid type is "external", to make the
# authentication through your web server. In the latter case,
* Create the postinst scripts so /var/arepa/gnupg-web is created on package
installation (see --list-keys and the contents of the default option file
inside it)
* Create a default keyring with the Opera key, and make it part of the
distribution (use it for the initial /var/arepa/keyring/uploaders.gpg)
* Figure out some permissions for package.db that work for both www-data and
arepa-master. Should package.db be created by default as an empty database?
* The user, after installation, will have to "su - arepa-master" and create a
new GPG key for it. The secret key ID should be in the configuration
* Make www-data be part of a new group, arepa. That group should be the group
for all the interesting directories, and those directories should have the
gid bit set.
* Have to set the umask to 0002 to reprepro creates the files with the
install_arepa.pl view on Meta::CPAN
my $repo_dists_conf = File::Spec->catfile($config->get_key("repository:path"),
"conf",
"distributions");
print "Creating repo configuration file in $repo_dists_conf\n";
open F, ">>$repo_dists_conf";
close F;
chown($uid, $gid, $repo_dists_conf);
symchmod("g+w", $repo_dists_conf);
my $gpg_dir = $config->get_key("web_ui:gpg_homedir");
print "Creating GPG directory in $gpg_dir\n";
mkpath($gpg_dir);
chown($web_uid, $web_gid, $gpg_dir);
chmod(0700, $gpg_dir);
my $gpg_options = File::Spec->catfile($config->get_key("web_ui:gpg_homedir"),
"options");
if (! -f $gpg_options) {
print "Creating options file $gpg_options\n";
my $keyrings_dir =
File::Spec->catfile(dirname($config->get_key("web_ui:gpg_homedir")),
"keyrings");
mkpath($keyrings_dir);
chown($uid, $gid, $keyrings_dir);
symchmod("g+w", $keyrings_dir);
open F, ">$gpg_options";
print F "keyring $keyrings_dir/uploaders.gpg\n";
close F;
chown($uid, $gid, $gpg_options);
symchmod("g+w", $gpg_options);
}
lib/Arepa.pm view on Meta::CPAN
the first alias as the C<Suite>. The rest of the aliases you can specify in a
field C<AlsoAcceptFor>, like so:
arepa-admin createdistribution --extra-field "alsoacceptfor:squeeze stable" \
mysqueeze
Now, make sure you have GPG key for the special user C<arepa-master>. That
will be the GPG key used to sign the repository. To do so, simply type:
# su - arepa-master
$ gpg --gen-key
And follow the instructions. Make sure that key B<doesn't> have a passphrase.
=head2 CONFIGURE WEB UI
The next step is to configure the web interface. Make sure that you can access
the application from the URL path C</arepa/arepa.cgi> and that it works
properly. You have a sample configuration file in C<apache.conf>. If you have
installed the Debian package, everything should be already in place, and the
only step you should follow is:
lib/Arepa.pm view on Meta::CPAN
C</usr/bin/arepa sign>, C</usr/bin/arepa sync> and C</usr/bin/arepa issynced>.
You can add these lines in C<visudo>:
%arepa ALL = (arepa-master) NOPASSWD: /usr/bin/arepa sign
%arepa ALL = (arepa-master) NOPASSWD: /usr/bin/arepa sync
%arepa ALL = (arepa-master) NOPASSWD: /usr/bin/arepa issynced
=item
Add the keys of the developers that will upload packages to the uploader
keyring (C</var/arepa/keyrings/uploaders.gpg>). You can do that in the web
interface itself.
=back
Note that your upload queue is by default at C</var/arepa/upload-queue>, but
you can change it in the configuration file C</etc/arepa/config.yml>.
