how to set-up-private-yum-repo

2019-06-05 13:56:19
install soft
1
2
yum install createrepo
yum install nginx
configure repo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
mkdir -p /opt/yum/centos/7/os/x86_64
htpasswd -c pass.db username

server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /opt/yum;
        auth_basic "User Authentication";
    	auth_basic_user_file pass.db;
        location / {
               autoindex on;
               autoindex_exact_size off;
               autoindex_localtime on;
               index index.html;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
download package 
1
yum install --downloadonly --downloaddir=/opt/yum/centos/7/os/x86_64/ packagename
generate repo file and create yum source
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

[name]
name=Apache Software
baseurl=http://username:password@domain/centos/$releasever/os/$basearch/
gpgkey=http://domain/centos/$releasever/os/$basearch/RPM-GPG-KEY-CentOS-7
gpgcheck=0
enabled=1
autorefresh=0

gpg --gen-key
gpg --list-keys
gpg --list-secret-keys
gpg -a --export wssoft >RPM-GPG-KEY-CentOS-7
#import the key into the RPM database
rpm --import RPM-GPG-KEY-CentOS-7 
#[optional] confirm the key was successfully imported
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' 
#Add the GPG signing details to your rpm environment
echo "%_signature gpg" > ~/.rpmmacros
echo "%_gpg_name gpguser" >> ~/.rpmmacros
#Now the user gpguser is configured to sign RPMs with the GPG key
cd /opt/yum/centos/7/os/x86_64
rpm --resign *.rpm

#You can confirm that with randomly querying the packages or do a block query to return the singature line for each:
rpm -qpi *.rpm | awk '/Signature/'

gpg --detach-sign --armor repodata/repomd.xml 

createrepo /opt/yum/centos/7/os/x86_64/
client
1
wget -O /etc/yum.repos.d/name.repo http://user:password@domain/centos/7/os/x86_64/name.repo

ref
GPG 公私钥生成
HOWTO: GPG sign and verify RPM packages and yum repositories
Create a yum repository with custom GPG-signed RPM packages