=head2 CREATE AUTOBUILDERS
Finally, you need to create an autobuilder for every combination of
lib/Arepa/Repository.pm view on Meta::CPAN
$extra .= " --section " . $self->_shell_escape($extra_args{$arg});
}
elsif ($arg eq 'priority') {
$extra .= " --priority " . $self->_shell_escape($extra_args{$arg})
}
else {
croak "Don't know anything about argument '$arg'";
}
}
# GNUPG home directory
if ($self->config_key_exists('web_ui:gpg_homedir')) {
my $gpg_homedir = $self->get_config_key('web_ui:gpg_homedir');
if (defined $gpg_homedir && $gpg_homedir) {
$extra .= " --gnupghome '$gpg_homedir'";
}
}
my $cmd = "reprepro -b$repo_path $extra $mode $distro $file_path 2>&1";
my $umask = umask;
umask($umask & 0707); # Always allow group permissions
$self->{last_cmd_output} = `$cmd`;
my $status = $?;
umask $umask;
if ($status == 0) {
lib/Arepa/Repository.pm view on Meta::CPAN
}
sub sign_distribution {
my ($self, $distro_name) = @_;
my $repo_path = $self->get_config_key('repository:path');
my $release_file_path = File::Spec->catfile($repo_path,
"dists",
$distro_name,
"Release");
unlink "$release_file_path.gpg";
my $extra_options = "";
if ($self->config_key_exists('repository:signature:id')) {
my $key_id = $self->get_config_key('repository:signature:id');
$extra_options = " -u $key_id";
}
my $gpg_cmd = "gpg --batch -abs $extra_options -o $release_file_path.gpg $release_file_path >/dev/null";
return (system($gpg_cmd) == 0);
}
sub sync_remote {
my ($self) = @_;
my $repo_path = $self->get_config_key('repository:path');
if ($self->config_key_exists('repository:remote_path')) {
my $remote_repo_path = $self->get_config_key('repository:remote_path');
my $rsync_cmd = "rsync -avz --delete $repo_path $remote_repo_path";
if (system($rsync_cmd) == 0) {
lib/Arepa/Web/Dashboard.pm view on Meta::CPAN
};
}
# Packages pending approval ----------------------------------------------
my @packages = ();
if (opendir D, $self->config->get_key('upload_queue:path')) {
@packages = grep /\.changes$/, readdir D;
closedir D;
}
my (@readable_packages, @unreadable_packages, %source_package_info);
my $gpg_dir = $self->config->get_key('web_ui:gpg_homedir');
my $repository = Arepa::Repository->new($self->config_path);
foreach my $package (@packages) {
my $package_path =
$self->config->get_key('upload_queue:path')."/".$package;
my $obj = undef;
eval {
$obj = Parse::Debian::PackageDesc->new($package_path,
gpg_homedir => $gpg_dir);
};
if ($obj) {
push @readable_packages, $obj;
# Fetch some extra information from already existing packages
my $pkg = $obj->source;
$source_package_info{$pkg} = {};
my $id = $packagedb->get_source_package_id($pkg, '*latest*');
if ($id) {
my %source_pkg = $packagedb->get_source_package_by_id($id);
lib/Arepa/Web/Keys.pm view on Meta::CPAN
use warnings;
use base 'Arepa::Web::Base';
use English qw(-no_match_vars);
use Encode;
sub index {
my ($self) = @_;
my $gpg_homedir = $self->config->get_key('web_ui:gpg_homedir');
my $gpg_list_keys_cmd = "gpg --homedir '$gpg_homedir' " .
"--no-default-keyring --list-keys 2>&1";
my $gpg_list_keys_output = `$gpg_list_keys_cmd`;
$self->show_view({ cmd => $gpg_list_keys_cmd,
output => $gpg_list_keys_output });
}
sub import {
my ($self) = @_;
$self->_only_if_admin(sub {
my $gpg_homedir = $self->config->get_key('web_ui:gpg_homedir');
my $gpg_import_cmd = "gpg --homedir '$gpg_homedir' " .
"--no-default-keyring --import";
my $r = open F, "| $gpg_import_cmd";
if ($r) {
print F $self->param("gpgkeys");
close F;
$self->redirect_to('generic', controller => 'keys',
action => 'index');
}
else {
$self->show_view({ error => $! });
}
});
}
lib/Arepa/Web/Public.pm view on Meta::CPAN
]
);
my @changes_files = ();
if (opendir D, $self->config->get_key('upload_queue:path')) {
@changes_files = grep /\.changes$/, readdir D;
closedir D;
}
my @packages;
my $gpg_dir = $self->config->get_key('web_ui:gpg_homedir');
foreach my $changes_file (@changes_files) {
my $changes_file_path = $self->config->get_key('upload_queue:path') .
"/" . $changes_file;
eval {
push @packages,
Parse::Debian::PackageDesc->new($changes_file_path,
gpg_homedir => $gpg_dir);
};
if ($EVAL_ERROR) {
print STDERR "Error reading changes file '$changes_file_path'\n";
print STDERR $EVAL_ERROR, "\n";
}
}
my $public_url;
if ($self->config->key_exists('web_ui:cgi_base_url')) {
$public_url = $self->config->get_key('web_ui:cgi_base_url');
script/arepa view on Meta::CPAN
arepa queue source_package.dsc mydistro
arepa requeue 3
arepa showqueue
arepa showqueue --status pending # equivalent to previous
arepa showqueue --status compilationfailed
arepa showqueue --status compiling
arepa showqueue --status compiled
arepa importgpgkey key.gpg
arepa sign
arepa sign --sync
arepa sync
arepa issynced
EOD
exit 1;
}
script/arepa view on Meta::CPAN
print STDERR "Invalid options for 'showqueue' command\n";
show_help;
}
my $pdb = Arepa::PackageDb->new($config->get_key('package_db'));
foreach my $elt ($pdb->get_compilation_queue(status => $status)) {
my %source = $pdb->get_source_package_by_id($elt->{source_package_id});
print $elt->{id}, ": $source{name} $source{full_version} ";
print "$elt->{architecture} $elt->{distribution}\n";
}
}
elsif ($command eq 'importgpgkey') {
my ($gpg_key_path) = @ARGV;
my $gpg_homedir = $config->get_key('web_ui:gpg_homedir');
system("gpg --homedir '$gpg_homedir' --no-default-keyring " .
"--import '$gpg_key_path'");
}
elsif ($command eq 'sign') {
my $sync = 0;
$r = GetOptions('sync' => \$sync);
if (!$r) {
print STDERR "Invalid options for 'sign' command\n";
show_help;
}
# Sign all the Release files
t/upload_queue/experimental-package_1.0_i386.build view on Meta::CPAN
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `experimental-package' in `../experimental-package_1.0_i386.deb'.
dpkg-genchanges >../experimental-package_1.0_i386.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: full upload; Debian-native package (full source is included)
Now signing changes and any dsc files...
signfile experimental-package_1.0.dsc Esteban Manchado Velázquez <estebanm@estebanm-desktop>
gpg: skipped "Esteban Manchado Velázquez <estebanm@estebanm-desktop>": secret key not available
gpg: /tmp/debsign.mML97X6p/experimental-package_1.0.dsc: clearsign failed: secret key not available
debsign: gpg error occurred! Aborting....
t/upload_queue/qux_1.0-1_i386.build view on Meta::CPAN
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `qux' in `../qux_1.0-1_i386.deb'.
dpkg-genchanges >../qux_1.0-1_i386.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: full upload; Debian-native package (full source is included)
Now signing changes and any dsc files...
signfile qux_1.0-1.dsc Esteban Manchado Velázquez <estebanm@estebanm-desktop>
gpg: skipped "Esteban Manchado Velázquez <estebanm@estebanm-desktop>": secret key not available
gpg: /tmp/debsign.MlxdxnoC/qux_1.0-1.dsc: clearsign failed: secret key not available
debsign: gpg error occurred! Aborting....
t/webui/conf/default/config.yml view on Meta::CPAN
signature: unsigned # Special value meaning the repo shouldn't be signed
# id: 12345678
upload_queue:
path: t/webui/tmp/upload-queue
package_db: t/webui/tmp/package.db
web_ui:
public_url: http://localhost/cgi-bin/arepa/arepa.cgi
base_url: /
template_dir: /usr/share/arepa/templates
user_file: t/webui/conf/users.yml
gpg_homedir: ./t/webui/conf/gnupg-web
check_remote_repo: 1
session_db: t/webui/tmp/sessions.db
dir:
build_logs: t/webui/tmp/build-logs
t/webui/fixtures/foobar_1.0-1_i386.build view on Meta::CPAN
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `foobar' in `../foobar_1.0-1_all.deb'.
dpkg-genchanges >../foobar_1.0-1_i386.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: full upload; Debian-native package (full source is included)
Now signing changes and any dsc files...
signfile foobar_1.0-1.dsc Esteban Manchado Velázquez <estebanm@estebanm-desktop>
gpg: skipped "Esteban Manchado Velázquez <estebanm@estebanm-desktop>": secret key not available
gpg: /tmp/debsign.ajpMJIPU/foobar_1.0-1.dsc: clearsign failed: secret key not available
debsign: gpg error occurred! Aborting....
t/webui/fixtures/foobar_2.0-1_i386.build view on Meta::CPAN
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `foobar' in `../foobar_2.0-1_all.deb'.
dpkg-genchanges >../foobar_2.0-1_i386.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: full upload; Debian-native package (full source is included)
Now signing changes and any dsc files...
signfile foobar_2.0-1.dsc Esteban Manchado Velázquez <estebanm@estebanm-desktop>
gpg: skipped "Esteban Manchado Velázquez <estebanm@estebanm-desktop>": secret key not available
gpg: /tmp/debsign.JQslFHJP/foobar_2.0-1.dsc: clearsign failed: secret key not available
debsign: gpg error occurred! Aborting....
templates/keys/index.html.ep view on Meta::CPAN
<pre>
<%= $output %>
</pre>
<h1>Import new uploader GPG keys</h1>
<% if ($is_user_admin) { %>
<form method="post" action="<%= url_for('generic', controller => 'keys', action => 'import') %>">
<textarea name="gpgkeys" cols="80" rows="20"></textarea>
<br/>
<input type="submit" value="Import" />
</form>
<% }
else { %>
You don't have permissions to import keys yourself. Talk to an administrator
to get you key imported.
<% } %>
( run in 1.082 second using v1.01-cache-2.11-cpan-df04353d9ac )